p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: refactor a couple web_rce methods to static

This commit is contained in:
vakarisz 2022-01-04 17:40:36 +02:00
parent e69639b426
commit 206abfa5e8
3 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/infection_monkey/exploit/elasticgroovy.py
View File

@ -58,7 +58,7 @@ class ElasticGroovyExploiter(WebRCE):
def get_open_service_ports(self, port_list, names):
# We must append elastic port we get from elastic fingerprint module because It's not
# marked as 'http' service
valid_ports = super(ElasticGroovyExploiter, self).get_open_service_ports(port_list, names)
valid_ports = WebRCE.get_open_service_ports(self.host, port_list, names)
if ES_SERVICE in self.host.services:
valid_ports.append([ES_PORT, False])
return valid_ports

2
monkey/infection_monkey/exploit/struts2.py
View File

@ -39,7 +39,7 @@ class Struts2Exploiter(WebRCE):
:param extensions: What subdirectories to scan. www.domain.com[/extension]
:return: Array of url's to try and attack
"""
url_list = super(Struts2Exploiter, self).build_potential_urls(ports)
url_list = WebRCE.build_potential_urls(self.host.ip_addr, ports)
url_list = [self.get_redirected(url) for url in url_list]
return url_list

26
monkey/infection_monkey/exploit/web_rce.py
View File

@ -20,7 +20,7 @@ from infection_monkey.model import (
MONKEY_ARG,
POWERSHELL_HTTP_UPLOAD,
RUN_MONKEY,
WGET_HTTP_UPLOAD,
WGET_HTTP_UPLOAD, VictimHost,
)
from infection_monkey.network.tools import tcp_port_to_service
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
@ -154,8 +154,10 @@ class WebRCE(HostExploiter):
"""
raise NotImplementedError()
def get_open_service_ports(self, port_list, names):
@staticmethod
def get_open_service_ports(victim_host: VictimHost, port_list, names): # noqa: F821
"""
:param victim_host: VictimHost object that exploiter is targeting
:param port_list: Potential ports to exploit. For example _config.HTTP_PORTS
:param names: [] of service names. Example: ["http"]
:return: Returns all open ports from port list that are of service names
@ -163,12 +165,12 @@ class WebRCE(HostExploiter):
candidate_services = {}
candidate_services.update(
{
service: self.host.services[service]
for service in self.host.services
service: victim_host.services[service]
for service in victim_host.services
if (
self.host.services[service]
and "name" in self.host.services[service]
and self.host.services[service]["name"] in names
victim_host.services[service]
and "name" in victim_host.services[service]
and victim_host.services[service]["name"] in names
)
}
)
@ -216,10 +218,12 @@ class WebRCE(HostExploiter):
logger.error("Host's exploitability check failed due to: %s" % e)
return False
def build_potential_urls(self, ports, extensions=None):
@staticmethod
def build_potential_urls(ip: str, ports, extensions=None):
"""
Build all possibly-vulnerable URLs on a specific host, based on the relevant ports and
extensions.
:param ip: IP address of the victim
:param ports: Array of ports. One port is described as size 2 array: [port.no(int),
isHTTPS?(bool)]
Eg. ports: [[80, False], [443, True]]
@ -237,9 +241,7 @@ class WebRCE(HostExploiter):
protocol = "https"
else:
protocol = "http"
url_list.append(
join(("%s://%s:%s" % (protocol, self.host.ip_addr, port[0])), extension)
)
url_list.append(join(("%s://%s:%s" % (protocol, ip, port[0])), extension))
if not url_list:
logger.info("No attack url's were built")
return url_list
@ -329,7 +331,7 @@ class WebRCE(HostExploiter):
:return: Array of ports: [[80, False], [443, True]] or False. Port always consists of [
port.nr, IsHTTPS?]
"""
ports = self.get_open_service_ports(ports, names)
ports = WebRCE.get_open_service_ports(self.host, ports, names)
if not ports:
logger.info("All default web ports are closed on %r, skipping", str(self.host))
return False