p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

get a vulnerable URL in a configurable manner

This commit is contained in:
ophirharpazg 2020-08-27 19:46:42 +03:00
parent a87640c4aa
commit 610d3d1144
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
monkey/infection_monkey/exploit/web_rce.py
View File

@ -89,7 +89,7 @@ class WebRCE(HostExploiter):
if not self.vulnerable_urls:
return False
self.target_url = self.vulnerable_urls[0]
self.target_url = self.get_target_url()
self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url)
# Skip if monkey already exists and this option is given
@ -98,21 +98,21 @@ class WebRCE(HostExploiter):
return True
# Check for targets architecture (if it's 32 or 64 bit)
if not exploit_config['blind_exploit'] and not self.set_host_arch(self.target_url):
if not exploit_config['blind_exploit'] and not self.set_host_arch(self.get_target_url()):
return False
# Upload the right monkey to target
data = self.upload_monkey(self.target_url, exploit_config['upload_commands'])
data = self.upload_monkey(self.get_target_url(), exploit_config['upload_commands'])
if data is False:
return False
# Change permissions to transform monkey into executable file
if self.change_permissions(self.target_url, data['path']) is False:
if self.change_permissions(self.get_target_url(), data['path']) is False:
return False
# Execute remote monkey
if self.execute_remote_monkey(self.target_url, data['path'], exploit_config['dropper']) is False:
if self.execute_remote_monkey(self.get_target_url(), data['path'], exploit_config['dropper']) is False:
return False
return True
@ -502,3 +502,12 @@ class WebRCE(HostExploiter):
def set_vulnerable_port_from_url(self, url):
self.vulnerable_port = HTTPTools.get_port_from_url(url)
def get_target_url(self):
"""
This method allows "configuring" the way in which a vulnerable URL is picked.
If the same URL should be used - always return the first.
Otherwise - implement your own (e.g. Drupal must use a new URI each time).
:return: a vulnerable URL
"""
return self.vulnerable_urls[0]