Skip to content

Elastic with framework #162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 19 commits into from
Closed

Elastic with framework #162

wants to merge 19 commits into from

Conversation

VakarisZ
Copy link
Contributor

Feature / Fixes

Changed elastic according to WebRCE framework
Prepared commands for exploiting windows
Exploits both windows and linux. Tested on windows10 and ubuntu, elastic 1.4.2

@itaymmguardicore itaymmguardicore self-requested a review August 8, 2018 07:44
Vakaris added 15 commits August 9, 2018 12:13
Fixed half of the notes and added a small tcp_port_to_service method …
d1a2987 
…in network/tools

no message
Almost all notes fixed, but nothing tested.
5232d84
Final, tested framework fixes
0d45a44
Notes fixed v.2
b8bda69
Web_RCE framework now supports custom monkey uploading paths( we don'…
5565a80 
…t always have permissions to uppload to C:\Windows)
Minor bugfix for error handling in new custom monkey destination path…
e3d286d 
…s feature
Struts2 core functions
03b6427
Struts2 refactored for framework fixes
a7b6bb4
Core functions of Oracle weblogic rce
3fd5db3
Bugfix: http servers thread is stopped if remote target is not vulner…
4b7900e 
…able
Webblogic refactored to web RCE framework changes(from static methods…
fb2ad4e 
… into class methods)
Uploaded and modified standard web_rce code usage.Not working, not te…
f60de62 
…sted
Code cleaned and tested on ubuntu
119a43e
Commands tested and working on windows.
d8bec27
Refactored elastic for latest framework changes
47160c1
@VakarisZ VakarisZ force-pushed the elastic_with_framework branch from 715daf8 to 47160c1 Compare August 18, 2018 13:50
itaymmguardicore
itaymmguardicore reviewed Aug 22, 2018
View reviewed changes
infection_monkey/exploit/elasticgroovy.py
@@ -34,197 +35,68 @@ class ElasticGroovyExploiter(HostExploiter):

DOWNLOAD_TIMEOUT = 300 # copied from rdpgrinder

# Both commands are prepared for use in future development
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove these commands and use the ones on model_init_.py

infection_monkey/exploit/elasticgroovy.py Outdated
return False
# Extra escaping required:
config = copy.deepcopy(self._config)
config.dropper_target_path_win_32 = r"C:\\\\Windows\\\\monkey32.exe"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not good for 2 reasons:

  1. your point was to just escape everything, so just do it (replace '' with '\'). That way if the target path actually changes, we won't have to change it in here as well.
  2. you're deep copying the entire config just for escaping 2 values for a temporary use. Find another way to do this. Consider changing check_remote_files' parameters.

infection_monkey/exploit/elasticgroovy.py

def exploit_host(self):
# self.exploit_host_linux()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

commented out code

@snyk-bot snyk-bot mentioned this pull request Jul 15, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@itaymmguardicore itaymmguardicore itaymmguardicore left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@VakarisZ @itaymmguardicore