Closed mssalvatore closed 3 years ago
web_rce.get_ports_w.295: All default web ports are closed on "Victim Host 10.2.2.45: OS - [type-linux version-Ubuntu-4ubuntu0.3 ] Services - [tcp-80-{'display_name': 'unknown(TCP)', 'port': 80} tcp-22-{'display_name': 'SSH', 'port': 22, 'banner': 'SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3\r\n', 'name': 'ssh'} ] ICMP: True target monkey: None", skipping
^ This message says "All default web ports are closed" but includes "tcp-80" in the set of discovered ports listed in self.host
The cause was that the HTTP fingerprinter was timing out (1 second), but there was insufficient logging, which made the issue difficult to diagnose. Logging has been added in 43c5834d5.
Describe the bug
The Drupal exploiter fails roughly every other time.
To Reproduce
Expected behavior
Vulnerable Drupal servers are able to be exploited consistently.