# 插件编写
# 0x01 插件库主干代码
woodpecker插件库必须创建me.gv7.woodpecker.plugin.WoodpeckerPluginManager的class。它是插件的入口类,用于注册插件库中的漏洞插件。
public class WoodpeckerPluginManager implements IPluginManager{
public void registerPluginManagerCallbacks(IPluginManagerCallbacks pluginManagerCallbacks) {
pluginManagerCallbacks.registerPlugin(new VulPlugin1());
pluginManagerCallbacks.registerPlugin(new VulPlugin2());
pluginManagerCallbacks.registerPlugin(new VulPlugin3());
...
}
}
一个漏洞库会包含一个应用的多个漏洞,这里的VulPlugin1,2,3一般是指同一个应用的多个漏洞,比如weblogic中间件有CVE-2020-2551,CVE-2020-25555,CVE-2020-2883...
public class CVE_2019_2729_Plugin implements IPlugin {
public void PluginMain(IExtenderCallbacks callbacks) {
// 设置插件信息
callbacks.setPluginName("CVE-2019-2729 exploit");
callbacks.setPluginVersion("0.1.0");
callbacks.setPluginAutor("c0ny1");
// 设置漏洞信息
callbacks.setVulName("Weblogic async XMLDecoder反序列化漏洞");
callbacks.setVulId("CVE-2019-2729");
callbacks.setVulCVSS(9.8);
callbacks.setVulAutor("Badcode,Liao Xinxi,etc.");
callbacks.setVulSeverity("high");
callbacks.setVulScope("10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0");
callbacks.setVulDescription("CVE-2019-2729是CVE-2019-2725的绕过,本插件只能检测和利用JDK1.6下10.3.6.0版本的Weblogic");
callbacks.setVulCategory("RCE");
callbacks.setVulDisclosureTime("2019-04-26");
callbacks.setVulProduct("weblogic");
// 注册精准检测模块
callbacks.registerPoc(new CVE_2019_2729_Poc());
// 注册深度利用模块
callbacks.registerExploit(new CVE_2019_2729_CommandExploit());
// 注册荷载生成模块
callbacks.registerExploitGetShell(new CommandExecPayload());
callbacks.registerExploitGetShell(new InjectMemshellPayload());
callbacks.registerExploitGetShell(new DnslogPayload());
callbacks.registerExploitGetShell(new SleepPayload());
}
}
# 0x02 漏洞检测模块
public IScanResult doCheck(ITarget target,IResultOutput iResultOutput);
# 0x03 漏洞利用模块
# 0x04 荷载生成模块
关于这个插件库的完整代码,已经上传到github