From 04e89411fbb80a8283c4ea0c4f0c4f4651a384ad Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Fri, 4 Dec 2020 15:44:40 +0200
Subject: [PATCH 1/2] SMB bugfixed to be able to exploit machine with smb v3,
 by not specifying preferred dialect for rpctransport

---
 monkey/infection_monkey/exploit/smbexec.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py
index 153f64ac7..f3a7977a6 100644
--- a/monkey/infection_monkey/exploit/smbexec.py
+++ b/monkey/infection_monkey/exploit/smbexec.py
@@ -1,7 +1,6 @@
 from logging import getLogger
 
 from impacket.dcerpc.v5 import scmr, transport
-from impacket.smbconnection import SMB_DIALECT
 
 from common.utils.attack_utils import ScanStatus, UsageEnum
 from common.utils.exploit_enum import ExploitType
@@ -121,8 +120,7 @@ class SmbExploiter(HostExploiter):
         for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
             rpctransport = transport.DCERPCTransportFactory(str_bind_format % (self.host.ip_addr,))
             rpctransport.set_dport(port)
-            if hasattr(rpctransport, 'preferred_dialect'):
-                rpctransport.preferred_dialect(SMB_DIALECT)
+            rpctransport.setRemoteHost(self.host.ip_addr)
             if hasattr(rpctransport, 'set_credentials'):
                 # This method exists only for selected protocol sequences.
                 rpctransport.set_credentials(user, password, '', lm_hash, ntlm_hash, None)
@@ -168,7 +166,7 @@ class SmbExploiter(HostExploiter):
                                          SmbExploiter.KNOWN_PROTOCOLS['445/SMB'][1]))
         return True
 
-    def set_vulnerable_port(self, host: VictimHost):
+    def set_vulnerable_port(self):
         if 'tcp-445' in self.host.services:
             self.vulnerable_port = "445"
         elif 'tcp-139' in self.host.services:

From 55f4684e1e9f4375daa50ab19af4cbf644d35e24 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Fri, 4 Dec 2020 16:43:53 +0200
Subject: [PATCH 2/2] Fixed function call that had too many arguments in
 smbexec.py

---
 monkey/infection_monkey/exploit/smbexec.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py
index f3a7977a6..c28887820 100644
--- a/monkey/infection_monkey/exploit/smbexec.py
+++ b/monkey/infection_monkey/exploit/smbexec.py
@@ -103,7 +103,7 @@ class SmbExploiter(HostExploiter):
             LOG.debug("Exploiter SmbExec is giving up...")
             return False
 
-        self.set_vulnerable_port(self.host)
+        self.set_vulnerable_port()
         # execute the remote dropper in case the path isn't final
         if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
             cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \