Merge pull request #272 from guardicore/bugfix/mssql-bugfixes

fix expanding of env variables
2019-02-21 17:50:15 +02:00 · 2019-02-21 17:50:15 +02:00 · 3691b432fa
parent 8069d27346 b5523a9c54
commit 3691b432fa
1 changed files with 8 additions and 4 deletions
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -17,13 +17,14 @@ class MSSQLExploiter(HostExploiter):
    _TARGET_OS_TYPE = ['windows']
    LOGIN_TIMEOUT = 15
    SQL_DEFAULT_TCP_PORT = '1433'
-    DEFAULT_PAYLOAD_PATH = os.path.expandvars(r'%TEMP%\~PLD123.bat') if platform.system() else '/tmp/~PLD123.bat'
+    DEFAULT_PAYLOAD_PATH_WIN = os.path.expandvars(r'%TEMP%\~PLD123.bat')
+    DEFAULT_PAYLOAD_PATH_LINUX = '/tmp/~PLD123.bat'

    def __init__(self, host):
        super(MSSQLExploiter, self).__init__(host)
        self.attacks_list = [mssqlexec_utils.CmdShellAttack]

-    def create_payload_file(self, payload_path=DEFAULT_PAYLOAD_PATH):
+    def create_payload_file(self, payload_path):
        """
        This function creates dynamically the payload file to be transported and ran on the exploited machine.
        :param payload_path: A path to the create the payload file in
@ -45,10 +46,13 @@ class MSSQLExploiter(HostExploiter):
            """
        username_passwords_pairs_list = self._config.get_exploit_user_password_pairs()

-        if not self.create_payload_file():
+        payload_path = MSSQLExploiter.DEFAULT_PAYLOAD_PATH_LINUX if 'linux' in self.host.os['type'] \
+            else MSSQLExploiter.DEFAULT_PAYLOAD_PATH_WIN
+
+        if not self.create_payload_file(payload_path):
            return False
        if self.brute_force_begin(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list,
-                                  self.DEFAULT_PAYLOAD_PATH):
+                                  payload_path):
            LOG.debug("Bruteforce was a success on host: {0}".format(self.host.ip_addr))
            return True
        else: