forked from p15670423/monkey
Changed tmp dir path on mssql exploiter
This commit is contained in:
parent
8c930fae66
commit
b733cf3389
|
@ -11,7 +11,6 @@ from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, get_tar
|
|||
build_monkey_commandline, get_monkey_depth
|
||||
from infection_monkey.model import DROPPER_ARG
|
||||
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
||||
import infection_monkey.utils
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
@ -28,7 +27,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
|
||||
# Temporary file that saves commands for monkey's download and execution.
|
||||
TMP_FILE_NAME = 'tmp_monkey.bat'
|
||||
TMP_DIR_PATH = "C:\\windows\\temp\\monkey_dir"
|
||||
TMP_DIR_PATH = "%temp%\\tmp_monkey_dir"
|
||||
|
||||
MAX_XP_CMDSHELL_COMMAND_SIZE = 128
|
||||
|
||||
|
@ -110,8 +109,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
self.run_file(tmp_file_path)
|
||||
|
||||
# Remove temporary dir we stored payload at
|
||||
if not infection_monkey.utils.get_monkey_dir_path() == MSSQLExploiter.TMP_DIR_PATH.lower():
|
||||
tmp_file_removal_command = MSSQLLimitedSizePayload(command="del /f %s" % tmp_file_path)
|
||||
tmp_file_removal_command = MSSQLLimitedSizePayload(command="del %s" % tmp_file_path)
|
||||
self.try_to_run_mssql_command(tmp_file_removal_command)
|
||||
tmp_dir_removal_command = MSSQLLimitedSizePayload(command="rmdir %s" % MSSQLExploiter.TMP_DIR_PATH)
|
||||
self.try_to_run_mssql_command(tmp_dir_removal_command)
|
||||
|
|
|
@ -19,7 +19,12 @@ class Payload(object):
|
|||
self.prefix = prefix
|
||||
self.suffix = suffix
|
||||
|
||||
def get_full_payload(self, command=""):
|
||||
def get_payload(self, command=""):
|
||||
"""
|
||||
Returns prefixed and suffixed command (full payload)
|
||||
:param command: Command to suffix/prefix. If no command is passed than objects' property is used
|
||||
:return: prefixed and suffixed command (full payload)
|
||||
"""
|
||||
if not command:
|
||||
command = self.command
|
||||
return "{}{}{}".format(self.prefix, command, self.suffix)
|
||||
|
@ -50,10 +55,10 @@ class LimitedSizePayload(Payload):
|
|||
return False
|
||||
elif self.command == "":
|
||||
return [self.prefix+self.suffix]
|
||||
|
||||
commands = [self.get_full_payload(part)
|
||||
wrapper = textwrap.TextWrapper(drop_whitespace=False, width=self.get_max_sub_payload_length())
|
||||
commands = [self.get_payload(part)
|
||||
for part
|
||||
in textwrap.wrap(self.command, self.get_max_sub_payload_length())]
|
||||
in wrapper.wrap(self.command)]
|
||||
return commands
|
||||
|
||||
def get_max_sub_payload_length(self):
|
||||
|
|
Loading…
Reference in New Issue