Skip to content

Mangled MSSQL dropper command #2018

New issue
New issue
Closed
#2020
Closed
Mangled MSSQL dropper command#2018
#2020
Assignees
mssalvatore
Labels
BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: HighImpact: High
@mssalvatore

Description

@mssalvatore
mssalvatore
opened on Jun 14, 2022

Describe the bug

Infection Monkey exploits MSSQL by using the xp_cmdshell command to write commands to a temporary batch file and then to execute it. The commands sent to xp_cmdshell are split into 128 character chunks. The logic used to split these commands is faulty and causes the temporary batch file to contain incorrect commands.

mssql_bug

As shown in the screenshot above, the command in the batch file is missing a space between the parent agent's ID and the -t option. It appears that the shell ignores the first space in /p= -t....

To Reproduce

Steps to reproduce the behavior:

  1. Run AppImage end-to-end tests.

Expected behavior

Agent should successfully propagate to an MSSQL target

Possible solutions

  1. Fix the logic that chunks up the commands and pray that similar, obscure, and difficult to reproduce errors to not creep in now or in the future.
  2. Remove this complicated logic and find a simple workaround for the 128 character limit instead.

Metadata

Metadata

Assignees

Labels

BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: HighImpact: High

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions