From 144dc1b8c40abcfdb2113efbbbe50b1170b9674a Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 28 Jan 2010 17:22:17 +0000
Subject: [PATCH] Show proper warning message when --priv-esc is provided and
 underlying OS is not Windows

---
 plugins/generic/takeover.py | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py
index c87394f30..b2f526673 100644
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -86,9 +86,10 @@ class Takeover(Abstraction, Metasploit, Registry):
         if kb.stackedTest:
             web = False
         elif not kb.stackedTest and kb.dbms == "MySQL":
-            web = True
             infoMsg = "going to use a web backdoor for command execution"
             logger.info(infoMsg)
+
+            web = True
         else:
             errMsg  = "unable to execute operating system commands via "
             errMsg += "the back-end DBMS"
@@ -105,9 +106,10 @@ class Takeover(Abstraction, Metasploit, Registry):
         if kb.stackedTest:
             web = False
         elif not kb.stackedTest and kb.dbms == "MySQL":
-            web = True
             infoMsg = "going to use a web backdoor for command prompt"
             logger.info(infoMsg)
+
+            web = True
         else:
             errMsg  = "unable to prompt for an interactive operating "
             errMsg += "system shell via the back-end DBMS"
@@ -187,20 +189,36 @@ class Takeover(Abstraction, Metasploit, Registry):
                         warnMsg += "might not work"
                         logger.warn(warnMsg)
 
-            else:
+            elif kb.os != "Windows" and conf.privEsc:
                 # Unset --priv-esc if the back-end DBMS underlying operating
                 # system is not Windows
                 conf.privEsc = False
 
+                warnMsg  = "sqlmap does not implement any operating system "
+                warnMsg += "user privilege escalation technique when the "
+                warnMsg += "back-end DBMS underlying system is not Windows"
+                logger.warn(warnMsg)
+
         elif not kb.stackedTest and kb.dbms == "MySQL":
-            web = True
             infoMsg  = "going to use a web backdoor to execute the "
             infoMsg += "payload stager"
             logger.info(infoMsg)
 
+            web = True
+
             self.initEnv(web=web)
 
             if self.webBackdoorUrl:
+                if kb.os != "Windows" and conf.privEsc:
+                    # Unset --priv-esc if the back-end DBMS underlying operating
+                    # system is not Windows
+                    conf.privEsc = False
+
+                    warnMsg  = "sqlmap does not implement any operating system "
+                    warnMsg += "user privilege escalation technique when the "
+                    warnMsg += "back-end DBMS underlying system is not Windows"
+                    logger.warn(warnMsg)
+
                 self.getRemoteTempPath()
                 self.createMsfPayloadStager()
                 self.uploadMsfPayloadStager(web=True)