More code refactoring

2025-03-03 11:45:46 +03:00 · 2010-01-14 15:11:32 +00:00 · 2010-01-14 15:11:32 +00:00 · 1d968f51e9
commit 1d968f51e9
parent c9863bc1d2
2 changed files with 55 additions and 37 deletions
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@ -159,26 +159,27 @@ class Abstraction(Web, UDF, xp_cmdshell):

        self.__cmdShellCleanup()

-    def initEnv(self, mandatory=True, detailed=False):
+    def initEnv(self, mandatory=True, detailed=False, web=False):
        if self.envInitialized:
            return

-        self.checkDbmsOs(detailed)
-
-        if mandatory and not self.isDba():
-            warnMsg  = "the functionality requested might not work because "
-            warnMsg += "the session user is not a database administrator"
-            logger.warn(warnMsg)
-
-        if kb.dbms in ( "MySQL", "PostgreSQL" ):
-            self.udfInjectCmd()
-
-        elif kb.dbms == "Microsoft SQL Server":
-            if mandatory:
-                self.xpCmdshellInit()
-
+        if web:
+            self.webInit()
        else:
-            errMsg = "feature not yet implemented for the back-end DBMS"
-            raise sqlmapUnsupportedFeatureException(errMsg)
+            self.checkDbmsOs(detailed)
+
+            if mandatory and not self.isDba():
+                warnMsg  = "the functionality requested might not work because "
+                warnMsg += "the session user is not a database administrator"
+                logger.warn(warnMsg)
+
+            if kb.dbms in ( "MySQL", "PostgreSQL" ):
+                self.udfInjectCmd()
+            elif kb.dbms == "Microsoft SQL Server":
+                if mandatory:
+                    self.xpCmdshellInit()
+            else:
+                errMsg = "feature not yet implemented for the back-end DBMS"
+                raise sqlmapUnsupportedFeatureException(errMsg)

        self.envInitialized = True
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -36,6 +36,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
+from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.exception import sqlmapUnsupportedDBMSException
 from lib.core.shell import autoCompletion
 from lib.request.connect import Connect as Request
@ -79,27 +80,35 @@ class Takeover(Abstraction, Metasploit, Registry):
    def osCmd(self):
        stackedTest()

-        if not kb.stackedTest:
+        if kb.stackedTest:
+            web = False
+        elif not kb.stackedTest and kb.dbms == "MySQL":
+            web = True
            infoMsg = "going to use a web backdoor for command execution"
            logger.info(infoMsg)
-
-            self.webInit()
        else:
-            self.initEnv()
+            errMsg  = "unable to execute operating system commands via "
+            errMsg += "the back-end DBMS"
+            raise sqlmapNotVulnerableException(errMsg)

+        self.initEnv(web=web)
        self.runCmd(conf.osCmd)

    def osShell(self):
        stackedTest()

-        if not kb.stackedTest:
+        if kb.stackedTest:
+            web = False
+        elif not kb.stackedTest and kb.dbms == "MySQL":
+            web = True
            infoMsg = "going to use a web backdoor for command prompt"
            logger.info(infoMsg)
-
-            self.webInit()
        else:
-            self.initEnv()
+            errMsg  = "unable to prompt for an interactive operating "
+            errMsg += "system shell via the back-end DBMS"
+            raise sqlmapNotVulnerableException(errMsg)

+        self.initEnv(web=web)
        self.shell()

    def osPwn(self):
@ -107,19 +116,10 @@ class Takeover(Abstraction, Metasploit, Registry):

        stackedTest()

-        if not kb.stackedTest:
-            infoMsg  = "going to use a web backdoor to execute the "
-            infoMsg += "payload stager"
-            logger.info(infoMsg)
+        if kb.stackedTest:
+            web = False

-            self.webInit()
-
-            if self.webBackdoorUrl:
-                self.getRemoteTempPath()
-                self.createMsfPayloadStager()
-                self.uploadMsfPayloadStager(web=True)
-        else:
-            self.initEnv()
+            self.initEnv(web=web)
            self.getRemoteTempPath()

            if kb.dbms in ( "MySQL", "PostgreSQL" ):
@ -184,6 +184,23 @@ class Takeover(Abstraction, Metasploit, Registry):
                # system is not Windows
                conf.privEsc = False

+        elif not kb.stackedTest and kb.dbms == "MySQL":
+            web = True
+            infoMsg  = "going to use a web backdoor to execute the "
+            infoMsg += "payload stager"
+            logger.info(infoMsg)
+
+            self.initEnv(web=web)
+
+            if self.webBackdoorUrl:
+                self.getRemoteTempPath()
+                self.createMsfPayloadStager()
+                self.uploadMsfPayloadStager(web=True)
+        else:
+            errMsg  = "unable to prompt for an out-of-band session via "
+            errMsg += "the back-end DBMS"
+            raise sqlmapNotVulnerableException(errMsg)
+
        self.pwn(goUdf)

    def osSmb(self):