From 1d968f51e9e8880b840bb021209d420859d6897e Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 14 Jan 2010 15:11:32 +0000
Subject: [PATCH] More code refactoring

---
 lib/takeover/abstraction.py | 35 ++++++++++++-----------
 plugins/generic/takeover.py | 57 ++++++++++++++++++++++++-------------
 2 files changed, 55 insertions(+), 37 deletions(-)

diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py
index 88b0e01e6..ba1491019 100644
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@@ -159,26 +159,27 @@ class Abstraction(Web, UDF, xp_cmdshell):
 
         self.__cmdShellCleanup()
 
-    def initEnv(self, mandatory=True, detailed=False):
+    def initEnv(self, mandatory=True, detailed=False, web=False):
         if self.envInitialized:
             return
 
-        self.checkDbmsOs(detailed)
-
-        if mandatory and not self.isDba():
-            warnMsg  = "the functionality requested might not work because "
-            warnMsg += "the session user is not a database administrator"
-            logger.warn(warnMsg)
-
-        if kb.dbms in ( "MySQL", "PostgreSQL" ):
-            self.udfInjectCmd()
-
-        elif kb.dbms == "Microsoft SQL Server":
-            if mandatory:
-                self.xpCmdshellInit()
-
+        if web:
+            self.webInit()
         else:
-            errMsg = "feature not yet implemented for the back-end DBMS"
-            raise sqlmapUnsupportedFeatureException(errMsg)
+            self.checkDbmsOs(detailed)
+
+            if mandatory and not self.isDba():
+                warnMsg  = "the functionality requested might not work because "
+                warnMsg += "the session user is not a database administrator"
+                logger.warn(warnMsg)
+
+            if kb.dbms in ( "MySQL", "PostgreSQL" ):
+                self.udfInjectCmd()
+            elif kb.dbms == "Microsoft SQL Server":
+                if mandatory:
+                    self.xpCmdshellInit()
+            else:
+                errMsg = "feature not yet implemented for the back-end DBMS"
+                raise sqlmapUnsupportedFeatureException(errMsg)
 
         self.envInitialized = True
diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py
index 4b20dc6ce..a5bd11878 100644
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -36,6 +36,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
+from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.exception import sqlmapUnsupportedDBMSException
 from lib.core.shell import autoCompletion
 from lib.request.connect import Connect as Request
@@ -79,27 +80,35 @@ class Takeover(Abstraction, Metasploit, Registry):
     def osCmd(self):
         stackedTest()
 
-        if not kb.stackedTest:
+        if kb.stackedTest:
+            web = False
+        elif not kb.stackedTest and kb.dbms == "MySQL":
+            web = True
             infoMsg = "going to use a web backdoor for command execution"
             logger.info(infoMsg)
-
-            self.webInit()
         else:
-            self.initEnv()
+            errMsg  = "unable to execute operating system commands via "
+            errMsg += "the back-end DBMS"
+            raise sqlmapNotVulnerableException(errMsg)
 
+        self.initEnv(web=web)
         self.runCmd(conf.osCmd)
 
     def osShell(self):
         stackedTest()
 
-        if not kb.stackedTest:
+        if kb.stackedTest:
+            web = False
+        elif not kb.stackedTest and kb.dbms == "MySQL":
+            web = True
             infoMsg = "going to use a web backdoor for command prompt"
             logger.info(infoMsg)
-
-            self.webInit()
         else:
-            self.initEnv()
+            errMsg  = "unable to prompt for an interactive operating "
+            errMsg += "system shell via the back-end DBMS"
+            raise sqlmapNotVulnerableException(errMsg)
 
+        self.initEnv(web=web)
         self.shell()
 
     def osPwn(self):
@@ -107,19 +116,10 @@ class Takeover(Abstraction, Metasploit, Registry):
 
         stackedTest()
 
-        if not kb.stackedTest:
-            infoMsg  = "going to use a web backdoor to execute the "
-            infoMsg += "payload stager"
-            logger.info(infoMsg)
+        if kb.stackedTest:
+            web = False
 
-            self.webInit()
-
-            if self.webBackdoorUrl:
-                self.getRemoteTempPath()
-                self.createMsfPayloadStager()
-                self.uploadMsfPayloadStager(web=True)
-        else:
-            self.initEnv()
+            self.initEnv(web=web)
             self.getRemoteTempPath()
 
             if kb.dbms in ( "MySQL", "PostgreSQL" ):
@@ -184,6 +184,23 @@ class Takeover(Abstraction, Metasploit, Registry):
                 # system is not Windows
                 conf.privEsc = False
 
+        elif not kb.stackedTest and kb.dbms == "MySQL":
+            web = True
+            infoMsg  = "going to use a web backdoor to execute the "
+            infoMsg += "payload stager"
+            logger.info(infoMsg)
+
+            self.initEnv(web=web)
+
+            if self.webBackdoorUrl:
+                self.getRemoteTempPath()
+                self.createMsfPayloadStager()
+                self.uploadMsfPayloadStager(web=True)
+        else:
+            errMsg  = "unable to prompt for an out-of-band session via "
+            errMsg += "the back-end DBMS"
+            raise sqlmapNotVulnerableException(errMsg)
+
         self.pwn(goUdf)
 
     def osSmb(self):