Important refactoring for web-based functionality

lib/core/common.py

@@ -36,7 +36,6 @@ from math import sqrt
 from optparse import OptionValueError
 from subprocess import PIPE
 from subprocess import Popen as execute
-from tempfile import NamedTemporaryFile
 from tempfile import mkstemp
 from xml.etree import ElementTree as ET
 from xml.dom import minidom
@@ -1401,40 +1400,14 @@ def showStaticWords(firstPage, secondPage):
 
     logger.info(infoMsg)
 
-def decloakToNamedTemporaryFile(filepath, name=None):
+def decloakToNamedStream(filepath, name=None):
-    retVal = NamedTemporaryFile()
+    class _(StringIO):
-
+        __len__ = property(lambda self: self.len)
-    def __del__():
+    retVal = _(decloak(filepath))
-        try:
-            if hasattr(retVal, 'old_name'):
-                retVal.name = retVal.old_name
-            retVal.close()
-        except OSError:
-            pass
-
-    retVal.__del__ = __del__
-    retVal.write(decloak(filepath))
-    retVal.seek(0)
-
-    if name:
-        retVal.old_name = retVal.name
     retVal.name = name
 
     return retVal
 
-def decloakToMkstemp(filepath, **kwargs):
-    handle, name = mkstemp(**kwargs)
-
-    _ = os.fdopen(handle)
-    _.close()  # close low level handle (causing problems latter)
-
-    retVal = open(name, 'w+b')
-
-    retVal.write(decloak(filepath))
-    retVal.seek(0)
-
-    return retVal
-
 def isWindowsPath(filepath):
     """
     Returns True if given filepath is in Windows format

lib/takeover/web.py

@@ -10,12 +10,13 @@ import os
 import posixpath
 import re
 
+from tempfile import mkstemp
+
 from extra.cloak.cloak import decloak
 from lib.core.agent import agent
 from lib.core.common import arrayizeValue
 from lib.core.common import Backend
-from lib.core.common import decloakToMkstemp
+from lib.core.common import decloakToNamedStream
-from lib.core.common import decloakToNamedTemporaryFile
 from lib.core.common import extractRegexResult
 from lib.core.common import getDirs
 from lib.core.common import getDocRoot
@@ -187,7 +188,7 @@ class Web:
         directories = sorted(getDirs())
 
         backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
-        backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
+        backdoorStream = decloakToNamedStream(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
         originalBackdoorContent = backdoorContent = backdoorStream.read()
 
         stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
@@ -255,8 +256,15 @@ class Web:
                         infoMsg += "UNION technique"
                         logger.info(infoMsg)
 
-                        stagerDecloacked = decloakToMkstemp(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
+                        handle, filename = mkstemp()
-                        self.unionWriteFile(stagerDecloacked.name, self.webStagerFilePath, "text")
+                        os.fdopen(handle).close()  # close low level handle (causing problems latter)
+
+                        with open(filename, "w+") as f:
+                            _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
+                            _ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath)
+                            f.write(_)
+
+                        self.unionWriteFile(filename, self.webStagerFilePath, "text")
 
                         uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
                         uplPage = uplPage or ""
@@ -282,7 +290,7 @@ class Web:
 
                 if self.webApi == WEB_API.ASP:
                     runcmdName = "tmpe%s.exe" % randomStr(lowercase=True)
-                    runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
+                    runcmdStream = decloakToNamedStream(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
                     match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
 
                     if match:
@@ -291,7 +299,7 @@ class Web:
                         continue
 
                     backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
-                    backdoorStream.file.truncate()
+                    backdoorStream.truncate()
                     backdoorStream.read()
                     backdoorStream.seek(0)
                     backdoorStream.write(backdoorContent)

thirdparty/multipart/multipartpost.py

@@ -24,6 +24,7 @@ import mimetools
 import mimetypes
 import os
 import stat
+import StringIO
 import sys
 import urllib
 import urllib2
@@ -52,7 +53,7 @@ class MultipartPostHandler(urllib2.BaseHandler):
 
             try:
                 for(key, value) in data.items():
-                    if type(value) == file or hasattr(value, 'file'):
+                    if isinstance(value, file) or hasattr(value, 'file') or isinstance(value, StringIO.StringIO):
                         v_files.append((key, value))
                     else:
                         v_vars.append((key, value))
@@ -85,7 +86,7 @@ class MultipartPostHandler(urllib2.BaseHandler):
             buf += '\r\n\r\n' + value + '\r\n'
 
         for (key, fd) in files:
-            file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
+            file_size = os.fstat(fd.fileno())[stat.ST_SIZE] if isinstance(fd, file) else fd.len
             filename = fd.name.split('/')[-1]
             contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
             buf += '--%s\r\n' % boundary