Important refactoring for web-based functionality

This commit is contained in:
Miroslav Stampar 2012-10-29 15:09:05 +01:00
parent 81ccf28785
commit 5358d85d37
3 changed files with 23 additions and 41 deletions

View File

@ -36,7 +36,6 @@ from math import sqrt
from optparse import OptionValueError from optparse import OptionValueError
from subprocess import PIPE from subprocess import PIPE
from subprocess import Popen as execute from subprocess import Popen as execute
from tempfile import NamedTemporaryFile
from tempfile import mkstemp from tempfile import mkstemp
from xml.etree import ElementTree as ET from xml.etree import ElementTree as ET
from xml.dom import minidom from xml.dom import minidom
@ -1401,37 +1400,11 @@ def showStaticWords(firstPage, secondPage):
logger.info(infoMsg) logger.info(infoMsg)
def decloakToNamedTemporaryFile(filepath, name=None): def decloakToNamedStream(filepath, name=None):
retVal = NamedTemporaryFile() class _(StringIO):
__len__ = property(lambda self: self.len)
def __del__(): retVal = _(decloak(filepath))
try: retVal.name = name
if hasattr(retVal, 'old_name'):
retVal.name = retVal.old_name
retVal.close()
except OSError:
pass
retVal.__del__ = __del__
retVal.write(decloak(filepath))
retVal.seek(0)
if name:
retVal.old_name = retVal.name
retVal.name = name
return retVal
def decloakToMkstemp(filepath, **kwargs):
handle, name = mkstemp(**kwargs)
_ = os.fdopen(handle)
_.close() # close low level handle (causing problems latter)
retVal = open(name, 'w+b')
retVal.write(decloak(filepath))
retVal.seek(0)
return retVal return retVal

View File

@ -10,12 +10,13 @@ import os
import posixpath import posixpath
import re import re
from tempfile import mkstemp
from extra.cloak.cloak import decloak from extra.cloak.cloak import decloak
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import arrayizeValue from lib.core.common import arrayizeValue
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.common import decloakToMkstemp from lib.core.common import decloakToNamedStream
from lib.core.common import decloakToNamedTemporaryFile
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getDirs from lib.core.common import getDirs
from lib.core.common import getDocRoot from lib.core.common import getDocRoot
@ -187,7 +188,7 @@ class Web:
directories = sorted(getDirs()) directories = sorted(getDirs())
backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi) backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName) backdoorStream = decloakToNamedStream(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
originalBackdoorContent = backdoorContent = backdoorStream.read() originalBackdoorContent = backdoorContent = backdoorStream.read()
stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi) stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
@ -255,8 +256,15 @@ class Web:
infoMsg += "UNION technique" infoMsg += "UNION technique"
logger.info(infoMsg) logger.info(infoMsg)
stagerDecloacked = decloakToMkstemp(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi)) handle, filename = mkstemp()
self.unionWriteFile(stagerDecloacked.name, self.webStagerFilePath, "text") os.fdopen(handle).close() # close low level handle (causing problems latter)
with open(filename, "w+") as f:
_ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
_ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath)
f.write(_)
self.unionWriteFile(filename, self.webStagerFilePath, "text")
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
uplPage = uplPage or "" uplPage = uplPage or ""
@ -282,7 +290,7 @@ class Web:
if self.webApi == WEB_API.ASP: if self.webApi == WEB_API.ASP:
runcmdName = "tmpe%s.exe" % randomStr(lowercase=True) runcmdName = "tmpe%s.exe" % randomStr(lowercase=True)
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName) runcmdStream = decloakToNamedStream(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage) match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
if match: if match:
@ -291,7 +299,7 @@ class Web:
continue continue
backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName) backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
backdoorStream.file.truncate() backdoorStream.truncate()
backdoorStream.read() backdoorStream.read()
backdoorStream.seek(0) backdoorStream.seek(0)
backdoorStream.write(backdoorContent) backdoorStream.write(backdoorContent)

View File

@ -24,6 +24,7 @@ import mimetools
import mimetypes import mimetypes
import os import os
import stat import stat
import StringIO
import sys import sys
import urllib import urllib
import urllib2 import urllib2
@ -52,7 +53,7 @@ class MultipartPostHandler(urllib2.BaseHandler):
try: try:
for(key, value) in data.items(): for(key, value) in data.items():
if type(value) == file or hasattr(value, 'file'): if isinstance(value, file) or hasattr(value, 'file') or isinstance(value, StringIO.StringIO):
v_files.append((key, value)) v_files.append((key, value))
else: else:
v_vars.append((key, value)) v_vars.append((key, value))
@ -85,7 +86,7 @@ class MultipartPostHandler(urllib2.BaseHandler):
buf += '\r\n\r\n' + value + '\r\n' buf += '\r\n\r\n' + value + '\r\n'
for (key, fd) in files: for (key, fd) in files:
file_size = os.fstat(fd.fileno())[stat.ST_SIZE] file_size = os.fstat(fd.fileno())[stat.ST_SIZE] if isinstance(fd, file) else fd.len
filename = fd.name.split('/')[-1] filename = fd.name.split('/')[-1]
contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream' contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
buf += '--%s\r\n' % boundary buf += '--%s\r\n' % boundary