sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious

2024-11-25 19:13:48 +03:00 · 2010-02-26 13:13:50 +00:00 · 2010-02-26 13:13:50 +00:00 · 694356821d
commit 694356821d
parent 42f53f380f
9 changed files with 17 additions and 17 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -463,7 +463,7 @@ def randomInt(length=4):

    return int("".join([random.choice(string.digits) for _ in xrange(0, length)]))

-def randomStr(length=5, lowercase=False):
+def randomStr(length=4, lowercase=False):
    """
    @param length: length of the random string.
    @type length: C{int}
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@ -531,7 +531,7 @@ class Metasploit:
        logger.info(infoMsg)

        self.__randStr           = randomStr(lowercase=True)
-        self.__shellcodeFilePath = os.path.join(conf.outputPath, "sqlmapmsf%s" % self.__randStr)
+        self.__shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr)

        self.__initVars()
        self.__prepareIngredients(encode=encode, askChurrasco=False)
@ -580,7 +580,7 @@ class Metasploit:
        self.__randStr = randomStr(lowercase=True)

        if kb.os == "Windows":
-            self.exeFilePathLocal = os.path.join(conf.outputPath, "sqlmapmsf%s.exe" % self.__randStr)
+            self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s.exe" % self.__randStr)

            # Metasploit developers added support for the old exe format
            # to msfencode using '-t exe-small' (>= 3.3.3-dev),
@ -593,7 +593,7 @@ class Metasploit:
            else:
                self.__fileFormat = "exe"
        else:
-            self.exeFilePathLocal = os.path.join(conf.outputPath, "sqlmapmsf%s" % self.__randStr)
+            self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr)
            self.__fileFormat     = "elf"

        if initialize:
@ -684,7 +684,7 @@ class Metasploit:

    def smb(self):
        self.__initVars()
-        self.__randFile = "sqlmapunc%s.txt" % randomStr(lowercase=True)
+        self.__randFile = "tmpu%s.txt" % randomStr(lowercase=True)

        self.__forgeMsfConsoleResource()
        self.__forgeMsfConsoleCmd()
--- a/lib/takeover/registry.py
+++ b/lib/takeover/registry.py
@ -41,8 +41,8 @@ class Registry:
        self.__regData       = regData

        self.__randStr       = randomStr(lowercase=True)
-        self.__batPathRemote = "%s/sqlmapreg%s%s.bat" % (conf.tmpPath, self.__operation, self.__randStr)
-        self.__batPathLocal  = os.path.join(conf.outputPath, "sqlmapreg%s%s.bat" % (self.__operation, self.__randStr))
+        self.__batPathRemote = "%s/tmpr%s%s.bat" % (conf.tmpPath, self.__operation, self.__randStr)
+        self.__batPathLocal  = os.path.join(conf.outputPath, "tmpr%s%s.bat" % (self.__operation, self.__randStr))

        if parse:
            readParse = "FOR /F \"tokens=2* delims==\" %%A IN ('REG QUERY \"" + self.__regKey + "\" /v \"" + self.__regValue + "\"') DO SET value=%%A\r\nECHO %value%\r\n"
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -167,11 +167,11 @@ class Web:
        directories = list(directories)
        directories.sort()

-        backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi)
+        backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
        backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
        originalBackdoorContent = backdoorContent = backdoorStream.read()
        
-        uploaderName = "tmpu%s.%s" % (randomStr(4), self.webApi)
+        uploaderName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
        uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "uploader.%s_" % self.webApi))
        
        for directory in directories:
@ -200,7 +200,7 @@ class Web:
            logger.info(infoMsg)
            
            if self.webApi == "asp":
-                runcmdName = "tmpe%s.exe" % randomStr(4)
+                runcmdName = "tmpe%s.exe" % randomStr(lowercase=True)
                runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
                match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)

--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@ -126,7 +126,7 @@ class xp_cmdshell:
    def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
        self.getRemoteTempPath()

-        tmpFile = "%s/sqlmapevalcmd%s.txt" % (conf.tmpPath, randomStr(lowercase=True))
+        tmpFile = "%s/tmpc%s.txt" % (conf.tmpPath, randomStr(lowercase=True))
        cmd     = self.xpCmdshellForgeCmd("%s > %s" % (cmd, tmpFile))

        self.xpCmdshellExecCmd(cmd)
--- a/plugins/dbms/mysql.py
+++ b/plugins/dbms/mysql.py
@ -390,7 +390,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
        self.createSupportTbl(self.fileTblName, self.tblField, "longtext")
        self.getRemoteTempPath()

-        tmpFile = "%s/sqlmapfilehex%s" % (conf.tmpPath, randomStr(lowercase=True))
+        tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True))

        debugMsg  = "saving hexadecimal encoded content of file '%s' " % rFile
        debugMsg += "into temporary file '%s'" % tmpFile
@ -537,7 +537,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):

    def udfSetLocalPaths(self):
        self.udfLocalFile     = paths.SQLMAP_UDF_PATH
-        self.udfSharedLibName = "libsqlmapudf%s" % randomStr(lowercase=True)
+        self.udfSharedLibName = "libs%s" % randomStr(lowercase=True)

        if kb.os == "Windows":
            self.udfLocalFile   += "/mysql/windows/lib_mysqludf_sys.dll"
--- a/plugins/dbms/postgresql.py
+++ b/plugins/dbms/postgresql.py
@ -395,7 +395,7 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeove

    def udfSetLocalPaths(self):
        self.udfLocalFile     = paths.SQLMAP_UDF_PATH
-        self.udfSharedLibName = "libsqlmapudf%s" % randomStr(lowercase=True)
+        self.udfSharedLibName = "libs%s" % randomStr(lowercase=True)

        self.getVersionFromBanner()

--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@ -198,7 +198,7 @@ class Filesystem:
        back-end DBMS underlying file system
        """

-        randScr        = "sqlmapfile%s.scr" % randomStr(lowercase=True)
+        randScr        = "tmpf%s.scr" % randomStr(lowercase=True)
        chunkName      = randomStr(lowercase=True)
        fileScrLines   = self.__binDataToScr(binaryData, chunkName)
        forgedScrLines = []
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -67,9 +67,9 @@ class Takeover(Abstraction, Metasploit, Registry):

        if output and output[0] in ( "y", "Y" ):
            tmpFile = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_"))
-            
+
            wFile                 = tmpFile.name
-            self.churrascoPath    = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))
+            self.churrascoPath    = "%s/tmpc%s.exe" % (conf.tmpPath, randomStr(lowercase=True))
            self.cmdFromChurrasco = True
            
            self.writeFile(wFile, self.churrascoPath, "binary", confirm=False)