diff --git a/lib/core/common.py b/lib/core/common.py index 43c4535ad..87cc69b44 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -463,7 +463,7 @@ def randomInt(length=4): return int("".join([random.choice(string.digits) for _ in xrange(0, length)])) -def randomStr(length=5, lowercase=False): +def randomStr(length=4, lowercase=False): """ @param length: length of the random string. @type length: C{int} diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 0af9c28d0..c3aafd3ae 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -531,7 +531,7 @@ class Metasploit: logger.info(infoMsg) self.__randStr = randomStr(lowercase=True) - self.__shellcodeFilePath = os.path.join(conf.outputPath, "sqlmapmsf%s" % self.__randStr) + self.__shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr) self.__initVars() self.__prepareIngredients(encode=encode, askChurrasco=False) @@ -580,7 +580,7 @@ class Metasploit: self.__randStr = randomStr(lowercase=True) if kb.os == "Windows": - self.exeFilePathLocal = os.path.join(conf.outputPath, "sqlmapmsf%s.exe" % self.__randStr) + self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s.exe" % self.__randStr) # Metasploit developers added support for the old exe format # to msfencode using '-t exe-small' (>= 3.3.3-dev), @@ -593,7 +593,7 @@ class Metasploit: else: self.__fileFormat = "exe" else: - self.exeFilePathLocal = os.path.join(conf.outputPath, "sqlmapmsf%s" % self.__randStr) + self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr) self.__fileFormat = "elf" if initialize: @@ -684,7 +684,7 @@ class Metasploit: def smb(self): self.__initVars() - self.__randFile = "sqlmapunc%s.txt" % randomStr(lowercase=True) + self.__randFile = "tmpu%s.txt" % randomStr(lowercase=True) self.__forgeMsfConsoleResource() self.__forgeMsfConsoleCmd() diff --git a/lib/takeover/registry.py b/lib/takeover/registry.py index 47f41026c..20bb4153b 100644 --- a/lib/takeover/registry.py +++ b/lib/takeover/registry.py @@ -41,8 +41,8 @@ class Registry: self.__regData = regData self.__randStr = randomStr(lowercase=True) - self.__batPathRemote = "%s/sqlmapreg%s%s.bat" % (conf.tmpPath, self.__operation, self.__randStr) - self.__batPathLocal = os.path.join(conf.outputPath, "sqlmapreg%s%s.bat" % (self.__operation, self.__randStr)) + self.__batPathRemote = "%s/tmpr%s%s.bat" % (conf.tmpPath, self.__operation, self.__randStr) + self.__batPathLocal = os.path.join(conf.outputPath, "tmpr%s%s.bat" % (self.__operation, self.__randStr)) if parse: readParse = "FOR /F \"tokens=2* delims==\" %%A IN ('REG QUERY \"" + self.__regKey + "\" /v \"" + self.__regValue + "\"') DO SET value=%%A\r\nECHO %value%\r\n" diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 6a77fc126..39b2458c3 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -167,11 +167,11 @@ class Web: directories = list(directories) directories.sort() - backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi) + backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi) backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName) originalBackdoorContent = backdoorContent = backdoorStream.read() - uploaderName = "tmpu%s.%s" % (randomStr(4), self.webApi) + uploaderName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi) uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "uploader.%s_" % self.webApi)) for directory in directories: @@ -200,7 +200,7 @@ class Web: logger.info(infoMsg) if self.webApi == "asp": - runcmdName = "tmpe%s.exe" % randomStr(4) + runcmdName = "tmpe%s.exe" % randomStr(lowercase=True) runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName) match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage) diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index 89e5dfab2..fe8f0b956 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -126,7 +126,7 @@ class xp_cmdshell: def xpCmdshellEvalCmd(self, cmd, first=None, last=None): self.getRemoteTempPath() - tmpFile = "%s/sqlmapevalcmd%s.txt" % (conf.tmpPath, randomStr(lowercase=True)) + tmpFile = "%s/tmpc%s.txt" % (conf.tmpPath, randomStr(lowercase=True)) cmd = self.xpCmdshellForgeCmd("%s > %s" % (cmd, tmpFile)) self.xpCmdshellExecCmd(cmd) diff --git a/plugins/dbms/mysql.py b/plugins/dbms/mysql.py index eda4cb278..1f268b924 100644 --- a/plugins/dbms/mysql.py +++ b/plugins/dbms/mysql.py @@ -390,7 +390,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover): self.createSupportTbl(self.fileTblName, self.tblField, "longtext") self.getRemoteTempPath() - tmpFile = "%s/sqlmapfilehex%s" % (conf.tmpPath, randomStr(lowercase=True)) + tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True)) debugMsg = "saving hexadecimal encoded content of file '%s' " % rFile debugMsg += "into temporary file '%s'" % tmpFile @@ -537,7 +537,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover): def udfSetLocalPaths(self): self.udfLocalFile = paths.SQLMAP_UDF_PATH - self.udfSharedLibName = "libsqlmapudf%s" % randomStr(lowercase=True) + self.udfSharedLibName = "libs%s" % randomStr(lowercase=True) if kb.os == "Windows": self.udfLocalFile += "/mysql/windows/lib_mysqludf_sys.dll" diff --git a/plugins/dbms/postgresql.py b/plugins/dbms/postgresql.py index 6b8624846..511c156e9 100644 --- a/plugins/dbms/postgresql.py +++ b/plugins/dbms/postgresql.py @@ -395,7 +395,7 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeove def udfSetLocalPaths(self): self.udfLocalFile = paths.SQLMAP_UDF_PATH - self.udfSharedLibName = "libsqlmapudf%s" % randomStr(lowercase=True) + self.udfSharedLibName = "libs%s" % randomStr(lowercase=True) self.getVersionFromBanner() diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 537d7e419..a3f78633b 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -198,7 +198,7 @@ class Filesystem: back-end DBMS underlying file system """ - randScr = "sqlmapfile%s.scr" % randomStr(lowercase=True) + randScr = "tmpf%s.scr" % randomStr(lowercase=True) chunkName = randomStr(lowercase=True) fileScrLines = self.__binDataToScr(binaryData, chunkName) forgedScrLines = [] diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index ff3365ce7..f8726c91e 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -67,9 +67,9 @@ class Takeover(Abstraction, Metasploit, Registry): if output and output[0] in ( "y", "Y" ): tmpFile = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_")) - + wFile = tmpFile.name - self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True)) + self.churrascoPath = "%s/tmpc%s.exe" % (conf.tmpPath, randomStr(lowercase=True)) self.cmdFromChurrasco = True self.writeFile(wFile, self.churrascoPath, "binary", confirm=False)