From 6f5d2ed1710e3b003d31d2e6b7653305b47d736b Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 28 Jan 2010 17:07:34 +0000
Subject: [PATCH] Minor cosmetic adjustments

---
 lib/contrib/tokenkidnapping/README.txt |   4 ++--
 lib/core/common.py                     |   1 +
 lib/takeover/metasploit.py             |   3 +++
 lib/takeover/web.py                    |  15 +++++++--------
 shell/uploader.php_                    | Bin 421 -> 422 bytes
 5 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/lib/contrib/tokenkidnapping/README.txt b/lib/contrib/tokenkidnapping/README.txt
index b5517ddff..bd293d573 100644
--- a/lib/contrib/tokenkidnapping/README.txt
+++ b/lib/contrib/tokenkidnapping/README.txt
@@ -1,7 +1,7 @@
 Due to the anti-virus positive detection of executable stored inside this folder, 
 we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing
-has to be done prior to it's usage by sqlmap, but if you want to have access to the
-original use the decrypt functionality of the ../extra/cloak/cloak.py utility.
+has to be done prior to its usage by sqlmap, but if you want to have access to the
+original executable use the decrypt functionality of the ../extra/cloak/cloak.py utility.
 
 To prepare the executable to the cloaked form use this command:
 python ../extra/cloak/cloak.py -i Churrasco.exe
diff --git a/lib/core/common.py b/lib/core/common.py
index 5c5a7e147..2a598d8a6 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -32,6 +32,7 @@ import time
 import urlparse
 import ntpath
 import posixpath
+
 from tempfile import NamedTemporaryFile
 
 from extra.cloak.cloak import decloak
diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
index 9bd178e71..c215e7c6c 100644
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@@ -36,6 +36,7 @@ from lib.core.agent import agent
 from lib.core.common import dataToStdout
 from lib.core.common import getLocalIP
 from lib.core.common import getRemoteIP
+from lib.core.common import normalizePath
 from lib.core.common import pollProcess
 from lib.core.common import randomRange
 from lib.core.common import randomStr
@@ -647,6 +648,8 @@ class Metasploit:
         else:
             self.exeFilePathRemote = "%s/%s" % (conf.tmpPath, os.path.basename(self.exeFilePathLocal))
 
+        self.exeFilePathRemote = normalizePath(self.exeFilePathRemote)
+
         logger.info("uploading payload stager to '%s'" % self.exeFilePathRemote)
 
         if web:
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index d90bd1a09..a95e34347 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -76,10 +76,10 @@ class Web:
         return output
 
     def webFileUpload(self, fileToUpload, destFileName, directory):
-        file = open(fileToUpload, "r")
-        self.__webFileStreamUpload(file, destFileName, directory)
-        file.close()
-        
+        inputFile = open(fileToUpload, "r")
+        self.__webFileStreamUpload(inputFile, destFileName, directory)
+        inputFile.close()
+
     def __webFileStreamUpload(self, stream, destFileName, directory):
         if self.webApi == "php":
             multipartParams = {
@@ -89,7 +89,7 @@ class Web:
                               }
             page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
 
-            if "Backdoor uploaded" not in page:
+            if "File uploaded" not in page:
                 warnMsg  = "unable to upload the backdoor through "
                 warnMsg += "the uploader agent on '%s'" % directory
                 logger.warn(warnMsg)
@@ -179,7 +179,7 @@ class Web:
             self.webUploaderUrl = self.webUploaderUrl.replace("./", "/").replace("\\", "/")
             uplPage, _  = Request.getPage(url=self.webUploaderUrl, direct=True)
 
-            if "sqlmap backdoor uploader" not in uplPage:
+            if "sqlmap file uploader" not in uplPage:
                 warnMsg  = "unable to upload the uploader "
                 warnMsg += "agent on '%s'" % directory
                 logger.warn(warnMsg)
@@ -200,6 +200,5 @@ class Web:
             logger.info(infoMsg)
 
             break
-        
+
         backdoorStream.name = backdoorStream.old_name
-        
\ No newline at end of file
diff --git a/shell/uploader.php_ b/shell/uploader.php_
index 96832b8359ab0782177ca0910bda767bbc9fa4e1..1f05f1d62a61b355a7571a8740a9c40ed70e6b21 100644
GIT binary patch
literal 422
zcmV;X0a^Y%B^O3cJ|<Z#CRfebo_~KY-+(=DD;VOR_Zk1%zZm}&Pksa?a&B3sjGmKs
z(0OjASvi9_nA1OuZ(d6k7Z=mgf6<_Sf6&l>T5d~y6#<1wr>T(ihp2K(e`OsT^>S?k
zRXQU8#-@;nZFlt4RMhzL*g|4Jai=z-i1qC>8BSls^vW}rexrPbZRI`QUN>~Hfm3nW
zfmH;ik^x%C$WFpqI`XZ_&gxpd-_y{mPAUD$jV&G89xb(R>GR)#;~PKNhMv8^+zw<<
zWg39ulv;0JQnSWzi|KYxH3%5;h=Vt*_=JjlG&xw)dTW`{ZgO&2RuhS?MK{bhlCb;U
zRB9i$%a^~a%yVq8F}S1jzj{i}39O7A%vDSw){?DjqV6+cPF*XZs;@pLt*1t!3_Z-V
zIF19*<xmAa!57WRS^%^V6V9MDZgEVC0@W{uY=Om-RVA4xTE3O$0+QX6Q-OTKJx0K#
zusj_-=P$?sFZZZ%AGyQSp&ordu&B9Jp&tHD8#4}Wv8+5lh+r?%3LAT<im-ljY#p(8
QbdT`}TP%fkeT?0i;9(!mDF6Tf

literal 421
zcmV;W0b2e&B^O3cJ|<Z#CZ+*X-hY2D-+(=DD;VOR_Zk1%zYzZwPksa?qdYy3)6z?S
ze@jh&O=e5=OL>BOm@L%L(8PH>KYxE^e|;`*6$NgDW?qQNpi9tlO-oH17n1O$Y7h=d
zw1_{nTj{hW)YawqF_6m{*`fi50`4{CPA4B$Ety<*dgW&h#)ZsY4|<k>mUwP~SqyT*
z32Mm5P&-;#7_Ljpa<}G(jJDMqR=bTZsy8S*H7lZK{O-W&=S{Y5yC^wW_SPgG4k~zK
z9c^=$D8t3kHHbX~VJ<5*dO4_w;7Lmz6d$6JJZ5Lm*faa_wroe@8#u7}rc{GQmtPD5
zmrFl?l(l`*rny8xD{U=h$l5zaU&&ka!Ck(jBF6q}b2wEa6|HwvYP9G}%oZjoI4Dsg
zI4XDA>}I`UDD>Arf3$9IV&b1Hyqs}ufy)?OA2U;Jyp<cG^YPh+&^|{cVpnUnbfgeZ
zT%(TTVy$v2e$Z~DS&4dm19pAV1|yRDF!75ON;j_9C5V5BVmHzq$aQ0MA5}10*U*5(
P0E@X@oL4t2Kxq(vsT9D}