Minor cosmetic adjustments

lib/contrib/tokenkidnapping/README.txt

@@ -1,7 +1,7 @@
 Due to the anti-virus positive detection of executable stored inside this folder, 
 we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing
-has to be done prior to it's usage by sqlmap, but if you want to have access to the
-original use the decrypt functionality of the ../extra/cloak/cloak.py utility.
+has to be done prior to its usage by sqlmap, but if you want to have access to the
+original executable use the decrypt functionality of the ../extra/cloak/cloak.py utility.
 
 To prepare the executable to the cloaked form use this command:
 python ../extra/cloak/cloak.py -i Churrasco.exe

lib/core/common.py

@@ -32,6 +32,7 @@ import time
 import urlparse
 import ntpath
 import posixpath
+
 from tempfile import NamedTemporaryFile
 
 from extra.cloak.cloak import decloak

lib/takeover/metasploit.py

@@ -36,6 +36,7 @@ from lib.core.agent import agent
 from lib.core.common import dataToStdout
 from lib.core.common import getLocalIP
 from lib.core.common import getRemoteIP
+from lib.core.common import normalizePath
 from lib.core.common import pollProcess
 from lib.core.common import randomRange
 from lib.core.common import randomStr
@@ -647,6 +648,8 @@ class Metasploit:
         else:
             self.exeFilePathRemote = "%s/%s" % (conf.tmpPath, os.path.basename(self.exeFilePathLocal))
 
+        self.exeFilePathRemote = normalizePath(self.exeFilePathRemote)
+
         logger.info("uploading payload stager to '%s'" % self.exeFilePathRemote)
 
         if web:

lib/takeover/web.py

@@ -76,10 +76,10 @@ class Web:
         return output
 
     def webFileUpload(self, fileToUpload, destFileName, directory):
-        file = open(fileToUpload, "r")
-        self.__webFileStreamUpload(file, destFileName, directory)
-        file.close()
-        
+        inputFile = open(fileToUpload, "r")
+        self.__webFileStreamUpload(inputFile, destFileName, directory)
+        inputFile.close()
+
     def __webFileStreamUpload(self, stream, destFileName, directory):
         if self.webApi == "php":
             multipartParams = {
@@ -89,7 +89,7 @@ class Web:
                               }
             page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
 
-            if "Backdoor uploaded" not in page:
+            if "File uploaded" not in page:
                 warnMsg  = "unable to upload the backdoor through "
                 warnMsg += "the uploader agent on '%s'" % directory
                 logger.warn(warnMsg)
@@ -179,7 +179,7 @@ class Web:
             self.webUploaderUrl = self.webUploaderUrl.replace("./", "/").replace("\\", "/")
             uplPage, _  = Request.getPage(url=self.webUploaderUrl, direct=True)
 
-            if "sqlmap backdoor uploader" not in uplPage:
+            if "sqlmap file uploader" not in uplPage:
                 warnMsg  = "unable to upload the uploader "
                 warnMsg += "agent on '%s'" % directory
                 logger.warn(warnMsg)
@@ -200,6 +200,5 @@ class Web:
             logger.info(infoMsg)
 
             break
-        
+
         backdoorStream.name = backdoorStream.old_name
-