some refactoring regarding decloaking

2025-02-03 05:04:11 +03:00 · 2010-01-28 16:50:34 +00:00 · 2010-01-28 16:50:34 +00:00 · 732ed48e2b
commit 732ed48e2b
parent dcbbad642d
3 changed files with 20 additions and 19 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -32,7 +32,9 @@ import time
 import urlparse
 import ntpath
 import posixpath
+from tempfile import NamedTemporaryFile

+from extra.cloak.cloak import decloak
 from lib.contrib import magic
 from lib.core.data import conf
 from lib.core.data import kb
@ -47,7 +49,6 @@ from lib.core.settings import IS_WIN
 from lib.core.settings import SQL_STATEMENTS
 from lib.core.settings import VERSION_STRING

-
 def paramToDict(place, parameters=None):
    """
    Split the parameters into names and values, check if these parameters
@ -874,4 +875,12 @@ def safeStringFormat(formatStr, params):

 def sanitizeAsciiString(string):
    return "".join(char if ord(char) < 128 else '?' for char in string)
-    
+
+def decloakToNamedTemporaryFile(filepath, name=None):
+    retVal = NamedTemporaryFile()
+    retVal.write(decloak(filepath))
+    retVal.seek(0)
+    if name:
+        retVal.old_name = retVal.name
+        retVal.name = name
+    return retVal
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -24,10 +24,9 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import os
 import re
-from tempfile import NamedTemporaryFile

-from extra.cloak.cloak import decloak
 from lib.core.agent import agent
+from lib.core.common import decloakToNamedTemporaryFile
 from lib.core.common import fileToStr
 from lib.core.common import getDirs
 from lib.core.common import getDocRoot
@ -77,10 +76,10 @@ class Web:

    def webFileUpload(self, fileToUpload, destFileName, directory):
        file = open(fileToUpload, "r")
-        self.webFileStreamUpload(file, destFileName, directory)
+        self.__webFileStreamUpload(file, destFileName, directory)
        file.close()
        
-    def webFileStreamUpload(self, stream, destFileName, directory):
+    def __webFileStreamUpload(self, stream, destFileName, directory):
        if self.webApi == "php":
            multipartParams = {
                                "upload":    "1",
@ -157,11 +156,7 @@ class Web:
                logger.warn("invalid value, it must be 1 or 3")

        backdoorName = "backdoor.%s" % self.webApi
-        backdoorStream = NamedTemporaryFile()
-        originalTempName = backdoorStream.name
-        backdoorStream.name = backdoorName
-        backdoorStream.write(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_')))
-        backdoorStream.seek(0)
+        backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName)
        
        uploaderName = "uploader.%s" % self.webApi
        uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_'))
@ -194,7 +189,7 @@ class Web:
            infoMsg += "on '%s'" % directory
            logger.info(infoMsg)

-            self.webFileStreamUpload(backdoorStream, backdoorName, directory)
+            self.__webFileStreamUpload(backdoorStream, backdoorName, directory)
            self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
            self.webDirectory = directory

@ -205,5 +200,5 @@ class Web:

            break
        
-        backdoorStream.name = originalTempName
-        
+        backdoorStream.name = backdoorStream.old_name
+        
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -24,10 +24,9 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import os
 import re
-from tempfile import NamedTemporaryFile

-from extra.cloak.cloak import decloak
 from lib.core.agent import agent
+from lib.core.common import decloakToNamedTemporaryFile
 from lib.core.common import fileToStr
 from lib.core.common import getDirs
 from lib.core.common import getDocRoot
@ -67,9 +66,7 @@ class Takeover(Abstraction, Metasploit, Registry):
        output = readInput(msg, default="Y")

        if not output or output[0] in ( "y", "Y" ):
-            tmpFile = NamedTemporaryFile()
-            tmpFile.write(decloak(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_")))
-            tmpFile.seek(0)
+            tmpFile = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_"))
            
            wFile                 = tmpFile.name
            self.churrascoPath    = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))