diff --git a/lib/core/common.py b/lib/core/common.py index 3ed1975f8..5c5a7e147 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -32,7 +32,9 @@ import time import urlparse import ntpath import posixpath +from tempfile import NamedTemporaryFile +from extra.cloak.cloak import decloak from lib.contrib import magic from lib.core.data import conf from lib.core.data import kb @@ -47,7 +49,6 @@ from lib.core.settings import IS_WIN from lib.core.settings import SQL_STATEMENTS from lib.core.settings import VERSION_STRING - def paramToDict(place, parameters=None): """ Split the parameters into names and values, check if these parameters @@ -874,4 +875,12 @@ def safeStringFormat(formatStr, params): def sanitizeAsciiString(string): return "".join(char if ord(char) < 128 else '?' for char in string) - \ No newline at end of file + +def decloakToNamedTemporaryFile(filepath, name=None): + retVal = NamedTemporaryFile() + retVal.write(decloak(filepath)) + retVal.seek(0) + if name: + retVal.old_name = retVal.name + retVal.name = name + return retVal diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 8d2fbfd59..30994d334 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -24,10 +24,9 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import os import re -from tempfile import NamedTemporaryFile -from extra.cloak.cloak import decloak from lib.core.agent import agent +from lib.core.common import decloakToNamedTemporaryFile from lib.core.common import fileToStr from lib.core.common import getDirs from lib.core.common import getDocRoot @@ -77,10 +76,10 @@ class Web: def webFileUpload(self, fileToUpload, destFileName, directory): file = open(fileToUpload, "r") - self.webFileStreamUpload(file, destFileName, directory) + self.__webFileStreamUpload(file, destFileName, directory) file.close() - def webFileStreamUpload(self, stream, destFileName, directory): + def __webFileStreamUpload(self, stream, destFileName, directory): if self.webApi == "php": multipartParams = { "upload": "1", @@ -157,11 +156,7 @@ class Web: logger.warn("invalid value, it must be 1 or 3") backdoorName = "backdoor.%s" % self.webApi - backdoorStream = NamedTemporaryFile() - originalTempName = backdoorStream.name - backdoorStream.name = backdoorName - backdoorStream.write(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'))) - backdoorStream.seek(0) + backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName) uploaderName = "uploader.%s" % self.webApi uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_')) @@ -194,7 +189,7 @@ class Web: infoMsg += "on '%s'" % directory logger.info(infoMsg) - self.webFileStreamUpload(backdoorStream, backdoorName, directory) + self.__webFileStreamUpload(backdoorStream, backdoorName, directory) self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName) self.webDirectory = directory @@ -205,5 +200,5 @@ class Web: break - backdoorStream.name = originalTempName - + backdoorStream.name = backdoorStream.old_name + \ No newline at end of file diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 1685d215d..c87394f30 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -24,10 +24,9 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import os import re -from tempfile import NamedTemporaryFile -from extra.cloak.cloak import decloak from lib.core.agent import agent +from lib.core.common import decloakToNamedTemporaryFile from lib.core.common import fileToStr from lib.core.common import getDirs from lib.core.common import getDocRoot @@ -67,9 +66,7 @@ class Takeover(Abstraction, Metasploit, Registry): output = readInput(msg, default="Y") if not output or output[0] in ( "y", "Y" ): - tmpFile = NamedTemporaryFile() - tmpFile.write(decloak(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_"))) - tmpFile.seek(0) + tmpFile = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_")) wFile = tmpFile.name self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))