sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

some refactoring regarding decloaking

Browse Source
This commit is contained in:
Miroslav Stampar 2010-01-28 16:50:34 +00:00
parent dcbbad642d
commit 732ed48e2b
3 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/core/common.py
View File

@ -32,7 +32,9 @@ import time
import urlparse import urlparse
import ntpath import ntpath
import posixpath import posixpath
from tempfile import NamedTemporaryFile
from extra.cloak.cloak import decloak
from lib.contrib import magic from lib.contrib import magic
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -47,7 +49,6 @@ from lib.core.settings import IS_WIN
from lib.core.settings import SQL_STATEMENTS from lib.core.settings import SQL_STATEMENTS
from lib.core.settings import VERSION_STRING from lib.core.settings import VERSION_STRING
def paramToDict(place, parameters=None): def paramToDict(place, parameters=None):
""" """
Split the parameters into names and values, check if these parameters Split the parameters into names and values, check if these parameters
@ -874,4 +875,12 @@ def safeStringFormat(formatStr, params):
def sanitizeAsciiString(string): def sanitizeAsciiString(string):
return "".join(char if ord(char) < 128 else '?' for char in string) return "".join(char if ord(char) < 128 else '?' for char in string)
def decloakToNamedTemporaryFile(filepath, name=None):
retVal = NamedTemporaryFile()
retVal.write(decloak(filepath))
retVal.seek(0)
if name:
retVal.old_name = retVal.name
retVal.name = name
return retVal

19
lib/takeover/web.py
View File

@ -24,10 +24,9 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import os import os
import re import re
from tempfile import NamedTemporaryFile
from extra.cloak.cloak import decloak
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import decloakToNamedTemporaryFile
from lib.core.common import fileToStr from lib.core.common import fileToStr
from lib.core.common import getDirs from lib.core.common import getDirs
from lib.core.common import getDocRoot from lib.core.common import getDocRoot
@ -77,10 +76,10 @@ class Web:
def webFileUpload(self, fileToUpload, destFileName, directory): def webFileUpload(self, fileToUpload, destFileName, directory):
file = open(fileToUpload, "r") file = open(fileToUpload, "r")
self.webFileStreamUpload(file, destFileName, directory) self.__webFileStreamUpload(file, destFileName, directory)
file.close() file.close()
def webFileStreamUpload(self, stream, destFileName, directory): def __webFileStreamUpload(self, stream, destFileName, directory):
if self.webApi == "php": if self.webApi == "php":
multipartParams = { multipartParams = {
"upload": "1", "upload": "1",
@ -157,11 +156,7 @@ class Web:
logger.warn("invalid value, it must be 1 or 3") logger.warn("invalid value, it must be 1 or 3")
backdoorName = "backdoor.%s" % self.webApi backdoorName = "backdoor.%s" % self.webApi
backdoorStream = NamedTemporaryFile() backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName)
originalTempName = backdoorStream.name
backdoorStream.name = backdoorName
backdoorStream.write(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_')))
backdoorStream.seek(0)
uploaderName = "uploader.%s" % self.webApi uploaderName = "uploader.%s" % self.webApi
uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_')) uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_'))
@ -194,7 +189,7 @@ class Web:
infoMsg += "on '%s'" % directory infoMsg += "on '%s'" % directory
logger.info(infoMsg) logger.info(infoMsg)
self.webFileStreamUpload(backdoorStream, backdoorName, directory) self.__webFileStreamUpload(backdoorStream, backdoorName, directory)
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName) self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
self.webDirectory = directory self.webDirectory = directory
@ -205,5 +200,5 @@ class Web:
break break
backdoorStream.name = originalTempName backdoorStream.name = backdoorStream.old_name

7
plugins/generic/takeover.py
View File

@ -24,10 +24,9 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import os import os
import re import re
from tempfile import NamedTemporaryFile
from extra.cloak.cloak import decloak
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import decloakToNamedTemporaryFile
from lib.core.common import fileToStr from lib.core.common import fileToStr
from lib.core.common import getDirs from lib.core.common import getDirs
from lib.core.common import getDocRoot from lib.core.common import getDocRoot
@ -67,9 +66,7 @@ class Takeover(Abstraction, Metasploit, Registry):
output = readInput(msg, default="Y") output = readInput(msg, default="Y")
if not output or output[0] in ( "y", "Y" ): if not output or output[0] in ( "y", "Y" ):
tmpFile = NamedTemporaryFile() tmpFile = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_"))
tmpFile.write(decloak(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_")))
tmpFile.seek(0)
wFile = tmpFile.name wFile = tmpFile.name
self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True)) self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))