From 7b8316728c10230fd5fb42f9e16a240ab95b5357 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Fri, 29 Jan 2010 00:09:05 +0000 Subject: [PATCH] Major bug fix in takeover functionalities on Microsoft SQL Server --- doc/ChangeLog | 2 +- lib/takeover/xp_cmdshell.py | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 78b3220ee..3d7a800c8 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -42,7 +42,7 @@ sqlmap (0.8-1) stable; urgency=low * Added simple file encryption/compression utility, extra/cloak/cloak.py used by sqlmap to decrypt on the fly Churrasco executable and web shells consequently reduced drastically the number of anti virus - softwares that mistakenly mark sqlmap as a malware (Miroslav) + softwares that mistakenly mark sqlmap as a malware (Miroslav). -- Bernardo Damele A. G. Mon, 1 Mar 2010 10:00:00 +0000 diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index c1bce580c..89e5dfab2 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -103,7 +103,7 @@ class xp_cmdshell: self.xpCmdshellExecCmd(cmd) def __xpCmdshellCheck(self): - query = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec + 2)) + query = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec * 2)) duration = timeUse(query) if duration >= conf.timeSec: @@ -112,14 +112,15 @@ class xp_cmdshell: return False def xpCmdshellForgeCmd(self, cmd): - return "EXEC %s '%s'" % (self.xpCmdshellStr, cmd) + forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd) + forgedCmd = urlencode(forgedCmd, convall=True) + + return forgedCmd def xpCmdshellExecCmd(self, cmd, silent=False, forgeCmd=False): if forgeCmd: cmd = self.xpCmdshellForgeCmd(cmd) - cmd = urlencode(cmd, convall=True) - inject.goStacked(cmd, silent) def xpCmdshellEvalCmd(self, cmd, first=None, last=None):