mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Patch for an Issue #1280
This commit is contained in:
parent
8b63ee9bc3
commit
7b95a2d80d
|
@ -766,8 +766,14 @@ def _setMetasploit():
|
||||||
|
|
||||||
if conf.msfPath:
|
if conf.msfPath:
|
||||||
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
|
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
|
||||||
if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole", "msfencode", "msfpayload")):
|
if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole")):
|
||||||
msfEnvPathExists = True
|
msfEnvPathExists = True
|
||||||
|
if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfvenom",)):
|
||||||
|
kb.msfVenom = True
|
||||||
|
elif all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfencode", "msfpayload")):
|
||||||
|
kb.msfVenom = False
|
||||||
|
else:
|
||||||
|
msfEnvPathExists = False
|
||||||
conf.msfPath = path
|
conf.msfPath = path
|
||||||
break
|
break
|
||||||
|
|
||||||
|
@ -798,15 +804,23 @@ def _setMetasploit():
|
||||||
for envPath in envPaths:
|
for envPath in envPaths:
|
||||||
envPath = envPath.replace(";", "")
|
envPath = envPath.replace(";", "")
|
||||||
|
|
||||||
if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole", "msfencode", "msfpayload")):
|
if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole")):
|
||||||
infoMsg = "Metasploit Framework has been found "
|
|
||||||
infoMsg += "installed in the '%s' path" % envPath
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
msfEnvPathExists = True
|
msfEnvPathExists = True
|
||||||
conf.msfPath = envPath
|
if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfvenom",)):
|
||||||
|
kb.msfVenom = True
|
||||||
|
elif all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfencode", "msfpayload")):
|
||||||
|
kb.msfVenom = False
|
||||||
|
else:
|
||||||
|
msfEnvPathExists = False
|
||||||
|
|
||||||
break
|
if msfEnvPathExists:
|
||||||
|
infoMsg = "Metasploit Framework has been found "
|
||||||
|
infoMsg += "installed in the '%s' path" % envPath
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
conf.msfPath = envPath
|
||||||
|
|
||||||
|
break
|
||||||
|
|
||||||
if not msfEnvPathExists:
|
if not msfEnvPathExists:
|
||||||
errMsg = "unable to locate Metasploit Framework installation. "
|
errMsg = "unable to locate Metasploit Framework installation. "
|
||||||
|
@ -1794,6 +1808,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.matchRatio = None
|
kb.matchRatio = None
|
||||||
kb.maxConnectionsFlag = False
|
kb.maxConnectionsFlag = False
|
||||||
kb.mergeCookies = None
|
kb.mergeCookies = None
|
||||||
|
kb.msfVenom = False
|
||||||
kb.multiThreadMode = False
|
kb.multiThreadMode = False
|
||||||
kb.negativeLogic = False
|
kb.negativeLogic = False
|
||||||
kb.nullConnection = None
|
kb.nullConnection = None
|
||||||
|
|
|
@ -24,6 +24,7 @@ from lib.core.common import randomRange
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
|
@ -63,6 +64,7 @@ class Metasploit:
|
||||||
self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
|
self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
|
||||||
self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
|
self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
|
||||||
self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
|
self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
|
||||||
|
self._msfVenom = normalizePath(os.path.join(conf.msfPath, "msfvenom"))
|
||||||
|
|
||||||
if IS_WIN:
|
if IS_WIN:
|
||||||
_ = conf.msfPath
|
_ = conf.msfPath
|
||||||
|
@ -78,6 +80,7 @@ class Metasploit:
|
||||||
self._msfCli = "%s & ruby %s" % (_, self._msfCli)
|
self._msfCli = "%s & ruby %s" % (_, self._msfCli)
|
||||||
self._msfEncode = "ruby %s" % self._msfEncode
|
self._msfEncode = "ruby %s" % self._msfEncode
|
||||||
self._msfPayload = "%s & ruby %s" % (_, self._msfPayload)
|
self._msfPayload = "%s & ruby %s" % (_, self._msfPayload)
|
||||||
|
self._msfVenom = "%s & ruby %s" % (_, self._msfVenom)
|
||||||
|
|
||||||
self._msfPayloadsList = {
|
self._msfPayloadsList = {
|
||||||
"windows": {
|
"windows": {
|
||||||
|
@ -361,7 +364,11 @@ class Metasploit:
|
||||||
self._cliCmd += " E"
|
self._cliCmd += " E"
|
||||||
|
|
||||||
def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
|
def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
|
||||||
self._payloadCmd = "%s %s" % (self._msfPayload, self.payloadConnStr)
|
if kb.msfVenom:
|
||||||
|
self._payloadCmd = "%s -p" % self._msfVenom
|
||||||
|
else:
|
||||||
|
self._payloadCmd = self._msfPayload
|
||||||
|
self._payloadCmd += " %s" % self.payloadConnStr
|
||||||
self._payloadCmd += " EXITFUNC=%s" % exitfunc
|
self._payloadCmd += " EXITFUNC=%s" % exitfunc
|
||||||
self._payloadCmd += " LPORT=%s" % self.portStr
|
self._payloadCmd += " LPORT=%s" % self.portStr
|
||||||
|
|
||||||
|
@ -373,13 +380,22 @@ class Metasploit:
|
||||||
if Backend.isOs(OS.LINUX) and conf.privEsc:
|
if Backend.isOs(OS.LINUX) and conf.privEsc:
|
||||||
self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
|
self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
|
||||||
|
|
||||||
if extra == "BufferRegister=EAX":
|
if kb.msfVenom:
|
||||||
self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
|
if extra == "BufferRegister=EAX":
|
||||||
|
self._payloadCmd += " -a x86 -e %s -f %s > \"%s\"" % (self.encoderStr, format, outFile)
|
||||||
|
|
||||||
if extra is not None:
|
if extra is not None:
|
||||||
self._payloadCmd += " %s" % extra
|
self._payloadCmd += " %s" % extra
|
||||||
|
else:
|
||||||
|
self._payloadCmd += " -f exe > \"%s\"" % outFile
|
||||||
else:
|
else:
|
||||||
self._payloadCmd += " X > \"%s\"" % outFile
|
if extra == "BufferRegister=EAX":
|
||||||
|
self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
|
||||||
|
|
||||||
|
if extra is not None:
|
||||||
|
self._payloadCmd += " %s" % extra
|
||||||
|
else:
|
||||||
|
self._payloadCmd += " X > \"%s\"" % outFile
|
||||||
|
|
||||||
def _runMsfCliSmbrelay(self):
|
def _runMsfCliSmbrelay(self):
|
||||||
self._forgeMsfCliCmdForSmbrelay()
|
self._forgeMsfCliCmdForSmbrelay()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user