Refactoring shell files

2024-11-22 01:26:42 +03:00 · 2017-11-22 15:59:29 +01:00 · 2017-11-22 15:59:29 +01:00 · 7d6a3c4034
commit 7d6a3c4034
parent 02274f6db1
12 changed files with 15 additions and 19 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.1.11.28"
+VERSION = "1.1.11.29"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -266,9 +266,9 @@ class Web:
            directories = _

        backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
-        backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi))
+        backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webApi))

-        stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
+        stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi))

        for directory in directories:
            if not directory:
@ -323,7 +323,7 @@ class Web:
                    os.close(handle)

                    with open(filename, "w+b") as f:
-                        _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
+                        _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi))
                        _ = _.replace("WRITABLE_DIR", utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory))
                        f.write(_)

--- a/shell/README.txt
+++ b/shell/README.txt
@ -1,8 +1,4 @@
-Due to the anti-virus positive detection of shell scripts stored inside
-this folder, we needed to somehow circumvent this. As from the plain
-sqlmap users perspective nothing has to be done prior to their usage by
-sqlmap, but if you want to have access to their original source code use
-the decrypt functionality of the ../extra/cloak/cloak.py utility.
+Due to the anti-virus positive detection of shell scripts stored inside this folder, we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing has to be done prior to their usage by sqlmap, but if you want to have access to their original source code use the decrypt functionality of the ../extra/cloak/cloak.py utility.

 To prepare the original scripts to the cloaked form use this command:
 find backdoor.* stager.* -type f -exec python ../extra/cloak/cloak.py -i '{}' \;
--- a/shell/backdoors/backdoor.asp_
+++ b/shell/backdoors/backdoor.asp_
--- a/shell/backdoors/backdoor.aspx_
+++ b/shell/backdoors/backdoor.aspx_
--- a/shell/backdoors/backdoor.jsp_
+++ b/shell/backdoors/backdoor.jsp_
--- a/shell/backdoors/backdoor.php_
+++ b/shell/backdoors/backdoor.php_
--- a/shell/stagers/stager.asp_
+++ b/shell/stagers/stager.asp_
--- a/shell/stagers/stager.aspx_
+++ b/shell/stagers/stager.aspx_
--- a/shell/stagers/stager.jsp_
+++ b/shell/stagers/stager.jsp_
--- a/shell/stagers/stager.php_
+++ b/shell/stagers/stager.php_
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -46,7 +46,7 @@ e1c000db9be27f973569b1a430629037  lib/core/option.py
 760d9df2a27ded29109b390ab202e72d  lib/core/replication.py
 a2466b62e67f8b31736bac4dac590e51  lib/core/revision.py
 02d4762140a72fd44668d3dab5eabda9  lib/core/session.py
-5ceb1024ba6d68a0c961e1013cfc39d9  lib/core/settings.py
+2f2e18f8680289ea1669105dd0cfb54a  lib/core/settings.py
 35bffbad762eb9e03db9e93b1c991103  lib/core/shell.py
 a59ec28371ae067a6fdd8f810edbee3d  lib/core/subprocessng.py
 d5a04d672a18f78deb2839c3745ff83c  lib/core/target.py
@ -85,7 +85,7 @@ a53a068f7b5651fca1ae8da932ba4d96  lib/takeover/icmpsh.py
 ac3f47b2f8d2cd530512405b4a23a9db  lib/takeover/metasploit.py
 3309f439e0cb68a707dc3a3c807645b0  lib/takeover/registry.py
 21b6eff33f5d28c5e167a948976817cb  lib/takeover/udf.py
-916917ef27d12544fdc68265ba28f70e  lib/takeover/web.py
+e49d1213f9ae0c0f922c5aef4febe205  lib/takeover/web.py
 d3080bf68b4b85ed2c98af5de74e8b73  lib/takeover/xp_cmdshell.py
 ab58650253fdad04e7a53a4e4d36df8a  lib/techniques/blind/inference.py
 5fb9aaf874daa47ea2b672a22740e56b  lib/techniques/blind/__init__.py
@ -215,14 +215,14 @@ f65197bb16a0c7b243a322cf89715891  plugins/generic/syntax.py
 659b5821b3bfc4c8ef94759bbf968b25  plugins/generic/takeover.py
 65524d3fc3373c4ec241a6358f634bbd  plugins/generic/users.py
 5fb9aaf874daa47ea2b672a22740e56b  plugins/__init__.py
-b04db3e861edde1f9dd0a3850d5b96c8  shell/backdoor.asp_
-158bfa168128393dde8d6ed11fe9a1b8  shell/backdoor.aspx_
-1add5a9a67539e7fd1999c8c20a69d15  shell/backdoor.jsp_
-09fc3ed6543f4d1885e338b271e5e97a  shell/backdoor.php_
-0e7aba05423c272f051f31165b0e416d  shell/stager.asp_
-c3cc8b7727161e64ab59f312c33b541a  shell/stager.aspx_
-1f7f125f30e0e800beb21e2ebbab18e1  shell/stager.jsp_
-01e3505e796edf19aad6a996101c81c9  shell/stager.php_
+b04db3e861edde1f9dd0a3850d5b96c8  shell/backdoors/backdoor.asp_
+158bfa168128393dde8d6ed11fe9a1b8  shell/backdoors/backdoor.aspx_
+1add5a9a67539e7fd1999c8c20a69d15  shell/backdoors/backdoor.jsp_
+09fc3ed6543f4d1885e338b271e5e97a  shell/backdoors/backdoor.php_
+0e7aba05423c272f051f31165b0e416d  shell/stagers/stager.asp_
+c3cc8b7727161e64ab59f312c33b541a  shell/stagers/stager.aspx_
+1f7f125f30e0e800beb21e2ebbab18e1  shell/stagers/stager.jsp_
+01e3505e796edf19aad6a996101c81c9  shell/stagers/stager.php_
 c737efc0afe782c5dcfec9d27e827515  sqlmapapi.py
 5055a9d152e379fd7d55cbbf06025834  sqlmap.py
 ba9bb7b0fbfbd408c24bc99b3c8f0fd9  tamper/apostrophemask.py