From 9579a97039c9e9e774a387806b7c26eae10c5729 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 24 Nov 2010 11:38:27 +0000
Subject: [PATCH] now ASPX works too for --os-shell

---
 lib/core/common.py  | 10 ++++++++++
 lib/takeover/web.py |  6 ++++++
 2 files changed, 16 insertions(+)

diff --git a/lib/core/common.py b/lib/core/common.py
index ac74fb1bb..58245c045 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1626,3 +1626,13 @@ def getPublicTypeMembers(type_):
             retVal.append((name, value))
 
     return retVal
+
+def extractRegexResult(regex, content):
+    retVal = None
+
+    if regex and content and '?P<result>' in regex:
+        match = re.search(regex, content)
+        if match:
+            retVal = match.group("result")
+
+    return retVal
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index 9da6cfe31..66bd61247 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -15,6 +15,7 @@ import re
 from extra.cloak.cloak import decloak
 from lib.core.agent import agent
 from lib.core.common import decloakToNamedTemporaryFile
+from lib.core.common import extractRegexResult
 from lib.core.common import getDirs
 from lib.core.common import getDocRoot
 from lib.core.common import ntToPosixSlashes
@@ -83,6 +84,11 @@ class Web:
                                 "uploadDir": directory,
                               }
 
+            if self.webApi == "aspx":
+                page = Request.getPage(url=self.webStagerUrl, content=True, raise404=False)
+                multipartParams['__EVENTVALIDATION'] = extractRegexResult(r"__EVENTVALIDATION[^>]+value=\"(?P<result>[^\"]+)\"", page[0])
+                multipartParams['__VIEWSTATE'] = extractRegexResult(r"__VIEWSTATE[^>]+value=\"(?P<result>[^\"]+)\"", page[0])
+
             page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False)
 
             if "File uploaded" not in page: