diff --git a/lib/core/option.py b/lib/core/option.py index ce9e97479..88b344226 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2012,6 +2012,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.threadException = False kb.tableExistsChoice = None kb.uChar = NULL + kb.udfFail = False kb.unionDuplicates = False kb.wizardMode = False kb.xpCmdshellAvailable = False diff --git a/lib/core/settings.py b/lib/core/settings.py index bcdee8144..dfafb47c7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.10.21" +VERSION = "1.3.10.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index d4c2b4c51..accc9f6a2 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -16,6 +16,7 @@ from lib.core.common import isStackingAvailable from lib.core.common import readInput from lib.core.convert import getUnicode from lib.core.data import conf +from lib.core.data import kb from lib.core.data import logger from lib.core.enums import AUTOCOMPLETE_TYPE from lib.core.enums import DBMS @@ -48,7 +49,7 @@ class Abstraction(Web, UDF, XP_cmdshell): if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): self.copyExecCmd(cmd) - elif self.webBackdoorUrl and not isStackingAvailable(): + elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): self.webBackdoorRunCmd(cmd) elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): @@ -67,7 +68,7 @@ class Abstraction(Web, UDF, XP_cmdshell): if Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec(): retVal = self.copyExecCmd(cmd) - elif self.webBackdoorUrl and not isStackingAvailable(): + elif self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): retVal = self.webBackdoorRunCmd(cmd) elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): @@ -104,7 +105,7 @@ class Abstraction(Web, UDF, XP_cmdshell): self.execCmd(cmd) def shell(self): - if self.webBackdoorUrl and not isStackingAvailable(): + if self.webBackdoorUrl and (not isStackingAvailable() or kb.udfFail): infoMsg = "calling OS shell. To quit type " infoMsg += "'x' or 'q' and press ENTER" logger.info(infoMsg) diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 2659765ed..3f1793317 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -137,7 +137,7 @@ class Miscellaneous(object): self.delRemoteFile(self.webStagerFilePath) self.delRemoteFile(self.webBackdoorFilePath) - if not isStackingAvailable() and not conf.direct: + if (not isStackingAvailable() or kb.udfFail) and not conf.direct: return if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and kb.copyExecTest: diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index d3c32cbd4..42033b2c2 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -15,6 +15,7 @@ from lib.core.common import openFile from lib.core.common import readInput from lib.core.common import runningAsAdmin from lib.core.data import conf +from lib.core.data import kb from lib.core.data import logger from lib.core.enums import DBMS from lib.core.enums import OS @@ -79,7 +80,20 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry): raise SqlmapNotVulnerableException(errMsg) self.getRemoteTempPath() - self.initEnv(web=web) + + try: + self.initEnv(web=web) + except SqlmapFilePathException: + if not web: + infoMsg = "falling back to web backdoor method..." + logger.info(infoMsg) + + web = True + kb.udfFail = True + + self.initEnv(web=web) + else: + raise if not web or (web and self.webBackdoorUrl is not None): self.shell()