From a1b1f960cc16e0e0f6d848a01b158e13dff62f74 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Fri, 23 Apr 2010 16:34:20 +0000 Subject: [PATCH] Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function --- lib/core/common.py | 14 +++++++------- lib/core/option.py | 10 +++++----- lib/core/settings.py | 2 +- lib/request/basic.py | 7 ++++--- lib/request/connect.py | 1 - lib/request/inject.py | 1 - lib/takeover/metasploit.py | 3 ++- lib/takeover/web.py | 8 ++++++-- plugins/dbms/mssqlserver/filesystem.py | 3 ++- plugins/dbms/mysql/takeover.py | 4 ++-- plugins/generic/misc.py | 2 +- 11 files changed, 30 insertions(+), 25 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index dabdf8833..e0e14a314 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -249,13 +249,14 @@ def getDocRoot(webApi=None): for absFilePath in kb.absFilePaths: if directoryPath(absFilePath) == '/': continue + absFilePath = normalizePath(absFilePath) absFilePathWin = None if isWindowsPath(absFilePath): absFilePathWin = posixToNtSlashes(absFilePath) absFilePath = ntToPosixSlashes(absFilePath[2:]) - elif isWindowsDriveLetterPath(absFilePath): #e.g. C:/xampp/htdocs + elif isWindowsDriveLetterPath(absFilePath): # E.g. C:/xampp/htdocs absFilePath = absFilePath[2:] if pagePath in absFilePath: @@ -309,10 +310,13 @@ def getDirs(webApi=None): for absFilePath in kb.absFilePaths: if absFilePath: directory = directoryPath(absFilePath) + if isWindowsPath(directory): directory = ntToPosixSlashes(directory) + if directory == '/': continue + directories.add(directory) else: warnMsg = "unable to retrieve any web server path" @@ -981,7 +985,7 @@ def urlEncodeCookieValues(cookieStr): def directoryPath(path): retVal = None - if isWindowsPath(path): + if isWindowsDriveLetterPath(path): retVal = ntpath.dirname(path) else: retVal = posixpath.dirname(path) @@ -989,13 +993,9 @@ def directoryPath(path): return retVal def normalizePath(path): - """ - This function must be called only after posixToNtSlashes() - and ntToPosixSlashes() - """ retVal = None - if isWindowsPath(path): + if isWindowsDriveLetterPath(path): retVal = ntpath.normpath(path) else: retVal = posixpath.normpath(path) diff --git a/lib/core/option.py b/lib/core/option.py index ddfe2b8f4..c5ed6eddd 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -852,19 +852,19 @@ def __cleanupOptions(): conf.delay = float(conf.delay) if conf.rFile: - conf.rFile = normalizePath(ntToPosixSlashes(conf.rFile)) + conf.rFile = ntToPosixSlashes(normalizePath(conf.rFile)) if conf.wFile: - conf.wFile = normalizePath(ntToPosixSlashes(conf.wFile)) + conf.wFile = ntToPosixSlashes(normalizePath(conf.wFile)) if conf.dFile: - conf.dFile = normalizePath(ntToPosixSlashes(conf.dFile)) + conf.dFile = ntToPosixSlashes(normalizePath(conf.dFile)) if conf.msfPath: - conf.msfPath = normalizePath(ntToPosixSlashes(conf.msfPath)) + conf.msfPath = ntToPosixSlashes(normalizePath(conf.msfPath)) if conf.tmpPath: - conf.tmpPath = normalizePath(ntToPosixSlashes(conf.tmpPath)) + conf.tmpPath = ntToPosixSlashes(normalizePath(conf.tmpPath)) if conf.googleDork or conf.list: conf.multipleTargets = True diff --git a/lib/core/settings.py b/lib/core/settings.py index 76aef8979..23d6c03b8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -113,7 +113,7 @@ SQL_STATEMENTS = { "grant ", ), "SQL data execution": ( - "exec ", + " exec ", "execute ", ), "SQL transaction": ( diff --git a/lib/request/basic.py b/lib/request/basic.py index e16bda0fd..e99b81dee 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -28,8 +28,7 @@ import re import StringIO import zlib -from lib.core.common import directoryPath -from lib.core.common import isWindowsPath +from lib.core.common import isWindowsDriveLetterPath from lib.core.common import posixToNtSlashes from lib.core.common import urlEncodeCookieValues from lib.core.data import conf @@ -83,8 +82,10 @@ def parseResponse(page, headers): for match in reobj.finditer(page): absFilePath = match.group("result").strip() page = page.replace(absFilePath, "") - if isWindowsPath(absFilePath): + + if isWindowsDriveLetterPath(absFilePath): absFilePath = posixToNtSlashes(absFilePath) + if absFilePath not in kb.absFilePaths: kb.absFilePaths.add(absFilePath) diff --git a/lib/request/connect.py b/lib/request/connect.py index edcebad93..4190771ea 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -38,7 +38,6 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.common import sanitizeAsciiString from lib.core.exception import sqlmapConnectionException -from lib.core.settings import SQL_STATEMENTS from lib.request.basic import decodePage from lib.request.basic import forgeHeaders from lib.request.basic import parseResponse diff --git a/lib/request/inject.py b/lib/request/inject.py index cd2913f4c..4068e4f22 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -38,7 +38,6 @@ from lib.core.data import queries from lib.core.data import temp from lib.request.connect import Connect as Request from lib.request.direct import direct -from lib.core.settings import SQL_STATEMENTS from lib.techniques.inband.union.use import unionUse from lib.techniques.blind.inference import bisection from lib.utils.resume import queryOutputLength diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 399c3cce9..61de8dac6 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -36,6 +36,7 @@ from lib.core.common import dataToStdout from lib.core.common import getLocalIP from lib.core.common import getRemoteIP from lib.core.common import normalizePath +from lib.core.common import ntToPosixSlashes from lib.core.common import pollProcess from lib.core.common import randomRange from lib.core.common import randomStr @@ -635,7 +636,7 @@ class Metasploit: else: self.exeFilePathRemote = "%s/%s" % (conf.tmpPath, os.path.basename(self.exeFilePathLocal)) - self.exeFilePathRemote = normalizePath(self.exeFilePathRemote) + self.exeFilePathRemote = ntToPosixSlashes(normalizePath(self.exeFilePathRemote)) logger.info("uploading payload stager to '%s'" % self.exeFilePathRemote) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 97c441b71..db5fa995c 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -178,12 +178,16 @@ class Web: # Upload the uploader agent self.__webFileInject(uploaderContent, uploaderName, directory) requestDir = ntToPosixSlashes(directory) + if requestDir[-1] != '/': requestDir += '/' - requestDir = requestDir.replace(ntToPosixSlashes(kb.docRoot), "/") + + requestDir = requestDir.replace(ntToPosixSlashes(kb.docRoot), "/") + if isWindowsDriveLetterPath(requestDir): requestDir = requestDir[2:] - requestDir = normalizePath(requestDir) + + requestDir = normalizePath(requestDir) self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir) self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName) diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 147d73c63..9aba348c5 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -22,6 +22,7 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ +import ntpath import os from lib.core.common import getRange @@ -146,8 +147,8 @@ class Filesystem(GenericFilesystem): debugSize = 0xFF00 tmpPath = posixToNtSlashes(conf.tmpPath) - dFileName = os.path.split(dFile)[1] dFile = posixToNtSlashes(dFile) + dFileName = ntpath.basename(dFile) wFileSize = os.path.getsize(wFile) wFilePointer = open(wFile, "rb") wFileContent = wFilePointer.read() diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 7e2e418c8..5f818749c 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -57,7 +57,7 @@ class Takeover(GenericTakeover): # Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_basedir self.__basedir = inject.getValue("SELECT @@basedir") - self.__basedir = normalizePath(ntToPosixSlashes(self.__basedir)) + self.__basedir = ntToPosixSlashes(normalizePath(self.__basedir)) if re.search("^[\w]\:[\/\\\\]+", self.__basedir, re.I): kb.os = "Windows" @@ -78,7 +78,7 @@ class Takeover(GenericTakeover): # NOTE: specifying the relative path as './udf.dll' # saves in @@datadir on both MySQL 4.1 and MySQL 5.0 self.__datadir = "." - self.__datadir = normalizePath(ntToPosixSlashes(self.__datadir)) + self.__datadir = ntToPosixSlashes(normalizePath(self.__datadir)) if re.search("[\w]\:\/", self.__datadir, re.I): kb.os = "Windows" diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 5ef82e0be..5dd95ad84 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -72,8 +72,8 @@ class Miscellaneous: if re.search("\A[\w]:[\/\\\\]+", conf.tmpPath, re.I): kb.os = "Windows" - conf.tmpPath = ntToPosixSlashes(conf.tmpPath) conf.tmpPath = normalizePath(conf.tmpPath) + conf.tmpPath = ntToPosixSlashes(conf.tmpPath) setRemoteTempPath()