I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes

This commit is contained in:
Bernardo Damele 2012-07-01 23:25:05 +01:00
parent d7cd55fb28
commit ab412da27f
14 changed files with 25 additions and 28 deletions

View File

@ -80,7 +80,7 @@ class ICMPsh:
if web:
self.webFileUpload(self.__icmpslave, self.__icmpslaveRemote, self.webDirectory)
else:
self.writeFile(self.__icmpslave, self.__icmpslaveRemote, "binary", False)
self.writeFile(self.__icmpslave, self.__icmpslaveRemote, "binary")
def icmpPwn(self):
self.__prepareIngredients()

View File

@ -554,7 +554,7 @@ class Metasploit:
if web:
self.webFileUpload(self.shellcodeexecLocal, self.shellcodeexecRemote, self.webDirectory)
else:
self.writeFile(self.shellcodeexecLocal, self.shellcodeexecRemote, "binary", False)
self.writeFile(self.shellcodeexecLocal, self.shellcodeexecRemote, "binary")
def pwn(self, goUdf=False):
if goUdf:

View File

@ -65,7 +65,7 @@ class Registry:
logger.debug("creating batch file '%s'" % self.__batPathRemote)
self.__createLocalBatchFile()
self.writeFile(self.__batPathLocal, self.__batPathRemote, "text", False)
self.writeFile(self.__batPathLocal, self.__batPathRemote, "text")
os.unlink(self.__batPathLocal)

View File

@ -156,7 +156,7 @@ class UDF:
if len(self.udfToCreate) > 0:
self.udfSetRemotePath()
self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", False)
self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary")
for udf, inpRet in udfDict.items():
if udf in self.udfToCreate and udf not in self.createdUdf:

View File

@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
errMsg = "on Microsoft Access it is not possible to read files"
raise sqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Microsoft Access it is not possible to write files"
raise sqlmapUnsupportedFeatureException, errMsg

View File

@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
errMsg = "on Firebird it is not possible to read files"
raise sqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Firebird it is not possible to write files"
raise sqlmapUnsupportedFeatureException, errMsg

View File

@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
errMsg = "on SAP MaxDB reading of files is not supported"
raise sqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on SAP MaxDB writing of files is not supported"
raise sqlmapUnsupportedFeatureException, errMsg

View File

@ -164,7 +164,7 @@ class Filesystem(GenericFilesystem):
return result
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "Microsoft SQL Server does not support file upload with "
errMsg += "UNION query SQL injection technique"
raise sqlmapUnsupportedFeatureException(errMsg)
@ -332,7 +332,7 @@ class Filesystem(GenericFilesystem):
self.execCmd(complComm)
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
def stackedWriteFile(self, wFile, dFile, fileType):
# NOTE: this is needed here because we use xp_cmdshell extended
# procedure to write a file on the back-end Microsoft SQL Server
# file system

View File

@ -59,7 +59,7 @@ class Filesystem(GenericFilesystem):
warnMsg += "file '%s'" % rFile
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
warnMsg += ", going to fall-back to simpler technique"
warnMsg += ", going to fall-back to simpler UNION technique"
logger.warn(warnMsg)
result = self.unionReadFile(rFile)
else:
@ -80,7 +80,7 @@ class Filesystem(GenericFilesystem):
return result
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
def unionWriteFile(self, wFile, dFile, fileType):
logger.debug("encoding file to its hexadecimal string value")
fcEncodedList = self.fileEncode(wFile, "hex", True)
@ -100,14 +100,13 @@ class Filesystem(GenericFilesystem):
sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile)
unionUse(sqlQuery, unpack=False)
if confirm:
self.askCheckWrittenFile(wFile, dFile, fileType)
warnMsg = "expect junk characters inside the "
warnMsg += "file as a leftover from UNION query"
singleTimeWarnMessage(warnMsg)
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
def stackedWriteFile(self, wFile, dFile, fileType):
debugMsg = "creating a support table to write the hexadecimal "
debugMsg += "encoded file to"
logger.debug(debugMsg)
@ -134,5 +133,4 @@ class Filesystem(GenericFilesystem):
# Reference: http://dev.mysql.com/doc/refman/5.1/en/select.html
inject.goStacked("SELECT %s FROM %s INTO DUMPFILE '%s'" % (self.tblField, self.fileTblName, dFile), silent=True)
if confirm:
self.askCheckWrittenFile(wFile, dFile, fileType)

View File

@ -17,7 +17,7 @@ class Filesystem(GenericFilesystem):
errMsg += "Oracle"
raise sqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "File system write access not yet implemented for "
errMsg += "Oracle"
raise sqlmapUnsupportedFeatureException, errMsg

View File

@ -33,12 +33,12 @@ class Filesystem(GenericFilesystem):
return self.udfEvalCmd(cmd=rFile, udfName="sys_fileread")
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "PostgreSQL does not support file upload with UNION "
errMsg += "query SQL injection technique"
raise sqlmapUnsupportedFeatureException, errMsg
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
def stackedWriteFile(self, wFile, dFile, fileType):
wFileSize = os.path.getsize(wFile)
if wFileSize > 8192:
@ -115,7 +115,6 @@ class Filesystem(GenericFilesystem):
# (pg_largeobject 'data' field)
inject.goStacked("SELECT lo_export(%d, '%s')" % (self.oid, dFile), silent=True)
if confirm:
self.askCheckWrittenFile(wFile, dFile, fileType)
inject.goStacked("SELECT lo_unlink(%d)" % self.oid)

View File

@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
errMsg = "on SQLite it is not possible to read files"
raise sqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on SQLite it is not possible to write files"
raise sqlmapUnsupportedFeatureException, errMsg

View File

@ -16,6 +16,6 @@ class Filesystem(GenericFilesystem):
errMsg = "on Sybase it is not possible to read files"
raise sqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Sybase it is not possible to write files"
raise sqlmapUnsupportedFeatureException, errMsg

View File

@ -176,12 +176,12 @@ class Filesystem:
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "'unionWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
def stackedWriteFile(self, wFile, dFile, fileType):
errMsg = "'stackedWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
@ -235,7 +235,7 @@ class Filesystem:
return rFilePath
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
def writeFile(self, wFile, dFile, fileType=None):
self.checkDbmsOs()
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
@ -244,14 +244,14 @@ class Filesystem:
debugMsg += "stacked query SQL injection technique"
logger.debug(debugMsg)
self.stackedWriteFile(wFile, dFile, fileType, confirm)
self.stackedWriteFile(wFile, dFile, fileType)
self.cleanup(onlyFileTbl=True)
elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL):
debugMsg = "going to upload the %s file with " % fileType
debugMsg += "UNION query SQL injection technique"
logger.debug(debugMsg)
self.unionWriteFile(wFile, dFile, fileType, confirm)
self.unionWriteFile(wFile, dFile, fileType)
else:
errMsg = "none of the SQL injection techniques detected can "
errMsg += "be used to write files to the underlying file "