Merge pull request #466 from Meatballs1/xp_cmdshell_output

Unable to retrieve XP_Cmdshell Output
2025-01-23 15:54:24 +03:00 · 2013-06-18 00:47:08 -07:00 · 2013-06-18 00:47:08 -07:00 · aff7092736
commit aff7092736
parent 9a6f5a95f5 c5087399c1
1 changed files with 6 additions and 2 deletions
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@ -106,7 +106,7 @@ class Xp_cmdshell:

        if output == "1":
            logger.info("xp_cmdshell extended procedure is usable")
-        elif isNoneValue(output):
+        elif isNoneValue(output) and conf.dbmsCred:
            errMsg = "it seems that the temporary directory ('%s') used for " % self.getRemoteTempPath()
            errMsg += "storing console output within the back-end file system "
            errMsg += "does not have writing permissions for the DBMS process. "
@ -114,6 +114,8 @@ class Xp_cmdshell:
            errMsg += "--tmp-path switch or you will not be able to retrieve "
            errMsg += "the commands output"
            logger.error(errMsg)
+	elif isNoneValue(output):
+	    logger.error("unable to retrieve xp_cmdshell output")
        else:
            logger.info("xp_cmdshell extended procedure is usable")

@ -207,9 +209,11 @@ class Xp_cmdshell:

            query = "SELECT %s FROM %s ORDER BY id" % (self.tblField, self.cmdTblName)

+	    output = None
            if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
                output = inject.getValue(query, resumeValue=False, blind=False, time=False)
-            else:
+
+	    if (output is None) or len(output)==0 or output[0] is None:
                output = []
                count = inject.getValue("SELECT COUNT(id) FROM %s" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)