From caa326774cebd4ed3773c21b1eca41265e8c2929 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sun, 16 Jun 2013 10:22:20 +0100
Subject: [PATCH 1/3] Fallback to blind

---
 lib/takeover/xp_cmdshell.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index 3e800a812..43b640ecc 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -209,7 +209,8 @@ class Xp_cmdshell:
 
             if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
                 output = inject.getValue(query, resumeValue=False, blind=False, time=False)
-            else:
+            
+	    if (output is None) or len(output)==0 or output[0] is None:
                 output = []
                 count = inject.getValue("SELECT COUNT(id) FROM %s" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
 

From 2c98507f1e2fc7c821b52a9bf41c1d13635e2820 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sun, 16 Jun 2013 10:27:08 +0100
Subject: [PATCH 2/3] Add better error msg

---
 lib/takeover/xp_cmdshell.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index 43b640ecc..e0b76af6a 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -106,7 +106,7 @@ class Xp_cmdshell:
 
         if output == "1":
             logger.info("xp_cmdshell extended procedure is usable")
-        elif isNoneValue(output):
+        elif isNoneValue(output) and conf.dbmsCred:
             errMsg = "it seems that the temporary directory ('%s') used for " % self.getRemoteTempPath()
             errMsg += "storing console output within the back-end file system "
             errMsg += "does not have writing permissions for the DBMS process. "
@@ -114,6 +114,8 @@ class Xp_cmdshell:
             errMsg += "--tmp-path switch or you will not be able to retrieve "
             errMsg += "the commands output"
             logger.error(errMsg)
+	elif isNoneValue(output):
+	    logger.error("unable to retrieve xp_cmdshell output")
         else:
             logger.info("xp_cmdshell extended procedure is usable")
 

From c5087399c11d50181d4f2aa6dcd7b55889f138dc Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sun, 16 Jun 2013 10:47:27 +0100
Subject: [PATCH 3/3] Fix exception if init technique not available

---
 lib/takeover/xp_cmdshell.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index e0b76af6a..99fad25bd 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -209,9 +209,10 @@ class Xp_cmdshell:
 
             query = "SELECT %s FROM %s ORDER BY id" % (self.tblField, self.cmdTblName)
 
+	    output = None
             if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
                 output = inject.getValue(query, resumeValue=False, blind=False, time=False)
-            
+
 	    if (output is None) or len(output)==0 or output[0] is None:
                 output = []
                 count = inject.getValue("SELECT COUNT(id) FROM %s" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)