diff --git a/lib/core/common.py b/lib/core/common.py index 0f6788a13..f4de38274 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -503,6 +503,22 @@ class Backend: return kb.os + @staticmethod + def setOsVersion(version): + if version is None: + return None + + elif kb.osVersion is None and isinstance(version, basestring): + kb.osVersion = version + + @staticmethod + def setOsServicePack(sp): + if version is None: + return None + + elif kb.osSP is None and isinstance(version, int): + kb.osSP = version + @staticmethod def setArch(): msg = "what is the back-end database management system architecture?" @@ -585,6 +601,14 @@ class Backend: def getOs(): return kb.os + @staticmethod + def getOsVersion(): + return kb.osVersion + + @staticmethod + def getOsServicePack(): + return kb.osSP + @staticmethod def getArch(): if kb.arch is None: diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 4bf133322..4a65ff9dc 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -123,7 +123,7 @@ class Fingerprint(GenericFingerprint): return False def checkDbmsOs(self, detailed=False): - if Backend.getOs() and kb.osVersion and kb.osSP: + if Backend.getOs() and Backend.getOsVersion() and Backend.getOsServicePack(): return if not Backend.getOs(): @@ -154,17 +154,17 @@ class Fingerprint(GenericFingerprint): query += "LIKE '%Windows NT " + data[0] + "%')>0" if inject.checkBooleanExpression(query): - infoMsg += " %s" % kb.osVersion - kb.osVersion = version + Backend.setOsVersion(version) + infoMsg += " %s" % Backend.getOsVersion() break - if not kb.osVersion: - kb.osVersion = "2003" - kb.osSP = 2 + if not Backend.getOsVersion(): + Backend.setOsVersion("2003") + Backend.setOsServicePack(2) warnMsg = "unable to fingerprint the underlying operating " warnMsg += "system version, assuming it is Windows " - warnMsg += "%s Service Pack %d" % (kb.osVersion, kb.osSP) + warnMsg += "%s Service Pack %d" % (Backend.getOsVersion(), Backend.getOsServicePack()) logger.warn(warnMsg) self.cleanup(onlyFileTbl=True) @@ -172,24 +172,24 @@ class Fingerprint(GenericFingerprint): return # Get back-end DBMS underlying operating system service pack - sps = versions[kb.osVersion][1] + sps = versions[Backend.getOsVersion()][1] for sp in sps: query = "(SELECT LEN(%s) FROM %s WHERE %s " % (self.tblField, self.fileTblName, self.tblField) query += "LIKE '%Service Pack " + getUnicode(sp) + "%')>0" if inject.checkBooleanExpression(query): - kb.osSP = sp + Backend.setOsServicePack(sp) break - if not kb.osSP: + if not Backend.getOsServicePack(): debugMsg = "assuming the operating system has no service pack" logger.debug(debugMsg) - kb.osSP = 0 + Backend.setOsServicePack(0) - if kb.osVersion: - infoMsg += " Service Pack %d" % kb.osSP + if Backend.getOsVersion(): + infoMsg += " Service Pack %d" % Backend.getOsServicePack() logger.info(infoMsg) diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py index ca918d8e8..bb7ef9eae 100644 --- a/plugins/dbms/mssqlserver/takeover.py +++ b/plugins/dbms/mssqlserver/takeover.py @@ -9,6 +9,7 @@ See the file 'doc/COPYING' for copying permission import binascii +from lib.core.common import Backend from lib.core.data import kb from lib.core.data import logger from lib.core.exception import sqlmapUnsupportedFeatureException @@ -55,7 +56,7 @@ class Takeover(GenericTakeover): version, sp = versionSp.split("-") sp = int(sp) - if kb.osVersion == version and kb.osSP == sp: + if Backend.getOsVersion() == version and Backend.getOsServicePack() == sp: addrs = data break @@ -64,7 +65,7 @@ class Takeover(GenericTakeover): errMsg = "sqlmap can not exploit the stored procedure buffer " errMsg += "overflow because it does not have a valid return " errMsg += "code for the underlying operating system (Windows " - errMsg += "%s Service Pack %d)" % (kb.osVersion, kb.osSP) + errMsg += "%s Service Pack %d)" % (Backend.getOsVersion(), Backend.getOsServicePack()) raise sqlmapUnsupportedFeatureException(errMsg) shellcodeChar = "" diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index bb2aa1a52..13c50f0f6 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -39,7 +39,11 @@ class Miscellaneous: def getRemoteTempPath(self): if not conf.tmpPath: if Backend.isOs(OS.WINDOWS): - conf.tmpPath = "C:/WINDOWS/Temp" + print "Backend.getOsVersion():", type(Backend.getOsVersion()), Backend.getOsVersion() + if Backend.getOsVersion() == "2000": + conf.tmpPath = "C:/WINNT/Temp" + else: + conf.tmpPath = "C:/WINDOWS/Temp" else: conf.tmpPath = "/tmp"