Minor bugs fixes

2025-01-24 08:14:24 +03:00 · 2010-03-31 13:52:51 +00:00 · 2010-03-31 13:52:51 +00:00 · b19de015c5
commit b19de015c5
parent 5fdebb5d5b
5 changed files with 10 additions and 5 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -113,6 +113,7 @@ SQL_STATEMENTS     = {
                             "grant ",         ),

                       "SQL data execution":    (
+                             "exec ",
                             "execute ",       ),

                       "SQL transaction":       (
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@ -413,7 +413,7 @@ class Metasploit:

        cmd = "%s &" % self.exeFilePathRemote

-        if kb.dbms == "Microsoft SQL Server" and kb.stackedTest:
+        if kb.dbms == "Microsoft SQL Server" and (kb.stackedTest or conf.direct):
            cmd = self.xpCmdshellForgeCmd(cmd)

        self.execCmd(cmd, silent=True)
--- a/plugins/dbms/mssqlserver/fingerprint.py
+++ b/plugins/dbms/mssqlserver/fingerprint.py
@ -112,6 +112,10 @@ class Fingerprint(GenericFingerprint):
            for version in (0, 5, 8):
                randInt = randomInt()
                query   = " AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
+
+                if conf.direct:
+                    query = query.replace(" AND ", "SELECT 1 WHERE ", 1)
+
                payload = agent.fullPayload(query)
                result  = Request.queryPage(payload)

--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -1498,7 +1498,7 @@ class Enumeration:
        getOutput = readInput(message, default="Y")

        if not getOutput or getOutput in ("y", "Y"):
-            infoMsg = "fetching %s query output: '%s'" % (sqlType, query)
+            infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
            logger.info(infoMsg)

            output = inject.getValue(query, fromUser=True)
@ -1510,11 +1510,11 @@ class Enumeration:
            if kb.stackedTest is None:
                stackedTest()

-            if not kb.stackedTest:
+            if not kb.stackedTest and not conf.direct:
                return None
            else:
                if sqlType:
-                    infoMsg = "executing %s query: '%s'" % (sqlType, query)
+                    infoMsg = "executing %s query: '%s'" % (sqlType if sqlType is not None else "SQL", query)
                else:
                    infoMsg = "executing unknown SQL type query: '%s'" % query
                logger.info(infoMsg)
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@ -232,7 +232,7 @@ class Filesystem:
        commands = (
                     "cd %s" % tmpPath,
                     "debug < %s" % randScr,
-                     "del /F %s" % randScr
+                     "del /F /Q %s" % randScr
                   )

        complComm = " & ".join(command for command in commands)