store/resume info on xp_cmd available in session file

lib/core/option.py

@@ -1329,6 +1329,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     kb.threadContinue  = True
     kb.threadException = False
     kb.threadData      = {}
+    kb.xpCmdshellAvailable = False
 
     kb.misc            = advancedDict()
     kb.misc.delimiter  = randomStr(length=6, lowercase=True)

lib/core/session.py

@@ -154,6 +154,15 @@ def setRemoteTempPath():
     if condition:
         dataToSessionFile("[%s][%s][%s][Remote temp path][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(conf.tmpPath)))
 
+def setXpCmdshellAvailability(available):
+    condition = (
+                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
+                  not kb.resumedQueries[conf.url].has_key("xp_cmdshell availability") )
+                )
+
+    if condition:
+        dataToSessionFile("[%s][%s][%s][xp_cmdshell availability][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), str(available).lower()))
+
 def resumeConfKb(expression, url, value):
     if expression == "Injection data" and url == conf.url:
         injection = base64unpickle(value[:-1])
@@ -270,3 +279,8 @@ def resumeConfKb(expression, url, value):
         logger.info(logMsg)
 
         kb.brute.columns.append((db, table, colName, colType))
+
+    elif expression == "xp_cmdshell availability" and url == conf.url:
+        kb.xpCmdshellAvailable = True if unSafeFormatString(value[:-1]).lower() == "true" else False
+        logMsg = "resuming xp_cmdshell availability"
+        logger.info(logMsg)

lib/takeover/xp_cmdshell.py

@@ -15,6 +15,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapUnsupportedFeatureException
+from lib.core.session import setXpCmdshellAvailability
 from lib.core.unescaper import unescaper
 from lib.request import inject
 
@@ -132,8 +133,7 @@ class xp_cmdshell:
         return output
 
     def xpCmdshellInit(self):
-        self.__xpCmdshellAvailable = False
-
+        if kb.xpCmdshellAvailable is False:
             infoMsg  = "checking if xp_cmdshell extended procedure is "
             infoMsg += "available, please wait.."
             logger.info(infoMsg)
@@ -142,7 +142,7 @@ class xp_cmdshell:
 
             if result:
                 logger.info("xp_cmdshell extended procedure is available")
-            self.__xpCmdshellAvailable = True
+                kb.xpCmdshellAvailable = True
 
             else:
                 message  = "xp_cmdshell extended procedure does not seem to "
@@ -155,7 +155,7 @@ class xp_cmdshell:
 
                     if self.__xpCmdshellCheck():
                         logger.info("xp_cmdshell re-enabled successfully")
-                    self.__xpCmdshellAvailable = True
+                        kb.xpCmdshellAvailable = True
 
                     else:
                         logger.warn("xp_cmdshell re-enabling failed")
@@ -166,14 +166,16 @@ class xp_cmdshell:
 
                         if self.__xpCmdshellCheck():
                             logger.info("xp_cmdshell created successfully")
-                        self.__xpCmdshellAvailable = True
+                            kb.xpCmdshellAvailable = True
 
                         else:
                             warnMsg  = "xp_cmdshell creation failed, probably "
                             warnMsg += "because sp_OACreate is disabled"
                             logger.warn(warnMsg)
 
-        if not self.__xpCmdshellAvailable:
+            setXpCmdshellAvailability(kb.xpCmdshellAvailable)
+
+            if not kb.xpCmdshellAvailable:
                 errMsg = "unable to proceed without xp_cmdshell"
                 raise sqlmapUnsupportedFeatureException, errMsg