Some filtering

2025-04-25 19:33:48 +03:00 · 2014-08-21 01:12:44 +02:00 · 2014-08-21 01:12:44 +02:00 · c5b71cff10
commit c5b71cff10
parent 3cfdb5ff0f
4 changed files with 11 additions and 10 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -665,7 +665,7 @@ def getManualDirectories():
        message += "[1] common location(s) '%s' (default)\n" % ", ".join(root for root in defaultDocRoot)
        message += "[2] custom location(s)\n"
        message += "[3] custom directory list file\n"
-        message += "[4] brute force search\n"
+        message += "[4] brute force search"
        choice = readInput(message, default="1").strip()
        if choice == "2":
@ -701,10 +701,10 @@ def getManualDirectories():
                        if BRUTE_DOC_ROOT_TARGET_MARK not in prefix:
                            break
-            infoMsg = "using common directories: %s" % ','.join(directories)
+            infoMsg = "using generated directory list: %s" % ','.join(directories)
            logger.info(infoMsg)
-            msg = "use additional custom directories [Enter for None]: "
+            msg = "use any additional custom directories [Enter for None]: "
            answer = readInput(msg)
            if answer:
--- a/lib/core/dicts.py
+++ b/lib/core/dicts.py
@ -223,5 +223,5 @@ DUMP_DATA_PREPROCESS = {
 DEFAULT_DOC_ROOTS = {
                        OS.WINDOWS: ("C:/xampp/htdocs/", "C:/Inetpub/wwwroot/"),
-                        OS.LINUX: ("/var/www/",)
+                        OS.LINUX: ("/var/www/", "/var/www/html", "/usr/local/apache2/htdocs", "/var/www/nginx-default")  # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout
                    }
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -592,7 +592,7 @@ NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."
 # Prefixes used in brute force search for web server document root
 BRUTE_DOC_ROOT_PREFIXES = {
-    OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"),
+    OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"),
    OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
 }
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -46,6 +46,7 @@ from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
 from lib.core.settings import EVENTVALIDATION_REGEX
 from lib.core.settings import VIEWSTATE_REGEX
 from lib.request.connect import Connect as Request
 from thirdparty.oset.pyoset import oset
 class Web:
@ -197,7 +198,7 @@ class Web:
        directories = list(arrayizeValue(getManualDirectories()))
        directories.extend(getAutoDirectories())
-        directories = sorted(set(directories))
+        directories = list(oset(directories))
        backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
        backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi))
@ -220,9 +221,9 @@ class Web:
            else:
                directory = directory[2:] if isWindowsDriveLetterPath(directory) else directory
-            # Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE technique
+            # Upload the file stager with the LIMIT 0, 1 INTO DUMPFILE method
            infoMsg = "trying to upload the file stager on '%s' " % directory
-            infoMsg += "via LIMIT 'LINES TERMINATED BY' technique"
+            infoMsg += "via LIMIT 'LINES TERMINATED BY' method"
            logger.info(infoMsg)
            self._webFileInject(stagerContent, stagerName, directory)
@ -239,7 +240,7 @@ class Web:
                    uploaded = True
                    break
-            # Fall-back to UNION queries file upload technique
+            # Fall-back to UNION queries file upload method
            if not uploaded:
                warnMsg = "unable to upload the file stager "
                warnMsg += "on '%s'" % directory
@ -247,7 +248,7 @@ class Web:
                if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
                    infoMsg = "trying to upload the file stager on '%s' " % directory
-                    infoMsg += "via UNION technique"
+                    infoMsg += "via UNION method"
                    logger.info(infoMsg)
                    handle, filename = mkstemp()