Minor code refactoring

2025-02-03 05:04:11 +03:00 · 2010-01-14 14:33:08 +00:00 · 2010-01-14 14:33:08 +00:00 · c9863bc1d2
commit c9863bc1d2
parent 070ccc30e9
3 changed files with 87 additions and 118 deletions
--- a/lib/takeover/abstraction.py
+++ b/lib/takeover/abstraction.py
@ -60,7 +60,7 @@ class Abstraction(Web, UDF, xp_cmdshell):

    def execCmd(self, cmd, silent=False, forgeCmd=False):
        if self.webBackdoorUrl and not kb.stackedTest:
-            self.webBackdoorRunCmd(cmd, silent=True)
+            self.webBackdoorRunCmd(cmd)

        elif kb.dbms in ( "MySQL", "PostgreSQL" ):
            self.udfExecCmd(cmd, silent=silent)
@ -73,7 +73,10 @@ class Abstraction(Web, UDF, xp_cmdshell):
            raise sqlmapUnsupportedFeatureException, errMsg

    def evalCmd(self, cmd, first=None, last=None):
-        if kb.dbms in ( "MySQL", "PostgreSQL" ):
+        if self.webBackdoorUrl and not kb.stackedTest:
+            return self.webBackdoorRunCmd(cmd)
+
+        elif kb.dbms in ( "MySQL", "PostgreSQL" ):
            return self.udfEvalCmd(cmd, first, last)

        elif kb.dbms == "Microsoft SQL Server":
@ -103,7 +106,13 @@ class Abstraction(Web, UDF, xp_cmdshell):
        if not conf.osShell and not conf.osPwn and not conf.cleanup:
            self.__cmdShellCleanup()

-    def absOsShell(self):
+    def shell(self):
+        if self.webBackdoorUrl and not kb.stackedTest:
+            infoMsg  = "calling OS shell. To quit type "
+            infoMsg += "'x' or 'q' and press ENTER"
+            logger.info(infoMsg)
+
+        else:
            if kb.dbms in ( "MySQL", "PostgreSQL" ):
                infoMsg  = "going to use injected sys_eval and sys_exec "
                infoMsg += "user-defined functions for operating system "
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -53,7 +53,7 @@ class Web:
        self.webUploaderUrl = None
        self.webDirectories = set()

-    def webBackdoorRunCmd(self, cmd, silent=False):
+    def webBackdoorRunCmd(self, cmd):
        if self.webBackdoorUrl is None:
            return

@ -68,47 +68,11 @@ class Web:
        if page is not None:
            output = re.search("<pre>(.+?)</pre>", page, re.I | re.S)

-        if not silent:
            if output:
-                print output.group(1)
-            else:
-                print "No output"
+                output = output.group(1)

        return output

-    def webBackdoorShell(self):
-        if self.webBackdoorUrl is None:
-            return
-
-        infoMsg  = "calling OS shell. To quit type "
-        infoMsg += "'x' or 'q' and press ENTER"
-        logger.info(infoMsg)
-
-        autoCompletion(osShell=True)
-
-        while True:
-            command = None
-
-            try:
-                command = raw_input("os-shell> ")
-            except KeyboardInterrupt:
-                print
-                errMsg = "user aborted"
-                logger.error(errMsg)
-            except EOFError:
-                print
-                errMsg = "exit"
-                logger.error(errMsg)
-                break
-
-            if not command:
-                continue
-
-            if command.lower() in ( "x", "q", "exit", "quit" ):
-                break
-
-            self.webBackdoorRunCmd(command)
-
    def webFileUpload(self, fileToUpload, destFileName, directory):
        if self.webApi == "php":
            multipartParams = {
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -84,9 +84,9 @@ class Takeover(Abstraction, Metasploit, Registry):
            logger.info(infoMsg)

            self.webInit()
-            self.webBackdoorRunCmd(conf.osCmd)
        else:
            self.initEnv()
+
        self.runCmd(conf.osCmd)

    def osShell(self):
@ -97,12 +97,14 @@ class Takeover(Abstraction, Metasploit, Registry):
            logger.info(infoMsg)

            self.webInit()
-            self.webBackdoorShell()
        else:
            self.initEnv()
-            self.absOsShell()
+
+        self.shell()

    def osPwn(self):
+        goUdf = False
+
        stackedTest()

        if not kb.stackedTest:
@ -116,16 +118,10 @@ class Takeover(Abstraction, Metasploit, Registry):
                self.getRemoteTempPath()
                self.createMsfPayloadStager()
                self.uploadMsfPayloadStager(web=True)
-
-            self.pwn()
-
-            return
-
+        else:
            self.initEnv()
            self.getRemoteTempPath()

-        goUdf = False
-
            if kb.dbms in ( "MySQL", "PostgreSQL" ):
                msg  = "how do you want to execute the Metasploit shellcode "
                msg += "on the back-end database underlying operating system?"