mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 05:04:11 +03:00
Update for an Issue #207 (and a potential patch for regression tests)
This commit is contained in:
Miroslav Stampar
parent
ee1017a5a7
commit
cdfe43560b
|
|
@ -513,6 +513,9 @@ FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"
|
||||||
# Minimum field entry length needed for encoded content (hex, base64,...) check
|
# Minimum field entry length needed for encoded content (hex, base64,...) check
|
||||||
MIN_ENCODED_LEN_CHECK = 5
|
MIN_ENCODED_LEN_CHECK = 5
|
||||||
|
|
||||||
|
# Timeout in seconds in which Meterpreter session has to be initialized
|
||||||
|
METERPRETER_INIT_TIMEOUT = 120
|
||||||
|
|
||||||
# CSS style used in HTML dump format
|
# CSS style used in HTML dump format
|
||||||
HTML_DUMP_CSS_STYLE = """<style>
|
HTML_DUMP_CSS_STYLE = """<style>
|
||||||
table{
|
table{
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,9 @@ from lib.core.enums import DBMS
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
from lib.core.exception import SqlmapDataException
|
from lib.core.exception import SqlmapDataException
|
||||||
from lib.core.exception import SqlmapFilePathException
|
from lib.core.exception import SqlmapFilePathException
|
||||||
|
from lib.core.exception import SqlmapGenericException
|
||||||
from lib.core.settings import IS_WIN
|
from lib.core.settings import IS_WIN
|
||||||
|
from lib.core.settings import METERPRETER_INIT_TIMEOUT
|
||||||
from lib.core.settings import UNICODE_ENCODING
|
from lib.core.settings import UNICODE_ENCODING
|
||||||
from lib.core.subprocessng import blockingReadFromFD
|
from lib.core.subprocessng import blockingReadFromFD
|
||||||
from lib.core.subprocessng import blockingWriteToFD
|
from lib.core.subprocessng import blockingWriteToFD
|
||||||
|
|
@ -443,8 +445,9 @@ class Metasploit:
|
||||||
send_all(proc, "getuid\n")
|
send_all(proc, "getuid\n")
|
||||||
|
|
||||||
def _controlMsfCmd(self, proc, func):
|
def _controlMsfCmd(self, proc, func):
|
||||||
|
initialized = False
|
||||||
|
start_time = time.time()
|
||||||
stdin_fd = sys.stdin.fileno()
|
stdin_fd = sys.stdin.fileno()
|
||||||
initiated_properly = False
|
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
returncode = proc.poll()
|
returncode = proc.poll()
|
||||||
|
|
@ -461,7 +464,7 @@ class Metasploit:
|
||||||
timeout = 3
|
timeout = 3
|
||||||
|
|
||||||
inp = ""
|
inp = ""
|
||||||
start_time = time.time()
|
_ = time.time()
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
if msvcrt.kbhit():
|
if msvcrt.kbhit():
|
||||||
|
|
@ -472,7 +475,7 @@ class Metasploit:
|
||||||
elif ord(char) >= 32: # space_char
|
elif ord(char) >= 32: # space_char
|
||||||
inp += char
|
inp += char
|
||||||
|
|
||||||
if len(inp) == 0 and (time.time() - start_time) > timeout:
|
if len(inp) == 0 and (time.time() - _) > timeout:
|
||||||
break
|
break
|
||||||
|
|
||||||
if len(inp) > 0:
|
if len(inp) > 0:
|
||||||
|
|
@ -494,14 +497,6 @@ class Metasploit:
|
||||||
out = recv_some(proc, t=.1, e=0)
|
out = recv_some(proc, t=.1, e=0)
|
||||||
blockingWriteToFD(sys.stdout.fileno(), out)
|
blockingWriteToFD(sys.stdout.fileno(), out)
|
||||||
|
|
||||||
# Dirty hack to allow Metasploit integration to be tested
|
|
||||||
# in --live-test mode
|
|
||||||
if initiated_properly and conf.liveTest:
|
|
||||||
try:
|
|
||||||
send_all(proc, "exit\n")
|
|
||||||
except TypeError:
|
|
||||||
continue
|
|
||||||
|
|
||||||
# For --os-pwn and --os-bof
|
# For --os-pwn and --os-bof
|
||||||
pwnBofCond = self.connectionStr.startswith("reverse")
|
pwnBofCond = self.connectionStr.startswith("reverse")
|
||||||
pwnBofCond &= "Starting the payload handler" in out
|
pwnBofCond &= "Starting the payload handler" in out
|
||||||
|
|
@ -512,19 +507,20 @@ class Metasploit:
|
||||||
if pwnBofCond or smbRelayCond:
|
if pwnBofCond or smbRelayCond:
|
||||||
func()
|
func()
|
||||||
|
|
||||||
if "Starting the payload handler" in out and "shell" in self.payloadStr:
|
if not initialized:
|
||||||
if Backend.isOs(OS.WINDOWS):
|
match = re.search("session ([\d]+) opened", out)
|
||||||
send_all(proc, "whoami\n")
|
if match:
|
||||||
else:
|
initialized = True
|
||||||
send_all(proc, "uname -a ; id\n")
|
self._loadMetExtensions(proc, match.group(1))
|
||||||
|
if "shell" in self.payloadStr:
|
||||||
time.sleep(2)
|
send_all(proc, "whoami\n" if Backend.isOs(OS.WINDOWS) else "uname -a ; id\n")
|
||||||
initiated_properly = True
|
if conf.liveTest:
|
||||||
|
send_all(proc, "exit\n")
|
||||||
metSess = re.search("Meterpreter session ([\d]+) opened", out)
|
elif time.time() - start_time > METERPRETER_INIT_TIMEOUT:
|
||||||
|
proc.kill()
|
||||||
if metSess:
|
errMsg = "Timeout occurred while attempting "
|
||||||
self._loadMetExtensions(proc, metSess.group(1))
|
errMsg += "to open a remote session"
|
||||||
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
except EOFError:
|
except EOFError:
|
||||||
returncode = proc.wait()
|
returncode = proc.wait()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user