some bug fixes regarding --os-shell usage against windows servers

lib/core/common.py

@@ -235,7 +235,7 @@ def getDocRoot():
             absFilePath = normalizePath(absFilePath)
             absFilePathWin = None
 
-            if re.match("[A-Za-z]:([\\/][\w.\\/]*)?", absFilePath):
+            if isWindowsPath(absFilePath):
                 absFilePathWin = absFilePath.replace("/", "\\")
                 absFilePath    = absFilePath[2:].replace("\\", "/")
             
@@ -282,7 +282,10 @@ def getDirs():
 
         for absFilePath in kb.absFilePaths:
             if absFilePath:
-                directories.add(directoryPath(absFilePath))
+                directory = directoryPath(absFilePath)
+                if isWindowsPath(directory):
+                    directory = directory.replace('\\', '/')
+                directories.add(directory)
     else:
         warnMsg = "unable to retrieve any web server path"
         logger.warn(warnMsg)
@@ -902,3 +905,6 @@ def decloakToMkstemp(filepath, **kwargs):
     retVal.write(decloak(filepath))
     retVal.seek(0)
     return retVal
+
+def isWindowsPath(filepath):
+    return re.search("\A[A-Za-z]:", filepath) is not None

lib/request/basic.py

@@ -29,6 +29,7 @@ import StringIO
 import zlib
 
 from lib.core.common import directoryPath
+from lib.core.common import isWindowsPath
 from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
 from lib.core.data import kb
@@ -81,7 +82,7 @@ def parseResponse(page, headers):
             for match in reobj.finditer(page):
                 absFilePath = match.group("result").strip()
                 page = page.replace(absFilePath, "")
-                if re.search("\A[A-Za-z]:", absFilePath):
+                if isWindowsPath(absFilePath):
                     absFilePath = absFilePath.replace("/", "\\")
                 if absFilePath not in kb.absFilePaths:
                     kb.absFilePaths.add(absFilePath)

lib/takeover/web.py

@@ -31,6 +31,7 @@ from lib.core.common import decloakToNamedTemporaryFile
 from lib.core.common import fileToStr
 from lib.core.common import getDirs
 from lib.core.common import getDocRoot
+from lib.core.common import isWindowsPath
 from lib.core.common import normalizePath
 from lib.core.common import readInput
 from lib.core.convert import hexencode
@@ -165,7 +166,6 @@ class Web:
         
         for directory in directories:
             # Upload the uploader agent
-            
             outFile     = normalizePath("%s/%s" % (directory, uploaderName))
             uplQuery    = uploaderContent.replace("WRITABLE_DIR", directory)
             query       = " LIMIT 1 INTO OUTFILE '%s' " % outFile
@@ -176,7 +176,7 @@ class Web:
             page        = Request.queryPage(payload)
             
             requestDir  = directory.replace('\\', '/').replace(kb.docRoot.replace('\\', '/'), "/").replace("//", "/")
-            if re.search("\A[A-Za-z]:", requestDir):
+            if isWindowsPath(requestDir):
                 requestDir = requestDir[2:]
             requestDir  = normalizePath(requestDir)
             self.webBaseUrl     = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)