code refactoring - added functions posixToNtSlashes and ntToPosixSlashes

lib/core/common.py

@@ -236,15 +236,15 @@ def getDocRoot():
             absFilePathWin = None
 
             if isWindowsPath(absFilePath):
-                absFilePathWin = absFilePath.replace("/", "\\")
+                absFilePathWin = posixToNtSlashes(absFilePath)
-                absFilePath    = absFilePath[2:].replace("\\", "/")
+                absFilePath    = ntToPosixSlashes(absFilePath[2:])
             
             if pagePath in absFilePath:
                 index   = absFilePath.index(pagePath)
                 docRoot = absFilePath[:index]
 
                 if absFilePathWin:
-                    docRoot = "C:/%s" % docRoot.replace("\\", "/")
+                    docRoot = "C:/%s" % ntToPosixSlashes(docRoot)
                     
                 docRoot = normalizePath(docRoot)
                 break
@@ -908,3 +908,9 @@ def decloakToMkstemp(filepath, **kwargs):
 
 def isWindowsPath(filepath):
     return re.search("\A[A-Za-z]:", filepath) is not None
+
+def posixToNtSlashes(filepath):
+    return filepath.replace('/', '\\')
+
+def ntToPosixSlashes(filepath):
+    return filepath.replace('\\', '/')

lib/core/option.py

@@ -35,6 +35,7 @@ import urlparse
 from ConfigParser import ConfigParser
 
 from lib.core.common import getFileType
+from lib.core.common import ntToPosixSlashes
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
@@ -903,19 +904,19 @@ def __cleanupOptions():
         conf.delay = float(conf.delay)
 
     if conf.rFile:
-        conf.rFile = os.path.normpath(conf.rFile.replace("\\", "/"))
+        conf.rFile = os.path.normpath(ntToPosixSlashes(conf.rFile))
 
     if conf.wFile:
-        conf.wFile = os.path.normpath(conf.wFile.replace("\\", "/"))
+        conf.wFile = os.path.normpath(ntToPosixSlashes(conf.wFile))
 
     if conf.dFile:
-        conf.dFile = os.path.normpath(conf.dFile.replace("\\", "/"))
+        conf.dFile = os.path.normpath(ntToPosixSlashes(conf.dFile))
 
     if conf.msfPath:
-        conf.msfPath = os.path.normpath(conf.msfPath.replace("\\", "/"))
+        conf.msfPath = os.path.normpath(ntToPosixSlashes(conf.msfPath))
 
     if conf.tmpPath:
-        conf.tmpPath = os.path.normpath(conf.tmpPath.replace("\\", "/"))
+        conf.tmpPath = os.path.normpath(ntToPosixSlashes(conf.tmpPath))
 
     if conf.googleDork or conf.list:
         conf.multipleTargets = True

lib/request/basic.py

@@ -30,6 +30,7 @@ import zlib
 
 from lib.core.common import directoryPath
 from lib.core.common import isWindowsPath
+from lib.core.common import posixToNtSlashes
 from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
 from lib.core.data import kb
@@ -83,7 +84,7 @@ def parseResponse(page, headers):
                 absFilePath = match.group("result").strip()
                 page = page.replace(absFilePath, "")
                 if isWindowsPath(absFilePath):
-                    absFilePath = absFilePath.replace("/", "\\")
+                    absFilePath = posixToNtSlashes(absFilePath)
                 if absFilePath not in kb.absFilePaths:
                     kb.absFilePaths.add(absFilePath)
                     

lib/takeover/web.py

@@ -31,8 +31,10 @@ from lib.core.common import decloakToNamedTemporaryFile
 from lib.core.common import fileToStr
 from lib.core.common import getDirs
 from lib.core.common import getDocRoot
+from lib.core.common import ntToPosixSlashes
 from lib.core.common import isWindowsPath
 from lib.core.common import normalizePath
+from lib.core.common import posixToNtSlashes
 from lib.core.common import readInput
 from lib.core.convert import hexencode
 from lib.core.data import conf
@@ -90,6 +92,7 @@ class Web:
                                 "file":      stream,
                                 "uploadDir": directory,
                               }
+                              
             page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
 
             if "File uploaded" not in page:
@@ -174,7 +177,7 @@ class Web:
         for directory in directories:
             # Upload the uploader agent
             outFile     = normalizePath("%s/%s" % (directory, uploaderName))
-            uplQuery    = uploaderContent.replace("WRITABLE_DIR", directory)
+            uplQuery    = uploaderContent.replace("WRITABLE_DIR", directory.replace('/', '\\\\') if kb.os == "Windows" else directory)
             query       = " LIMIT 1 INTO OUTFILE '%s' " % outFile
             query      += "LINES TERMINATED BY 0x%s --" % hexencode(uplQuery)
             query       = agent.prefixQuery(" %s" % query)
@@ -182,13 +185,13 @@ class Web:
             payload     = agent.payload(newValue=query)
             page        = Request.queryPage(payload)
             
-            requestDir  = directory.replace('\\', '/').replace(kb.docRoot.replace('\\', '/'), "/").replace("//", "/")
+            requestDir  = ntToPosixSlashes(directory).replace(ntToPosixBrackets(kb.docRoot), "/").replace("//", "/")
             if isWindowsPath(requestDir):
                 requestDir = requestDir[2:]
             requestDir  = normalizePath(requestDir)
             self.webBaseUrl     = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
             self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName)
-            self.webUploaderUrl = self.webUploaderUrl.replace("./", "/").replace("\\", "/")
+            self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/"))
             uplPage, _  = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False)
 
             if "sqlmap file uploader" not in uplPage:
@@ -202,17 +205,15 @@ class Web:
             infoMsg += "on '%s'" % directory
             logger.info(infoMsg)
             
+            if kb.os == "Windows":
+                directory = posixToNtSlashes(directory)
+            
             if self.__webFileStreamUpload(backdoorStream, backdoorName, directory):
                 self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
                 self.webDirectory = directory
-    
                 infoMsg  = "the backdoor has probably been successfully "
                 infoMsg += "uploaded on '%s', go with your browser " % directory
                 infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl
                 logger.info(infoMsg)
-            else:
-                infoMsg  = "the backdoor hasn't been successfully "
-                infoMsg += "uploaded on '%s'" % directory
-                logger.warn(infoMsg)
 
             break

plugins/dbms/mssqlserver.py

@@ -31,6 +31,7 @@ from lib.core.common import formatDBMSfp
 from lib.core.common import formatFingerprint
 from lib.core.common import getHtmlErrorFp
 from lib.core.common import getRange
+from lib.core.common import posixToNtSlashes
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.convert import urlencode
@@ -496,9 +497,9 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeov
         logger.debug(debugMsg)
 
         debugSize    = 0xFF00
-        tmpPath      = conf.tmpPath.replace("/", "\\")
+        tmpPath      = posixToNtSlashes(conf.tmpPath)
         dFileName    = os.path.split(dFile)[1]
-        dFile        = dFile.replace("/", "\\")
+        dFile        = posixToNtSlashes(dFile)
         wFileSize    = os.path.getsize(wFile)
         wFilePointer = open(wFile, "rb")
         wFileContent = wFilePointer.read()

plugins/dbms/mysql.py

@@ -29,6 +29,7 @@ from lib.core.agent import agent
 from lib.core.common import formatDBMSfp
 from lib.core.common import formatFingerprint
 from lib.core.common import getHtmlErrorFp
+from lib.core.common import ntToPosixSlashes
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.data import conf
@@ -496,7 +497,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
 
                     # Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_basedir
                     self.__basedir = inject.getValue("SELECT @@basedir")
-                    self.__basedir = os.path.normpath(self.__basedir.replace("\\", "/"))
+                    self.__basedir = os.path.normpath(ntToPosixSlashes(self.__basedir))
 
                     if re.search("^[\w]\:[\/\\\\]+", self.__basedir, re.I):
                         kb.os = "Windows"
@@ -517,7 +518,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
                 # NOTE: specifying the relative path as './udf.dll'
                 # saves in @@datadir on both MySQL 4.1 and MySQL 5.0
                 self.__datadir = "."
-                self.__datadir = os.path.normpath(self.__datadir.replace("\\", "/"))
+                self.__datadir = os.path.normpath(ntToPosixSlashes(self.__datadir))
 
                 if re.search("[\w]\:\/", self.__datadir, re.I):
                     kb.os = "Windows"

plugins/generic/misc.py

@@ -25,6 +25,8 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 import os
 import re
 
+from lib.core.common import ntToPosixSlashes
+from lib.core.common import posixToNtSlashes
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
@@ -65,7 +67,7 @@ class Miscellaneous:
         if re.search("^[\w]\:[\/\\\\]+", conf.tmpPath, re.I):
             kb.os = "Windows"
 
-        conf.tmpPath = conf.tmpPath.replace("\\", "/")
+        conf.tmpPath = ntToPosixSlashes(conf.tmpPath)
         conf.tmpPath = os.path.normpath(conf.tmpPath)
 
         setRemoteTempPath()
@@ -77,7 +79,7 @@ class Miscellaneous:
             if doubleslash:
                 tempFile = tempFile.replace("/", "\\\\")
             else:
-                tempFile = tempFile.replace("/", "\\")
+                tempFile = posixToNtSlashes(tempFile)
 
             cmd = "del /F /Q %s" % tempFile
         else: