Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).

Minor common library code refactoring. Code cleanup. Set back the default User-Agent to sqlmap for comparison algorithm reasons. Updated THANKS.
2025-12-07 05:01:30 +00:00 · 2009-04-27 23:05:11 +00:00
parent 5121a4dcba
commit 16b4530bbe
35 changed files with 158 additions and 201 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -33,7 +33,6 @@ from lib.core.data import kb
 from lib.core.data import queries
 from lib.core.data import temp
 from lib.core.exception import sqlmapNoneDataException
-from lib.core.exception import sqlmapUnsupportedDBMSException


 class Agent:
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -141,9 +141,9 @@ def formatDBMSfp(versions=None):


 def formatFingerprintString(values, chain=" or "):
-    string = "|".join([v for v in values])
+    strJoin = "|".join([v for v in values])

-    return string.replace("|", chain)
+    return strJoin.replace("|", chain)


 def formatFingerprint(target, info):
@@ -224,73 +224,91 @@ def getHtmlErrorFp():


 def getDocRoot():
-    """
-    This method returns the web application document root based on the
-    detected absolute files paths in the knowledge base.
-    """
-
    docRoot = None

-    if kb.absFilePaths:
-        logMsg  = "retrieved the possible injectable "
-        logMsg += "file absolute system paths: "
-        logMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths)
-        logger.info(logMsg)
+    if kb.os == "Windows":
+        defaultDocRoot = "C:\\Inetput\\wwwroot\\"
    else:
-        warnMsg  = "unable to retrieve the injectable file "
-        warnMsg += "absolute system path"
-        logger.warn(warnMsg)
+        defaultDocRoot = "/var/www/"

-    for absFilePath in kb.absFilePaths:
-        if conf.path in absFilePath:
-            index = absFilePath.index(conf.path)
-            docRoot = absFilePath[:index]
-            break
+    if kb.absFilePaths:
+        for absFilePath in kb.absFilePaths:
+            absFilePathWin = None
+
+            if re.search("([\w]\:[\/\\\\]+)", absFilePath):
+                absFilePathWin = absFilePath
+                absFilePath    = absFilePath[2:].replace("\\", "/")
+
+            absFilePath = os.path.normpath(absFilePath)
+
+            if os.path.dirname(conf.path) in absFilePath:
+                index   = absFilePath.index(conf.path)
+                docRoot = absFilePath[:index]
+
+                if absFilePathWin:
+                    docRoot = "C:\\%s" % docRoot.replace("/", "\\")
+
+                break

    if docRoot:
-        logMsg  = "retrieved the remote web server "
-        logMsg += "document root: '%s'" % docRoot
-        logger.info(logMsg)
+        infoMsg = "retrieved the web server document root: '%s'" % docRoot
+        logger.info(infoMsg)
    else:
-        warnMsg  = "unable to retrieve the remote web server "
-        warnMsg += "document root"
+        warnMsg = "unable to retrieve the web server document root"
        logger.warn(warnMsg)

+        message  = "please provide the web server document root "
+        message += "[%s]: " % defaultDocRoot
+        inputDocRoot = readInput(message, default=defaultDocRoot)
+
+        if inputDocRoot:
+            docRoot = inputDocRoot
+        else:
+            docRoot = defaultDocRoot
+
    return docRoot


-def getDirectories():
-    """
-    This method calls a function that returns the web application document
-    root and injectable file absolute system path.
-
-    @return: a set of paths (document root and absolute system path).
-    @rtype: C{set}
-    @todo: replace this function with a site crawling functionality.
-    """
-
+def getDirs():
    directories = set()

-    kb.docRoot = getDocRoot()
+    if kb.os == "Windows":
+        defaultDir = "C:\\Inetput\\wwwroot\\test\\"
+    else:
+        defaultDir = "/var/www/test/"

-    if kb.docRoot:
-        directories.add(kb.docRoot)
+    if kb.absFilePaths:
+        infoMsg  = "retrieved web server full paths: "
+        infoMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths)
+        logger.info(infoMsg)

-    pagePath = re.search("^/(.*)/", conf.path)
+        for absFilePath in kb.absFilePaths:
+            directories.add(os.path.dirname(absFilePath))
+    else:
+        warnMsg = "unable to retrieve any web server path"
+        logger.warn(warnMsg)

-    if kb.docRoot and pagePath:
-        pagePath = pagePath.groups()[0]
+    message   = "please provide any additional web server full path to try "
+    message  += "to upload the agent [%s]: " % defaultDir
+    inputDirs = readInput(message, default=defaultDir)

-        directories.add("%s/%s" % (kb.docRoot, pagePath))
+    if inputDirs:
+        inputDirs = inputDirs.replace(", ", ",")
+        inputDirs = inputDirs.split(",")
+
+        for inputDir in inputDirs:
+            directories.add(inputDir)
+    else:
+        directories.add(defaultDir)

    return directories


 def filePathToString(filePath):
-    string = filePath.replace("/", "_").replace("\\", "_")
-    string = string.replace(" ", "_").replace(":", "_")
+    strRepl = filePath.replace("/", "_").replace("\\", "_")
+    strRepl = strRepl.replace(" ", "_").replace(":", "_")

-    return string
+    return strRepl


 def dataToStdout(data):
@@ -326,18 +344,18 @@ def dataToOutFile(data):
    return rFilePath


-def strToHex(string):
+def strToHex(inpStr):
    """
-    @param string: string to be converted into its hexadecimal value.
-    @type string: C{str}
+    @param inpStr: inpStr to be converted into its hexadecimal value.
+    @type inpStr: C{str}

-    @return: the hexadecimal converted string.
+    @return: the hexadecimal converted inpStr.
    @rtype: C{str}
    """

    hexStr = ""

-    for character in string:
+    for character in inpStr:
        if character == "\n":
            character = " "

@@ -457,17 +475,17 @@ def randomStr(length=5, lowercase=False):
    return rndStr


-def sanitizeStr(string):
+def sanitizeStr(inpStr):
    """
-    @param string: string to sanitize: cast to str datatype and replace
+    @param inpStr: inpStr to sanitize: cast to str datatype and replace
    newlines with one space and strip carriage returns.
-    @type string: C{str}
+    @type inpStr: C{str}

-    @return: sanitized string
+    @return: sanitized inpStr
    @rtype: C{str}
    """

-    cleanString = str(string)
+    cleanString = str(inpStr)
    cleanString = cleanString.replace("\n", " ").replace("\r", "")

    return cleanString
@@ -483,8 +501,8 @@ def checkFile(filename):
        raise sqlmapFilePathException, "unable to read file '%s'" % filename


-def replaceNewlineTabs(string):
-    replacedString = string.replace("\n", "__NEWLINE__").replace("\t", "__TAB__")
+def replaceNewlineTabs(inpStr):
+    replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__")
    replacedString = replacedString.replace(temp.delimiter, "__DEL__")

    return replacedString
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -23,13 +23,8 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """


-try:
-    from hashlib import md5
-    from hashlib import sha
-except ImportError, _:
-    import md5
-    import sha
-
+import md5
+import sha
 import struct
 import urllib

--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@@ -24,8 +24,6 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA



-import sys
-
 from lib.core.settings import PLATFORM
 from lib.core.settings import PYVERSION
 from lib.core.settings import VERSION
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -31,8 +31,6 @@ import logging
 import os
 import re
 import socket
-import sys
-import time
 import urllib2
 import urlparse

@@ -42,8 +40,6 @@ from lib.core.common import getFileType
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
-from lib.core.common import randomStr
-from lib.core.common import readInput
 from lib.core.common import sanitizeStr
 from lib.core.data import conf
 from lib.core.data import kb
@@ -60,8 +56,10 @@ from lib.core.optiondict import optDict
 from lib.core.settings import MSSQL_ALIASES
 from lib.core.settings import MYSQL_ALIASES
 from lib.core.settings import PLATFORM
+from lib.core.settings import SITE
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import SUPPORTED_OS
+from lib.core.settings import VERSION_STRING
 from lib.core.update import update
 from lib.parse.configfile import configFileParser
 from lib.parse.queriesfile import queriesParser
@@ -600,9 +598,14 @@ def __defaultHTTPUserAgent():
    @rtype: C{str}
    """

+    return "%s (%s)" % (VERSION_STRING, SITE)
+
+    # Firefox 3 running on Ubuntu 9.04 updated at April 2009
+    #return "Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.9) Gecko/2009042113 Ubuntu/9.04 (jaunty) Firefox/3.0.9"
+
    # Internet Explorer 7.0 running on Windows 2003 Service Pack 2 english
    # updated at March 2009
-    return "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
+    #return "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"


 def __setHTTPUserAgent():
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -25,7 +25,6 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA


 import logging
-import os
 import sys


--- a/lib/core/shell.py
+++ b/lib/core/shell.py
@@ -73,8 +73,8 @@ class CompleterNG(rlcompleter.Completer):
        matches = []
        n = len(text)

-        for list in [ self.namespace ]:
-            for word in list:
+        for ns in [ self.namespace ]:
+            for word in ns:
                if word[:n] == text:
                    matches.append(word)

--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -25,17 +25,14 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA


 import os
-import re
 import time

 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
-from lib.core.common import readInput
 from lib.core.convert import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
-from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.dump import dumper
 from lib.core.exception import sqlmapFilePathException
--- a/lib/core/update.py
+++ b/lib/core/update.py
@@ -205,7 +205,7 @@ def __createFile(pathname, data):
    fileFP.close()


-def __extractZipFile(tempDir, zipFile, sqlmapNewestVersion):
+def __extractZipFile(tempDir, zipFile):
    # Check if the saved binary file is really a ZIP file
    if zipfile.is_zipfile(zipFile):
        sqlmapZipFile = zipfile.ZipFile(zipFile)
@@ -285,13 +285,13 @@ def __updateSqlmap():
    tempDir = tempfile.gettempdir()
    zipFile = os.path.join(tempDir, "sqlmap-%s.zip" % sqlmapNewestVersion)
    __createFile(zipFile, sqlmapBinaryString)
-    __extractZipFile(tempDir, zipFile, sqlmapNewestVersion)
+    __extractZipFile(tempDir, zipFile)

    # For each file and directory in the temporary directory copy it
    # to the sqlmap root path and set right permission
    # TODO: remove files not needed anymore and all pyc within the
    # sqlmap root path in the end
-    for root, dirs, files in os.walk(os.path.join(tempDir, "sqlmap-%s" % sqlmapNewestVersion)):
+    for root, _, files in os.walk(os.path.join(tempDir, "sqlmap-%s" % sqlmapNewestVersion)):
        # Just for development release
        if '.svn' in root:
            continue