refactoring of hard coded dbms names

plugins/generic/takeover.py

@@ -20,6 +20,7 @@ from lib.core.exception import sqlmapMissingPrivileges
 from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.exception import sqlmapUndefinedMethod
 from lib.core.exception import sqlmapUnsupportedDBMSException
+from lib.core.settings import DBMS
 from lib.takeover.abstraction import Abstraction
 from lib.takeover.icmpsh import ICMPsh
 from lib.takeover.metasploit import Metasploit
@@ -45,7 +46,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
 
         if kb.stackedTest or conf.direct:
             web = False
-        elif not kb.stackedTest and kb.dbms == "MySQL":
+        elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
             infoMsg = "going to use a web backdoor for command execution"
             logger.info(infoMsg)
 
@@ -68,7 +69,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
 
         if kb.stackedTest or conf.direct:
             web = False
-        elif not kb.stackedTest and kb.dbms == "MySQL":
+        elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
             infoMsg = "going to use a web backdoor for command prompt"
             logger.info(infoMsg)
 
@@ -153,7 +154,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                 errMsg += "is unlikely to receive commands send from you"
                 logger.error(errMsg)
 
-            if kb.dbms in ( "MySQL", "PostgreSQL" ):
+            if kb.dbms in ( DBMS.MYSQL, DBMS.POSGRESQL ):
                 self.sysUdfs.pop("sys_bineval")
 
         if kb.stackedTest or conf.direct:
@@ -163,7 +164,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
             self.initEnv(web=web)
 
             if tunnel == 1:
-                if kb.dbms in ( "MySQL", "PostgreSQL" ):
+                if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
                     msg  = "how do you want to execute the Metasploit shellcode "
                     msg += "on the back-end database underlying operating system?"
                     msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)"
@@ -193,7 +194,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                     self.uploadMsfPayloadStager()
 
                 if kb.os == "Windows" and conf.privEsc:
-                    if kb.dbms == "MySQL":
+                    if kb.dbms == DBMS.MYSQL:
                         debugMsg  = "by default MySQL on Windows runs as SYSTEM "
                         debugMsg += "user, no need to privilege escalate"
                         logger.debug(debugMsg)
@@ -211,7 +212,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                 self.uploadIcmpshSlave(web=web)
                 self.icmpPwn()
 
-        elif not kb.stackedTest and kb.dbms == "MySQL":
+        elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
             web = True
 
             infoMsg = "going to use a web backdoor to establish the tunnel"
@@ -262,13 +263,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
             raise sqlmapUnsupportedDBMSException(errMsg)
 
         if not kb.stackedTest and not conf.direct:
-            if kb.dbms in ( "PostgreSQL", "Microsoft SQL Server" ):
+            if kb.dbms in ( DBMS.POSTGRESQL, DBMS.MSSQL ):
                 errMsg  = "on this back-end DBMS it is only possible to "
                 errMsg += "perform the SMB relay attack if stacked "
                 errMsg += "queries are supported"
                 raise sqlmapUnsupportedDBMSException(errMsg)
 
-            elif kb.dbms == "MySQL":
+            elif kb.dbms == DBMS.MYSQL:
                 debugMsg  = "since stacked queries are not supported, "
                 debugMsg += "sqlmap is going to perform the SMB relay "
                 debugMsg += "attack via inference blind SQL injection"
@@ -277,18 +278,18 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
         printWarn = True
         warnMsg   = "it is unlikely that this attack will be successful "
 
-        if kb.dbms == "MySQL":
+        if kb.dbms == DBMS.MYSQL:
             warnMsg += "because by default MySQL on Windows runs as "
             warnMsg += "Local System which is not a real user, it does "
             warnMsg += "not send the NTLM session hash when connecting to "
             warnMsg += "a SMB service"
 
-        elif kb.dbms == "PostgreSQL":
+        elif kb.dbms == DBMS.POSTGRESQL:
             warnMsg += "because by default PostgreSQL on Windows runs "
             warnMsg += "as postgres user which is a real user of the "
             warnMsg += "system, but not within the Administrators group"
 
-        elif kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
+        elif kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
             warnMsg += "because often Microsoft SQL Server %s " % kb.dbmsVersion[0]
             warnMsg += "runs as Network Service which is not a real user, "
             warnMsg += "it does not send the NTLM session hash when "
@@ -308,7 +309,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
         if not kb.stackedTest and not conf.direct:
             return
 
-        if not kb.dbms == "Microsoft SQL Server" or kb.dbmsVersion[0] not in ( "2000", "2005" ):
+        if not kb.dbms == DBMS.MSSQL or kb.dbmsVersion[0] not in ( "2000", "2005" ):
             errMsg  = "the back-end DBMS must be Microsoft SQL Server "
             errMsg += "2000 or 2005 to be able to exploit the heap-based "
             errMsg += "buffer overflow in the 'sp_replwritetovarbin' "