adding support for PgSQL DNS data exfiltration

2025-12-07 21:21:33 +00:00 · 2012-04-07 14:06:11 +00:00
parent b2afa87e48
commit 8c6eb4faa9
5 changed files with 27 additions and 7 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -805,7 +805,7 @@ class Agent:
        retVal = None

        if inpStr:
-            match = re.search("%s(?P<result>.*?)%s" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER), inpStr)
+            match = re.search("%s(?P<result>.*?)%s" % (PAYLOAD_DELIMITER, PAYLOAD_DELIMITER), inpStr, re.S)

            if match:
                retVal = match.group("result")
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1609,11 +1609,17 @@ def getSPQLSnippet(dbms, name, **variables):
    retVal = readCachedFileContent(filename)

    retVal = re.sub(r"#.+", "", retVal)
-    retVal = re.sub(r"(?s);\W+", "; ", retVal).strip()
+    retVal = re.sub(r"(?s);\s+", "; ", retVal).strip()

    for _ in variables.keys():
        retVal = re.sub(r"%%%s%%" % _, variables[_], retVal)

+    for _ in re.findall(r"%RANDSTR\d+%", retVal, re.I):
+        retVal = retVal.replace(_, randomStr())
+
+    for _ in re.findall(r"%RANDINT\d+%", retVal, re.I):
+        retVal = retVal.replace(_, randomInt())
+
    _ = re.search(r"%(\w+)%", retVal, re.I)
    if _:
        errMsg = "unresolved variable '%s' in SPL snippet '%s'" % (_.group(1), name)