More code refactoring of Backend class methods used

2025-12-09 14:11:29 +00:00 · 2011-04-30 14:54:29 +00:00
parent 2f2758b033
commit 9a4ae7d9e2
16 changed files with 146 additions and 146 deletions
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -46,7 +46,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
    def osCmd(self):
        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
            web = False
-        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
+        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
            infoMsg = "going to use a web backdoor for command execution"
            logger.info(infoMsg)

@@ -67,7 +67,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
    def osShell(self):
        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
            web = False
-        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
+        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
            infoMsg = "going to use a web backdoor for command prompt"
            logger.info(infoMsg)

@@ -201,7 +201,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                self.uploadShellcodeexec()

                if Backend.isOs(OS.WINDOWS) and conf.privEsc:
-                    if Backend.getIdentifiedDbms() == DBMS.MYSQL:
+                    if Backend.isDbms(DBMS.MYSQL):
                        debugMsg = "by default MySQL on Windows runs as SYSTEM "
                        debugMsg += "user, no need to privilege escalate"
                        logger.debug(debugMsg)
@@ -219,7 +219,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                self.uploadIcmpshSlave(web=web)
                self.icmpPwn()

-        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL:
+        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
            web = True

            infoMsg = "going to use a web backdoor to establish the tunnel"
@@ -274,7 +274,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                errMsg += "queries are supported"
                raise sqlmapUnsupportedDBMSException(errMsg)

-            elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
+            elif Backend.isDbms(DBMS.MYSQL):
                debugMsg = "since stacked queries are not supported, "
                debugMsg += "sqlmap is going to perform the SMB relay "
                debugMsg += "attack via inference blind SQL injection"
@@ -283,18 +283,18 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
        printWarn = True
        warnMsg = "it is unlikely that this attack will be successful "

-        if Backend.getIdentifiedDbms() == DBMS.MYSQL:
+        if Backend.isDbms(DBMS.MYSQL):
            warnMsg += "because by default MySQL on Windows runs as "
            warnMsg += "Local System which is not a real user, it does "
            warnMsg += "not send the NTLM session hash when connecting to "
            warnMsg += "a SMB service"

-        elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
+        elif Backend.isDbms(DBMS.PGSQL):
            warnMsg += "because by default PostgreSQL on Windows runs "
            warnMsg += "as postgres user which is a real user of the "
            warnMsg += "system, but not within the Administrators group"

-        elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
+        elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
            warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion()
            warnMsg += "runs as Network Service which is not a real user, "
            warnMsg += "it does not send the NTLM session hash when "
@@ -312,7 +312,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
            return

-        if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")):
+        if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin(("2000", "2005")):
            errMsg = "the back-end DBMS must be Microsoft SQL Server "
            errMsg += "2000 or 2005 to be able to exploit the heap-based "
            errMsg += "buffer overflow in the 'sp_replwritetovarbin' "