PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-10 09:49:06 +00:00
Code Issues Projects Releases Wiki Activity

Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch

Browse Source
This commit is contained in:
Bernardo Damele
2011-04-23 16:25:09 +00:00
parent 75142b383d
commit d0dff82ce0
20 changed files with 125 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/takeover/abstraction.py
View File

@@ -15,6 +15,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.shell import autoCompletion
@@ -108,7 +109,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
errMsg = "feature not yet implemented for the back-end DBMS"
raise sqlmapUnsupportedFeatureException, errMsg
infoMsg = "calling %s OS shell. To quit type " % (kb.os or "Windows")
infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows")
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)

21
lib/takeover/metasploit.py
View File

@@ -32,6 +32,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.exception import sqlmapDataException
from lib.core.exception import sqlmapFilePathException
from lib.core.settings import UNICODE_ENCODING
@@ -118,7 +119,7 @@ class Metasploit:
}
def __skeletonSelection(self, msg, lst=None, maxValue=1, default=1):
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
opSys = "windows"
else:
opSys = "linux"
@@ -169,11 +170,11 @@ class Metasploit:
if isinstance(encode, basestring):
return encode
elif kb.os == "Windows" and encode:
elif Backend.isOs(OS.WINDOWS) and encode:
return self.__skeletonSelection("payload encoding", self.__msfEncodersList)
def __selectPayload(self):
if kb.os == "Windows" and conf.privEsc:
if Backend.isOs(OS.WINDOWS) and conf.privEsc:
infoMsg = "forcing Metasploit payload to Meterpreter because "
infoMsg += "it is the only payload that can be used to "
infoMsg += "escalate privileges, either via 'incognito' "
@@ -358,7 +359,7 @@ class Metasploit:
elif not self.connectionStr.startswith("bind"):
raise sqlmapDataException, "unexpected connection type"
if kb.os == "Windows" or extra == "BufferRegister=EAX":
if Backend.isOs(OS.WINDOWS) or extra == "BufferRegister=EAX":
self.__payloadCmd += " R | %s -a x86 -e %s -o %s -t %s" % (self.__msfEncode, self.encoderStr, outFile, format)
if extra is not None:
@@ -395,7 +396,7 @@ class Metasploit:
infoMsg += "remotely, please wait.."
logger.info(infoMsg)
if kb.os != "Windows":
if not Backend.isOs(OS.WINDOWS):
self.execCmd("chmod +x %s" % self.exeFilePathRemote, silent=True)
cmd = "%s &" % self.exeFilePathRemote
@@ -403,7 +404,7 @@ class Metasploit:
self.execCmd(cmd, silent=True)
def __loadMetExtensions(self, proc, metSess):
if kb.os != "Windows":
if not Backend.isOs(OS.WINDOWS):
return
if self.resourceFile is not None:
@@ -479,7 +480,7 @@ class Metasploit:
func()
if "Starting the payload handler" in out and "shell" in self.payloadStr:
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
proc.stdin.write("whoami\n")
else:
proc.stdin.write("uname -a ; id\n")
@@ -512,7 +513,7 @@ class Metasploit:
pollProcess(process)
payloadStderr = process.communicate()[1]
if kb.os == "Windows" or extra == "BufferRegister=EAX":
if Backend.isOs(OS.WINDOWS) or extra == "BufferRegister=EAX":
payloadSize = re.search("size ([\d]+)", payloadStderr, re.I)
else:
payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I)
@@ -547,7 +548,7 @@ class Metasploit:
self.__randStr = randomStr(lowercase=True)
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s.exe" % self.__randStr)
# Metasploit developers added support for the old exe format
@@ -579,7 +580,7 @@ class Metasploit:
pollProcess(process)
payloadStderr = process.communicate()[1]
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
payloadSize = re.search("size\s([\d]+)", payloadStderr, re.I)
else:
payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I)

5
lib/takeover/udf.py
View File

@@ -19,6 +19,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapMissingMandatoryOptionException
@@ -191,12 +192,12 @@ class UDF:
errMsg = "shared library file must end with '.dll' or '.so'"
raise sqlmapMissingMandatoryOptionException(errMsg)
elif self.udfLocalFile.endswith(".so") and kb.os == "Windows":
elif self.udfLocalFile.endswith(".so") and Backend.isOs(OS.WINDOWS):
errMsg = "you provided a shared object as shared library, but "
errMsg += "the database underlying operating system is Windows"
raise sqlmapMissingMandatoryOptionException(errMsg)
elif self.udfLocalFile.endswith(".dll") and kb.os == "Linux":
elif self.udfLocalFile.endswith(".dll") and Backend.isOs(OS.LINUX):
errMsg = "you provided a dynamic-link library as shared library, "
errMsg += "but the database underlying operating system is Linux"
raise sqlmapMissingMandatoryOptionException(errMsg)

10
lib/takeover/web.py
View File

@@ -14,6 +14,7 @@ import re
from extra.cloak.cloak import decloak
from lib.core.agent import agent
from lib.core.common import Backend
from lib.core.common import decloakToNamedTemporaryFile
from lib.core.common import extractRegexResult
from lib.core.common import getDirs
@@ -31,6 +32,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedDBMSException
from lib.core.shell import autoCompletion
@@ -103,7 +105,7 @@ class Web:
def __webFileInject(self, fileContent, fileName, directory):
outFile = posixpath.normpath("%s/%s" % (directory, fileName))
uplQuery = fileContent.replace("WRITABLE_DIR", directory.replace('/', '\\\\') if kb.os == "Windows" else directory)
uplQuery = fileContent.replace("WRITABLE_DIR", directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
query = ""
if isTechniqueAvailable(kb.technique):
@@ -144,12 +146,12 @@ class Web:
break
if not default:
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
default = "asp"
else:
default = "php"
message = "which web application language does the web server "
message = "which web application language does the web server "
message += "support?\n"
for count in xrange(len(choices)):
@@ -284,7 +286,7 @@ class Web:
continue
else:
if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(localPath) if kb.os == "Windows" else localPath):
if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(localPath) if Backend.isOs(OS.WINDOWS) else localPath):
warnMsg = "backdoor has not been successfully uploaded "
warnMsg += "with file stager probably because of "
warnMsg += "lack of write permission."