Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch

2025-12-09 14:11:29 +00:00 · 2011-04-23 16:25:09 +00:00
parent 75142b383d
commit d0dff82ce0
20 changed files with 125 additions and 92 deletions
--- a/plugins/generic/fingerprint.py
+++ b/plugins/generic/fingerprint.py
@@ -11,6 +11,7 @@ from lib.core.common import Backend
 from lib.core.common import readInput
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.enums import OS
 from lib.core.exception import sqlmapUndefinedMethod

 class Fingerprint:
@@ -50,10 +51,10 @@ class Fingerprint:
            os = readInput(msg, default="W")

            if os[0].lower() == "w":
-                kb.os = "Windows"
+                Backend.setOs(OS.WINDOWS)
                break
            elif os[0].lower() == "l":
-                kb.os = "Linux"
+                Backend.setOs(OS.LINUX)
                break
            else:
                warnMsg = "invalid value"
--- a/plugins/generic/misc.py
+++ b/plugins/generic/misc.py
@@ -21,6 +21,7 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.enums import DBMS
+from lib.core.enums import OS
 from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.exception import sqlmapUnsupportedFeatureException
@@ -37,13 +38,13 @@ class Miscellaneous:

    def getRemoteTempPath(self):
        if not conf.tmpPath:
-            if kb.os == "Windows":
+            if Backend.isOs(OS.WINDOWS):
                conf.tmpPath = "C:/WINDOWS/Temp"
            else:
                conf.tmpPath = "/tmp"

        if getCompiledRegex("(?i)\A[\w]:[\/\\\\]+").search(conf.tmpPath):
-            kb.os = "Windows"
+            Backend.setOs(OS.WINDOWS)

        conf.tmpPath = normalizePath(conf.tmpPath)
        conf.tmpPath = ntToPosixSlashes(conf.tmpPath)
@@ -80,7 +81,7 @@ class Miscellaneous:
    def delRemoteFile(self, tempFile):
        self.checkDbmsOs()

-        if kb.os == "Windows":
+        if Backend.isOs(OS.WINDOWS):
            tempFile = posixToNtSlashes(tempFile)
            cmd = "del /F /Q %s" % tempFile
        else:
@@ -100,10 +101,10 @@ class Miscellaneous:
        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
            return

-        if kb.os == "Windows":
+        if Backend.isOs(OS.WINDOWS):
            libtype = "dynamic-link library"

-        elif kb.os == "Linux":
+        elif Backend.isOs(OS.LINUX):
            libtype = "shared object"

        else:
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -17,6 +17,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
+from lib.core.enums import OS
 from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapMissingDependence
 from lib.core.exception import sqlmapMissingMandatoryOptionException
@@ -108,7 +109,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                warnMsg = "invalid value, valid values are 1 and 2"
                logger.warn(warnMsg)

-        if tunnel == 2 and kb.os != "Windows":
+        if tunnel == 2 and Backend.isOs(OS.WINDOWS):
                errMsg = "icmpsh slave is only supported on Windows at "
                errMsg += "the moment. The back-end database server is "
                errMsg += "not. sqlmap will fallback to TCP (Metasploit)"
@@ -189,13 +190,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                    self.createMsfPayloadStager()
                    self.uploadMsfPayloadStager()

-                if kb.os == "Windows" and conf.privEsc:
+                if Backend.isOs(OS.WINDOWS) and conf.privEsc:
                    if Backend.getIdentifiedDbms() == DBMS.MYSQL:
                        debugMsg  = "by default MySQL on Windows runs as SYSTEM "
                        debugMsg += "user, no need to privilege escalate"
                        logger.debug(debugMsg)

-                elif kb.os != "Windows" and conf.privEsc:
+                elif not Backend.isOs(OS.WINDOWS) and conf.privEsc:
                    # Unset --priv-esc if the back-end DBMS underlying operating
                    # system is not Windows
                    conf.privEsc = False
@@ -217,7 +218,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
            self.initEnv(web=web)

            if self.webBackdoorUrl:
-                if kb.os != "Windows" and conf.privEsc:
+                if not Backend.isOs(OS.WINDOWS) and conf.privEsc:
                    # Unset --priv-esc if the back-end DBMS underlying operating
                    # system is not Windows
                    conf.privEsc = False
@@ -250,7 +251,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
    def osSmb(self):
        self.checkDbmsOs()

-        if kb.os != "Windows":
+        if not Backend.isOs(OS.WINDOWS):
            errMsg  = "the back-end DBMS underlying operating system is "
            errMsg += "not Windows: it is not possible to perform the SMB "
            errMsg += "relay attack"
@@ -329,7 +330,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):

        self.checkDbmsOs()

-        if kb.os != "Windows":
+        if not Backend.isOs(OS.WINDOWS):
            errMsg  = "the back-end DBMS underlying operating system is "
            errMsg += "not Windows"
            raise sqlmapUnsupportedDBMSException(errMsg)