Refactoring of funcionality for finding out if stacking is available

2025-12-25 00:49:02 +00:00 · 2013-02-13 09:57:16 +01:00
parent 8b4f72322a
commit dc41484b3f
8 changed files with 46 additions and 30 deletions
--- a/plugins/generic/custom.py
+++ b/plugins/generic/custom.py
@@ -12,6 +12,7 @@ from lib.core.common import dataToStdout
 from lib.core.common import getPublicTypeMembers
 from lib.core.common import getSQLSnippet
 from lib.core.common import getTechniqueData
+from lib.core.common import isStackingAvailable
 from lib.core.common import isTechniqueAvailable
 from lib.core.convert import utf8decode
 from lib.core.data import conf
@@ -41,15 +42,6 @@ class Custom:
                    sqlType = sqlTitle
                    break

-        stacked = isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)
-
-        if not stacked:
-            for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
-                _ = getTechniqueData(technique)
-                if _ and "stacked" in _["title"].lower():
-                    stacked = True
-                    break
-
        if "OPENROWSET" not in query.upper() and (not sqlType or "SELECT" in sqlType):
            infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
            logger.info(infoMsg)
@@ -57,7 +49,7 @@ class Custom:
            output = inject.getValue(query, fromUser=True)

            return output
-        elif not stacked and not conf.direct:
+        elif not isStackingAvailable() and not conf.direct:
                warnMsg = "execution of custom SQL queries is only "
                warnMsg += "available when stacked queries are supported"
                logger.warn(warnMsg)
--- a/plugins/generic/filesystem.py
+++ b/plugins/generic/filesystem.py
@@ -14,6 +14,7 @@ from lib.core.common import decloakToTemp
 from lib.core.common import decodeHexValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isListLike
+from lib.core.common import isStackingAvailable
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import readInput
 from lib.core.data import conf
@@ -189,8 +190,8 @@ class Filesystem:
            fileContent = None
            kb.fileReadMode = True

-            if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
-                if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
+            if conf.direct or isStackingAvailable():
+                if isStackingAvailable():
                    debugMsg = "going to read the file with stacked query SQL "
                    debugMsg += "injection technique"
                    logger.debug(debugMsg)
@@ -260,8 +261,8 @@ class Filesystem:
        if localFile.endswith('_'):
            localFile = decloakToTemp(localFile)

-        if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
-            if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
+        if conf.direct or isStackingAvailable():
+            if isStackingAvailable():
                debugMsg = "going to upload the %s file with " % fileType
                debugMsg += "stacked query SQL injection technique"
                logger.debug(debugMsg)
--- a/plugins/generic/misc.py
+++ b/plugins/generic/misc.py
@@ -10,6 +10,7 @@ import re

 from lib.core.common import Backend
 from lib.core.common import hashDBWrite
+from lib.core.common import isStackingAvailable
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import normalizePath
 from lib.core.common import ntToPosixSlashes
@@ -125,7 +126,7 @@ class Miscellaneous:
            self.delRemoteFile(self.webStagerFilePath)
            self.delRemoteFile(self.webBackdoorFilePath)

-        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
+        if not isStackingAvailable() and not conf.direct:
            return

        if Backend.isOs(OS.WINDOWS):
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
 import os

 from lib.core.common import Backend
+from lib.core.common import isStackingAvailable
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import readInput
 from lib.core.common import runningAsAdmin
@@ -41,9 +42,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
        Abstraction.__init__(self)

    def osCmd(self):
-        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
+        if isStackingAvailable() or conf.direct:
            web = False
-        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
+        elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
            infoMsg = "going to use a web backdoor for command execution"
            logger.info(infoMsg)

@@ -63,9 +64,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
            self.cleanup(web=web)

    def osShell(self):
-        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
+        if isStackingAvailable() or conf.direct:
            web = False
-        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
+        elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
            infoMsg = "going to use a web backdoor for command prompt"
            logger.info(infoMsg)

@@ -153,7 +154,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
            if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
                self.sysUdfs.pop("sys_bineval")

-        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
+        if isStackingAvailable() or conf.direct:
            web = False

            self.getRemoteTempPath()
@@ -202,7 +203,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                self.uploadIcmpshSlave(web=web)
                self.icmpPwn()

-        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
+        elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
            web = True

            infoMsg = "going to use a web backdoor to establish the tunnel"
@@ -250,7 +251,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
            errMsg += "relay attack"
            raise SqlmapUnsupportedDBMSException(errMsg)

-        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
+        if not isStackingAvailable() and not conf.direct:
            if Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.MSSQL):
                errMsg = "on this back-end DBMS it is only possible to "
                errMsg += "perform the SMB relay attack if stacked "
@@ -292,7 +293,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
        self.smb()

    def osBof(self):
-        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
+        if not isStackingAvailable() and not conf.direct:
            return

        if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin(("2000", "2005")):
@@ -328,7 +329,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
        raise SqlmapUndefinedMethod(errMsg)

    def _regInit(self):
-        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
+        if not isStackingAvailable() and not conf.direct:
            return

        self.checkDbmsOs()