Skip to content

Commit faaae2b

Browse files
stamparmstamparm
committed
Minor refactoring
1 parent d813d24 commit faaae2b

File tree

8 files changed

+17
-11
lines changed

8 files changed

+17
-11
lines changed

lib/core/settings.py

+5-1
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.2.2.8"
22+
VERSION = "1.2.2.9"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -299,6 +299,10 @@
299299
"wizard",
300300
)
301301

302+
# Tags used for value replacements inside shell scripts
303+
SHELL_WRITABLE_DIR_TAG = "%WRITABLE_DIR%"
304+
SHELL_RUNCMD_EXE_TAG = "%RUNCMD_EXE%"
305+
302306
# String representation for NULL value
303307
NULL = "NULL"
304308

lib/takeover/web.py

+5-3
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,8 @@
4747
from lib.core.exception import SqlmapNoneDataException
4848
from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
4949
from lib.core.settings import EVENTVALIDATION_REGEX
50+
from lib.core.settings import SHELL_RUNCMD_EXE_TAG
51+
from lib.core.settings import SHELL_WRITABLE_DIR_TAG
5052
from lib.core.settings import VIEWSTATE_REGEX
5153
from lib.request.connect import Connect as Request
5254
from thirdparty.oset.pyoset import oset
@@ -134,7 +136,7 @@ def _webFileStreamUpload(self, stream, destFileName, directory):
134136

135137
def _webFileInject(self, fileContent, fileName, directory):
136138
outFile = posixpath.join(ntToPosixSlashes(directory), fileName)
137-
uplQuery = getUnicode(fileContent).replace("WRITABLE_DIR", directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
139+
uplQuery = getUnicode(fileContent).replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
138140
query = ""
139141

140142
if isTechniqueAvailable(kb.technique):
@@ -324,7 +326,7 @@ def webInit(self):
324326

325327
with open(filename, "w+b") as f:
326328
_ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi))
327-
_ = _.replace("WRITABLE_DIR", utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory))
329+
_ = _.replace(SHELL_WRITABLE_DIR_TAG, utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory))
328330
f.write(_)
329331

330332
self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True)
@@ -369,7 +371,7 @@ def webInit(self):
369371
continue
370372

371373
_ = "tmpe%s.exe" % randomStr(lowercase=True)
372-
if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", _)):
374+
if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace(SHELL_WRITABLE_DIR_TAG, backdoorDirectory).replace(SHELL_RUNCMD_EXE_TAG, _)):
373375
self.webUpload(_, backdoorDirectory, filepath=os.path.join(paths.SQLMAP_EXTRAS_PATH, "runcmd", "runcmd.exe_"))
374376
self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl, backdoorName)
375377
self.webDirectory = backdoorDirectory

shell/backdoors/backdoor.asp_

3 Bytes
Binary file not shown.

shell/stagers/stager.asp_

2 Bytes
Binary file not shown.

shell/stagers/stager.aspx_

2 Bytes
Binary file not shown.

shell/stagers/stager.jsp_

1 Byte
Binary file not shown.

shell/stagers/stager.php_

2 Bytes
Binary file not shown.

txt/checksum.md5

+7-7
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py
4646
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
4747
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
4848
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
49-
a333cf1cf7e533c13bf1aec774c82938 lib/core/settings.py
49+
d4f192e51b660e59391dee667f79c652 lib/core/settings.py
5050
d0adc28a38e43a787df4471f7f027413 lib/core/shell.py
5151
63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py
5252
505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py
@@ -85,7 +85,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py
8585
703e15714316a8cc4bbe54cdd0a8cb87 lib/takeover/metasploit.py
8686
0fc9b00596df21c8878ef92f513ecad7 lib/takeover/registry.py
8787
48575dde7bb867b7937769f569a98309 lib/takeover/udf.py
88-
1398cb4ee55becf628367854b5310f33 lib/takeover/web.py
88+
19d2b9d1159ce809907ba71c4fae0d4e lib/takeover/web.py
8989
d8c10f278e5943b137a222f4cedca59d lib/takeover/xp_cmdshell.py
9090
b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py
9191
1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py
@@ -215,14 +215,14 @@ a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py
215215
e522c294676ede15bee751107e9bb449 plugins/generic/takeover.py
216216
4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py
217217
1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py
218-
b04db3e861edde1f9dd0a3850d5b96c8 shell/backdoors/backdoor.asp_
218+
5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_
219219
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_
220220
595f711adf1ecb5f3b9a64532b04d8b9 shell/backdoors/backdoor.jsp_
221221
09fc3ed6543f4d1885e338b271e5e97a shell/backdoors/backdoor.php_
222-
0e7aba05423c272f051f31165b0e416d shell/stagers/stager.asp_
223-
c3cc8b7727161e64ab59f312c33b541a shell/stagers/stager.aspx_
224-
1f7f125f30e0e800beb21e2ebbab18e1 shell/stagers/stager.jsp_
225-
01e3505e796edf19aad6a996101c81c9 shell/stagers/stager.php_
222+
ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_
223+
4e6d2094bd6afe35032fb8bc8a86e83c shell/stagers/stager.aspx_
224+
0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_
225+
2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_
226226
4eaeef94314956e4517e5310a28d579a sqlmapapi.py
227227
3e2e790c370442c3d98eaa88a3523b15 sqlmap.py
228228
4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py

0 commit comments

Comments
 (0)