Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 15d1fcb

Browse files
stamparmstamparm
committed
now runcmd exe has random name too
1 parent bad2acd commit 15d1fcb

2 files changed

Lines changed: 3 additions & 3 deletions

File tree

lib/takeover/web.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -200,11 +200,11 @@ def webInit(self):
200200
logger.info(infoMsg)
201201

202202
if self.webApi == "asp":
203-
runcmdName = 'runcmd.exe'
204-
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, runcmdName + '_'), runcmdName)
203+
runcmdName = "tmpe%s.exe" % randomStr(4)
204+
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
205205
scriptsDirectory = "Scripts"
206206
backdoorDirectory = "%s..\%s" % (posixToNtSlashes(directory), scriptsDirectory)
207-
backdoorContent = backdoorContent.replace("WRITABLE_DIR", backdoorDirectory)
207+
backdoorContent = backdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
208208
backdoorStream.file.truncate()
209209
backdoorStream.read()
210210
backdoorStream.seek(0)

shell/backdoor.asp_

5 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)