Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2cafd56

Browse files
stamparmstamparm
committed
new changes regarding --os-shell
1 parent 858cb25 commit 2cafd56

2 files changed

Lines changed: 8 additions & 6 deletions

File tree

lib/takeover/web.py

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
from lib.core.common import isWindowsPath
3737
from lib.core.common import normalizePath
3838
from lib.core.common import posixToNtSlashes
39+
from lib.core.common import randomStr
3940
from lib.core.common import readInput
4041
from lib.core.convert import hexencode
4142
from lib.core.data import conf
@@ -166,12 +167,12 @@ def webInit(self):
166167
elif int(choice) < 1 or int(choice) > 3:
167168
logger.warn("invalid value, it must be 1 or 3")
168169

169-
backdoorName = "backdoor.%s" % self.webApi
170-
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, backdoorName + '_'), backdoorName)
170+
backdoorName = "tmpb%s.%s" % (randomStr(4), self.webApi)
171+
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
171172
backdoorContent = backdoorStream.read()
172173

173-
uploaderName = "uploader.%s" % self.webApi
174-
uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, uploaderName + '_'))
174+
uploaderName = "tmpu%s.%s" % (randomStr(4), self.webApi)
175+
uploaderContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "uploader.%s_" % self.webApi))
175176

176177
for directory in directories:
177178
# Upload the uploader agent
@@ -181,8 +182,9 @@ def webInit(self):
181182
if isWindowsPath(requestDir):
182183
requestDir = requestDir[2:]
183184
requestDir = normalizePath(requestDir)
185+
184186
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, requestDir)
185-
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl, uploaderName)
187+
self.webUploaderUrl = "%s/%s" % (self.webBaseUrl.rstrip('/'), uploaderName)
186188
self.webUploaderUrl = ntToPosixSlashes(self.webUploaderUrl.replace("./", "/"))
187189
uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False)
188190

@@ -194,7 +196,7 @@ def webInit(self):
194196
continue
195197

196198
infoMsg = "the uploader agent has been successfully uploaded "
197-
infoMsg += "on '%s'" % directory
199+
infoMsg += "on '%s' ('%s')" % (directory, self.webUploaderUrl)
198200
logger.info(infoMsg)
199201

200202
if self.webApi == "asp":

shell/backdoor.asp_

-6 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)