Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5358d85

Browse files
stamparmstamparm
committed
Important refactoring for web-based functionality
1 parent 81ccf28 commit 5358d85

3 files changed

Lines changed: 23 additions & 41 deletions

File tree

lib/core/common.py

Lines changed: 5 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,6 @@
3636
from optparse import OptionValueError
3737
from subprocess import PIPE
3838
from subprocess import Popen as execute
39-
from tempfile import NamedTemporaryFile
4039
from tempfile import mkstemp
4140
from xml.etree import ElementTree as ET
4241
from xml.dom import minidom
@@ -1401,37 +1400,11 @@ def showStaticWords(firstPage, secondPage):
14011400

14021401
logger.info(infoMsg)
14031402

1404-
def decloakToNamedTemporaryFile(filepath, name=None):
1405-
retVal = NamedTemporaryFile()
1406-
1407-
def __del__():
1408-
try:
1409-
if hasattr(retVal, 'old_name'):
1410-
retVal.name = retVal.old_name
1411-
retVal.close()
1412-
except OSError:
1413-
pass
1414-
1415-
retVal.__del__ = __del__
1416-
retVal.write(decloak(filepath))
1417-
retVal.seek(0)
1418-
1419-
if name:
1420-
retVal.old_name = retVal.name
1421-
retVal.name = name
1422-
1423-
return retVal
1424-
1425-
def decloakToMkstemp(filepath, **kwargs):
1426-
handle, name = mkstemp(**kwargs)
1427-
1428-
_ = os.fdopen(handle)
1429-
_.close() # close low level handle (causing problems latter)
1430-
1431-
retVal = open(name, 'w+b')
1432-
1433-
retVal.write(decloak(filepath))
1434-
retVal.seek(0)
1403+
def decloakToNamedStream(filepath, name=None):
1404+
class _(StringIO):
1405+
__len__ = property(lambda self: self.len)
1406+
retVal = _(decloak(filepath))
1407+
retVal.name = name
14351408

14361409
return retVal
14371410

lib/takeover/web.py

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,13 @@
1010
import posixpath
1111
import re
1212

13+
from tempfile import mkstemp
14+
1315
from extra.cloak.cloak import decloak
1416
from lib.core.agent import agent
1517
from lib.core.common import arrayizeValue
1618
from lib.core.common import Backend
17-
from lib.core.common import decloakToMkstemp
18-
from lib.core.common import decloakToNamedTemporaryFile
19+
from lib.core.common import decloakToNamedStream
1920
from lib.core.common import extractRegexResult
2021
from lib.core.common import getDirs
2122
from lib.core.common import getDocRoot
@@ -187,7 +188,7 @@ def webInit(self):
187188
directories = sorted(getDirs())
188189

189190
backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
190-
backdoorStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
191+
backdoorStream = decloakToNamedStream(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoor.%s_" % self.webApi), backdoorName)
191192
originalBackdoorContent = backdoorContent = backdoorStream.read()
192193

193194
stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
@@ -255,8 +256,15 @@ def webInit(self):
255256
infoMsg += "UNION technique"
256257
logger.info(infoMsg)
257258

258-
stagerDecloacked = decloakToMkstemp(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
259-
self.unionWriteFile(stagerDecloacked.name, self.webStagerFilePath, "text")
259+
handle, filename = mkstemp()
260+
os.fdopen(handle).close() # close low level handle (causing problems latter)
261+
262+
with open(filename, "w+") as f:
263+
_ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stager.%s_" % self.webApi))
264+
_ = _.replace("WRITABLE_DIR", localPath.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else localPath)
265+
f.write(_)
266+
267+
self.unionWriteFile(filename, self.webStagerFilePath, "text")
260268

261269
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
262270
uplPage = uplPage or ""
@@ -282,7 +290,7 @@ def webInit(self):
282290

283291
if self.webApi == WEB_API.ASP:
284292
runcmdName = "tmpe%s.exe" % randomStr(lowercase=True)
285-
runcmdStream = decloakToNamedTemporaryFile(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
293+
runcmdStream = decloakToNamedStream(os.path.join(paths.SQLMAP_SHELL_PATH, 'runcmd.exe_'), runcmdName)
286294
match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
287295

288296
if match:
@@ -291,7 +299,7 @@ def webInit(self):
291299
continue
292300

293301
backdoorContent = originalBackdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", runcmdName)
294-
backdoorStream.file.truncate()
302+
backdoorStream.truncate()
295303
backdoorStream.read()
296304
backdoorStream.seek(0)
297305
backdoorStream.write(backdoorContent)

thirdparty/multipart/multipartpost.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import mimetypes
2525
import os
2626
import stat
27+
import StringIO
2728
import sys
2829
import urllib
2930
import urllib2
@@ -52,7 +53,7 @@ def http_request(self, request):
5253

5354
try:
5455
for(key, value) in data.items():
55-
if type(value) == file or hasattr(value, 'file'):
56+
if isinstance(value, file) or hasattr(value, 'file') or isinstance(value, StringIO.StringIO):
5657
v_files.append((key, value))
5758
else:
5859
v_vars.append((key, value))
@@ -85,7 +86,7 @@ def multipart_encode(vars, files, boundary = None, buf = None):
8586
buf += '\r\n\r\n' + value + '\r\n'
8687

8788
for (key, fd) in files:
88-
file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
89+
file_size = os.fstat(fd.fileno())[stat.ST_SIZE] if isinstance(fd, file) else fd.len
8990
filename = fd.name.split('/')[-1]
9091
contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
9192
buf += '--%s\r\n' % boundary

0 commit comments

Comments
 (0)