Minor cosmetic adjustments

bdamele · bdamele · commit 6f5d2ed1710e · 2010-01-28T17:07:34.000Z
diff --git a/lib/contrib/tokenkidnapping/README.txt b/lib/contrib/tokenkidnapping/README.txt
@@ -1,7 +1,7 @@
 Due to the anti-virus positive detection of executable stored inside this folder, 
 we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing
-has to be done prior to it's usage by sqlmap, but if you want to have access to the
-original use the decrypt functionality of the ../extra/cloak/cloak.py utility.
+has to be done prior to its usage by sqlmap, but if you want to have access to the
+original executable use the decrypt functionality of the ../extra/cloak/cloak.py utility.
 
 To prepare the executable to the cloaked form use this command:
 python ../extra/cloak/cloak.py -i Churrasco.exe
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -32,6 +32,7 @@
 import urlparse
 import ntpath
 import posixpath
+
 from tempfile import NamedTemporaryFile
 
 from extra.cloak.cloak import decloak
diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
@@ -36,6 +36,7 @@
 from lib.core.common import dataToStdout
 from lib.core.common import getLocalIP
 from lib.core.common import getRemoteIP
+from lib.core.common import normalizePath
 from lib.core.common import pollProcess
 from lib.core.common import randomRange
 from lib.core.common import randomStr
@@ -647,6 +648,8 @@ def uploadMsfPayloadStager(self, web=False):
         else:
             self.exeFilePathRemote = "%s/%s" % (conf.tmpPath, os.path.basename(self.exeFilePathLocal))
 
+        self.exeFilePathRemote = normalizePath(self.exeFilePathRemote)
+
         logger.info("uploading payload stager to '%s'" % self.exeFilePathRemote)
 
         if web:
diff --git a/lib/takeover/web.py b/lib/takeover/web.py
@@ -76,10 +76,10 @@ def webBackdoorRunCmd(self, cmd):
         return output
 
     def webFileUpload(self, fileToUpload, destFileName, directory):
-        file = open(fileToUpload, "r")
-        self.__webFileStreamUpload(file, destFileName, directory)
-        file.close()
-        
+        inputFile = open(fileToUpload, "r")
+        self.__webFileStreamUpload(inputFile, destFileName, directory)
+        inputFile.close()
+
     def __webFileStreamUpload(self, stream, destFileName, directory):
         if self.webApi == "php":
             multipartParams = {
@@ -89,7 +89,7 @@ def __webFileStreamUpload(self, stream, destFileName, directory):
                               }
             page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
 
-            if "Backdoor uploaded" not in page:
+            if "File uploaded" not in page:
                 warnMsg  = "unable to upload the backdoor through "
                 warnMsg += "the uploader agent on '%s'" % directory
                 logger.warn(warnMsg)
@@ -179,7 +179,7 @@ def webInit(self):
             self.webUploaderUrl = self.webUploaderUrl.replace("./", "/").replace("\\", "/")
             uplPage, _  = Request.getPage(url=self.webUploaderUrl, direct=True)
 
-            if "sqlmap backdoor uploader" not in uplPage:
+            if "sqlmap file uploader" not in uplPage:
                 warnMsg  = "unable to upload the uploader "
                 warnMsg += "agent on '%s'" % directory
                 logger.warn(warnMsg)
@@ -200,6 +200,5 @@ def webInit(self):
             logger.info(infoMsg)
 
             break
-        
+
         backdoorStream.name = backdoorStream.old_name
-        
diff --git a/shell/uploader.php_ b/shell/uploader.php_
