Minor bugs fixes

bdamele · bdamele · commit b19de015c5ae · 2010-03-31T13:52:51.000Z
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -113,6 +113,7 @@
                              "grant ",         ),
 
                        "SQL data execution":    (
+                             "exec ",
                              "execute ",       ),
 
                        "SQL transaction":       (
diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
@@ -413,7 +413,7 @@ def __runMsfPayloadRemote(self):
 
         cmd = "%s &" % self.exeFilePathRemote
 
-        if kb.dbms == "Microsoft SQL Server" and kb.stackedTest:
+        if kb.dbms == "Microsoft SQL Server" and (kb.stackedTest or conf.direct):
             cmd = self.xpCmdshellForgeCmd(cmd)
 
         self.execCmd(cmd, silent=True)
diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py
@@ -112,6 +112,10 @@ def checkDbms(self):
             for version in (0, 5, 8):
                 randInt = randomInt()
                 query   = " AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
+
+                if conf.direct:
+                    query = query.replace(" AND ", "SELECT 1 WHERE ", 1)
+
                 payload = agent.fullPayload(query)
                 result  = Request.queryPage(payload)
 
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -1498,7 +1498,7 @@ def sqlQuery(self, query):
         getOutput = readInput(message, default="Y")
 
         if not getOutput or getOutput in ("y", "Y"):
-            infoMsg = "fetching %s query output: '%s'" % (sqlType, query)
+            infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
             logger.info(infoMsg)
 
             output = inject.getValue(query, fromUser=True)
@@ -1510,11 +1510,11 @@ def sqlQuery(self, query):
             if kb.stackedTest is None:
                 stackedTest()
 
-            if not kb.stackedTest:
+            if not kb.stackedTest and not conf.direct:
                 return None
             else:
                 if sqlType:
-                    infoMsg = "executing %s query: '%s'" % (sqlType, query)
+                    infoMsg = "executing %s query: '%s'" % (sqlType if sqlType is not None else "SQL", query)
                 else:
                     infoMsg = "executing unknown SQL type query: '%s'" % query
                 logger.info(infoMsg)
diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py
@@ -232,7 +232,7 @@ def updateBinChunk(self, binaryData, tmpPath):
         commands = (
                      "cd %s" % tmpPath,
                      "debug < %s" % randScr,
-                     "del /F %s" % randScr
+                     "del /F /Q %s" % randScr
                    )
 
         complComm = " & ".join(command for command in commands)

Original file line number	Diff line number	Diff line change
`@@ -232,7 +232,7 @@ def updateBinChunk(self, binaryData, tmpPath):`
`232`	`232`	`commands = (`
`233`	`233`	`"cd %s" % tmpPath,`
`234`	`234`	`"debug < %s" % randScr,`
`235`		`- "del /F %s" % randScr`
	`235`	`+ "del /F /Q %s" % randScr`
`236`	`236`	`)`
`237`	`237`
`238`	`238`	`complComm = " & ".join(command for command in commands)`