Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit cdfe435

Browse files
stamparmstamparm
committed
Update for an Issue #207 (and a potential patch for regression tests)
1 parent ee1017a commit cdfe435

2 files changed

Lines changed: 23 additions & 24 deletions

File tree

lib/core/settings.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -513,6 +513,9 @@
513513
# Minimum field entry length needed for encoded content (hex, base64,...) check
514514
MIN_ENCODED_LEN_CHECK = 5
515515

516+
# Timeout in seconds in which Meterpreter session has to be initialized
517+
METERPRETER_INIT_TIMEOUT = 120
518+
516519
# CSS style used in HTML dump format
517520
HTML_DUMP_CSS_STYLE = """<style>
518521
table{

lib/takeover/metasploit.py

Lines changed: 20 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,9 @@
3030
from lib.core.enums import OS
3131
from lib.core.exception import SqlmapDataException
3232
from lib.core.exception import SqlmapFilePathException
33+
from lib.core.exception import SqlmapGenericException
3334
from lib.core.settings import IS_WIN
35+
from lib.core.settings import METERPRETER_INIT_TIMEOUT
3436
from lib.core.settings import UNICODE_ENCODING
3537
from lib.core.subprocessng import blockingReadFromFD
3638
from lib.core.subprocessng import blockingWriteToFD
@@ -443,8 +445,9 @@ def _loadMetExtensions(self, proc, metSess):
443445
send_all(proc, "getuid\n")
444446

445447
def _controlMsfCmd(self, proc, func):
448+
initialized = False
449+
start_time = time.time()
446450
stdin_fd = sys.stdin.fileno()
447-
initiated_properly = False
448451

449452
while True:
450453
returncode = proc.poll()
@@ -461,7 +464,7 @@ def _controlMsfCmd(self, proc, func):
461464
timeout = 3
462465

463466
inp = ""
464-
start_time = time.time()
467+
_ = time.time()
465468

466469
while True:
467470
if msvcrt.kbhit():
@@ -472,7 +475,7 @@ def _controlMsfCmd(self, proc, func):
472475
elif ord(char) >= 32: # space_char
473476
inp += char
474477

475-
if len(inp) == 0 and (time.time() - start_time) > timeout:
478+
if len(inp) == 0 and (time.time() - _) > timeout:
476479
break
477480

478481
if len(inp) > 0:
@@ -494,14 +497,6 @@ def _controlMsfCmd(self, proc, func):
494497
out = recv_some(proc, t=.1, e=0)
495498
blockingWriteToFD(sys.stdout.fileno(), out)
496499

497-
# Dirty hack to allow Metasploit integration to be tested
498-
# in --live-test mode
499-
if initiated_properly and conf.liveTest:
500-
try:
501-
send_all(proc, "exit\n")
502-
except TypeError:
503-
continue
504-
505500
# For --os-pwn and --os-bof
506501
pwnBofCond = self.connectionStr.startswith("reverse")
507502
pwnBofCond &= "Starting the payload handler" in out
@@ -512,19 +507,20 @@ def _controlMsfCmd(self, proc, func):
512507
if pwnBofCond or smbRelayCond:
513508
func()
514509

515-
if "Starting the payload handler" in out and "shell" in self.payloadStr:
516-
if Backend.isOs(OS.WINDOWS):
517-
send_all(proc, "whoami\n")
518-
else:
519-
send_all(proc, "uname -a ; id\n")
520-
521-
time.sleep(2)
522-
initiated_properly = True
523-
524-
metSess = re.search("Meterpreter session ([\d]+) opened", out)
525-
526-
if metSess:
527-
self._loadMetExtensions(proc, metSess.group(1))
510+
if not initialized:
511+
match = re.search("session ([\d]+) opened", out)
512+
if match:
513+
initialized = True
514+
self._loadMetExtensions(proc, match.group(1))
515+
if "shell" in self.payloadStr:
516+
send_all(proc, "whoami\n" if Backend.isOs(OS.WINDOWS) else "uname -a ; id\n")
517+
if conf.liveTest:
518+
send_all(proc, "exit\n")
519+
elif time.time() - start_time > METERPRETER_INIT_TIMEOUT:
520+
proc.kill()
521+
errMsg = "Timeout occurred while attempting "
522+
errMsg += "to open a remote session"
523+
raise SqlmapGenericException(errMsg)
528524

529525
except EOFError:
530526
returncode = proc.wait()

0 commit comments

Comments
 (0)