MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _selectPayload

Method _selectPayload

lib/takeover/metasploit.py:182–259  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

180 return self._skeletonSelection("payload encoding", self._msfEncodersList)
181
182 def _selectPayload(self):
183 if Backend.isOs(OS.WINDOWS) and conf.privEsc:
184 infoMsg = "forcing Metasploit payload to Meterpreter because "
185 infoMsg += "it is the only payload that can be used to "
186 infoMsg += "escalate privileges via 'incognito' extension, "
187 infoMsg += "'getsystem' command or post modules"
188 logger.info(infoMsg)
189
190 _payloadStr = "windows/meterpreter"
191 else:
192 _payloadStr = self._skeletonSelection("payload", self._msfPayloadsList)
193
194 if _payloadStr == "windows/vncinject":
195 choose = False
196
197 if Backend.isDbms(DBMS.MYSQL):
198 debugMsg = "by default MySQL on Windows runs as SYSTEM "
199 debugMsg += "user, it is likely that the VNC "
200 debugMsg += "injection will be successful"
201 logger.debug(debugMsg)
202
203 elif Backend.isDbms(DBMS.PGSQL):
204 choose = True
205
206 warnMsg = "by default PostgreSQL on Windows runs as "
207 warnMsg += "postgres user, it is unlikely that the VNC "
208 warnMsg += "injection will be successful"
209 logger.warning(warnMsg)
210
211 elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
212 choose = True
213
214 warnMsg = "it is unlikely that the VNC injection will be "
215 warnMsg += "successful because usually Microsoft SQL Server "
216 warnMsg += "%s runs as Network Service " % Backend.getVersion()
217 warnMsg += "or the Administrator is not logged in"
218 logger.warning(warnMsg)
219
220 if choose:
221 message = "what do you want to do?\n"
222 message += "[1] Give it a try anyway\n"
223 message += "[2] Fall back to Meterpreter payload (default)\n"
224 message += "[3] Fall back to Shell payload"
225
226 while True:
227 choice = readInput(message, default="2")
228
229 if not choice or choice == "2":
230 _payloadStr = "windows/meterpreter"
231 break
232
233 elif choice == "3":
234 _payloadStr = "windows/shell"
235 break
236
237 elif choice == "1":
238 if Backend.isDbms(DBMS.PGSQL):
239 logger.warning("beware that the VNC injection might not work")

Callers 1

_prepareIngredientsMethod · 0.95

Calls 9

_skeletonSelectionMethod · 0.95
readInputFunction · 0.90
isDigitFunction · 0.90
isOsMethod · 0.80
infoMethod · 0.80
isDbmsMethod · 0.80
debugMethod · 0.80
isVersionWithinMethod · 0.80
getVersionMethod · 0.80

Tested by

no test coverage detected