Skip to content

Commit 7b95a2d

Browse files
stamparmstamparm
committed
Patch for an Issue sqlmapproject#1280 
1 parent 8b63ee9 commit 7b95a2d

File tree

2 files changed

+45
-14
lines changed

2 files changed

+45
-14
lines changed

lib/core/option.py

Lines changed: 23 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -766,8 +766,14 @@ def _(key, value):
766766

767767
if conf.msfPath:
768768
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
769-
if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole", "msfencode", "msfpayload")):
769+
if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("", "msfcli", "msfconsole")):
770770
msfEnvPathExists = True
771+
if all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfvenom",)):
772+
kb.msfVenom = True
773+
elif all(os.path.exists(normalizePath(os.path.join(path, _))) for _ in ("msfencode", "msfpayload")):
774+
kb.msfVenom = False
775+
else:
776+
msfEnvPathExists = False
771777
conf.msfPath = path
772778
break
773779

@@ -798,15 +804,23 @@ def _(key, value):
798804
for envPath in envPaths:
799805
envPath = envPath.replace(";", "")
800806

801-
if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole", "msfencode", "msfpayload")):
802-
infoMsg = "Metasploit Framework has been found "
803-
infoMsg += "installed in the '%s' path" % envPath
804-
logger.info(infoMsg)
805-
807+
if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("", "msfcli", "msfconsole")):
806808
msfEnvPathExists = True
807-
conf.msfPath = envPath
809+
if all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfvenom",)):
810+
kb.msfVenom = True
811+
elif all(os.path.exists(normalizePath(os.path.join(envPath, _))) for _ in ("msfencode", "msfpayload")):
812+
kb.msfVenom = False
813+
else:
814+
msfEnvPathExists = False
808815

809-
break
816+
if msfEnvPathExists:
817+
infoMsg = "Metasploit Framework has been found "
818+
infoMsg += "installed in the '%s' path" % envPath
819+
logger.info(infoMsg)
820+
821+
conf.msfPath = envPath
822+
823+
break
810824

811825
if not msfEnvPathExists:
812826
errMsg = "unable to locate Metasploit Framework installation. "
@@ -1794,6 +1808,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
17941808
kb.matchRatio = None
17951809
kb.maxConnectionsFlag = False
17961810
kb.mergeCookies = None
1811+
kb.msfVenom = False
17971812
kb.multiThreadMode = False
17981813
kb.negativeLogic = False
17991814
kb.nullConnection = None

lib/takeover/metasploit.py

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
from lib.core.common import randomStr
2525
from lib.core.common import readInput
2626
from lib.core.data import conf
27+
from lib.core.data import kb
2728
from lib.core.data import logger
2829
from lib.core.data import paths
2930
from lib.core.enums import DBMS
@@ -63,6 +64,7 @@ def _initVars(self):
6364
self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
6465
self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
6566
self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
67+
self._msfVenom = normalizePath(os.path.join(conf.msfPath, "msfvenom"))
6668

6769
if IS_WIN:
6870
_ = conf.msfPath
@@ -78,6 +80,7 @@ def _initVars(self):
7880
self._msfCli = "%s & ruby %s" % (_, self._msfCli)
7981
self._msfEncode = "ruby %s" % self._msfEncode
8082
self._msfPayload = "%s & ruby %s" % (_, self._msfPayload)
83+
self._msfVenom = "%s & ruby %s" % (_, self._msfVenom)
8184

8285
self._msfPayloadsList = {
8386
"windows": {
@@ -361,7 +364,11 @@ def _forgeMsfCliCmdForSmbrelay(self):
361364
self._cliCmd += " E"
362365

363366
def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
364-
self._payloadCmd = "%s %s" % (self._msfPayload, self.payloadConnStr)
367+
if kb.msfVenom:
368+
self._payloadCmd = "%s -p" % self._msfVenom
369+
else:
370+
self._payloadCmd = self._msfPayload
371+
self._payloadCmd += " %s" % self.payloadConnStr
365372
self._payloadCmd += " EXITFUNC=%s" % exitfunc
366373
self._payloadCmd += " LPORT=%s" % self.portStr
367374

@@ -373,13 +380,22 @@ def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
373380
if Backend.isOs(OS.LINUX) and conf.privEsc:
374381
self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
375382

376-
if extra == "BufferRegister=EAX":
377-
self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
383+
if kb.msfVenom:
384+
if extra == "BufferRegister=EAX":
385+
self._payloadCmd += " -a x86 -e %s -f %s > \"%s\"" % (self.encoderStr, format, outFile)
378386

379-
if extra is not None:
380-
self._payloadCmd += " %s" % extra
387+
if extra is not None:
388+
self._payloadCmd += " %s" % extra
389+
else:
390+
self._payloadCmd += " -f exe > \"%s\"" % outFile
381391
else:
382-
self._payloadCmd += " X > \"%s\"" % outFile
392+
if extra == "BufferRegister=EAX":
393+
self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
394+
395+
if extra is not None:
396+
self._payloadCmd += " %s" % extra
397+
else:
398+
self._payloadCmd += " X > \"%s\"" % outFile
383399

384400
def _runMsfCliSmbrelay(self):
385401
self._forgeMsfCliCmdForSmbrelay()

0 commit comments

Comments
 (0)