From a45cc146ba65408efa242876355e982a0542dc31 Mon Sep 17 00:00:00 2001 From: Harsh-Cyber Date: Sun, 17 May 2026 16:47:10 +0530 Subject: [PATCH] Refactor mssqlshell.py to improve code structure --- impacket/examples/mssqlshell.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/impacket/examples/mssqlshell.py b/impacket/examples/mssqlshell.py index f719c01974..c731fa67b1 100644 --- a/impacket/examples/mssqlshell.py +++ b/impacket/examples/mssqlshell.py @@ -112,11 +112,11 @@ def execute_as(self, exec_as): self.print_replies() def do_exec_as_login(self, s): - exec_as = "execute as login='%s';" % s + exec_as = "execute as login='%s';" % s.replace("'", "''") self.execute_as(exec_as) def do_exec_as_user(self, s): - exec_as = "execute as user='%s';" % s + exec_as = "execute as user='%s';" % s.replace("'", "''") self.execute_as(exec_as) def do_use_link(self, s): @@ -236,7 +236,7 @@ def do_upload(self, line): def do_xp_dirtree(self, s): try: - self.sql_query("exec master.sys.xp_dirtree '%s',1,1" % s) + self.sql_query("exec master.sys.xp_dirtree '%s',1,1" % s.replace("'", "''")) self.print_replies() self.sql.printRows() except: @@ -244,7 +244,7 @@ def do_xp_dirtree(self, s): def do_xp_cmdshell(self, s): try: - self.sql_query("exec master..xp_cmdshell '%s'" % s) + self.sql_query("exec master..xp_cmdshell '%s'" % s.replace("'", "''")) self.print_replies() self.sql.colMeta[0]['TypeData'] = 80*2 self.sql.printRows() @@ -260,7 +260,7 @@ def do_sp_start_job(self, s): "EXEC msdb..sp_add_jobstep @job_name=@job,@step_id=1,@step_name='Defragmentation'," "@subsystem='CMDEXEC',@command='%s',@on_success_action=1;" "EXEC msdb..sp_add_jobserver @job_name=@job;" - "EXEC msdb..sp_start_job @job_name=@job;" % s) + "EXEC msdb..sp_start_job @job_name=@job;" % s.replace("'", "''")) self.print_replies() self.sql.printRows() except: