File transfer via TFTP, FTP and HTTP

[bdamele]

In both --file-upload and --os-pwn provide the user with the option to download onto the DBMS filesystem the payload stager (or shellcodeexec executable) via HTTP/TFTP/FTP server from the attacker (or a staged third-party server) machine rather than uploading it via SQL payload's file write methods.

Port the same concept eventually to --file-download too.

Libraries:

• FTP server: http://code.google.com/p/pyftpdlib/ (MIT License).
• TFTP server: http://tftpy.sourceforge.net/ (MIT License).
• HTTP server: either http://docs.python.org/library/basehttpserver.html or http://docs.python.org/library/simplehttpserver.html (both part of Python interpreter).

[stamparm]

Example how to for MsSQL/FTP: http://labs.portcullis.co.uk/download/Revelli-OwaspDay2-Rome.pdf (slide 12)