Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).

Minor layout adjustments.
2025-12-09 06:01:29 +00:00 · 2010-03-26 23:23:25 +00:00
parent 4ca1adba2c
commit 1416cd0d86
32 changed files with 791 additions and 122 deletions
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -51,7 +51,7 @@ class Takeover(Abstraction, Metasploit, Registry, Miscellaneous):
    def osCmd(self):
        stackedTest()

-        if kb.stackedTest:
+        if kb.stackedTest or conf.direct:
            web = False
        elif not kb.stackedTest and kb.dbms == "MySQL":
            infoMsg = "going to use a web backdoor for command execution"
@@ -74,7 +74,7 @@ class Takeover(Abstraction, Metasploit, Registry, Miscellaneous):
    def osShell(self):
        stackedTest()

-        if kb.stackedTest:
+        if kb.stackedTest or conf.direct:
            web = False
        elif not kb.stackedTest and kb.dbms == "MySQL":
            infoMsg = "going to use a web backdoor for command prompt"
@@ -99,7 +99,7 @@ class Takeover(Abstraction, Metasploit, Registry, Miscellaneous):

        stackedTest()

-        if kb.stackedTest:
+        if kb.stackedTest or conf.direct:
            web = False

            self.initEnv(web=web)
@@ -195,7 +195,7 @@ class Takeover(Abstraction, Metasploit, Registry, Miscellaneous):
            errMsg += "relay attack"
            raise sqlmapUnsupportedDBMSException(errMsg)

-        if not kb.stackedTest:
+        if not kb.stackedTest and not conf.direct:
            if kb.dbms in ( "PostgreSQL", "Microsoft SQL Server" ):
                errMsg  = "on this back-end DBMS it is only possible to "
                errMsg += "perform the SMB relay attack if stacked "
@@ -239,7 +239,7 @@ class Takeover(Abstraction, Metasploit, Registry, Miscellaneous):
    def osBof(self):
        stackedTest()

-        if not kb.stackedTest:
+        if not kb.stackedTest and not conf.direct:
            return

        if not kb.dbms == "Microsoft SQL Server" or kb.dbmsVersion[0] not in ( "2000", "2005" ):
@@ -267,7 +267,7 @@ class Takeover(Abstraction, Metasploit, Registry, Miscellaneous):
    def __regInit(self):
        stackedTest()

-        if not kb.stackedTest:
+        if not kb.stackedTest and not conf.direct:
            return

        self.checkDbmsOs()