PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-15 04:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Some code refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2017-04-18 15:48:05 +02:00
parent 65b02d4ab0
commit 5f2bb88037
32 changed files with 233 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/dbms/maxdb/enumeration.py
View File

@@ -172,11 +172,11 @@ class Enumeration(GenericEnumeration):
return kb.data.cachedColumns
message = "do you want to use common column existence check? [y/N/q] "
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').strip().upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
return columnExists(paths.COMMON_COLUMNS)

9
plugins/dbms/mssqlserver/filesystem.py
View File

@@ -382,27 +382,24 @@ class Filesystem(GenericFilesystem):
if written is False:
message = "do you want to try to upload the file with "
message += "the custom Visual Basic script technique? [Y/n] "
choice = readInput(message, default="Y")
if not choice or choice.lower() == "y":
if readInput(message, default='Y', boolean=True):
self._stackedWriteFileVbs(tmpPath, wFileContent, dFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
if written is False:
message = "do you want to try to upload the file with "
message += "the built-in debug.exe technique? [Y/n] "
choice = readInput(message, default="Y")
if not choice or choice.lower() == "y":
if readInput(message, default='Y', boolean=True):
self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)
if written is False:
message = "do you want to try to upload the file with "
message += "the built-in certutil.exe technique? [Y/n] "
choice = readInput(message, default="Y")
if not choice or choice.lower() == "y":
if readInput(message, default='Y', boolean=True):
self._stackedWriteFileCertutilExe(tmpPath, wFile, wFileContent, dFile, fileType)
written = self.askCheckWrittenFile(wFile, dFile, forceCheck)

6
plugins/dbms/sybase/enumeration.py
View File

@@ -240,11 +240,11 @@ class Enumeration(GenericEnumeration):
return kb.data.cachedColumns
message = "do you want to use common column existence check? [y/N/q] "
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').strip().upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
return columnExists(paths.COMMON_COLUMNS)

12
plugins/generic/databases.py
View File

@@ -243,11 +243,11 @@ class Databases:
return kb.data.cachedTables
message = "do you want to use common table existence check? %s " % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').strip().upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
return tableExists(paths.COMMON_TABLES)
@@ -486,11 +486,11 @@ class Databases:
return kb.data.cachedColumns
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').strip().upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
return columnExists(paths.COMMON_COLUMNS)

44
plugins/generic/entries.py
View File

@@ -422,9 +422,8 @@ class Entries:
def dumpFoundColumn(self, dbs, foundCols, colConsider):
message = "do you want to dump entries? [Y/n] "
output = readInput(message, default="Y")
if output and output[0] not in ("y", "Y"):
if not readInput(message, default='Y', boolean=True):
return
dumpFromDbs = []
@@ -435,14 +434,14 @@ class Entries:
message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
message += "[q]uit"
test = readInput(message, default="a")
choice = readInput(message, default='a')
if not test or test in ("a", "A"):
if not choice or choice in ('a', 'A'):
dumpFromDbs = dbs.keys()
elif test in ("q", "Q"):
elif choice in ('q', 'Q'):
return
else:
dumpFromDbs = test.replace(" ", "").split(",")
dumpFromDbs = choice.replace(" ", "").split(",")
for db, tblData in dbs.items():
if db not in dumpFromDbs or not tblData:
@@ -458,16 +457,16 @@ class Entries:
message += "[s]kip\n"
message += "[q]uit"
test = readInput(message, default="a")
choice = readInput(message, default='a')
if not test or test in ("a", "A"):
if not choice or choice in ('a', 'A'):
dumpFromTbls = tblData
elif test in ("s", "S"):
elif choice in ('s', 'S'):
continue
elif test in ("q", "Q"):
elif choice in ('q', 'Q'):
return
else:
dumpFromTbls = test.replace(" ", "").split(",")
dumpFromTbls = choice.replace(" ", "").split(",")
for table, columns in tblData.items():
if table not in dumpFromTbls:
@@ -479,7 +478,7 @@ class Entries:
if conf.excludeCol:
colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')]
conf.col = ",".join(colList)
conf.col = ','.join(colList)
kb.data.cachedColumns = {}
kb.data.dumpedTable = {}
@@ -490,9 +489,8 @@ class Entries:
def dumpFoundTables(self, tables):
message = "do you want to dump tables' entries? [Y/n] "
output = readInput(message, default="Y")
if output and output[0].lower() != "y":
if not readInput(message, default='Y', boolean=True):
return
dumpFromDbs = []
@@ -503,14 +501,14 @@ class Entries:
message += "[%s]\n" % unsafeSQLIdentificatorNaming(db)
message += "[q]uit"
test = readInput(message, default="a")
choice = readInput(message, default='a')
if not test or test.lower() == "a":
if not choice or choice.lower() == 'a':
dumpFromDbs = tables.keys()
elif test.lower() == "q":
elif choice.lower() == 'q':
return
else:
dumpFromDbs = test.replace(" ", "").split(",")
dumpFromDbs = choice.replace(" ", "").split(',')
for db, tablesList in tables.items():
if db not in dumpFromDbs or not tablesList:
@@ -526,16 +524,16 @@ class Entries:
message += "[s]kip\n"
message += "[q]uit"
test = readInput(message, default="a")
choice = readInput(message, default='a')
if not test or test.lower() == "a":
if not choice or choice.lower() == 'a':
dumpFromTbls = tablesList
elif test.lower() == "s":
elif choice.lower() == 's':
continue
elif test.lower() == "q":
elif choice.lower() == 'q':
return
else:
dumpFromTbls = test.replace(" ", "").split(",")
dumpFromTbls = choice.replace(" ", "").split(',')
for table in dumpFromTbls:
conf.tbl = table

9
plugins/generic/filesystem.py
View File

@@ -156,15 +156,15 @@ class Filesystem:
return retVal
def askCheckWrittenFile(self, localFile, remoteFile, forceCheck=False):
output = None
choice = None
if forceCheck is not True:
message = "do you want confirmation that the local file '%s' " % localFile
message += "has been successfully written on the back-end DBMS "
message += "file system ('%s')? [Y/n] " % remoteFile
output = readInput(message, default="Y")
choice = readInput(message, default='Y', boolean=True)
if forceCheck or (output and output.lower() == "y"):
if forceCheck or choice:
return self._checkFileLength(localFile, remoteFile)
return True
@@ -173,9 +173,8 @@ class Filesystem:
message = "do you want confirmation that the remote file '%s' " % remoteFile
message += "has been successfully downloaded from the back-end "
message += "DBMS file system? [Y/n] "
output = readInput(message, default="Y")
if not output or output in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
return self._checkFileLength(localFile, remoteFile, True)
return None

3
plugins/generic/misc.py
View File

@@ -169,9 +169,8 @@ class Miscellaneous:
for udf, inpRet in udfDict.items():
message = "do you want to remove UDF '%s'? [Y/n] " % udf
output = readInput(message, default="Y")
if not output or output in ("y", "Y"):
if readInput(message, default='Y', boolean=True):
dropStr = "DROP FUNCTION %s" % udf
if Backend.isDbms(DBMS.PGSQL):

23
plugins/generic/search.py
View File

@@ -146,18 +146,18 @@ class Search:
if bruteForce:
message = "do you want to use common table existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').strip().upper()
if test[0] in ("n", "N"):
return
elif test[0] in ("q", "Q"):
if choice == 'N':
pass
elif choice == 'Q':
raise SqlmapUserQuitException
else:
regex = "|".join(conf.tbl.split(","))
regex = '|'.join(conf.tbl.split(','))
return tableExists(paths.COMMON_TABLES, regex)
foundTbls = {}
tblList = conf.tbl.split(",")
tblList = conf.tbl.split(',')
rootQuery = queries[Backend.getIdentifiedDbms()].search_table
tblCond = rootQuery.inband.condition
dbCond = rootQuery.inband.condition2
@@ -171,7 +171,7 @@ class Search:
tbl = tbl.upper()
infoMsg = "searching table"
if tblConsider == "1":
if tblConsider == '1':
infoMsg += "s LIKE"
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
@@ -345,20 +345,19 @@ class Search:
if bruteForce:
message = "do you want to use common column existence check? %s" % ("[Y/n/q]" if Backend.getIdentifiedDbms() in (DBMS.ACCESS,) else "[y/N/q]")
test = readInput(message, default="Y" if "Y" in message else "N")
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
if test[0] in ("n", "N"):
if choice == 'N':
return
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
regex = '|'.join(conf.col.split(','))
conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex))
message = "do you want to dump entries? [Y/n] "
output = readInput(message, default="Y")
if output and output[0] not in ("n", "N"):
if readInput(message, default='Y', boolean=True):
self.dumpAll()
return

5
plugins/generic/takeover.py
View File

@@ -336,11 +336,8 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
msg = "this technique is likely to DoS the DBMS process, are you "
msg += "sure that you want to carry with the exploit? [y/N] "
choice = readInput(msg, default="N")
dos = choice and choice[0].lower() == "y"
if dos:
if readInput(msg, default='N', boolean=True):
self.initEnv(mandatory=False, detailed=True)
self.getRemoteTempPath()
self.createMsfShellcode(exitfunc="seh", format="raw", extra="-b 27", encode=True)

8
plugins/generic/users.py
View File

@@ -319,11 +319,11 @@ class Users:
message = "do you want to perform a dictionary-based attack "
message += "against retrieved password hashes? [Y/n/q]"
test = readInput(message, default="Y")
choice = readInput(message, default='Y').strip().upper()
if test[0] in ("n", "N"):
if choice == 'N':
pass
elif test[0] in ("q", "Q"):
elif choice == 'Q':
raise SqlmapUserQuitException
else:
attackCachedUsersPasswords()
@@ -345,7 +345,7 @@ class Users:
conf.user = conf.user.upper()
if conf.user:
users = conf.user.split(",")
users = conf.user.split(',')
if Backend.isDbms(DBMS.MYSQL):
for user in users: