PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-10 09:49:06 +00:00
Code Issues Projects Releases Wiki Activity

Minor enhancement to show the DBMS operating system (if fingerprinted)

Browse Source 
also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing.
This commit is contained in:
Bernardo Damele
2008-11-17 11:22:03 +00:00
parent 7d7170fc97
commit 66fb3c3033
7 changed files with 99 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
plugins/dbms/mssqlserver.py
View File

@@ -46,7 +46,6 @@ from lib.core.unescaper import unescaper
from lib.parse.banner import bannerParser
from lib.request import inject
from lib.request.connect import Connect as Request
#from lib.utils.fuzzer import passiveFuzzing
from plugins.generic.enumeration import Enumeration
from plugins.generic.filesystem import Filesystem
@@ -124,8 +123,19 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
def getFingerprint(self):
value = "back-end DBMS: "
actVer = formatDBMSfp()
value = ""
info = None
formatInfo = None
if self.banner:
info = bannerParser(self.banner)
formatInfo = formatOSfp(info)
if formatInfo:
value += "%s\n" % formatInfo
value += "back-end DBMS: "
actVer = formatDBMSfp()
if not conf.extensiveFp:
value += actVer
@@ -135,12 +145,10 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
formatInfo = None
value += "active fingerprint: %s" % actVer
if self.banner:
info = bannerParser(self.banner)
if info:
release = info["dbmsRelease"]
version = info["dbmsVersion"]
servicepack = info["dbmsServicePack"]
formatInfo = formatOSfp(info)
if release and version and servicepack:
banVer = "Microsoft SQL Server %s " % release
@@ -149,15 +157,11 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
#passiveFuzzing()
htmlErrorFp = getHtmlErrorFp()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
if formatInfo:
value += "\n%s" % formatInfo
return value
@@ -165,6 +169,9 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
if conf.dbms in MSSQL_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
setDbms("Microsoft SQL Server %s" % kb.dbmsVersion[0])
if conf.getBanner:
self.banner = inject.getValue("@@VERSION")
if not conf.extensiveFp:
return True
@@ -172,10 +179,10 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
logger.info(logMsg)
randInt = str(randomInt(1))
query = "LTRIM(STR(LEN(%s)))" % randInt
query = "LTRIM(STR(LEN(%s)))" % randInt
if inject.getValue(query) == "1":
query = "SELECT SUBSTRING((@@VERSION), 25, 1)"
query = "SELECT SUBSTRING((@@VERSION), 25, 1)"
version = inject.getValue(query)
if version == "8":
@@ -190,9 +197,6 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
else:
setDbms("Microsoft SQL Server")
if not conf.extensiveFp:
return True
if conf.getBanner:
self.banner = inject.getValue("@@VERSION")

40
plugins/dbms/mysql.py
View File

@@ -47,7 +47,6 @@ from lib.core.unescaper import unescaper
from lib.parse.banner import bannerParser
from lib.request import inject
from lib.request.connect import Connect as Request
#from lib.utils.fuzzer import passiveFuzzing
from plugins.generic.enumeration import Enumeration
from plugins.generic.filesystem import Filesystem
@@ -182,8 +181,19 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
def getFingerprint(self):
value = "back-end DBMS: "
actVer = formatDBMSfp()
value = ""
info = None
formatInfo = None
if self.banner:
info = bannerParser(self.banner)
formatInfo = formatOSfp(info)
if formatInfo:
value += "%s\n" % formatInfo
value += "back-end DBMS: "
actVer = formatDBMSfp()
if not conf.extensiveFp:
value += actVer
@@ -198,25 +208,21 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
comVer = formatDBMSfp([comVer])
value += "\n%scomment injection fingerprint: %s" % (blank, comVer)
if self.banner:
info = bannerParser(self.banner)
formatInfo = formatOSfp(info)
if info:
# TODO: move to the XML banner file
banVer = info['version']
if re.search("-log$", self.banner):
banVer += ", logging enabled"
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
#passiveFuzzing()
htmlErrorFp = getHtmlErrorFp()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
if formatInfo:
value += "\n%s" % formatInfo
return value
@@ -235,6 +241,9 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
if int(kb.dbmsVersion[0]) >= 5:
self.has_information_schema = True
if conf.getBanner:
self.banner = inject.getValue("VERSION()")
if not conf.extensiveFp:
return True
@@ -261,6 +270,9 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
setDbms("MySQL 5")
self.has_information_schema = True
if conf.getBanner:
self.banner = inject.getValue("VERSION()")
if not conf.extensiveFp:
kb.dbmsVersion = [">= 5.0.0"]
return True
@@ -306,6 +318,9 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
setDbms("MySQL 4")
kb.dbmsVersion = ["< 5.0.0"]
if conf.getBanner:
self.banner = inject.getValue("VERSION()")
if not conf.extensiveFp:
return True
@@ -332,9 +347,6 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
else:
kb.dbmsVersion = ["< 3.22.11"]
if conf.getBanner:
self.banner = inject.getValue("VERSION()")
return True
else:
warnMsg = "the back-end DMBS is not MySQL"

32
plugins/dbms/oracle.py
View File

@@ -39,7 +39,6 @@ from lib.core.settings import ORACLE_SYSTEM_DBS
from lib.core.unescaper import unescaper
from lib.parse.banner import bannerParser
from lib.request import inject
#from lib.utils.fuzzer import passiveFuzzing
from plugins.generic.enumeration import Enumeration
from plugins.generic.filesystem import Filesystem
@@ -118,7 +117,18 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
def getFingerprint(self):
value = "back-end DBMS: "
value = ""
info = None
formatInfo = None
if self.banner:
info = bannerParser(self.banner)
formatInfo = formatOSfp(info)
if formatInfo:
value += "%s\n" % formatInfo
value += "back-end DBMS: "
if not conf.extensiveFp:
value += "Oracle"
@@ -129,23 +139,16 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
formatInfo = None
value += "active fingerprint: %s" % actVer
if self.banner:
info = bannerParser(self.banner)
formatInfo = formatOSfp(info)
if info:
banVer = info['version']
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
#passiveFuzzing()
htmlErrorFp = getHtmlErrorFp()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
if formatInfo:
value += "\n%s" % formatInfo
return value
@@ -153,6 +156,9 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
if conf.dbms in ORACLE_ALIASES:
setDbms("Oracle")
if conf.getBanner:
self.banner = inject.getValue("SELECT banner FROM v$version WHERE ROWNUM=1")
if not conf.extensiveFp:
return True
@@ -177,6 +183,9 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
setDbms("Oracle")
if conf.getBanner:
self.banner = inject.getValue("SELECT banner FROM v$version WHERE ROWNUM=1")
if not conf.extensiveFp:
return True
@@ -189,9 +198,6 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
elif re.search("^8", version):
kb.dbmsVersion = ["8i"]
if conf.getBanner:
self.banner = inject.getValue("SELECT banner FROM v$version WHERE ROWNUM=1")
return True
else:
warnMsg = "the back-end DMBS is not Oracle"

32
plugins/dbms/postgresql.py
View File

@@ -40,7 +40,6 @@ from lib.core.settings import PGSQL_SYSTEM_DBS
from lib.core.unescaper import unescaper
from lib.parse.banner import bannerParser
from lib.request import inject
#from lib.utils.fuzzer import passiveFuzzing
from plugins.generic.enumeration import Enumeration
from plugins.generic.filesystem import Filesystem
@@ -118,7 +117,18 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
def getFingerprint(self):
value = "back-end DBMS: "
value = ""
info = None
formatInfo = None
if self.banner:
info = bannerParser(self.banner)
formatInfo = formatOSfp(info)
if formatInfo:
value += "%s\n" % formatInfo
value += "back-end DBMS: "
if not conf.extensiveFp:
value += "PostgreSQL"
@@ -129,23 +139,16 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
formatInfo = None
value += "active fingerprint: %s" % actVer
if self.banner:
info = bannerParser(self.banner)
formatInfo = formatOSfp(info)
if info:
banVer = info['version']
banVer = formatDBMSfp([banVer])
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
#passiveFuzzing()
htmlErrorFp = getHtmlErrorFp()
if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
if formatInfo:
value += "\n%s" % formatInfo
return value
@@ -157,6 +160,9 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
if conf.dbms in PGSQL_ALIASES:
setDbms("PostgreSQL")
if conf.getBanner:
self.banner = inject.getValue("VERSION()")
if not conf.extensiveFp:
return True
@@ -180,6 +186,9 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
setDbms("PostgreSQL")
if conf.getBanner:
self.banner = inject.getValue("VERSION()")
if not conf.extensiveFp:
return True
@@ -215,9 +224,6 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
else:
kb.dbmsVersion = ["< 6.2.0"]
if conf.getBanner:
self.banner = inject.getValue("VERSION()")
return True
else:
warnMsg = "the back-end DMBS is not PostgreSQL"