PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

refactoring of hard coded dbms names

Browse Source
This commit is contained in:
Miroslav Stampar
2010-11-02 11:59:24 +00:00
parent 9d2c81baa9
commit 685a8e7d2c
35 changed files with 251 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/dbms/access/enumeration.py
View File

@@ -8,12 +8,13 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.data import logger
from lib.core.settings import DBMS
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "Microsoft Access")
GenericEnumeration.__init__(self, DBMS.ACCESS)
def getDbs(self):
warnMsg = "on Microsoft Access it is not possible to enumerate databases"

3
plugins/dbms/access/fingerprint.py
View File

@@ -20,6 +20,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import ACCESS_ALIASES
from lib.request.connect import Connect as Request
@@ -152,7 +153,7 @@ class Fingerprint(GenericFingerprint):
def checkDbms(self):
if conf.dbms in ACCESS_ALIASES:
setDbms("Microsoft Access")
setDbms(DBMS.ACCESS)
if not conf.extensiveFp:
return True

3
plugins/dbms/firebird/enumeration.py
View File

@@ -8,12 +8,13 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.data import logger
from lib.core.settings import DBMS
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "Firebird")
GenericEnumeration.__init__(self, DBMS.FIREBIRD)
def getDbs(self):
warnMsg = "on Firebird it is not possible to enumerate databases"

5
plugins/dbms/firebird/fingerprint.py
View File

@@ -20,6 +20,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import FIREBIRD_ALIASES
from lib.request.connect import Connect as Request
@@ -103,7 +104,7 @@ class Fingerprint(GenericFingerprint):
def checkDbms(self):
if conf.dbms in FIREBIRD_ALIASES:
setDbms("Firebird")
setDbms(DBMS.FIREBIRD)
self.getBanner()
@@ -131,7 +132,7 @@ class Fingerprint(GenericFingerprint):
return False
setDbms("Firebird")
setDbms(DBMS.FIREBIRD)
self.getBanner()

3
plugins/dbms/maxdb/enumeration.py
View File

@@ -8,12 +8,13 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.data import logger
from lib.core.settings import DBMS
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "SAP MaxDB")
GenericEnumeration.__init__(self, DBMS.MAXDB)
def getDbs(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate databases"

5
plugins/dbms/maxdb/fingerprint.py
View File

@@ -20,6 +20,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import MAXDB_ALIASES
from lib.request.connect import Connect as Request
@@ -105,7 +106,7 @@ class Fingerprint(GenericFingerprint):
def checkDbms(self):
if conf.dbms in MAXDB_ALIASES:
setDbms("SAP MaxDB")
setDbms(DBMS.MAXDB)
self.getBanner()
@@ -133,7 +134,7 @@ class Fingerprint(GenericFingerprint):
return False
setDbms("SAP MaxDB")
setDbms(DBMS.MAXDB)
self.getBanner()

3
plugins/dbms/mssqlserver/enumeration.py
View File

@@ -14,13 +14,14 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.exception import sqlmapNoneDataException
from lib.core.settings import DBMS
from lib.request import inject
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "Microsoft SQL Server")
GenericEnumeration.__init__(self, DBMS.MSSQL)
def getPrivileges(self):
warnMsg = "on Microsoft SQL Server it is not possible to fetch "

7
plugins/dbms/mssqlserver/fingerprint.py
View File

@@ -17,6 +17,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import MSSQL_ALIASES
from lib.request import inject
from lib.request.connect import Connect as Request
@@ -71,7 +72,7 @@ class Fingerprint(GenericFingerprint):
def checkDbms(self):
if conf.dbms in MSSQL_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
setDbms("Microsoft SQL Server %s" % kb.dbmsVersion[0])
setDbms("%s %s" % (DBMS.MSSQL, kb.dbmsVersion[0]))
self.getBanner()
@@ -133,9 +134,9 @@ class Fingerprint(GenericFingerprint):
break
if kb.dbmsVersion:
setDbms("Microsoft SQL Server %s" % kb.dbmsVersion[0])
setDbms("%s %s" % (DBMS.MSSQL, kb.dbmsVersion[0]))
else:
setDbms("Microsoft SQL Server")
setDbms(DBMS.MSSQL)
self.getBanner()

3
plugins/dbms/mysql/enumeration.py
View File

@@ -7,8 +7,9 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.settings import DBMS
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "MySQL")
GenericEnumeration.__init__(self, DBMS.MYSQL)

7
plugins/dbms/mysql/fingerprint.py
View File

@@ -19,6 +19,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import MYSQL_ALIASES
from lib.request import inject
from lib.request.connect import Connect as Request
@@ -141,7 +142,7 @@ class Fingerprint(GenericFingerprint):
"""
if conf.dbms in MYSQL_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
setDbms("MySQL %s" % kb.dbmsVersion[0])
setDbms("%s %s" % (DBMS.MYSQL, kb.dbmsVersion[0]))
if int(kb.dbmsVersion[0]) >= 5:
kb.data.has_information_schema = True
@@ -176,7 +177,7 @@ class Fingerprint(GenericFingerprint):
kb.data.has_information_schema = True
kb.dbmsVersion = [">= 5.0.0"]
setDbms("MySQL 5")
setDbms("%s 5" % DBMS.MYSQL)
self.getBanner()
@@ -214,7 +215,7 @@ class Fingerprint(GenericFingerprint):
else:
kb.dbmsVersion = ["< 5.0.0"]
setDbms("MySQL 4")
setDbms("%s 4" % DBMS.MYSQL)
self.getBanner()

3
plugins/dbms/oracle/enumeration.py
View File

@@ -14,13 +14,14 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.exception import sqlmapNoneDataException
from lib.core.settings import DBMS
from lib.request import inject
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "Oracle")
GenericEnumeration.__init__(self, DBMS.ORACLE)
def getRoles(self, query2=False):
infoMsg = "fetching database users roles"

5
plugins/dbms/oracle/fingerprint.py
View File

@@ -17,6 +17,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import ORACLE_ALIASES
from lib.request import inject
from lib.request.connect import Connect as Request
@@ -64,7 +65,7 @@ class Fingerprint(GenericFingerprint):
def checkDbms(self):
if conf.dbms in ORACLE_ALIASES:
setDbms("Oracle")
setDbms(DBMS.ORACLE)
self.getBanner()
@@ -100,7 +101,7 @@ class Fingerprint(GenericFingerprint):
return False
setDbms("Oracle")
setDbms(DBMS.ORACLE)
self.getBanner()

3
plugins/dbms/postgresql/enumeration.py
View File

@@ -7,8 +7,9 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.settings import DBMS
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "PostgreSQL")
GenericEnumeration.__init__(self, DBMS.POSTGRESQL)

5
plugins/dbms/postgresql/fingerprint.py
View File

@@ -19,6 +19,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import PGSQL_ALIASES
from lib.core.settings import PGSQL_SYSTEM_DBS
from lib.request import inject
@@ -73,7 +74,7 @@ class Fingerprint(GenericFingerprint):
"""
if conf.dbms in PGSQL_ALIASES:
setDbms("PostgreSQL")
setDbms(DBMS.POSTGRESQL)
self.getBanner()
@@ -101,7 +102,7 @@ class Fingerprint(GenericFingerprint):
return False
setDbms("PostgreSQL")
setDbms(DBMS.POSTGRESQL)
self.getBanner()

3
plugins/dbms/sqlite/enumeration.py
View File

@@ -10,12 +10,13 @@ See the file 'doc/COPYING' for copying permission
from lib.core.data import conf
from lib.core.data import logger
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.settings import DBMS
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "SQLite")
GenericEnumeration.__init__(self, DBMS.SQLITE)
def getCurrentUser(self):
warnMsg = "on SQLite it is not possible to enumerate the current user"

5
plugins/dbms/sqlite/fingerprint.py
View File

@@ -15,6 +15,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import SQLITE_ALIASES
from lib.request import inject
from lib.request.connect import Connect as Request
@@ -69,7 +70,7 @@ class Fingerprint(GenericFingerprint):
"""
if conf.dbms in SQLITE_ALIASES:
setDbms("SQLite")
setDbms(DBMS.SQLITE)
self.getBanner()
@@ -95,7 +96,7 @@ class Fingerprint(GenericFingerprint):
return False
setDbms("SQLite")
setDbms(DBMS.SQLITE)
self.getBanner()

3
plugins/dbms/sybase/enumeration.py
View File

@@ -10,9 +10,10 @@ See the file 'doc/COPYING' for copying permission
from lib.core.data import conf
from lib.core.data import logger
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.settings import DBMS
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "Sybase")
GenericEnumeration.__init__(self, DBMS.SYBASE)

5
plugins/dbms/sybase/fingerprint.py
View File

@@ -16,6 +16,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.session import setDbms
from lib.core.settings import DBMS
from lib.core.settings import SYBASE_ALIASES
from lib.request import inject
from lib.request.connect import Connect as Request
@@ -63,7 +64,7 @@ class Fingerprint(GenericFingerprint):
def checkDbms(self):
if conf.dbms in SYBASE_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
setDbms("Sybase %s" % kb.dbmsVersion[0])
setDbms("%s %s" % (DBMS.SYBASE, kb.dbmsVersion[0]))
self.getBanner()
@@ -94,7 +95,7 @@ class Fingerprint(GenericFingerprint):
return False
setDbms("Sybase")
setDbms(DBMS.SYBASE)
self.getBanner()

187
plugins/generic/enumeration.py
View File

@@ -35,6 +35,7 @@ from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setOs
from lib.core.settings import DBMS
from lib.core.settings import SQL_STATEMENTS
from lib.core.shell import autoCompletion
from lib.core.unescaper import unescaper
@@ -135,8 +136,8 @@ class Enumeration:
rootQuery = queries[kb.dbms].users
condition = ( kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ) )
condition |= ( kb.dbms == "MySQL" and not kb.data.has_information_schema )
condition = ( kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ) )
condition |= ( kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema )
if kb.unionPosition is not None or conf.direct:
if condition:
@@ -162,14 +163,14 @@ class Enumeration:
errMsg = "unable to retrieve the number of database users"
raise sqlmapNoneDataException, errMsg
if kb.dbms == "Oracle":
if kb.dbms == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if kb.dbms == "Sybase":
if kb.dbms == DBMS.SYBASE:
query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
elif condition:
query = rootQuery.blind.query2 % index
@@ -198,7 +199,7 @@ class Enumeration:
logger.info(infoMsg)
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
if kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@@ -211,7 +212,7 @@ class Enumeration:
query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
else:
if kb.dbms == "MySQL":
if kb.dbms == DBMS.MYSQL:
parsedUser = re.search("[\047]*(.*?)[\047]*\@", conf.user)
if parsedUser:
@@ -248,7 +249,7 @@ class Enumeration:
retrievedUsers = set()
for user in users:
if kb.dbms == "MySQL":
if kb.dbms == DBMS.MYSQL:
parsedUser = re.search("[\047]*(.*?)[\047]*\@", user)
if parsedUser:
@@ -261,7 +262,7 @@ class Enumeration:
infoMsg += "for user '%s'" % user
logger.info(infoMsg)
if kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
if kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
query = rootQuery.blind.count2 % user
else:
query = rootQuery.blind.count % user
@@ -278,14 +279,14 @@ class Enumeration:
passwords = []
if kb.dbms == "Oracle":
if kb.dbms == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if kb.dbms == "Sybase":
if kb.dbms == DBMS.SYBASE:
if index > 0:
warnMsg = "unable to retrieve other password "
warnMsg += "hashes for user '%s'" % user
@@ -295,7 +296,7 @@ class Enumeration:
query = rootQuery.blind.query % user
pushValue(conf.verbose)
conf.verbose = 0
elif kb.dbms == "Microsoft SQL Server":
elif kb.dbms == DBMS.MSSQL:
if kb.dbmsVersion[0] in ( "2005", "2008" ):
query = rootQuery.blind.query2 % (user, index, user)
else:
@@ -303,7 +304,7 @@ class Enumeration:
else:
query = rootQuery.blind.query % (user, index)
password = inject.getValue(query, inband=False)
if kb.dbms == "Sybase":
if kb.dbms == DBMS.SYBASE:
conf.verbose = popValue()
password = "0x%s" % strToHex(password)
infoMsg = "retrieved: %s" % password
@@ -330,24 +331,24 @@ class Enumeration:
def __isAdminFromPrivileges(self, privileges):
# In PostgreSQL the usesuper privilege means that the
# user is DBA
dbaCondition = ( kb.dbms == "PostgreSQL" and "super" in privileges )
dbaCondition = ( kb.dbms == DBMS.POSTGRESQL and "super" in privileges )
# In Oracle the DBA privilege means that the
# user is DBA
dbaCondition |= ( kb.dbms == "Oracle" and "DBA" in privileges )
dbaCondition |= ( kb.dbms == DBMS.ORACLE and "DBA" in privileges )
# In MySQL >= 5.0 the SUPER privilege means
# that the user is DBA
dbaCondition |= ( kb.dbms == "MySQL" and kb.data.has_information_schema and "SUPER" in privileges )
dbaCondition |= ( kb.dbms == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges )
# In MySQL < 5.0 the super_priv privilege means
# that the user is DBA
dbaCondition |= ( kb.dbms == "MySQL" and not kb.data.has_information_schema and "super_priv" in privileges )
dbaCondition |= ( kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges )
# In Firebird there is no specific privilege that means
# that the user is DBA
# TODO: confirm
dbaCondition |= ( kb.dbms == "Firebird" and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
dbaCondition |= ( kb.dbms == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
return dbaCondition
@@ -410,10 +411,10 @@ class Enumeration:
}
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
elif kb.dbms == "Oracle" and query2:
elif kb.dbms == DBMS.ORACLE and query2:
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
else:
@@ -425,7 +426,7 @@ class Enumeration:
query += " WHERE "
# NOTE: I assume that the user provided is not in
# MySQL >= 5.0 syntax 'user'@'host'
if kb.dbms == "MySQL" and kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and kb.data.has_information_schema:
queryUser = "%" + conf.user + "%"
query += " OR ".join("%s LIKE '%s'" % (condition, "%" + user + "%") for user in users)
else:
@@ -433,7 +434,7 @@ class Enumeration:
values = inject.getValue(query, blind=False, error=False)
if not values and kb.dbms == "Oracle" and not query2:
if not values and kb.dbms == DBMS.ORACLE and not query2:
infoMsg = "trying with table USER_SYS_PRIVS"
logger.info(infoMsg)
@@ -455,19 +456,19 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is
# True, 0 otherwise
if kb.dbms == "PostgreSQL" and getUnicode(privilege).isdigit():
if kb.dbms == DBMS.POSTGRESQL and getUnicode(privilege).isdigit():
for position, pgsqlPriv in pgsqlPrivs:
if count == position and int(privilege) == 1:
privileges.add(pgsqlPriv)
# In MySQL >= 5.0 and Oracle we get the list
# of privileges as string
elif kb.dbms == "Oracle" or ( kb.dbms == "MySQL" and kb.data.has_information_schema ):
elif kb.dbms == DBMS.ORACLE or ( kb.dbms == DBMS.MYSQL and kb.data.has_information_schema ):
privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise
elif kb.dbms == "MySQL" and not kb.data.has_information_schema:
elif kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
for position, mysqlPriv in mysqlPrivs:
if count == position and privilege.upper() == "Y":
privileges.add(mysqlPriv)
@@ -484,7 +485,7 @@ class Enumeration:
conditionChar = "="
if conf.user:
if kb.dbms == "MySQL" and kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and kb.data.has_information_schema:
conditionChar = " LIKE "
if "," in conf.user:
@@ -511,7 +512,7 @@ class Enumeration:
for user in users:
unescapedUser = None
if kb.dbms == "MySQL" and kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and kb.data.has_information_schema:
unescapedUser = unescaper.unescape(user, quote=False)
if user in retrievedUsers:
@@ -526,18 +527,18 @@ class Enumeration:
else:
queryUser = user
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2 % queryUser
elif kb.dbms == "MySQL" and kb.data.has_information_schema:
elif kb.dbms == DBMS.MYSQL and kb.data.has_information_schema:
query = rootQuery.blind.count % (conditionChar, queryUser)
elif kb.dbms == "Oracle" and query2:
elif kb.dbms == DBMS.ORACLE and query2:
query = rootQuery.blind.count2 % queryUser
else:
query = rootQuery.blind.count % queryUser
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
if not count.isdigit() or not len(count) or count == "0":
if not count.isdigit() and kb.dbms == "Oracle" and not query2:
if not count.isdigit() and kb.dbms == DBMS.ORACLE and not query2:
infoMsg = "trying with table USER_SYS_PRIVS"
logger.info(infoMsg)
@@ -553,20 +554,20 @@ class Enumeration:
privileges = set()
if kb.dbms == "Oracle":
if kb.dbms == DBMS.ORACLE:
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % (queryUser, index)
elif kb.dbms == "MySQL" and kb.data.has_information_schema:
elif kb.dbms == DBMS.MYSQL and kb.data.has_information_schema:
query = rootQuery.blind.query % (conditionChar, queryUser, index)
elif kb.dbms == "Oracle" and query2:
elif kb.dbms == DBMS.ORACLE and query2:
query = rootQuery.blind.query2 % (queryUser, index)
elif kb.dbms == "Firebird":
elif kb.dbms == DBMS.FIREBIRD:
query = rootQuery.blind.query % (index, queryUser)
else:
query = rootQuery.blind.query % (queryUser, index)
@@ -574,7 +575,7 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is True,
# 0 otherwise
if kb.dbms == "PostgreSQL" and ", " in privilege:
if kb.dbms == DBMS.POSTGRESQL and ", " in privilege:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
i = 1
@@ -589,12 +590,12 @@ class Enumeration:
# In MySQL >= 5.0 and Oracle we get the list
# of privileges as string
elif kb.dbms == "Oracle" or ( kb.dbms == "MySQL" and kb.data.has_information_schema ):
elif kb.dbms == DBMS.ORACLE or ( kb.dbms == DBMS.MYSQL and kb.data.has_information_schema ):
privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise
elif kb.dbms == "MySQL" and not kb.data.has_information_schema:
elif kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
privilege = privilege.replace(", ", ",")
privs = privilege.split(",")
i = 1
@@ -608,7 +609,7 @@ class Enumeration:
i += 1
# In Firebird we get one letter for each privilege
elif kb.dbms == "Firebird":
elif kb.dbms == DBMS.FIREBIRD:
privileges.add(firebirdPrivs[privilege.strip()])
if self.__isAdminFromPrivileges(privileges):
@@ -617,7 +618,7 @@ class Enumeration:
# In MySQL < 5.0 we break the cycle after the first
# time we get the user's privileges otherwise we
# duplicate the same query
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
break
if privileges:
@@ -644,7 +645,7 @@ class Enumeration:
return self.getPrivileges(query2)
def getDbs(self):
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
warnMsg = "information_schema not available, "
warnMsg += "back-end DBMS is MySQL < 5. database "
warnMsg += "names will be fetched from 'mysql' database"
@@ -656,7 +657,7 @@ class Enumeration:
rootQuery = queries[kb.dbms].dbs
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@@ -669,7 +670,7 @@ class Enumeration:
infoMsg = "fetching number of databases"
logger.info(infoMsg)
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
@@ -682,9 +683,9 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
if kb.dbms == "Sybase":
if kb.dbms == DBMS.SYBASE:
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
elif kb.dbms == "MySQL" and not kb.data.has_information_schema:
elif kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % index
else:
query = rootQuery.blind.query % index
@@ -702,13 +703,13 @@ class Enumeration:
def getTables(self):
bruteForce = False
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
elif kb.dbms == "Microsoft Access":
elif kb.dbms == DBMS.ACCESS:
errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
@@ -738,7 +739,7 @@ class Enumeration:
query = rootQuery.inband.query
condition = rootQuery.inband.condition
if conf.db and kb.dbms != "SQLite":
if conf.db and kb.dbms != DBMS.SQLITE:
if "," in conf.db:
dbs = conf.db.split(",")
query += " WHERE "
@@ -754,14 +755,14 @@ class Enumeration:
value = inject.getValue(query, blind=False, error=False)
if value:
if kb.dbms == "SQLite":
if kb.dbms == DBMS.SQLITE:
if isinstance(value, basestring):
value = [[ "SQLite", value ]]
value = [[ DBMS.SQLITE, value ]]
elif isinstance(value, (list, tuple, set)):
newValue = []
for v in value:
newValue.append([ "SQLite", v])
newValue.append([ DBMS.SQLITE, v])
value = newValue
@@ -794,7 +795,7 @@ class Enumeration:
infoMsg += "database '%s'" % db
logger.info(infoMsg)
if kb.dbms in ("SQLite", "Firebird"):
if kb.dbms in (DBMS.SQLITE, DBMS.FIREBIRD):
query = rootQuery.blind.count
else:
query = rootQuery.blind.count % db
@@ -808,16 +809,16 @@ class Enumeration:
tables = []
if kb.dbms in ( "Microsoft SQL Server", "Oracle" ):
if kb.dbms in ( DBMS.MSSQL, DBMS.ORACLE ):
plusOne = True
else:
plusOne = False
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if kb.dbms == "Sybase":
if kb.dbms == DBMS.SYBASE:
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
elif kb.dbms in ("SQLite", "Firebird"):
elif kb.dbms in (DBMS.SQLITE, DBMS.FIREBIRD):
query = rootQuery.blind.query % index
else:
query = rootQuery.blind.query % (db, index)
@@ -875,7 +876,7 @@ class Enumeration:
return retVal
def getColumns(self, onlyColNames=False):
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg
@@ -920,7 +921,7 @@ class Enumeration:
infoMsg = "fetching columns "
if conf.col:
if kb.dbms == "Oracle":
if kb.dbms == DBMS.ORACLE:
conf.col = conf.col.upper()
colList = conf.col.split(",")
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + col + "%") for col in colList) + ")"
@@ -933,19 +934,19 @@ class Enumeration:
logger.info(infoMsg)
if kb.unionPosition is not None or conf.direct:
if kb.dbms in ( "MySQL", "PostgreSQL" ):
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
query = rootQuery.inband.query % (conf.tbl, conf.db)
query += condQuery
elif kb.dbms == "Oracle":
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.inband.query % conf.tbl.upper()
query += condQuery
elif kb.dbms == "Microsoft SQL Server":
elif kb.dbms == DBMS.MSSQL:
query = rootQuery.inband.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.tbl)
query += condQuery.replace("[DB]", conf.db)
elif kb.dbms == "SQLite":
elif kb.dbms == DBMS.SQLITE:
query = rootQuery.inband.query % conf.tbl
value = inject.getValue(query, blind=False, error=False)
@@ -954,7 +955,7 @@ class Enumeration:
table = {}
columns = {}
if kb.dbms == "SQLite":
if kb.dbms == DBMS.SQLITE:
for match in re.finditer(getCompiledRegex(r"(\w+) ([A-Z]+)[,\r\n]"), value):
columns[match.group(1)] = match.group(2)
else:
@@ -970,16 +971,16 @@ class Enumeration:
infoMsg += " on database '%s'" % conf.db
logger.info(infoMsg)
if kb.dbms in ( "MySQL", "PostgreSQL" ):
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
query = rootQuery.blind.count % (conf.tbl, conf.db)
query += condQuery
elif kb.dbms == "Oracle":
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.count % conf.tbl.upper()
query += condQuery
elif kb.dbms == "Microsoft SQL Server":
elif kb.dbms == DBMS.MSSQL:
query = rootQuery.blind.count % (conf.db, conf.db, conf.tbl)
query += condQuery.replace("[DB]", conf.db)
elif kb.dbms == "Firebird":
elif kb.dbms == DBMS.FIREBIRD:
query = rootQuery.blind.count % (conf.tbl)
query += condQuery
@@ -997,22 +998,22 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
if kb.dbms in ( "MySQL", "PostgreSQL" ):
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
query = rootQuery.blind.query % (conf.tbl, conf.db)
query += condQuery
field = None
elif kb.dbms == "Oracle":
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.query % (conf.tbl.upper())
query += condQuery
field = None
elif kb.dbms == "Microsoft SQL Server":
elif kb.dbms == DBMS.MSSQL:
query = rootQuery.blind.query % (conf.db, conf.db,
conf.db, conf.db,
conf.db, conf.db,
conf.tbl)
query += condQuery.replace("[DB]", conf.db)
field = condition.replace("[DB]", conf.db)
elif kb.dbms == "Firebird":
elif kb.dbms == DBMS.FIREBIRD:
query = rootQuery.blind.query % (conf.tbl)
query += condQuery
field = None
@@ -1021,20 +1022,20 @@ class Enumeration:
column = inject.getValue(query, inband=False)
if not onlyColNames:
if kb.dbms in ( "MySQL", "PostgreSQL" ):
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
query = rootQuery.blind.query2 % (conf.tbl, column, conf.db)
elif kb.dbms == "Oracle":
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.query2 % (conf.tbl.upper(), column)
elif kb.dbms == "Microsoft SQL Server":
elif kb.dbms == DBMS.MSSQL:
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
conf.db, column, conf.db,
conf.db, conf.db, conf.tbl)
elif kb.dbms == "Firebird":
elif kb.dbms == DBMS.FIREBIRD:
query = rootQuery.blind.query2 % (conf.tbl, column)
colType = inject.getValue(query, inband=False)
if kb.dbms == "Firebird":
if kb.dbms == DBMS.FIREBIRD:
colType = firebirdTypes[colType] if colType in firebirdTypes else colType
columns[column] = colType
@@ -1091,7 +1092,7 @@ class Enumeration:
kb.data.cachedColumns[conf.db][conf.tbl][column] = None
elif not kb.data.cachedColumns:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg
@@ -1112,9 +1113,9 @@ class Enumeration:
entriesCount = 0
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "Oracle":
if kb.dbms == DBMS.ORACLE:
query = rootQuery.inband.query % (colString, conf.tbl.upper())
elif kb.dbms == "SQLite":
elif kb.dbms == DBMS.SQLITE:
query = rootQuery.inband.query % (colString, conf.tbl)
else:
query = rootQuery.inband.query % (colString, conf.db, conf.tbl)
@@ -1160,9 +1161,9 @@ class Enumeration:
infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg)
if kb.dbms == "Oracle":
if kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.count % conf.tbl.upper()
elif kb.dbms == "SQLite":
elif kb.dbms == DBMS.SQLITE:
query = rootQuery.blind.count % conf.tbl
else:
query = rootQuery.blind.count % (conf.db, conf.tbl)
@@ -1182,7 +1183,7 @@ class Enumeration:
lengths = {}
entries = {}
if kb.dbms in ("Oracle", "Microsoft SQL Server", "Sybase"):
if kb.dbms in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE):
plusOne = True
else:
plusOne = False
@@ -1196,19 +1197,19 @@ class Enumeration:
if column not in entries:
entries[column] = []
if kb.dbms in ( "MySQL", "PostgreSQL" ):
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index)
elif kb.dbms == "Oracle":
elif kb.dbms == DBMS.ORACLE:
query = rootQuery.blind.query % (column, column,
conf.tbl.upper(),
index)
elif kb.dbms in ("Microsoft SQL Server", "Sybase"):
elif kb.dbms in (DBMS.MSSQL, DBMS.SYBASE):
query = rootQuery.blind.query % (column, index, conf.db,
conf.tbl, colList[0],
colList[0], colList[0])
elif kb.dbms == "SQLite":
elif kb.dbms == DBMS.SQLITE:
query = rootQuery.blind.query % (column, conf.tbl, index)
value = inject.getValue(query, inband=False)
@@ -1245,7 +1246,7 @@ class Enumeration:
return kb.data.dumpedTable
def dumpAll(self):
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg
@@ -1345,7 +1346,7 @@ class Enumeration:
rootQuery = queries[kb.dbms].search_db
dbList = conf.db.split(",")
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
dbCond = rootQuery.inband.condition2
else:
dbCond = rootQuery.inband.condition
@@ -1370,7 +1371,7 @@ class Enumeration:
dbQuery = dbQuery % db
if kb.unionPosition is not None or conf.direct:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
@@ -1391,7 +1392,7 @@ class Enumeration:
infoMsg += " '%s'" % db
logger.info(infoMsg)
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.count2
else:
query = rootQuery.blind.count
@@ -1411,7 +1412,7 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.blind.query2
else:
query = rootQuery.blind.query
@@ -1424,7 +1425,7 @@ class Enumeration:
return foundDbs
def searchTable(self):
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg
@@ -1438,7 +1439,7 @@ class Enumeration:
tblConsider, tblCondParam = self.likeOrExact("table")
for tbl in tblList:
if kb.dbms == "Oracle":
if kb.dbms == DBMS.ORACLE:
tbl = tbl.upper()
infoMsg = "searching table"
@@ -1545,7 +1546,7 @@ class Enumeration:
return foundTbls
def searchColumn(self):
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg

7
plugins/generic/filesystem.py
View File

@@ -19,6 +19,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.exception import sqlmapUndefinedMethod
from lib.core.settings import DBMS
from lib.request import inject
from lib.techniques.outband.stacked import stackedTest
@@ -84,13 +85,13 @@ class Filesystem:
return fileLines
def __checkWrittenFile(self, wFile, dFile, fileType):
if kb.dbms == "MySQL":
if kb.dbms == DBMS.MYSQL:
lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
elif kb.dbms == "PostgreSQL":
elif kb.dbms == DBMS.POSTGRESQL:
lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid
elif kb.dbms == "Microsoft SQL Server":
elif kb.dbms == DBMS.MSSQL:
self.createSupportTbl(self.fileTblName, self.tblField, "text")
# Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx

11
plugins/generic/misc.py
View File

@@ -21,6 +21,7 @@ from lib.core.data import queries
from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.session import setRemoteTempPath
from lib.core.settings import DBMS
from lib.request import inject
from lib.techniques.outband.stacked import stackedTest
@@ -55,13 +56,13 @@ class Miscellaneous:
infoMsg = "detecting back-end DBMS version from its banner"
logger.info(infoMsg)
if kb.dbms == "MySQL":
if kb.dbms == DBMS.MYSQL:
first, last = 1, 6
elif kb.dbms == "PostgreSQL":
elif kb.dbms == DBMS.POSTGRESQL:
first, last = 12, 6
elif kb.dbms == "Microsoft SQL Server":
elif kb.dbms == DBMS.MSSQL:
first, last = 29, 9
else:
@@ -120,7 +121,7 @@ class Miscellaneous:
if not onlyFileTbl:
inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
if kb.dbms == "Microsoft SQL Server":
if kb.dbms == DBMS.MSSQL:
return
if udfDict is None:
@@ -133,7 +134,7 @@ class Miscellaneous:
if not output or output in ("y", "Y"):
dropStr = "DROP FUNCTION %s" % udf
if kb.dbms == "PostgreSQL":
if kb.dbms == DBMS.POSTGRESQL:
inp = ", ".join(i for i in inpRet["input"])
dropStr += "(%s)" % inp

25
plugins/generic/takeover.py
View File

@@ -20,6 +20,7 @@ from lib.core.exception import sqlmapMissingPrivileges
from lib.core.exception import sqlmapNotVulnerableException
from lib.core.exception import sqlmapUndefinedMethod
from lib.core.exception import sqlmapUnsupportedDBMSException
from lib.core.settings import DBMS
from lib.takeover.abstraction import Abstraction
from lib.takeover.icmpsh import ICMPsh
from lib.takeover.metasploit import Metasploit
@@ -45,7 +46,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if kb.stackedTest or conf.direct:
web = False
elif not kb.stackedTest and kb.dbms == "MySQL":
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
infoMsg = "going to use a web backdoor for command execution"
logger.info(infoMsg)
@@ -68,7 +69,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if kb.stackedTest or conf.direct:
web = False
elif not kb.stackedTest and kb.dbms == "MySQL":
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
infoMsg = "going to use a web backdoor for command prompt"
logger.info(infoMsg)
@@ -153,7 +154,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "is unlikely to receive commands send from you"
logger.error(errMsg)
if kb.dbms in ( "MySQL", "PostgreSQL" ):
if kb.dbms in ( DBMS.MYSQL, DBMS.POSGRESQL ):
self.sysUdfs.pop("sys_bineval")
if kb.stackedTest or conf.direct:
@@ -163,7 +164,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.initEnv(web=web)
if tunnel == 1:
if kb.dbms in ( "MySQL", "PostgreSQL" ):
if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ):
msg = "how do you want to execute the Metasploit shellcode "
msg += "on the back-end database underlying operating system?"
msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)"
@@ -193,7 +194,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadMsfPayloadStager()
if kb.os == "Windows" and conf.privEsc:
if kb.dbms == "MySQL":
if kb.dbms == DBMS.MYSQL:
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, no need to privilege escalate"
logger.debug(debugMsg)
@@ -211,7 +212,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadIcmpshSlave(web=web)
self.icmpPwn()
elif not kb.stackedTest and kb.dbms == "MySQL":
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
web = True
infoMsg = "going to use a web backdoor to establish the tunnel"
@@ -262,13 +263,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
raise sqlmapUnsupportedDBMSException(errMsg)
if not kb.stackedTest and not conf.direct:
if kb.dbms in ( "PostgreSQL", "Microsoft SQL Server" ):
if kb.dbms in ( DBMS.POSTGRESQL, DBMS.MSSQL ):
errMsg = "on this back-end DBMS it is only possible to "
errMsg += "perform the SMB relay attack if stacked "
errMsg += "queries are supported"
raise sqlmapUnsupportedDBMSException(errMsg)
elif kb.dbms == "MySQL":
elif kb.dbms == DBMS.MYSQL:
debugMsg = "since stacked queries are not supported, "
debugMsg += "sqlmap is going to perform the SMB relay "
debugMsg += "attack via inference blind SQL injection"
@@ -277,18 +278,18 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
printWarn = True
warnMsg = "it is unlikely that this attack will be successful "
if kb.dbms == "MySQL":
if kb.dbms == DBMS.MYSQL:
warnMsg += "because by default MySQL on Windows runs as "
warnMsg += "Local System which is not a real user, it does "
warnMsg += "not send the NTLM session hash when connecting to "
warnMsg += "a SMB service"
elif kb.dbms == "PostgreSQL":
elif kb.dbms == DBMS.POSTGRESQL:
warnMsg += "because by default PostgreSQL on Windows runs "
warnMsg += "as postgres user which is a real user of the "
warnMsg += "system, but not within the Administrators group"
elif kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
elif kb.dbms == DBMS.MSSQL and kb.dbmsVersion[0] in ( "2005", "2008" ):
warnMsg += "because often Microsoft SQL Server %s " % kb.dbmsVersion[0]
warnMsg += "runs as Network Service which is not a real user, "
warnMsg += "it does not send the NTLM session hash when "
@@ -308,7 +309,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if not kb.stackedTest and not conf.direct:
return
if not kb.dbms == "Microsoft SQL Server" or kb.dbmsVersion[0] not in ( "2000", "2005" ):
if not kb.dbms == DBMS.MSSQL or kb.dbmsVersion[0] not in ( "2000", "2005" ):
errMsg = "the back-end DBMS must be Microsoft SQL Server "
errMsg += "2000 or 2005 to be able to exploit the heap-based "
errMsg += "buffer overflow in the 'sp_replwritetovarbin' "