applying contributed patch for DB2

plugins/dbms/db2/__init__.py

@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+
+"""
+$Id: __init__.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.enums import DBMS
+from lib.core.settings import DB2_SYSTEM_DBS
+from lib.core.unescaper import unescaper
+
+from plugins.dbms.db2.enumeration import Enumeration
+from plugins.dbms.db2.filesystem import Filesystem
+from plugins.dbms.db2.fingerprint import Fingerprint
+from plugins.dbms.db2.syntax import Syntax
+from plugins.dbms.db2.takeover import Takeover
+from plugins.generic.misc import Miscellaneous
+
+class DB2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
+    """
+    This class defines DB2 methods
+    """
+
+    def __init__(self):
+        self.excludeDbsList = DB2_SYSTEM_DBS
+
+        Syntax.__init__(self)
+        Fingerprint.__init__(self)
+        Enumeration.__init__(self)
+        Filesystem.__init__(self)
+        Miscellaneous.__init__(self)
+        Takeover.__init__(self)
+
+    unescaper[DBMS.DB2] = Syntax.unescape

plugins/dbms/db2/connector.py

@@ -0,0 +1,31 @@
+#!/usr/bin/env python
+
+"""
+$Id: connector.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+try:
+    import pyodbc
+except ImportError, _:
+    pass
+
+from lib.core.data import logger
+from lib.core.exception import sqlmapConnectionException
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+from plugins.generic.connector import Connector as GenericConnector
+
+class Connector(GenericConnector):
+    """
+    Homepage: http://pyodbc.googlecode.com/
+    User guide: http://code.google.com/p/pyodbc/wiki/GettingStarted
+    API: http://code.google.com/p/pyodbc/w/list
+    Debian package: python-pyodbc
+    License: MIT
+    """
+
+    def __init__(self):
+        GenericConnector.__init__(self)

plugins/dbms/db2/enumeration.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+
+"""
+$Id: enumeration.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+
+from lib.core.data import logger
+from plugins.generic.enumeration import Enumeration as GenericEnumeration
+
+class Enumeration(GenericEnumeration):
+    def __init__(self):
+        GenericEnumeration.__init__(self)        
+    
+    def getPasswordHashes(self):
+        warnMsg = "on DB2 it is not possible to list password hashes"
+        logger.warn(warnMsg)
+
+        return {}

plugins/dbms/db2/filesystem.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+"""
+$Id: filesystem.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.common import randomStr
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.enums import PLACE
+from lib.core.exception import sqlmapNoneDataException
+from lib.request import inject
+from lib.techniques.inband.union.use import unionUse
+
+from plugins.generic.filesystem import Filesystem as GenericFilesystem
+
+class Filesystem(GenericFilesystem):
+    def __init__(self):
+        GenericFilesystem.__init__(self)

plugins/dbms/db2/fingerprint.py

@@ -0,0 +1,114 @@
+#!/usr/bin/env python
+
+"""
+$Id: fingerprint.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+
+from lib.core.common import Backend
+from lib.core.common import Format
+from lib.core.common import randomInt
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.enums import DBMS
+from lib.core.session import setDbms
+from lib.core.settings import DB2_ALIASES
+from lib.request import inject
+
+from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
+
+class Fingerprint(GenericFingerprint):
+    def __init__(self):
+        GenericFingerprint.__init__(self, DBMS.DB2)		
+
+    def versionCheck(self):
+        minor, major = None, None
+    
+        for version in reversed(xrange(5, 15)):
+            result = inject.checkBooleanExpression("(SELECT COUNT(*) FROM sysibm.sysversions WHERE versionnumber BETWEEN %d000000 AND %d999999)>0" % (version, version))
+            if result:
+                major = version
+    
+                for version in reversed(xrange(0, 20)):
+                    result = inject.checkBooleanExpression("(SELECT COUNT(*) FROM sysibm.sysversions WHERE versionnumber BETWEEN %d%02d0000 AND %d%02d9999)>0" % (major, version, major, version))
+                    if result:
+                        minor = version
+                        version = "%s.%s" % (major, minor)
+                        break                    
+                break
+            
+        if major and minor:
+            return "%s.%s" % (major, minor)
+        else:
+            return None
+
+    def getFingerprint(self):
+        value  = ""
+        wsOsFp = Format.getOs("web server", kb.headersFp)
+
+        if wsOsFp:
+            value += "%s\n" % wsOsFp
+
+        if kb.data.banner:
+            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
+
+            if dbmsOsFp:
+                value += "%s\n" % dbmsOsFp
+
+        value += "back-end DBMS: "
+
+        if not conf.extensiveFp:
+            value += DBMS.DB2
+            return value
+
+        actVer      = Format.getDbms()
+        blank       = " " * 15
+        value      += "active fingerprint: %s" % actVer
+
+        if kb.bannerFp:
+            banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
+            banVer = Format.getDbms([banVer])
+            value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
+
+        htmlErrorFp = Format.getErrorParsedDBMSes()
+
+        if htmlErrorFp:
+            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
+
+        return value
+
+    def checkDbms(self):
+        if not conf.extensiveFp and (Backend.isDbmsWithin(DB2_ALIASES) or conf.dbms in DB2_ALIASES):
+            setDbms(DBMS.DB2)
+
+            return True
+
+        logMsg = "testing %s" % DBMS.DB2
+        logger.info(logMsg)
+
+        randInt = randomInt()
+        result = inject.checkBooleanExpression("(SELECT %d FROM sysibm.sysdummy1) = %d" % (randInt, randInt))
+
+        if result:
+            logMsg = "confirming %s" % DBMS.DB2
+            logger.info(logMsg)
+
+            version = self.versionCheck()
+
+            if version:
+                Backend.setVersion(version)
+                setDbms("%s %s" % (DBMS.DB2, Backend.getVersion()))
+            else:
+                setDbms(DBMS.DB2) 
+
+
+            return True
+        else:
+            warnMsg = "the back-end DBMS is not %s" % DBMS.DB2
+            logger.warn(warnMsg)
+
+            return False

plugins/dbms/db2/syntax.py

@@ -0,0 +1,72 @@
+#!/usr/bin/env python
+
+"""
+$Id: syntax.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.data import logger
+from lib.core.exception import sqlmapSyntaxException
+
+from plugins.generic.syntax import Syntax as GenericSyntax
+
+class Syntax(GenericSyntax):
+    def __init__(self):
+        GenericSyntax.__init__(self)
+
+    @staticmethod
+    def unescape(expression, quote=True):
+        if quote:
+            while True:
+                index = expression.find("'")
+                if index == -1:
+                    break
+
+                firstIndex = index + 1
+                index = expression[firstIndex:].find("'")
+
+                if index == -1:
+                    raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
+
+                lastIndex = firstIndex + index
+                old = "'%s'" % expression[firstIndex:lastIndex]
+                unescaped = ""
+
+                for i in range(firstIndex, lastIndex):
+                    unescaped += "CHR(%d)" % (ord(expression[i]))
+                    if i < lastIndex - 1:
+                        unescaped += "||"
+
+                expression = expression.replace(old, unescaped)
+        else:
+            expression = "||".join("CHR(%d)" % ord(c) for c in expression)
+
+        return expression
+
+    @staticmethod
+    def escape(expression):
+        logMsg = "escaping %s" % expression
+        logger.info(logMsg)
+        while True:
+            index = expression.find("CHR(")
+            if index == -1:
+                break
+
+            firstIndex = index
+            index = expression[firstIndex:].find(")")
+
+            if index == -1:
+                raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
+
+            lastIndex = firstIndex + index + 1
+            old = expression[firstIndex:lastIndex]
+            oldUpper = old.upper()
+            oldUpper = oldUpper.lstrip("CHR(").rstrip(")")
+            oldUpper = oldUpper.split("||")
+
+            escaped = "'%s'" % "".join([chr(int(char)) for char in oldUpper])
+            expression = expression.replace(old, escaped)
+
+        return expression

plugins/dbms/db2/takeover.py

@@ -0,0 +1,32 @@
+#!/usr/bin/env python
+
+"""
+$Id: takeover.py 3678 2011-04-15 12:33:18Z stamparm $
+
+Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.agent import agent
+from lib.core.common import isTechniqueAvailable
+from lib.core.common import normalizePath
+from lib.core.common import ntToPosixSlashes
+from lib.core.common import randomStr
+from lib.core.common import readInput
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.data import paths
+from lib.core.enums import PAYLOAD
+from lib.request import inject
+from lib.request.connect import Connect as Request
+
+from plugins.generic.takeover import Takeover as GenericTakeover
+
+class Takeover(GenericTakeover):
+    def __init__(self):
+        self.__basedir = None
+        self.__datadir = None
+
+        GenericTakeover.__init__(self)