Merged back from personal branch to trunk (svn merge -r846:940 ...)

Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2025-12-06 12:41:30 +00:00 · 2009-09-25 23:03:45 +00:00
parent 458d59416c
commit 89c43893d4
52 changed files with 1698 additions and 647 deletions
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -33,6 +33,7 @@ from lib.core.common import parseTargetUrl
 from lib.core.convert import urldecode
 from lib.core.data import conf
 from lib.core.data import kb
+from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.dump import dumper
 from lib.core.exception import sqlmapFilePathException
@@ -116,7 +117,12 @@ def __setOutputResume():
    Check and set the output text file and the resume functionality.
    """

-    if conf.sessionFile and os.path.exists(conf.sessionFile):
+    if not conf.sessionFile:
+        conf.sessionFile = "%s%ssession" % (conf.outputPath, os.sep)
+
+    logger.info("using '%s' as session file" % conf.sessionFile)
+
+    if os.path.exists(conf.sessionFile):
        readSessionFP = open(conf.sessionFile, "r")
        lines = readSessionFP.readlines()

@@ -154,13 +160,12 @@ def __setOutputResume():

        readSessionFP.close()

-    if conf.sessionFile:
-        try:
-            conf.sessionFP = open(conf.sessionFile, "a")
-            dataToSessionFile("\n[%s]\n" % time.strftime("%X %x"))
-        except IOError:
-            errMsg = "unable to write on the session file specified"
-            raise sqlmapFilePathException, errMsg
+    try:
+        conf.sessionFP = open(conf.sessionFile, "a")
+        dataToSessionFile("\n[%s]\n" % time.strftime("%X %x"))
+    except IOError:
+        errMsg = "unable to write on the session file specified"
+        raise sqlmapFilePathException, errMsg


 def __createFilesDir():
@@ -191,6 +196,25 @@ def __createDumpDir():
        os.makedirs(conf.dumpPath, 0755)


+def createTargetDirs():
+    """
+    Create the output directory.
+    """
+
+    conf.outputPath = "%s%s%s" % (paths.SQLMAP_OUTPUT_PATH, os.sep, conf.hostname)
+
+    if not os.path.isdir(paths.SQLMAP_OUTPUT_PATH):
+        os.makedirs(paths.SQLMAP_OUTPUT_PATH, 0755)
+
+    if not os.path.isdir(conf.outputPath):
+        os.makedirs(conf.outputPath, 0755)
+
+    dumper.setOutputFile()
+
+    __createDumpDir()
+    __createFilesDir()
+
+
 def initTargetEnv():
    """
    Initialize target environment.
@@ -213,22 +237,3 @@ def initTargetEnv():
    parseTargetUrl()
    __setRequestParams()
    __setOutputResume()
-
-
-def createTargetDirs():
-    """
-    Create the output directory.
-    """
-
-    conf.outputPath = "%s%s%s" % (paths.SQLMAP_OUTPUT_PATH, os.sep, conf.hostname)
-
-    if not os.path.isdir(paths.SQLMAP_OUTPUT_PATH):
-        os.makedirs(paths.SQLMAP_OUTPUT_PATH, 0755)
-
-    if not os.path.isdir(conf.outputPath):
-        os.makedirs(conf.outputPath, 0755)
-
-    dumper.setOutputFile()
-
-    __createDumpDir()
-    __createFilesDir()