Merge pull request #475 from Meatballs1/hsql_clean

HSQL Payloads and Query Support

lib/controller/handler.py

@@ -20,6 +20,7 @@ from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import DB2_ALIASES
+from lib.core.settings import HSQL_ALIASES
 from lib.utils.sqlalchemy import SQLAlchemy
 
 from plugins.dbms.mssqlserver import MSSQLServerMap
@@ -42,6 +43,8 @@ from plugins.dbms.sybase import SybaseMap
 from plugins.dbms.sybase.connector import Connector as SybaseConn
 from plugins.dbms.db2 import DB2Map
 from plugins.dbms.db2.connector import Connector as DB2Conn
+from plugins.dbms.hsql import HSQLMap
+from plugins.dbms.hsql.connector import Connector as HSQLConn
 
 def setHandler():
     """
@@ -60,6 +63,7 @@ def setHandler():
                   (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn),
                   (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn),
                   (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn),
+                  (DBMS.HSQL, HSQL_ALIASES, HSQLMap, HSQLConn),
             ]
 
     _ = max(_ if (Backend.getIdentifiedDbms() or "").lower() in _[1] else None for _ in items)

lib/core/agent.py

@@ -525,7 +525,7 @@ class Agent(object):
         else:
             return query
 
-        if Backend.isDbms(DBMS.MYSQL):
+        if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.HSQL):
             if fieldsExists:
                 concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1)
                 concatenatedQuery += ",'%s')" % kb.chars.stop

lib/core/common.py

@@ -3448,7 +3448,11 @@ def decodeHexValue(value):
                     retVal = retVal.decode("utf-16-le")
                 except UnicodeDecodeError:
                     pass
-
+            elif Backend.isDbms(DBMS.HSQL):
+                try:
+                    retVal = retVal.decode("utf-16-be")
+                except UnicodeDecodeError:
+                    pass
             if not isinstance(retVal, unicode):
                 retVal = getUnicode(retVal, "utf8")
 

lib/core/dicts.py

@@ -20,6 +20,7 @@ from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import MAXDB_ALIASES
 from lib.core.settings import SYBASE_ALIASES
 from lib.core.settings import DB2_ALIASES
+from lib.core.settings import HSQL_ALIASES
 
 FIREBIRD_TYPES = {
                     "261": "BLOB",
@@ -137,6 +138,7 @@ DBMS_DICT = {
                 DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
                 DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/", "sybase"),
                 DBMS.DB2: (DB2_ALIASES, "python ibm-db", "http://code.google.com/p/ibm-db/", "ibm_db_sa"),
+                DBMS.HSQL: (HSQL_ALIASES, "python jaydebeapi", "https://pypi.python.org/pypi/JayDeBeApi/", "hsql"),
             }
 
 FROM_DUMMY_TABLE = {
@@ -145,6 +147,7 @@ FROM_DUMMY_TABLE = {
                         DBMS.FIREBIRD: " FROM RDB$DATABASE",
                         DBMS.MAXDB: " FROM VERSIONS",
                         DBMS.DB2: " FROM SYSIBM.SYSDUMMY1",
+                        DBMS.HSQL: " FROM INFORMATION_SCHEMA.SYSTEM_USERS"
                    }
 
 SQL_STATEMENTS = {
@@ -186,7 +189,9 @@ SQL_STATEMENTS = {
 
                         "SQL data execution":    (
                              "exec ",
-                             "execute ",         ),
+                             "execute ",
+                             "values ", 
+                             "call ",            ),
 
                         "SQL transaction":       (
                              "start transaction ",

lib/core/enums.py

@@ -33,6 +33,7 @@ class DBMS:
     PGSQL = "PostgreSQL"
     SQLITE = "SQLite"
     SYBASE = "Sybase"
+    HSQL = "HyperSQL"
 
 class DBMS_DIRECTORY_NAME:
     ACCESS = "access"
@@ -45,6 +46,7 @@ class DBMS_DIRECTORY_NAME:
     PGSQL = "postgresql"
     SQLITE = "sqlite"
     SYBASE = "sybase"
+    HSQL = "hsql"
 
 class CUSTOM_LOGGING:
     PAYLOAD = 9

lib/core/settings.py

@@ -163,6 +163,7 @@ MAXDB_SYSTEM_DBS = ("SYSINFO", "DOMAIN")
 SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs")
 DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS",\
                    "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS")
+HSQL_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB")
 
 MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms")
 MYSQL_ALIASES = ("mysql", "my")
@@ -174,10 +175,11 @@ FIREBIRD_ALIASES = ("firebird", "mozilla firebird", "interbase", "ibase", "fb")
 MAXDB_ALIASES = ("maxdb", "sap maxdb", "sap db")
 SYBASE_ALIASES = ("sybase", "sybase sql server")
 DB2_ALIASES = ("db2", "ibm db2", "ibmdb2")
+HSQL_ALIASES = ("hsql", "hsqldb", "hs", "hypersql")
 
 DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_"))
 
-SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES
+SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQL_ALIASES
 SUPPORTED_OS = ("linux", "windows")
 
 USER_AGENT_ALIASES = ("ua", "useragent", "user-agent")