PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch

Browse Source
This commit is contained in:
Bernardo Damele
2011-04-23 16:25:09 +00:00
parent 75142b383d
commit d0dff82ce0
20 changed files with 125 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
plugins/dbms/mssqlserver/fingerprint.py
View File

@@ -16,6 +16,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.session import setDbms
from lib.core.settings import MSSQL_ALIASES
from lib.core.settings import UNKNOWN_DBMS_VERSION
@@ -78,7 +79,7 @@ class Fingerprint(GenericFingerprint):
self.getBanner()
kb.os = "Windows"
Backend.setOs(OS.WINDOWS)
return True
@@ -112,7 +113,7 @@ class Fingerprint(GenericFingerprint):
self.getBanner()
kb.os = "Windows"
Backend.setOs(OS.WINDOWS)
return True
else:
@@ -122,11 +123,11 @@ class Fingerprint(GenericFingerprint):
return False
def checkDbmsOs(self, detailed=False):
if kb.os and kb.osVersion and kb.osSP:
if Backend.getOs() and kb.osVersion and kb.osSP:
return
if not kb.os:
kb.os = "Windows"
if not Backend.getOs():
Backend.setOs(OS.WINDOWS)
if not detailed:
return
@@ -135,7 +136,7 @@ class Fingerprint(GenericFingerprint):
infoMsg += "version and service pack"
logger.info(infoMsg)
infoMsg = "the back-end DBMS operating system is %s" % kb.os
infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs()
self.createSupportTbl(self.fileTblName, self.tblField, "varchar(1000)")
inject.goStacked("INSERT INTO %s(%s) VALUES (%s)" % (self.fileTblName, self.tblField, "@@VERSION"))

11
plugins/dbms/mysql/fingerprint.py
View File

@@ -18,6 +18,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.enums import PLACE
from lib.core.session import setDbms
from lib.core.settings import MYSQL_ALIASES
@@ -272,7 +273,7 @@ class Fingerprint(GenericFingerprint):
return False
def checkDbmsOs(self, detailed=False):
if kb.os:
if Backend.getOs():
return
infoMsg = "fingerprinting the back-end DBMS operating system"
@@ -281,12 +282,12 @@ class Fingerprint(GenericFingerprint):
result = inject.checkBooleanExpression("'W'=UPPER(MID(@@version_compile_os,1,1))")
if result:
kb.os = "Windows"
Backend.setOs(OS.WINDOWS)
elif not result:
kb.os = "Linux"
Backend.setOs(OS.LINUX)
if kb.os:
infoMsg = "the back-end DBMS operating system is %s" % kb.os
if Backend.getOs():
infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs()
logger.info(infoMsg)
else:
self.userChooseDbmsOs()

10
plugins/dbms/mysql/takeover.py
View File

@@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission
import re
from lib.core.agent import agent
from lib.core.common import Backend
from lib.core.common import isTechniqueAvailable
from lib.core.common import normalizePath
from lib.core.common import ntToPosixSlashes
@@ -18,6 +19,7 @@ from lib.core.common import readInput
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.request import inject
from lib.request.connect import Connect as Request
@@ -45,12 +47,12 @@ class Takeover(GenericTakeover):
self.__basedir = inject.getValue("SELECT @@basedir")
if re.search("^[\w]\:[\/\\\\]+", self.__basedir, re.I):
kb.os = "Windows"
Backend.setOs(OS.WINDOWS)
else:
kb.os = "Linux"
Backend.setOs(OS.LINUX)
# The DLL must be in C:\Program Files\MySQL\MySQL Server 5.1\lib\plugin
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
self.__basedir += "/lib/plugin"
else:
self.__basedir += "/lib/mysql/plugin"
@@ -97,7 +99,7 @@ class Takeover(GenericTakeover):
warnMsg = "invalid value, valid values are 1 and 2"
logger.warn(warnMsg)
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
self.udfLocalFile += "/mysql/windows/%d/lib_mysqludf_sys.dll" % arch
self.udfSharedLibExt = "dll"
else:

11
plugins/dbms/postgresql/fingerprint.py
View File

@@ -18,6 +18,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.session import setDbms
from lib.core.settings import PGSQL_ALIASES
from lib.core.settings import PGSQL_SYSTEM_DBS
@@ -148,7 +149,7 @@ class Fingerprint(GenericFingerprint):
return False
def checkDbmsOs(self, detailed=False):
if kb.os:
if Backend.getOs():
return
infoMsg = "fingerprinting the back-end DBMS operating system"
@@ -166,14 +167,14 @@ class Fingerprint(GenericFingerprint):
query += "LIKE '%" + osPattern + "%')>0"
if inject.checkBooleanExpression(query):
kb.os = "Windows"
Backend.setOs(OS.WINDOWS)
break
if kb.os is None:
kb.os = "Linux"
if Backend.getOs() is None:
Backend.setOs(OS.LINUX)
infoMsg = "the back-end DBMS operating system is %s" % kb.os
infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs()
logger.info(infoMsg)
self.cleanup(onlyFileTbl=True)

6
plugins/dbms/postgresql/takeover.py
View File

@@ -7,11 +7,13 @@ Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import Backend
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import paths
from lib.core.enums import OS
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.request import inject
@@ -23,7 +25,7 @@ class Takeover(GenericTakeover):
def udfSetRemotePath(self):
# On Windows
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
# The DLL can be in any folder where postgres user has
# read/write/execute access is valid
# NOTE: by not specifing any path, it will save into the
@@ -75,7 +77,7 @@ class Takeover(GenericTakeover):
warnMsg = "invalid value, valid values are 1 and 2"
logger.warn(warnMsg)
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (arch, majorVer)
self.udfSharedLibExt = "dll"
else:

3
plugins/dbms/sybase/fingerprint.py
View File

@@ -15,6 +15,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.session import setDbms
from lib.core.settings import SYBASE_ALIASES
from lib.request import inject
@@ -69,7 +70,7 @@ class Fingerprint(GenericFingerprint):
self.getBanner()
kb.os = "Windows"
Backend.setOs(OS.WINDOWS)
return True

5
plugins/generic/fingerprint.py
View File

@@ -11,6 +11,7 @@ from lib.core.common import Backend
from lib.core.common import readInput
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import OS
from lib.core.exception import sqlmapUndefinedMethod
class Fingerprint:
@@ -50,10 +51,10 @@ class Fingerprint:
os = readInput(msg, default="W")
if os[0].lower() == "w":
kb.os = "Windows"
Backend.setOs(OS.WINDOWS)
break
elif os[0].lower() == "l":
kb.os = "Linux"
Backend.setOs(OS.LINUX)
break
else:
warnMsg = "invalid value"

11
plugins/generic/misc.py
View File

@@ -21,6 +21,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException
@@ -37,13 +38,13 @@ class Miscellaneous:
def getRemoteTempPath(self):
if not conf.tmpPath:
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
conf.tmpPath = "C:/WINDOWS/Temp"
else:
conf.tmpPath = "/tmp"
if getCompiledRegex("(?i)\A[\w]:[\/\\\\]+").search(conf.tmpPath):
kb.os = "Windows"
Backend.setOs(OS.WINDOWS)
conf.tmpPath = normalizePath(conf.tmpPath)
conf.tmpPath = ntToPosixSlashes(conf.tmpPath)
@@ -80,7 +81,7 @@ class Miscellaneous:
def delRemoteFile(self, tempFile):
self.checkDbmsOs()
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
tempFile = posixToNtSlashes(tempFile)
cmd = "del /F /Q %s" % tempFile
else:
@@ -100,10 +101,10 @@ class Miscellaneous:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return
if kb.os == "Windows":
if Backend.isOs(OS.WINDOWS):
libtype = "dynamic-link library"
elif kb.os == "Linux":
elif Backend.isOs(OS.LINUX):
libtype = "shared object"
else:

13
plugins/generic/takeover.py
View File

@@ -17,6 +17,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import OS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapMissingDependence
from lib.core.exception import sqlmapMissingMandatoryOptionException
@@ -108,7 +109,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
warnMsg = "invalid value, valid values are 1 and 2"
logger.warn(warnMsg)
if tunnel == 2 and kb.os != "Windows":
if tunnel == 2 and Backend.isOs(OS.WINDOWS):
errMsg = "icmpsh slave is only supported on Windows at "
errMsg += "the moment. The back-end database server is "
errMsg += "not. sqlmap will fallback to TCP (Metasploit)"
@@ -189,13 +190,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.createMsfPayloadStager()
self.uploadMsfPayloadStager()
if kb.os == "Windows" and conf.privEsc:
if Backend.isOs(OS.WINDOWS) and conf.privEsc:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, no need to privilege escalate"
logger.debug(debugMsg)
elif kb.os != "Windows" and conf.privEsc:
elif not Backend.isOs(OS.WINDOWS) and conf.privEsc:
# Unset --priv-esc if the back-end DBMS underlying operating
# system is not Windows
conf.privEsc = False
@@ -217,7 +218,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.initEnv(web=web)
if self.webBackdoorUrl:
if kb.os != "Windows" and conf.privEsc:
if not Backend.isOs(OS.WINDOWS) and conf.privEsc:
# Unset --priv-esc if the back-end DBMS underlying operating
# system is not Windows
conf.privEsc = False
@@ -250,7 +251,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def osSmb(self):
self.checkDbmsOs()
if kb.os != "Windows":
if not Backend.isOs(OS.WINDOWS):
errMsg = "the back-end DBMS underlying operating system is "
errMsg += "not Windows: it is not possible to perform the SMB "
errMsg += "relay attack"
@@ -329,7 +330,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.checkDbmsOs()
if kb.os != "Windows":
if not Backend.isOs(OS.WINDOWS):
errMsg = "the back-end DBMS underlying operating system is "
errMsg += "not Windows"
raise sqlmapUnsupportedDBMSException(errMsg)