PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-10 09:49:06 +00:00
Code Issues Projects Releases Wiki Activity

Minor code restyling

Browse Source
This commit is contained in:
Bernardo Damele
2011-04-30 13:20:05 +00:00
parent 983546d6bf
commit f56d135438
86 changed files with 804 additions and 804 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/dbms/access/connector.py
View File

@@ -34,7 +34,7 @@ class Connector(GenericConnector):
def connect(self):
if not IS_WIN:
errMsg = "currently, direct connection to Microsoft Access database(s) "
errMsg = "currently, direct connection to Microsoft Access database(s) "
errMsg += "is restricted to Windows platforms"
raise sqlmapUnsupportedFeatureException, errMsg

6
plugins/dbms/access/fingerprint.py
View File

@@ -114,7 +114,7 @@ class Fingerprint(GenericFingerprint):
return retVal
def getFingerprint(self):
value = ""
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
@@ -126,14 +126,14 @@ class Fingerprint(GenericFingerprint):
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "
value += "back-end DBMS: "
if not conf.extensiveFp:
value += DBMS.ACCESS
return value
actVer = Format.getDbms() + " (%s)" % (self.__sandBoxCheck())
blank = " " * 15
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:

4
plugins/dbms/access/takeover.py
View File

@@ -24,11 +24,11 @@ class Takeover(GenericTakeover):
raise sqlmapUnsupportedFeatureException, errMsg
def osPwn(self):
errMsg = "on Microsoft Access it is not possible to establish an "
errMsg = "on Microsoft Access it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg
def osSmb(self):
errMsg = "on Microsoft Access it is not possible to establish an "
errMsg = "on Microsoft Access it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg

8
plugins/dbms/firebird/fingerprint.py
View File

@@ -33,7 +33,7 @@ class Fingerprint(GenericFingerprint):
GenericFingerprint.__init__(self, DBMS.FIREBIRD)
def getFingerprint(self):
value = ""
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
@@ -52,9 +52,9 @@ class Fingerprint(GenericFingerprint):
value += actVer
return value
actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck())
blank = " " * 15
value += "active fingerprint: %s" % actVer
actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck())
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"]

4
plugins/dbms/firebird/takeover.py
View File

@@ -24,11 +24,11 @@ class Takeover(GenericTakeover):
raise sqlmapUnsupportedFeatureException, errMsg
def osPwn(self):
errMsg = "on Firebird it is not possible to establish an "
errMsg = "on Firebird it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg
def osSmb(self):
errMsg = "on Firebird it is not possible to establish an "
errMsg = "on Firebird it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg

2
plugins/dbms/maxdb/connector.py
View File

@@ -16,6 +16,6 @@ class Connector(GenericConnector):
GenericConnector.__init__(self)
def connect(self):
errMsg = "on SAP MaxDB it is not possible to establish a "
errMsg = "on SAP MaxDB it is not possible to establish a "
errMsg += "direct connection"
raise sqlmapUnsupportedFeatureException, errMsg

14
plugins/dbms/maxdb/fingerprint.py
View File

@@ -34,10 +34,10 @@ class Fingerprint(GenericFingerprint):
infoMsg = "executing %s SYSINFO version check" % DBMS.MAXDB
logger.info(infoMsg)
query = agent.prefixQuery("/* NoValue */")
query = agent.suffixQuery(query)
query = agent.prefixQuery("/* NoValue */")
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)
result = Request.queryPage(payload)
if not result:
warnMsg = "unable to perform %s version check" % DBMS.MAXDB
@@ -65,7 +65,7 @@ class Fingerprint(GenericFingerprint):
return None
def getFingerprint(self):
value = ""
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
@@ -77,15 +77,15 @@ class Fingerprint(GenericFingerprint):
if dbmsOsFp:
value += "%s\n" % dbmsOsFp
blank = " " * 15
value += "back-end DBMS: "
blank = " " * 15
value += "back-end DBMS: "
if not conf.extensiveFp:
value += DBMS.MAXDB
return value
actVer = Format.getDbms() + " (%s)" % self.__versionCheck()
blank = " " * 15
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:

4
plugins/dbms/maxdb/takeover.py
View File

@@ -24,11 +24,11 @@ class Takeover(GenericTakeover):
raise sqlmapUnsupportedFeatureException, errMsg
def osPwn(self):
errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg
def osSmb(self):
errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg

6
plugins/dbms/mssqlserver/enumeration.py
View File

@@ -104,7 +104,7 @@ class Enumeration(GenericEnumeration):
continue
infoMsg = "fetching number of tables for "
infoMsg = "fetching number of tables for "
infoMsg += "database '%s'" % db
logger.info(infoMsg)
@@ -112,7 +112,7 @@ class Enumeration(GenericEnumeration):
count = inject.getValue(query, inband=False, error=False, charsetType=2)
if not isNumPosStrValue(count):
warnMsg = "unable to retrieve the number of "
warnMsg = "unable to retrieve the number of "
warnMsg += "tables for database '%s'" % db
logger.warn(warnMsg)
continue
@@ -128,7 +128,7 @@ class Enumeration(GenericEnumeration):
if tables:
kb.data.cachedTables[db] = tables
else:
warnMsg = "unable to retrieve the tables "
warnMsg = "unable to retrieve the tables "
warnMsg += "for database '%s'" % db
logger.warn(warnMsg)

26
plugins/dbms/mssqlserver/filesystem.py
View File

@@ -31,7 +31,7 @@ class Filesystem(GenericFilesystem):
GenericFilesystem.__init__(self)
def unionReadFile(self, rFile):
errMsg = "Microsoft SQL Server does not support file reading "
errMsg = "Microsoft SQL Server does not support file reading "
errMsg += "with UNION query SQL injection technique"
raise sqlmapUnsupportedFeatureException(errMsg)
@@ -98,10 +98,10 @@ class Filesystem(GenericFilesystem):
if not result:
result = []
count = inject.getValue("SELECT COUNT(%s) FROM %s" % (self.tblField, hexTbl), resumeValue=False, charsetType=2)
count = inject.getValue("SELECT COUNT(%s) FROM %s" % (self.tblField, hexTbl), resumeValue=False, charsetType=2)
if not isNumPosStrValue(count):
errMsg = "unable to retrieve the content of the "
errMsg = "unable to retrieve the content of the "
errMsg += "file '%s'" % rFile
raise sqlmapNoneDataException(errMsg)
@@ -116,7 +116,7 @@ class Filesystem(GenericFilesystem):
return result
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
errMsg = "Microsoft SQL Server does not support file upload with "
errMsg = "Microsoft SQL Server does not support file upload with "
errMsg += "UNION query SQL injection technique"
raise sqlmapUnsupportedFeatureException(errMsg)
@@ -128,22 +128,22 @@ class Filesystem(GenericFilesystem):
self.getRemoteTempPath()
debugMsg = "going to use xp_cmdshell extended procedure to write "
debugMsg = "going to use xp_cmdshell extended procedure to write "
debugMsg += "the %s file content to file '%s'" % (fileType, dFile)
logger.debug(debugMsg)
debugSize = 0xFF00
tmpPath = posixToNtSlashes(conf.tmpPath)
dFile = posixToNtSlashes(dFile)
dFileName = ntpath.basename(dFile)
wFileSize = os.path.getsize(wFile)
debugSize = 0xFF00
tmpPath = posixToNtSlashes(conf.tmpPath)
dFile = posixToNtSlashes(dFile)
dFileName = ntpath.basename(dFile)
wFileSize = os.path.getsize(wFile)
wFilePointer = codecs.open(wFile, "rb")
wFileContent = wFilePointer.read()
wFilePointer.close()
if wFileSize < debugSize:
chunkName = self.updateBinChunk(wFileContent, tmpPath)
sFile = "%s\%s" % (tmpPath, dFileName)
sFile = "%s\%s" % (tmpPath, dFileName)
logger.debug("moving binary file %s to %s" % (sFile, dFile))
@@ -153,7 +153,7 @@ class Filesystem(GenericFilesystem):
self.execCmd(complComm)
else:
infoMsg = "the %s file is bigger than %d " % (fileType, debugSize)
infoMsg = "the %s file is bigger than %d " % (fileType, debugSize)
infoMsg += "bytes. sqlmap will split it into chunks, upload "
infoMsg += "them and recreate the original file out of the "
infoMsg += "binary chunks server-side, please wait.."
@@ -163,7 +163,7 @@ class Filesystem(GenericFilesystem):
for i in range(0, wFileSize, debugSize):
wFileChunk = wFileContent[i:i + debugSize]
chunkName = self.updateBinChunk(wFileChunk, tmpPath)
chunkName = self.updateBinChunk(wFileChunk, tmpPath)
if i == 0:
infoMsg = "renaming chunk "

2
plugins/dbms/mssqlserver/fingerprint.py
View File

@@ -132,7 +132,7 @@ class Fingerprint(GenericFingerprint):
if not detailed:
return
infoMsg = "fingerprinting the back-end DBMS operating system "
infoMsg = "fingerprinting the back-end DBMS operating system "
infoMsg += "version and service pack"
logger.info(infoMsg)

6
plugins/dbms/mssqlserver/takeover.py
View File

@@ -53,7 +53,7 @@ class Takeover(GenericTakeover):
for versionSp, data in returns.items():
version, sp = versionSp.split("-")
sp = int(sp)
sp = int(sp)
if kb.osVersion == version and kb.osSP == sp:
addrs = data
@@ -61,14 +61,14 @@ class Takeover(GenericTakeover):
break
if addrs is None:
errMsg = "sqlmap can not exploit the stored procedure buffer "
errMsg = "sqlmap can not exploit the stored procedure buffer "
errMsg += "overflow because it does not have a valid return "
errMsg += "code for the underlying operating system (Windows "
errMsg += "%s Service Pack %d)" % (kb.osVersion, kb.osSP)
raise sqlmapUnsupportedFeatureException(errMsg)
shellcodeChar = ""
hexStr = binascii.hexlify(self.shellcodeString[:-1])
hexStr = binascii.hexlify(self.shellcodeString[:-1])
for hexPair in range(0, len(hexStr), 2):
shellcodeChar += "CHAR(0x%s)+" % hexStr[hexPair:hexPair+2]

12
plugins/dbms/mysql/__init__.py
View File

@@ -25,12 +25,12 @@ class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take
def __init__(self):
self.excludeDbsList = MYSQL_SYSTEM_DBS
self.sysUdfs = {
# UDF name: UDF return data-type
"sys_exec": { "return": "int" },
"sys_eval": { "return": "string" },
"sys_bineval": { "return": "int" }
}
self.sysUdfs = {
# UDF name: UDF return data-type
"sys_exec": { "return": "int" },
"sys_eval": { "return": "string" },
"sys_bineval": { "return": "int" }
}
Syntax.__init__(self)
Fingerprint.__init__(self)

18
plugins/dbms/mysql/filesystem.py
View File

@@ -39,12 +39,12 @@ class Filesystem(GenericFilesystem):
tmpFile = "%s/tmpf%s" % (conf.tmpPath, randomStr(lowercase=True))
debugMsg = "saving hexadecimal encoded content of file '%s' " % rFile
debugMsg = "saving hexadecimal encoded content of file '%s' " % rFile
debugMsg += "into temporary file '%s'" % tmpFile
logger.debug(debugMsg)
inject.goStacked("SELECT HEX(LOAD_FILE('%s')) INTO DUMPFILE '%s'" % (rFile, tmpFile))
debugMsg = "loading the content of hexadecimal encoded file "
debugMsg = "loading the content of hexadecimal encoded file "
debugMsg += "'%s' into support table" % rFile
logger.debug(debugMsg)
inject.goStacked("LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '%s' (%s)" % (tmpFile, self.fileTblName, randomStr(10), self.tblField))
@@ -52,11 +52,11 @@ class Filesystem(GenericFilesystem):
length = inject.getValue("SELECT LENGTH(%s) FROM %s" % (self.tblField, self.fileTblName), sort=False, resumeValue=False, charsetType=2)
if length is None or not length.isdigit() or not len(length) or length in ( "0", "1" ):
errMsg = "unable to retrieve the content of the "
errMsg = "unable to retrieve the content of the "
errMsg += "file '%s'" % rFile
raise sqlmapNoneDataException, errMsg
length = int(length)
length = int(length)
sustrLen = 1024
if length > sustrLen:
@@ -74,12 +74,12 @@ class Filesystem(GenericFilesystem):
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
logger.debug("encoding file to its hexadecimal string value")
fcEncodedList = self.fileEncode(wFile, "hex", True)
fcEncodedStr = fcEncodedList[0]
fcEncodedList = self.fileEncode(wFile, "hex", True)
fcEncodedStr = fcEncodedList[0]
fcEncodedStrLen = len(fcEncodedStr)
if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000:
warnMsg = "the injection is on a GET parameter and the file "
warnMsg = "the injection is on a GET parameter and the file "
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
warnMsg += "bytes, this might cause errors in the file "
warnMsg += "writing process"
@@ -95,7 +95,7 @@ class Filesystem(GenericFilesystem):
self.askCheckWrittenFile(wFile, dFile, fileType)
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
debugMsg = "creating a support table to write the hexadecimal "
debugMsg = "creating a support table to write the hexadecimal "
debugMsg += "encoded file to"
logger.debug(debugMsg)
@@ -104,7 +104,7 @@ class Filesystem(GenericFilesystem):
logger.debug("encoding file to its hexadecimal string value")
fcEncodedList = self.fileEncode(wFile, "hex", False)
debugMsg = "forging SQL statements to write the hexadecimal "
debugMsg = "forging SQL statements to write the hexadecimal "
debugMsg += "encoded file to the support table"
logger.debug(debugMsg)

4
plugins/dbms/mysql/fingerprint.py
View File

@@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
return None
def getFingerprint(self):
value = ""
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
@@ -117,7 +117,7 @@ class Fingerprint(GenericFingerprint):
return value
comVer = self.__commentCheck()
blank = " " * 15
blank = " " * 15
value += "active fingerprint: %s" % actVer
if comVer:

2
plugins/dbms/mysql/syntax.py
View File

@@ -40,7 +40,7 @@ class Syntax(GenericSyntax):
expression = expression.replace(old, "CHAR(%s)" % unescaped)
else:
unescaped = "CHAR("
unescaped = "CHAR("
unescaped += ",".join("%d" % ord(c) for c in expression)
unescaped += ")"

4
plugins/dbms/mysql/takeover.py
View File

@@ -103,8 +103,8 @@ class Takeover(GenericTakeover):
def uncPathRequest(self):
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
query = agent.suffixQuery(query)
query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)
Request.queryPage(payload)

14
plugins/dbms/oracle/enumeration.py
View File

@@ -45,10 +45,10 @@ class Enumeration(GenericEnumeration):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if query2:
query = rootQuery.inband.query2
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
else:
query = rootQuery.inband.query
query = rootQuery.inband.query
condition = rootQuery.inband.condition
if conf.user:
@@ -66,7 +66,7 @@ class Enumeration(GenericEnumeration):
if values:
for value in values:
user = None
user = None
roles = set()
for count in xrange(0, len(value)):
@@ -108,7 +108,7 @@ class Enumeration(GenericEnumeration):
if user in retrievedUsers:
continue
infoMsg = "fetching number of roles "
infoMsg = "fetching number of roles "
infoMsg += "for user '%s'" % user
logger.info(infoMsg)
@@ -130,7 +130,7 @@ class Enumeration(GenericEnumeration):
return self.getPrivileges(query2=True)
warnMsg = "unable to retrieve the number of "
warnMsg = "unable to retrieve the number of "
warnMsg += "roles for user '%s'" % user
logger.warn(warnMsg)
continue
@@ -155,14 +155,14 @@ class Enumeration(GenericEnumeration):
if roles:
kb.data.cachedUsersRoles[user] = list(roles)
else:
warnMsg = "unable to retrieve the roles "
warnMsg = "unable to retrieve the roles "
warnMsg += "for user '%s'" % user
logger.warn(warnMsg)
retrievedUsers.add(user)
if not kb.data.cachedUsersRoles:
errMsg = "unable to retrieve the roles "
errMsg = "unable to retrieve the roles "
errMsg += "for the database users"
raise sqlmapNoneDataException, errMsg

4
plugins/dbms/oracle/filesystem.py
View File

@@ -16,11 +16,11 @@ class Filesystem(GenericFilesystem):
GenericFilesystem.__init__(self)
def readFile(self, rFile):
errMsg = "File system read access not yet implemented for "
errMsg = "File system read access not yet implemented for "
errMsg += "Oracle"
raise sqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
errMsg = "File system write access not yet implemented for "
errMsg = "File system write access not yet implemented for "
errMsg += "Oracle"
raise sqlmapUnsupportedFeatureException, errMsg

8
plugins/dbms/oracle/fingerprint.py
View File

@@ -28,7 +28,7 @@ class Fingerprint(GenericFingerprint):
GenericFingerprint.__init__(self, DBMS.ORACLE)
def getFingerprint(self):
value = ""
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
@@ -46,9 +46,9 @@ class Fingerprint(GenericFingerprint):
value += DBMS.ORACLE
return value
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None

8
plugins/dbms/oracle/takeover.py
View File

@@ -16,21 +16,21 @@ class Takeover(GenericTakeover):
GenericTakeover.__init__(self)
def osCmd(self):
errMsg = "Operating system command execution functionality not "
errMsg = "Operating system command execution functionality not "
errMsg += "yet implemented for Oracle"
raise sqlmapUnsupportedFeatureException, errMsg
def osShell(self):
errMsg = "Operating system shell functionality not yet "
errMsg = "Operating system shell functionality not yet "
errMsg += "implemented for Oracle"
raise sqlmapUnsupportedFeatureException, errMsg
def osPwn(self):
errMsg = "Operating system out-of-band control functionality "
errMsg = "Operating system out-of-band control functionality "
errMsg += "not yet implemented for Oracle"
raise sqlmapUnsupportedFeatureException, errMsg
def osSmb(self):
errMsg = "One click operating system out-of-band control "
errMsg = "One click operating system out-of-band control "
errMsg += "functionality not yet implemented for Oracle"
raise sqlmapUnsupportedFeatureException, errMsg

14
plugins/dbms/postgresql/__init__.py
View File

@@ -25,13 +25,13 @@ class PostgreSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous,
def __init__(self):
self.excludeDbsList = PGSQL_SYSTEM_DBS
self.sysUdfs = {
# UDF name: UDF parameters' input data-type and return data-type
"sys_exec": { "input": [ "text" ], "return": "int4" },
"sys_eval": { "input": [ "text" ], "return": "text" },
"sys_bineval": { "input": [ "text" ], "return": "int4" },
"sys_fileread": { "input": [ "text" ], "return": "text" }
}
self.sysUdfs = {
# UDF name: UDF parameters' input data-type and return data-type
"sys_exec": { "input": [ "text" ], "return": "int4" },
"sys_eval": { "input": [ "text" ], "return": "text" },
"sys_bineval": { "input": [ "text" ], "return": "int4" },
"sys_fileread": { "input": [ "text" ], "return": "text" }
}
Syntax.__init__(self)
Fingerprint.__init__(self)

16
plugins/dbms/postgresql/filesystem.py
View File

@@ -24,7 +24,7 @@ class Filesystem(GenericFilesystem):
GenericFilesystem.__init__(self)
def unionReadFile(self, rFile):
errMsg = "PostgreSQL does not support file reading with UNION "
errMsg = "PostgreSQL does not support file reading with UNION "
errMsg += "query SQL injection technique"
raise sqlmapUnsupportedFeatureException, errMsg
@@ -37,7 +37,7 @@ class Filesystem(GenericFilesystem):
return self.udfEvalCmd(cmd="'%s'" % rFile, udfName="sys_fileread")
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
errMsg = "PostgreSQL does not support file upload with UNION "
errMsg = "PostgreSQL does not support file upload with UNION "
errMsg += "query SQL injection technique"
raise sqlmapUnsupportedFeatureException, errMsg
@@ -45,13 +45,13 @@ class Filesystem(GenericFilesystem):
wFileSize = os.path.getsize(wFile)
if wFileSize > 8192:
errMsg = "on PostgreSQL it is not possible to write files "
errMsg = "on PostgreSQL it is not possible to write files "
errMsg += "bigger than 8192 bytes at the moment"
raise sqlmapUnsupportedFeatureException, errMsg
self.oid = randomInt()
debugMsg = "creating a support table to write the base64 "
debugMsg = "creating a support table to write the base64 "
debugMsg += "encoded file to"
logger.debug(debugMsg)
@@ -60,7 +60,7 @@ class Filesystem(GenericFilesystem):
logger.debug("encoding file to its base64 string value")
fcEncodedList = self.fileEncode(wFile, "base64", False)
debugMsg = "forging SQL statements to write the base64 "
debugMsg = "forging SQL statements to write the base64 "
debugMsg += "encoded file to the support table"
logger.debug(debugMsg)
@@ -71,7 +71,7 @@ class Filesystem(GenericFilesystem):
for sqlQuery in sqlQueries:
inject.goStacked(sqlQuery)
debugMsg = "create a new OID for a large object, it implicitly "
debugMsg = "create a new OID for a large object, it implicitly "
debugMsg += "adds an entry in the large objects system table"
logger.debug(debugMsg)
@@ -81,7 +81,7 @@ class Filesystem(GenericFilesystem):
inject.goStacked("SELECT lo_unlink(%d)" % self.oid)
inject.goStacked("SELECT lo_create(%d)" % self.oid)
debugMsg = "updating the system large objects table assigning to "
debugMsg = "updating the system large objects table assigning to "
debugMsg += "the just created OID the binary (base64 decoded) UDF "
debugMsg += "as data"
logger.debug(debugMsg)
@@ -110,7 +110,7 @@ class Filesystem(GenericFilesystem):
else:
inject.goStacked("UPDATE pg_largeobject SET data=(DECODE((SELECT %s FROM %s), 'base64')) WHERE loid=%d" % (self.tblField, self.fileTblName, self.oid))
debugMsg = "exporting the OID %s file content to " % fileType
debugMsg = "exporting the OID %s file content to " % fileType
debugMsg += "file '%s'" % dFile
logger.debug(debugMsg)

10
plugins/dbms/postgresql/fingerprint.py
View File

@@ -32,7 +32,7 @@ class Fingerprint(GenericFingerprint):
GenericFingerprint.__init__(self, DBMS.PGSQL)
def getFingerprint(self):
value = ""
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
@@ -50,9 +50,9 @@ class Fingerprint(GenericFingerprint):
value += DBMS.PGSQL
return value
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
actVer = Format.getDbms()
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
@@ -183,7 +183,7 @@ class Fingerprint(GenericFingerprint):
if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
conf.db = "public"
warnMsg = "on %s it is only possible to enumerate " % DBMS.PGSQL
warnMsg = "on %s it is only possible to enumerate " % DBMS.PGSQL
warnMsg += "on the current schema and on system databases, "
warnMsg += "sqlmap is going to use 'public' schema as "
warnMsg += "database name"

2
plugins/dbms/sqlite/connector.py
View File

@@ -55,7 +55,7 @@ class Connector(GenericConnector):
try:
import sqlite
except ImportError, _:
errMsg = "sqlmap requires 'python-sqlite2' third-party library "
errMsg = "sqlmap requires 'python-sqlite2' third-party library "
errMsg += "in order to directly connect to the database '%s'" % self.db
raise sqlmapMissingDependence, errMsg

4
plugins/dbms/sqlite/fingerprint.py
View File

@@ -27,7 +27,7 @@ class Fingerprint(GenericFingerprint):
GenericFingerprint.__init__(self, DBMS.SQLITE)
def getFingerprint(self):
value = ""
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
@@ -46,7 +46,7 @@ class Fingerprint(GenericFingerprint):
return value
actVer = Format.getDbms()
blank = " " * 15
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:

4
plugins/dbms/sqlite/takeover.py
View File

@@ -24,11 +24,11 @@ class Takeover(GenericTakeover):
raise sqlmapUnsupportedFeatureException, errMsg
def osPwn(self):
errMsg = "on SQLite it is not possible to establish an "
errMsg = "on SQLite it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg
def osSmb(self):
errMsg = "on SQLite it is not possible to establish an "
errMsg = "on SQLite it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg

2
plugins/dbms/sybase/enumeration.py
View File

@@ -60,7 +60,7 @@ class Enumeration(GenericEnumeration):
self.forceDbmsEnum()
if not conf.db:
warnMsg = "missing database parameter, sqlmap is going to "
warnMsg = "missing database parameter, sqlmap is going to "
warnMsg += "use the current database to enumerate table "
warnMsg += "'%s' columns" % conf.tbl
logger.warn(warnMsg)

4
plugins/dbms/sybase/fingerprint.py
View File

@@ -28,7 +28,7 @@ class Fingerprint(GenericFingerprint):
GenericFingerprint.__init__(self, DBMS.SYBASE)
def getFingerprint(self):
value = ""
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp:
@@ -47,7 +47,7 @@ class Fingerprint(GenericFingerprint):
return value
actVer = Format.getDbms()
blank = " " * 15
blank = " " * 15
value += "active fingerprint: %s" % actVer
if kb.bannerFp:

4
plugins/dbms/sybase/takeover.py
View File

@@ -24,11 +24,11 @@ class Takeover(GenericTakeover):
raise sqlmapUnsupportedFeatureException, errMsg
def osPwn(self):
errMsg = "on Sybase it is not possible to establish an "
errMsg = "on Sybase it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg
def osSmb(self):
errMsg = "on Sybase it is not possible to establish an "
errMsg = "on Sybase it is not possible to establish an "
errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg

8
plugins/generic/connector.py
View File

@@ -60,21 +60,21 @@ class Connector:
raise sqlmapFilePathException, errMsg
def connect(self):
errMsg = "'connect' method must be defined "
errMsg = "'connect' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def fetchall(self):
errMsg = "'fetchall' method must be defined "
errMsg = "'fetchall' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def execute(self, query):
errMsg = "'execute' method must be defined "
errMsg = "'execute' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def select(self, query):
errMsg = "'select' method must be defined "
errMsg = "'select' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg

116
plugins/generic/enumeration.py
View File

@@ -75,20 +75,20 @@ class Enumeration:
def __init__(self):
kb.data.has_information_schema = False
kb.data.banner = None
kb.data.currentUser = ""
kb.data.currentDb = ""
kb.data.cachedUsers = []
kb.data.cachedUsersPasswords = {}
kb.data.cachedUsersPrivileges = {}
kb.data.cachedUsersRoles = {}
kb.data.cachedDbs = []
kb.data.cachedTables = {}
kb.data.cachedColumns = {}
kb.data.cachedCounts = {}
kb.data.dumpedTable = {}
kb.data.processChar = None
self.alwaysRetrieveSqlOutput = False
kb.data.banner = None
kb.data.currentUser = ""
kb.data.currentDb = ""
kb.data.cachedUsers = []
kb.data.cachedUsersPasswords = {}
kb.data.cachedUsersPrivileges = {}
kb.data.cachedUsersRoles = {}
kb.data.cachedDbs = []
kb.data.cachedTables = {}
kb.data.cachedColumns = {}
kb.data.cachedCounts = {}
kb.data.dumpedTable = {}
kb.data.processChar = None
self.alwaysRetrieveSqlOutput = False
def getBanner(self):
if not conf.getBanner:
@@ -164,7 +164,7 @@ class Enumeration:
rootQuery = queries[Backend.getIdentifiedDbms()].users
condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) )
condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) )
condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema )
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
@@ -319,7 +319,7 @@ class Enumeration:
if not user or user in retrievedUsers:
continue
infoMsg = "fetching number of password hashes "
infoMsg = "fetching number of password hashes "
infoMsg += "for user '%s'" % user
logger.info(infoMsg)
@@ -330,7 +330,7 @@ class Enumeration:
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
warnMsg = "unable to retrieve the number of password "
warnMsg = "unable to retrieve the number of password "
warnMsg += "hashes for user '%s'" % user
logger.warn(warnMsg)
continue
@@ -338,7 +338,7 @@ class Enumeration:
infoMsg = "fetching password hashes for user '%s'" % user
logger.info(infoMsg)
passwords = []
passwords = []
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
plusOne = True
@@ -361,14 +361,14 @@ class Enumeration:
if passwords:
kb.data.cachedUsersPasswords[user] = passwords
else:
warnMsg = "unable to retrieve the password "
warnMsg = "unable to retrieve the password "
warnMsg += "hashes for user '%s'" % user
logger.warn(warnMsg)
retrievedUsers.add(user)
if not kb.data.cachedUsersPasswords:
errMsg = "unable to retrieve the password "
errMsg = "unable to retrieve the password "
errMsg += "hashes for the database users"
raise sqlmapNoneDataException, errMsg
@@ -387,7 +387,7 @@ class Enumeration:
def __isAdminFromPrivileges(self, privileges):
# In PostgreSQL the usesuper privilege means that the
# user is DBA
dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges )
# In Oracle the DBA privilege means that the
# user is DBA
@@ -424,13 +424,13 @@ class Enumeration:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
query = rootQuery.inband.query2
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2:
query = rootQuery.inband.query2
query = rootQuery.inband.query2
condition = rootQuery.inband.condition2
else:
query = rootQuery.inband.query
query = rootQuery.inband.query
condition = rootQuery.inband.condition
if conf.user:
@@ -454,7 +454,7 @@ class Enumeration:
if values:
for value in values:
user = None
user = None
privileges = set()
for count in xrange(0, len(value)):
@@ -528,7 +528,7 @@ class Enumeration:
if not user or user in retrievedUsers:
continue
infoMsg = "fetching number of privileges "
infoMsg = "fetching number of privileges "
infoMsg += "for user '%s'" % user
logger.info(infoMsg)
@@ -554,7 +554,7 @@ class Enumeration:
return self.getPrivileges(query2=True)
warnMsg = "unable to retrieve the number of "
warnMsg = "unable to retrieve the number of "
warnMsg += "privileges for user '%s'" % user
logger.warn(warnMsg)
continue
@@ -634,21 +634,21 @@ class Enumeration:
if privileges:
kb.data.cachedUsersPrivileges[user] = list(privileges)
else:
warnMsg = "unable to retrieve the privileges "
warnMsg = "unable to retrieve the privileges "
warnMsg += "for user '%s'" % user
logger.warn(warnMsg)
retrievedUsers.add(user)
if not kb.data.cachedUsersPrivileges:
errMsg = "unable to retrieve the privileges "
errMsg = "unable to retrieve the privileges "
errMsg += "for the database users"
raise sqlmapNoneDataException, errMsg
return ( kb.data.cachedUsersPrivileges, areAdmins )
def getRoles(self, query2=False):
warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms()
warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms()
warnMsg += "exist. sqlmap will enumerate privileges instead"
logger.warn(warnMsg)
@@ -656,13 +656,13 @@ class Enumeration:
def getDbs(self):
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
warnMsg = "information_schema not available, "
warnMsg = "information_schema not available, "
warnMsg += "back-end DBMS is MySQL < 5. database "
warnMsg += "names will be fetched from 'mysql' database"
logger.warn(warnMsg)
if Backend.getIdentifiedDbms() == DBMS.ORACLE:
warnMsg = "schema names are going to be used on Oracle "
warnMsg = "schema names are going to be used on Oracle "
warnMsg += "for enumeration as the counterpart to database "
warnMsg += "names on other DBMSes"
logger.warn(warnMsg)
@@ -735,7 +735,7 @@ class Enumeration:
if bruteForce is None:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
@@ -747,7 +747,7 @@ class Enumeration:
tables = None
if not tables:
errMsg = "cannot retrieve table names, "
errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
bruteForce = True
@@ -854,7 +854,7 @@ class Enumeration:
continue
infoMsg = "fetching number of tables for "
infoMsg = "fetching number of tables for "
infoMsg += "database '%s'" % db
logger.info(infoMsg)
@@ -865,7 +865,7 @@ class Enumeration:
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
warnMsg = "unable to retrieve the number of "
warnMsg = "unable to retrieve the number of "
warnMsg += "tables for database '%s'" % db
logger.warn(warnMsg)
continue
@@ -896,7 +896,7 @@ class Enumeration:
if tables:
kb.data.cachedTables[db] = tables
else:
warnMsg = "unable to retrieve the tables "
warnMsg = "unable to retrieve the tables "
warnMsg += "for database '%s'" % db
logger.warn(warnMsg)
@@ -940,13 +940,13 @@ class Enumeration:
return self.getSchema()
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg)
bruteForce = True
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve column names, "
errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
bruteForce = True
@@ -1043,7 +1043,7 @@ class Enumeration:
kb.data.cachedColumns[conf.db] = table
if not kb.data.cachedColumns and not conf.direct:
infoMsg = "fetching number of columns "
infoMsg = "fetching number of columns "
infoMsg += "for table '%s'" % conf.tbl
infoMsg += " on database '%s'" % conf.db
logger.info(infoMsg)
@@ -1074,12 +1074,12 @@ class Enumeration:
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
errMsg = "unable to retrieve the number of columns "
errMsg = "unable to retrieve the number of columns "
errMsg += "for table '%s' " % conf.tbl
errMsg += "on database '%s'" % conf.db
raise sqlmapNoneDataException, errMsg
table = {}
table = {}
columns = {}
indexRange = getRange(count)
@@ -1355,7 +1355,7 @@ class Enumeration:
self.forceDbmsEnum()
if not conf.db:
warnMsg = "missing database parameter, sqlmap is going to "
warnMsg = "missing database parameter, sqlmap is going to "
warnMsg += "use the current database to dump table "
warnMsg += "'%s' entries" % conf.tbl
logger.warn(warnMsg)
@@ -1383,7 +1383,7 @@ class Enumeration:
elif kb.data.cachedColumns and conf.db in kb.data.cachedColumns and conf.tbl in kb.data.cachedColumns[conf.db]:
colList = kb.data.cachedColumns[conf.db][conf.tbl].keys()
else:
errMsg = "missing column names, "
errMsg = "missing column names, "
errMsg += "can't dump table"
raise sqlmapNoneDataException, errMsg
@@ -1447,7 +1447,7 @@ class Enumeration:
entries = [ entries ]
entriesCount = len(entries)
index = 0
index = 0
for column in colList:
colLen = len(column)
@@ -1591,7 +1591,7 @@ class Enumeration:
def dumpAll(self):
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg
@@ -1603,9 +1603,9 @@ class Enumeration:
infoMsg += "dump all entries of this database's tables only. "
logger.info(infoMsg)
conf.tbl = None
conf.col = None
kb.data.cachedDbs = []
conf.tbl = None
conf.col = None
kb.data.cachedDbs = []
kb.data.cachedTables = self.getTables()
if kb.data.cachedTables:
@@ -1763,7 +1763,7 @@ class Enumeration:
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
warnMsg = "no database"
warnMsg = "no database"
if dbConsider == "1":
warnMsg += "s like"
warnMsg += " '%s' found" % unsafeSQLIdentificatorNaming(db)
@@ -1792,12 +1792,12 @@ class Enumeration:
bruteForce = False
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
bruteForce = True
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve table names, "
errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
bruteForce = True
@@ -1878,7 +1878,7 @@ class Enumeration:
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
warnMsg = "no databases have table"
warnMsg = "no databases have table"
if tblConsider == "1":
warnMsg += "s like"
warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(tbl)
@@ -1947,12 +1947,12 @@ class Enumeration:
bruteForce = False
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
bruteForce = True
elif Backend.getIdentifiedDbms() == DBMS.ACCESS:
errMsg = "cannot retrieve column names, "
errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access"
logger.error(errMsg)
bruteForce = True
@@ -2059,7 +2059,7 @@ class Enumeration:
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count):
warnMsg = "no databases have tables containing column"
warnMsg = "no databases have tables containing column"
if colConsider == "1":
warnMsg += "s like"
warnMsg += " '%s'" % column
@@ -2186,7 +2186,7 @@ class Enumeration:
return output
else:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
warnMsg = "execution of custom SQL queries is only "
warnMsg = "execution of custom SQL queries is only "
warnMsg += "available when stacked queries are supported"
logger.warn(warnMsg)
return None
@@ -2207,7 +2207,7 @@ class Enumeration:
return output
def sqlShell(self):
infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()
infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms()
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)

50
plugins/generic/filesystem.py
View File

@@ -32,7 +32,7 @@ class Filesystem:
def __init__(self):
self.fileTblName = "sqlmapfile"
self.tblField = "data"
self.tblField = "data"
def __unbase64String(self, base64Str):
unbase64Str = "%s\n" % base64Str.decode("base64")
@@ -41,7 +41,7 @@ class Filesystem:
def __unhexString(self, hexStr):
if len(hexStr) % 2 != 0:
errMsg = "for some reason(s) sqlmap retrieved an odd-length "
errMsg = "for some reason(s) sqlmap retrieved an odd-length "
errMsg += "hexadecimal string which it is not able to convert "
errMsg += "to raw string"
logger.error(errMsg)
@@ -63,9 +63,9 @@ class Filesystem:
"""
fileLines = []
fileSize = len(binaryData)
lineAddr = 0x100
lineLen = 20
fileSize = len(binaryData)
lineAddr = 0x100
lineLen = 20
fileLines.append("n %s" % chunkName)
fileLines.append("rcx")
@@ -79,7 +79,7 @@ class Filesystem:
strLineChar = binascii.hexlify(lineChar)
if not scrString:
scrString = "e %x %s" % (lineAddr, strLineChar)
scrString = "e %x %s" % (lineAddr, strLineChar)
else:
scrString += " %s" % strLineChar
@@ -113,7 +113,7 @@ class Filesystem:
dFileSize = inject.getValue(lengthQuery, resumeValue=False, charsetType=2)
if dFileSize and dFileSize.isdigit():
infoMsg = "the file has been successfully written and "
infoMsg = "the file has been successfully written and "
infoMsg += "its size is %s bytes" % dFileSize
dFileSize = long(dFileSize)
@@ -126,7 +126,7 @@ class Filesystem:
logger.info(infoMsg)
else:
warnMsg = "it looks like the file has not been written, this "
warnMsg = "it looks like the file has not been written, this "
warnMsg += "can occur if the DBMS process' user has no write "
warnMsg += "privileges in the destination path"
logger.warn(warnMsg)
@@ -137,7 +137,7 @@ class Filesystem:
back-end DBMS underlying file system
"""
counter = 0
counter = 0
sqlQueries = []
for fcEncodedLine in fcEncodedList:
@@ -194,23 +194,23 @@ class Filesystem:
back-end DBMS underlying file system
"""
randScr = "tmpf%s.scr" % randomStr(lowercase=True)
chunkName = randomStr(lowercase=True)
fileScrLines = self.__binDataToScr(binaryData, chunkName)
randScr = "tmpf%s.scr" % randomStr(lowercase=True)
chunkName = randomStr(lowercase=True)
fileScrLines = self.__binDataToScr(binaryData, chunkName)
forgedScrLines = []
cmd = ""
charCounter = 0
maxLen = 512
cmd = ""
charCounter = 0
maxLen = 512
logger.debug("generating binary file %s\%s, please wait.." % (tmpPath, chunkName))
for scrLine in fileScrLines:
forgedScrLine = "echo %s " % scrLine
forgedScrLine = "echo %s " % scrLine
forgedScrLine += ">> \"%s\%s\"" % (tmpPath, randScr)
forgedScrLines.append(forgedScrLine)
for forgedScrLine in forgedScrLines:
cmd += "%s & " % forgedScrLine
cmd += "%s & " % forgedScrLine
charCounter += len(forgedScrLine)
if charCounter >= maxLen:
@@ -230,31 +230,31 @@ class Filesystem:
return chunkName
def askCheckWrittenFile(self, wFile, dFile, fileType):
message = "do you want confirmation that the file '%s' " % dFile
message = "do you want confirmation that the file '%s' " % dFile
message += "has been successfully written on the back-end DBMS "
message += "file system? [Y/n] "
output = readInput(message, default="Y")
output = readInput(message, default="Y")
if not output or output in ("y", "Y"):
self.__checkWrittenFile(wFile, dFile, fileType)
def unionReadFile(self, rFile):
errMsg = "'unionReadFile' method must be defined "
errMsg = "'unionReadFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def stackedReadFile(self, rFile):
errMsg = "'stackedReadFile' method must be defined "
errMsg = "'stackedReadFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def unionWriteFile(self, wFile, dFile, fileType, confirm=True):
errMsg = "'unionWriteFile' method must be defined "
errMsg = "'unionWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def stackedWriteFile(self, wFile, dFile, fileType, confirm=True):
errMsg = "'stackedWriteFile' method must be defined "
errMsg = "'stackedWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
@@ -265,7 +265,7 @@ class Filesystem:
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
debugMsg = "going to read the file with stacked query SQL "
debugMsg = "going to read the file with stacked query SQL "
debugMsg += "injection technique"
logger.debug(debugMsg)
@@ -312,7 +312,7 @@ class Filesystem:
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
debugMsg = "going to upload the %s file with " % fileType
debugMsg = "going to upload the %s file with " % fileType
debugMsg += "stacked query SQL injection technique"
logger.debug(debugMsg)

6
plugins/generic/fingerprint.py
View File

@@ -23,17 +23,17 @@ class Fingerprint:
Backend.forceDbms(dbms)
def getFingerprint(self):
errMsg = "'getFingerprint' method must be defined "
errMsg = "'getFingerprint' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def checkDbms(self):
errMsg = "'checkDbms' method must be defined "
errMsg = "'checkDbms' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
def checkDbmsOs(self, detailed=False):
errMsg = "'checkDbmsOs' method must be defined "
errMsg = "'checkDbmsOs' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg

4
plugins/generic/misc.py
View File

@@ -130,13 +130,13 @@ class Miscellaneous:
for udf, inpRet in udfDict.items():
message = "do you want to remove UDF '%s'? [Y/n] " % udf
output = readInput(message, default="Y")
output = readInput(message, default="Y")
if not output or output in ("y", "Y"):
dropStr = "DROP FUNCTION %s" % udf
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
inp = ", ".join(i for i in inpRet["input"])
inp = ", ".join(i for i in inpRet["input"])
dropStr += "(%s)" % inp
logger.debug("removing UDF '%s'" % udf)

4
plugins/generic/syntax.py
View File

@@ -19,12 +19,12 @@ class Syntax:
@staticmethod
def unescape(expression, quote=True):
errMsg = "'unescape' method must be defined "
errMsg = "'unescape' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
@staticmethod
def escape(expression):
errMsg = "'escape' method must be defined "
errMsg = "'escape' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg

64
plugins/generic/takeover.py
View File

@@ -52,7 +52,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
web = True
else:
errMsg = "unable to execute operating system commands via "
errMsg = "unable to execute operating system commands via "
errMsg += "the back-end DBMS"
raise sqlmapNotVulnerableException(errMsg)
@@ -73,7 +73,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
web = True
else:
errMsg = "unable to prompt for an interactive operating "
errMsg = "unable to prompt for an interactive operating "
errMsg += "system shell via the back-end DBMS because "
errMsg += "stacked queries SQL injection is not supported"
raise sqlmapNotVulnerableException(errMsg)
@@ -91,7 +91,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.checkDbmsOs()
msg = "how do you want to establish the tunnel?"
msg = "how do you want to establish the tunnel?"
msg += "\n[1] TCP: Metasploit Framework (default)"
if Backend.isOs(OS.WINDOWS):
@@ -129,7 +129,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
isAdmin = runningAsAdmin()
if isAdmin is not True:
errMsg = "you need to run sqlmap as an administrator "
errMsg = "you need to run sqlmap as an administrator "
errMsg += "if you want to establish an out-of-band ICMP "
errMsg += "tunnel because icmpsh uses raw sockets to "
errMsg += "sniff and craft ICMP packets"
@@ -139,7 +139,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
from impacket import ImpactDecoder
from impacket import ImpactPacket
except ImportError, _:
errMsg = "sqlmap requires 'impacket' third-party library "
errMsg = "sqlmap requires 'impacket' third-party library "
errMsg += "in order to run icmpsh master. Download from "
errMsg += "http://oss.coresecurity.com/projects/impacket.html"
raise sqlmapMissingDependence, errMsg
@@ -170,7 +170,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if tunnel == 1:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
msg = "how do you want to execute the Metasploit shellcode "
msg = "how do you want to execute the Metasploit shellcode "
msg += "on the back-end database underlying operating system?"
msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)"
msg += "\n[2] Via shellcodeexec (file system way)"
@@ -202,7 +202,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if Backend.isOs(OS.WINDOWS) and conf.privEsc:
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, no need to privilege escalate"
logger.debug(debugMsg)
@@ -211,7 +211,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
# system is not Windows
conf.privEsc = False
warnMsg = "sqlmap does not implement any operating system "
warnMsg = "sqlmap does not implement any operating system "
warnMsg += "user privilege escalation technique when the "
warnMsg += "back-end DBMS underlying system is not Windows"
logger.warn(warnMsg)
@@ -233,7 +233,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
# system is not Windows
conf.privEsc = False
warnMsg = "sqlmap does not implement any operating system "
warnMsg = "sqlmap does not implement any operating system "
warnMsg += "user privilege escalation technique when the "
warnMsg += "back-end DBMS underlying system is not Windows"
logger.warn(warnMsg)
@@ -262,26 +262,26 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.checkDbmsOs()
if not Backend.isOs(OS.WINDOWS):
errMsg = "the back-end DBMS underlying operating system is "
errMsg = "the back-end DBMS underlying operating system is "
errMsg += "not Windows: it is not possible to perform the SMB "
errMsg += "relay attack"
raise sqlmapUnsupportedDBMSException(errMsg)
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
if Backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ):
errMsg = "on this back-end DBMS it is only possible to "
errMsg = "on this back-end DBMS it is only possible to "
errMsg += "perform the SMB relay attack if stacked "
errMsg += "queries are supported"
raise sqlmapUnsupportedDBMSException(errMsg)
elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
debugMsg = "since stacked queries are not supported, "
debugMsg = "since stacked queries are not supported, "
debugMsg += "sqlmap is going to perform the SMB relay "
debugMsg += "attack via inference blind SQL injection"
logger.debug(debugMsg)
printWarn = True
warnMsg = "it is unlikely that this attack will be successful "
warnMsg = "it is unlikely that this attack will be successful "
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
warnMsg += "because by default MySQL on Windows runs as "
@@ -313,13 +313,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
return
if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")):
errMsg = "the back-end DBMS must be Microsoft SQL Server "
errMsg = "the back-end DBMS must be Microsoft SQL Server "
errMsg += "2000 or 2005 to be able to exploit the heap-based "
errMsg += "buffer overflow in the 'sp_replwritetovarbin' "
errMsg += "stored procedure (MS09-004)"
raise sqlmapUnsupportedDBMSException(errMsg)
infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion()
infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion()
infoMsg += "'sp_replwritetovarbin' stored procedure heap-based "
infoMsg += "buffer overflow (MS09-004)"
logger.info(infoMsg)
@@ -330,7 +330,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.bof()
def uncPathRequest(self):
errMsg = "'uncPathRequest' method must be defined "
errMsg = "'uncPathRequest' method must be defined "
errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg
@@ -341,7 +341,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.checkDbmsOs()
if not Backend.isOs(OS.WINDOWS):
errMsg = "the back-end DBMS underlying operating system is "
errMsg = "the back-end DBMS underlying operating system is "
errMsg += "not Windows"
raise sqlmapUnsupportedDBMSException(errMsg)
@@ -353,15 +353,15 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if not conf.regKey:
default = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
msg = "which registry key do you want to read? [%s] " % default
regKey = readInput(msg, default=default)
msg = "which registry key do you want to read? [%s] " % default
regKey = readInput(msg, default=default)
else:
regKey = conf.regKey
if not conf.regVal:
default = "ProductName"
msg = "which registry key value do you want to read? [%s] " % default
regVal = readInput(msg, default=default)
msg = "which registry key value do you want to read? [%s] " % default
regVal = readInput(msg, default=default)
else:
regVal = conf.regVal
@@ -376,7 +376,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg = "missing mandatory option"
if not conf.regKey:
msg = "which registry key do you want to write? "
msg = "which registry key do you want to write? "
regKey = readInput(msg)
if not regKey:
@@ -385,7 +385,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
regKey = conf.regKey
if not conf.regVal:
msg = "which registry key value do you want to write? "
msg = "which registry key value do you want to write? "
regVal = readInput(msg)
if not regVal:
@@ -394,7 +394,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
regVal = conf.regVal
if not conf.regData:
msg = "which registry key value data do you want to write? "
msg = "which registry key value data do you want to write? "
regData = readInput(msg)
if not regData:
@@ -404,13 +404,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if not conf.regType:
default = "REG_SZ"
msg = "which registry key value data-type is it? "
msg += "[%s] " % default
msg = "which registry key value data-type is it? "
msg += "[%s] " % default
regType = readInput(msg, default=default)
else:
regType = conf.regType
infoMsg = "adding Windows registry path '%s\%s' " % (regKey, regVal)
infoMsg = "adding Windows registry path '%s\%s' " % (regKey, regVal)
infoMsg += "with data '%s'. " % regData
infoMsg += "This will work only if the user running the database "
infoMsg += "process has privileges to modify the Windows registry."
@@ -424,7 +424,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg = "missing mandatory option"
if not conf.regKey:
msg = "which registry key do you want to delete? "
msg = "which registry key do you want to delete? "
regKey = readInput(msg)
if not regKey:
@@ -433,7 +433,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
regKey = conf.regKey
if not conf.regVal:
msg = "which registry key value do you want to delete? "
msg = "which registry key value do you want to delete? "
regVal = readInput(msg)
if not regVal:
@@ -441,14 +441,14 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
else:
regVal = conf.regVal
message = "are you sure that you want to delete the Windows "
message = "are you sure that you want to delete the Windows "
message += "registry path '%s\%s? [y/N] " % (regKey, regVal)
output = readInput(message, default="N")
output = readInput(message, default="N")
if output and output[0] not in ( "Y", "y" ):
return
infoMsg = "deleting Windows registry path '%s\%s'. " % (regKey, regVal)
infoMsg = "deleting Windows registry path '%s\%s'. " % (regKey, regVal)
infoMsg += "This will work only if the user running the database "
infoMsg += "process has privileges to modify the Windows registry."
logger.info(infoMsg)