mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-09 22:21:30 +00:00
Minor enhancement to fingerprint the back-end DBMS operating system (type,
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.
Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
comment injection fingerprint: MySQL 5.0.67
banner parsing fingerprint: MySQL 5.0.67
html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
This commit is contained in:
Bernardo Damele
@@ -28,14 +28,14 @@ import time
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import formatFingerprint
|
||||
from lib.core.common import formatDBMSfp
|
||||
from lib.core.common import formatOSfp
|
||||
from lib.core.common import getHtmlErrorFp
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import paths
|
||||
from lib.core.data import queries
|
||||
from lib.core.exception import sqlmapNoneDataException
|
||||
from lib.core.exception import sqlmapSyntaxException
|
||||
@@ -124,16 +124,21 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
|
||||
|
||||
def getFingerprint(self):
|
||||
actVer = formatFingerprint()
|
||||
actVer = formatDBMSfp()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
return actVer
|
||||
|
||||
blank = " " * 16
|
||||
value = "active fingerprint: %s" % actVer
|
||||
blank = " " * 16
|
||||
formatInfo = None
|
||||
value = "active fingerprint: %s" % actVer
|
||||
|
||||
if self.banner:
|
||||
release, version, servicepack = bannerParser(self.banner, paths.MSSQL_XML)
|
||||
info = bannerParser(self.banner)
|
||||
release = info["dbmsRelease"]
|
||||
version = info["dbmsVersion"]
|
||||
servicepack = info["dbmsServicePack"]
|
||||
formatInfo = formatOSfp(info)
|
||||
|
||||
if release and version and servicepack:
|
||||
banVer = "Microsoft SQL Server %s " % release
|
||||
@@ -148,6 +153,9 @@ class MSSQLServerMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
if htmlParsed:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlParsed)
|
||||
|
||||
if formatInfo:
|
||||
value += "\n%s" % formatInfo
|
||||
|
||||
return value
|
||||
|
||||
|
||||
|
||||
@@ -28,7 +28,8 @@ import re
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import fileToStr
|
||||
from lib.core.common import formatFingerprint
|
||||
from lib.core.common import formatDBMSfp
|
||||
from lib.core.common import formatOSfp
|
||||
from lib.core.common import getDirectories
|
||||
from lib.core.common import getHtmlErrorFp
|
||||
from lib.core.common import randomInt
|
||||
@@ -43,6 +44,7 @@ from lib.core.settings import MYSQL_ALIASES
|
||||
from lib.core.settings import MYSQL_SYSTEM_DBS
|
||||
from lib.core.shell import autoCompletion
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.parse.banner import bannerParser
|
||||
from lib.request import inject
|
||||
from lib.request.connect import Connect as Request
|
||||
#from lib.utils.fuzzer import passiveFuzzing
|
||||
@@ -180,26 +182,28 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
|
||||
|
||||
def getFingerprint(self):
|
||||
actVer = formatFingerprint()
|
||||
actVer = formatDBMSfp()
|
||||
|
||||
if not conf.extensiveFp:
|
||||
return actVer
|
||||
|
||||
blank = " " * 16
|
||||
value = "active fingerprint: %s" % actVer
|
||||
comVer = self.__commentCheck()
|
||||
comVer = self.__commentCheck()
|
||||
blank = " " * 16
|
||||
formatInfo = None
|
||||
value = "active fingerprint: %s" % actVer
|
||||
|
||||
if comVer:
|
||||
comVer = formatFingerprint([comVer])
|
||||
comVer = formatDBMSfp([comVer])
|
||||
value += "\n%scomment injection fingerprint: %s" % (blank, comVer)
|
||||
|
||||
if self.banner:
|
||||
banVer = re.search("^([\d\.]+)", self.banner)
|
||||
banVer = banVer.groups()[0]
|
||||
info = bannerParser(self.banner)
|
||||
formatInfo = formatOSfp(info)
|
||||
|
||||
banVer = info['version']
|
||||
if re.search("-log$", self.banner):
|
||||
banVer += ", logging enabled"
|
||||
banVer = formatFingerprint([banVer])
|
||||
|
||||
banVer = formatDBMSfp([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
#passiveFuzzing()
|
||||
@@ -208,6 +212,9 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
if htmlParsed:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlParsed)
|
||||
|
||||
if formatInfo:
|
||||
value += "\n%s" % formatInfo
|
||||
|
||||
return value
|
||||
|
||||
|
||||
|
||||
@@ -26,7 +26,8 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.common import formatFingerprint
|
||||
from lib.core.common import formatDBMSfp
|
||||
from lib.core.common import formatOSfp
|
||||
from lib.core.common import getHtmlErrorFp
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
@@ -36,6 +37,7 @@ from lib.core.session import setDbms
|
||||
from lib.core.settings import ORACLE_ALIASES
|
||||
from lib.core.settings import ORACLE_SYSTEM_DBS
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.parse.banner import bannerParser
|
||||
from lib.request import inject
|
||||
#from lib.utils.fuzzer import passiveFuzzing
|
||||
|
||||
@@ -119,19 +121,19 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
if not conf.extensiveFp:
|
||||
return "Oracle"
|
||||
|
||||
actVer = formatFingerprint()
|
||||
actVer = formatDBMSfp()
|
||||
|
||||
blank = " " * 16
|
||||
value = "active fingerprint: %s" % actVer
|
||||
blank = " " * 16
|
||||
formatInfo = None
|
||||
value = "active fingerprint: %s" % actVer
|
||||
|
||||
if self.banner:
|
||||
banVer = re.search("^Oracle .*Release ([\d\.]+) ", self.banner)
|
||||
info = bannerParser(self.banner)
|
||||
formatInfo = formatOSfp(info)
|
||||
|
||||
if banVer:
|
||||
banVer = banVer.groups()[0]
|
||||
banVer = formatFingerprint([banVer])
|
||||
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
banVer = info['version']
|
||||
banVer = formatDBMSfp([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
#passiveFuzzing()
|
||||
htmlParsed = getHtmlErrorFp()
|
||||
@@ -139,6 +141,9 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
if htmlParsed:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlParsed)
|
||||
|
||||
if formatInfo:
|
||||
value += "\n%s" % formatInfo
|
||||
|
||||
return value
|
||||
|
||||
|
||||
@@ -159,7 +164,7 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
logMsg = "confirming Oracle"
|
||||
logger.info(logMsg)
|
||||
|
||||
query = "SELECT VERSION FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1"
|
||||
query = "SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1"
|
||||
version = inject.getValue(query)
|
||||
|
||||
if not version:
|
||||
@@ -173,13 +178,13 @@ class OracleMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
if not conf.extensiveFp:
|
||||
return True
|
||||
|
||||
if re.search("^11\.", version):
|
||||
if re.search("^11", version):
|
||||
kb.dbmsVersion = ["11i"]
|
||||
elif re.search("^10\.", version):
|
||||
elif re.search("^10", version):
|
||||
kb.dbmsVersion = ["10g"]
|
||||
elif re.search("^9\.", version):
|
||||
elif re.search("^9", version):
|
||||
kb.dbmsVersion = ["9i"]
|
||||
elif re.search("^8\.", version):
|
||||
elif re.search("^8", version):
|
||||
kb.dbmsVersion = ["8i"]
|
||||
|
||||
if conf.getBanner:
|
||||
|
||||
@@ -26,7 +26,8 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.common import formatFingerprint
|
||||
from lib.core.common import formatDBMSfp
|
||||
from lib.core.common import formatOSfp
|
||||
from lib.core.common import getHtmlErrorFp
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.data import conf
|
||||
@@ -37,6 +38,7 @@ from lib.core.session import setDbms
|
||||
from lib.core.settings import PGSQL_ALIASES
|
||||
from lib.core.settings import PGSQL_SYSTEM_DBS
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.parse.banner import bannerParser
|
||||
from lib.request import inject
|
||||
#from lib.utils.fuzzer import passiveFuzzing
|
||||
|
||||
@@ -119,16 +121,18 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
if not conf.extensiveFp:
|
||||
return "PostgreSQL"
|
||||
|
||||
actVer = formatFingerprint()
|
||||
actVer = formatDBMSfp()
|
||||
|
||||
blank = " " * 16
|
||||
value = "active fingerprint: %s" % actVer
|
||||
blank = " " * 16
|
||||
formatInfo = None
|
||||
value = "active fingerprint: %s" % actVer
|
||||
|
||||
if self.banner:
|
||||
banVer = re.search("^PostgreSQL ([\d\.]+)", self.banner)
|
||||
banVer = banVer.groups()[0]
|
||||
banVer = formatFingerprint([banVer])
|
||||
info = bannerParser(self.banner)
|
||||
formatInfo = formatOSfp(info)
|
||||
|
||||
banVer = info['version']
|
||||
banVer = formatDBMSfp([banVer])
|
||||
value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
|
||||
|
||||
#passiveFuzzing()
|
||||
@@ -137,6 +141,9 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
|
||||
if htmlParsed:
|
||||
value += "\n%shtml error message fingerprint: %s" % (blank, htmlParsed)
|
||||
|
||||
if formatInfo:
|
||||
value += "\n%s" % formatInfo
|
||||
|
||||
return value
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user