Minor enhancement to fingerprint the back-end DBMS operating system (type,

version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu: --8<-- back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 comment injection fingerprint: MySQL 5.0.67 banner parsing fingerprint: MySQL 5.0.67 html error message fingerprint: MySQL back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid) --8<--
2025-12-06 20:51:31 +00:00 · 2008-11-15 23:41:31 +00:00
parent 84cbc60659
commit fa0507ab39
15 changed files with 372 additions and 69 deletions
--- a/plugins/dbms/postgresql.py
+++ b/plugins/dbms/postgresql.py
@@ -26,7 +26,8 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import re

-from lib.core.common import formatFingerprint
+from lib.core.common import formatDBMSfp
+from lib.core.common import formatOSfp
 from lib.core.common import getHtmlErrorFp
 from lib.core.common import randomInt
 from lib.core.data import conf
@@ -37,6 +38,7 @@ from lib.core.session import setDbms
 from lib.core.settings import PGSQL_ALIASES
 from lib.core.settings import PGSQL_SYSTEM_DBS
 from lib.core.unescaper import unescaper
+from lib.parse.banner import bannerParser
 from lib.request import inject
 #from lib.utils.fuzzer import passiveFuzzing

@@ -119,16 +121,18 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
        if not conf.extensiveFp:
            return "PostgreSQL"

-        actVer = formatFingerprint()
+        actVer = formatDBMSfp()

-        blank = " " * 16
-        value = "active fingerprint: %s" % actVer
+        blank      = " " * 16
+        formatInfo = None
+        value      = "active fingerprint: %s" % actVer

        if self.banner:
-            banVer = re.search("^PostgreSQL ([\d\.]+)", self.banner)
-            banVer = banVer.groups()[0]
-            banVer = formatFingerprint([banVer])
+            info       = bannerParser(self.banner)
+            formatInfo = formatOSfp(info)

+            banVer = info['version']
+            banVer = formatDBMSfp([banVer])
            value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)

        #passiveFuzzing()
@@ -137,6 +141,9 @@ class PostgreSQLMap(Fingerprint, Enumeration, Filesystem, Takeover):
        if htmlParsed:
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlParsed)

+        if formatInfo:
+            value += "\n%s" % formatInfo
+
        return value