PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-31 20:09:03 +00:00
Code Issues Projects Releases Wiki Activity

Baby steps

Browse Source
This commit is contained in:
Miroslav Stampar
2019-01-22 01:28:24 +01:00
parent db3bed3f44
commit fd705c3dff
13 changed files with 51 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.1.61"
VERSION = "1.3.1.62"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

8
lib/core/threads.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import difflib
import random
import threading
@@ -167,7 +169,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
time.sleep(0.1)
except (KeyboardInterrupt, SqlmapUserQuitException) as ex:
print
print()
kb.prependFlag = False
kb.threadContinue = False
kb.threadException = True
@@ -185,7 +187,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
raise
except (SqlmapConnectionException, SqlmapValueException) as ex:
print
print()
kb.threadException = True
logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message))
@@ -195,7 +197,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
except:
from lib.core.common import unhandledExceptionMessage
print
print()
kb.threadException = True
errMsg = unhandledExceptionMessage()
logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg))

2
lib/parse/cmdline.py
View File

@@ -794,7 +794,7 @@ def cmdLineParser(argv=None):
command = raw_input("sqlmap-shell> ").strip()
command = getUnicode(command, encoding=sys.stdin.encoding)
except (KeyboardInterrupt, EOFError):
print
print()
raise SqlmapShellQuitException
if not command:

4
lib/request/inject.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import re
import time
@@ -277,7 +279,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
raise SqlmapDataException(errMsg)
except KeyboardInterrupt:
print
print()
warnMsg = "user aborted during dumping phase"
logger.warn(warnMsg)

6
lib/takeover/abstraction.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import sys
from extra.safe2bin.safe2bin import safechardecode
@@ -129,11 +131,11 @@ class Abstraction(Web, UDF, XP_cmdshell):
command = raw_input("os-shell> ")
command = getUnicode(command, encoding=sys.stdin.encoding)
except KeyboardInterrupt:
print
print()
errMsg = "user aborted"
logger.error(errMsg)
except EOFError:
print
print()
errMsg = "exit"
logger.error(errMsg)
break

4
lib/takeover/metasploit.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import os
import re
import select
@@ -483,7 +485,7 @@ class Metasploit:
send_all(proc, "getuid\n")
if conf.privEsc:
print
print()
infoMsg = "trying to escalate privileges using Meterpreter "
infoMsg += "'getsystem' command which tries different "

4
lib/techniques/error/use.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import re
import time
@@ -242,7 +244,7 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e
if not suppressOutput:
if kb.fileReadMode and output and output.strip():
print
print()
elif output is not None and not (threadData.resumed and kb.suppressResumeInfo) and not (emptyFields and field in emptyFields):
status = "[%s] [INFO] %s: '%s'" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", output if kb.safeCharEncode else safecharencode(output))

4
lib/utils/api.py
View File

@@ -6,6 +6,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
import contextlib
import httplib
import logging
@@ -762,7 +764,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non
command = raw_input("api%s> " % (" (%s)" % taskid if taskid else "")).strip()
command = re.sub(r"\A(\w+)", lambda match: match.group(1).lower(), command)
except (EOFError, KeyboardInterrupt):
print
print()
break
if command in ("data", "log", "status", "stop", "kill"):

6
lib/utils/hash.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from __future__ import print_function
try:
from crypt import crypt
except: # removed ImportError because of https://github.com/sqlmapproject/sqlmap/issues/3171
@@ -1061,7 +1063,7 @@ def dictionaryAttack(attack_dict):
_bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist, conf.api)
except KeyboardInterrupt:
print
print()
processException = True
warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)"
logger.warn(warnMsg)
@@ -1157,7 +1159,7 @@ def dictionaryAttack(attack_dict):
found = found_.value
except KeyboardInterrupt:
print
print()
processException = True
warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)"
logger.warn(warnMsg)