2013-02-14 15:32:17 +04:00
|
|
|
#!/usr/bin/env python
|
2010-08-30 17:29:19 +04:00
|
|
|
|
|
|
|
"""
|
2013-01-18 18:07:51 +04:00
|
|
|
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
|
2010-10-15 03:18:29 +04:00
|
|
|
See the file 'doc/COPYING' for copying permission
|
2010-08-30 17:29:19 +04:00
|
|
|
"""
|
|
|
|
|
2011-02-21 01:07:12 +03:00
|
|
|
from lib.core.common import Backend
|
|
|
|
from lib.core.common import randomStr
|
2011-05-01 02:11:36 +04:00
|
|
|
from lib.core.common import safeSQLIdentificatorNaming
|
|
|
|
from lib.core.common import unsafeSQLIdentificatorNaming
|
2011-02-21 01:07:12 +03:00
|
|
|
from lib.core.data import conf
|
2010-11-02 23:51:55 +03:00
|
|
|
from lib.core.data import kb
|
2010-08-30 18:16:23 +04:00
|
|
|
from lib.core.data import logger
|
2011-02-21 01:07:12 +03:00
|
|
|
from lib.core.data import queries
|
2012-12-06 17:14:19 +04:00
|
|
|
from lib.core.exception import SqlmapMissingMandatoryOptionException
|
|
|
|
from lib.core.exception import SqlmapNoneDataException
|
2012-02-16 18:42:28 +04:00
|
|
|
from lib.core.settings import CURRENT_DB
|
2012-09-10 21:23:24 +04:00
|
|
|
from lib.utils.pivotdumptable import pivotDumpTable
|
2010-08-30 17:29:19 +04:00
|
|
|
from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
|
|
|
|
|
|
|
class Enumeration(GenericEnumeration):
|
|
|
|
def __init__(self):
|
2011-01-14 14:55:20 +03:00
|
|
|
GenericEnumeration.__init__(self)
|
2010-11-03 13:08:27 +03:00
|
|
|
|
2010-11-02 23:51:55 +03:00
|
|
|
kb.data.processChar = lambda x: x.replace('_', ' ') if x else x
|
2010-08-30 17:29:19 +04:00
|
|
|
|
|
|
|
def getPasswordHashes(self):
|
|
|
|
warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return {}
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
def getDbs(self):
|
|
|
|
if len(kb.data.cachedDbs) > 0:
|
|
|
|
return kb.data.cachedDbs
|
2011-02-21 01:07:12 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
infoMsg = "fetching database names"
|
2011-02-21 01:07:12 +03:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
rootQuery = queries[Backend.getIdentifiedDbms()].dbs
|
2011-02-21 01:41:42 +03:00
|
|
|
randStr = randomStr()
|
2011-05-01 02:11:36 +04:00
|
|
|
query = rootQuery.inband.query
|
2012-09-10 21:23:24 +04:00
|
|
|
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.schemaname' % randStr], blind=True)
|
2011-02-21 01:41:42 +03:00
|
|
|
|
|
|
|
if retVal:
|
2011-05-01 02:11:36 +04:00
|
|
|
kb.data.cachedDbs = retVal[0].values()[0]
|
2011-02-21 01:41:42 +03:00
|
|
|
|
2011-10-28 17:16:22 +04:00
|
|
|
if kb.data.cachedDbs:
|
|
|
|
kb.data.cachedDbs.sort()
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
return kb.data.cachedDbs
|
2011-02-21 01:41:42 +03:00
|
|
|
|
|
|
|
def getTables(self, bruteForce=None):
|
2011-05-01 02:11:36 +04:00
|
|
|
if len(kb.data.cachedTables) > 0:
|
|
|
|
return kb.data.cachedTables
|
|
|
|
|
2011-02-21 01:41:42 +03:00
|
|
|
self.forceDbmsEnum()
|
|
|
|
|
2012-02-16 18:42:28 +04:00
|
|
|
if conf.db == CURRENT_DB:
|
2011-05-01 02:11:36 +04:00
|
|
|
conf.db = self.getCurrentDb()
|
|
|
|
|
2011-02-21 01:41:42 +03:00
|
|
|
if conf.db:
|
2011-05-01 02:11:36 +04:00
|
|
|
dbs = conf.db.split(",")
|
|
|
|
else:
|
|
|
|
dbs = self.getDbs()
|
|
|
|
|
2011-07-30 17:01:37 +04:00
|
|
|
for db in filter(None, dbs):
|
2011-05-01 02:11:36 +04:00
|
|
|
dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)
|
|
|
|
|
|
|
|
infoMsg = "fetching tables for database"
|
2012-01-14 01:46:21 +04:00
|
|
|
infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))
|
2011-02-21 01:41:42 +03:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
rootQuery = queries[Backend.getIdentifiedDbms()].tables
|
|
|
|
|
|
|
|
for db in dbs:
|
2011-02-21 01:07:12 +03:00
|
|
|
randStr = randomStr()
|
2011-02-21 01:41:42 +03:00
|
|
|
query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')
|
2012-09-10 21:23:24 +04:00
|
|
|
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True)
|
2011-02-21 01:07:12 +03:00
|
|
|
|
|
|
|
if retVal:
|
2011-02-21 01:41:42 +03:00
|
|
|
for table in retVal[0].values()[0]:
|
2013-01-04 02:28:07 +04:00
|
|
|
if db not in kb.data.cachedTables:
|
2011-02-21 01:41:42 +03:00
|
|
|
kb.data.cachedTables[db] = [table]
|
|
|
|
else:
|
|
|
|
kb.data.cachedTables[db].append(table)
|
2011-02-21 01:07:12 +03:00
|
|
|
|
2011-10-28 17:07:23 +04:00
|
|
|
for db, tables in kb.data.cachedTables.items():
|
|
|
|
kb.data.cachedTables[db] = sorted(tables) if tables else tables
|
|
|
|
|
2011-02-21 01:41:42 +03:00
|
|
|
return kb.data.cachedTables
|
2011-02-21 01:07:12 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
def getColumns(self, onlyColNames=False):
|
|
|
|
self.forceDbmsEnum()
|
2011-02-21 01:07:12 +03:00
|
|
|
|
2012-02-16 18:42:28 +04:00
|
|
|
if conf.db is None or conf.db == CURRENT_DB:
|
2011-05-01 02:11:36 +04:00
|
|
|
if conf.db is None:
|
2012-10-04 20:28:36 +04:00
|
|
|
warnMsg = "missing database parameter. sqlmap is going "
|
2011-05-01 02:11:36 +04:00
|
|
|
warnMsg += "to use the current database to enumerate "
|
|
|
|
warnMsg += "table(s) columns"
|
|
|
|
logger.warn(warnMsg)
|
2011-02-21 01:07:12 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
conf.db = self.getCurrentDb()
|
2011-02-21 01:41:42 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
elif conf.db is not None:
|
|
|
|
if ',' in conf.db:
|
|
|
|
errMsg = "only one database name is allowed when enumerating "
|
|
|
|
errMsg += "the tables' columns"
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
2011-02-21 01:41:42 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
conf.db = safeSQLIdentificatorNaming(conf.db)
|
2011-02-21 01:41:42 +03:00
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
if conf.tbl:
|
|
|
|
tblList = conf.tbl.split(",")
|
|
|
|
else:
|
|
|
|
self.getTables()
|
|
|
|
|
|
|
|
if len(kb.data.cachedTables) > 0:
|
|
|
|
tblList = kb.data.cachedTables.values()
|
|
|
|
|
|
|
|
if isinstance(tblList[0], (set, tuple, list)):
|
|
|
|
tblList = tblList[0]
|
|
|
|
else:
|
2012-02-01 13:17:38 +04:00
|
|
|
errMsg = "unable to retrieve the tables "
|
2012-03-01 15:52:30 +04:00
|
|
|
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2013-01-04 02:20:55 +04:00
|
|
|
raise SqlmapNoneDataException(errMsg)
|
2011-05-01 02:11:36 +04:00
|
|
|
|
|
|
|
for tbl in tblList:
|
2011-06-16 17:41:02 +04:00
|
|
|
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
2011-05-01 02:11:36 +04:00
|
|
|
|
|
|
|
rootQuery = queries[Backend.getIdentifiedDbms()].columns
|
|
|
|
|
|
|
|
for tbl in tblList:
|
|
|
|
if conf.db is not None and len(kb.data.cachedColumns) > 0 \
|
2011-06-16 18:27:44 +04:00
|
|
|
and conf.db in kb.data.cachedColumns and tbl in \
|
|
|
|
kb.data.cachedColumns[conf.db]:
|
2011-05-01 02:11:36 +04:00
|
|
|
infoMsg = "fetched tables' columns on "
|
2012-03-01 15:52:30 +04:00
|
|
|
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2011-05-01 02:11:36 +04:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
2012-07-13 14:22:37 +04:00
|
|
|
return {conf.db: kb.data.cachedColumns[conf.db]}
|
2011-05-01 02:11:36 +04:00
|
|
|
|
|
|
|
infoMsg = "fetching columns "
|
2012-03-01 15:52:30 +04:00
|
|
|
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
|
|
|
|
infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
2011-05-01 02:11:36 +04:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
randStr = randomStr()
|
|
|
|
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER')
|
2013-01-10 16:18:44 +04:00
|
|
|
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.columnname' % randStr, '%s.datatype' % randStr, '%s.len' % randStr], blind=True)
|
2011-05-01 02:11:36 +04:00
|
|
|
|
|
|
|
if retVal:
|
|
|
|
table = {}
|
|
|
|
columns = {}
|
|
|
|
|
|
|
|
for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):
|
2011-06-16 17:41:02 +04:00
|
|
|
columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)
|
2011-05-01 02:11:36 +04:00
|
|
|
|
|
|
|
table[tbl] = columns
|
|
|
|
kb.data.cachedColumns[conf.db] = table
|
|
|
|
|
|
|
|
return kb.data.cachedColumns
|
|
|
|
|
2012-12-11 15:14:33 +04:00
|
|
|
def getPrivileges(self, *args):
|
|
|
|
warnMsg = "on SAP MaxDB it is not possible to enumerate the user privileges"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return {}
|
|
|
|
|
2011-05-01 02:11:36 +04:00
|
|
|
def searchDb(self):
|
|
|
|
warnMsg = "on SAP MaxDB it is not possible to search databases"
|
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
return []
|
2012-10-14 19:53:55 +04:00
|
|
|
|
|
|
|
def getHostname(self):
|
|
|
|
warnMsg = "on SAP MaxDB it is not possible to enumerate the hostname"
|
|
|
|
logger.warn(warnMsg)
|