sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
429ab631fe
sqlmap/lib/core/target.py

321 lines
10 KiB
Python
Raw Normal View History

After the storm, a restore..
2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
propsets..
2008-10-15 19:56:32 +04:00
$Id$
After the storm, a restore..
2008-10-15 19:38:22 +04:00
large commit with copyright header modifications
2010-10-14 18:41:14 +04:00
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
sorry, cosmetics
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
After the storm, a restore..
2008-10-15 19:38:22 +04:00
"""
added support for proper unicode session(s) storage/retrieval
2010-05-24 15:00:49 +04:00
import codecs
After the storm, a restore..
2008-10-15 19:38:22 +04:00
import os
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196.
2010-06-30 01:07:23 +04:00
import re
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-09 00:16:18 +03:00
import tempfile
After the storm, a restore..
2008-10-15 19:38:22 +04:00
import time
from lib.core.common import dataToSessionFile
from lib.core.common import paramToDict
new feature --forms (still unfinished)
2010-10-10 22:56:43 +04:00
from lib.core.common import readInput
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 21:36:28 +03:00
from lib.core.convert import urldecode
important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode
2011-01-02 13:37:32 +03:00
from lib.core.data import cmdLineOptions
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.data import conf
from lib.core.data import kb
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
from lib.core.data import logger
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.data import paths
from lib.core.dump import dumper
further enum refactoring
2010-11-08 12:44:32 +03:00
from lib.core.enums import HTTPMETHOD
from lib.core.enums import PLACE
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapGenericException
from lib.core.exception import sqlmapSyntaxException
bug fix
2010-12-18 13:02:01 +03:00
from lib.core.option import __setDBMS
when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared)
2010-11-17 18:33:07 +03:00
from lib.core.option import __setKnowledgeBaseAttributes
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.session import resumeConfKb
refactoring
2011-01-30 14:36:03 +03:00
from lib.core.settings import UNICODE_ENCODING
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 23:36:01 +03:00
from lib.core.settings import URI_INJECTABLE_REGEX
little clean up
2011-02-04 15:25:14 +03:00
from lib.core.settings import URI_INJECTION_MARK_CHAR
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments.
2010-05-28 20:43:04 +04:00
from lib.core.xmldump import dumper as xmldumper
new feature --forms (still unfinished)
2010-10-10 22:56:43 +04:00
from lib.request.connect import Connect as Request
After the storm, a restore..
2008-10-15 19:38:22 +04:00
def __setRequestParams():
"""
Check and set the parameters and perform checks on 'data' option for
HTTP method POST.
"""
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments.
2010-03-27 02:23:25 +03:00
if conf.direct:
conf.parameters[None] = "direct connection"
return
After the storm, a restore..
2008-10-15 19:38:22 +04:00
__testableParameters = False
# Perform checks on GET parameters
further enum refactoring
2010-11-08 12:44:32 +03:00
if conf.parameters.has_key(PLACE.GET) and conf.parameters[PLACE.GET]:
parameters = conf.parameters[PLACE.GET]
__paramDict = paramToDict(PLACE.GET, parameters)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
if __paramDict:
further enum refactoring
2010-11-08 12:44:32 +03:00
conf.paramDict[PLACE.GET] = __paramDict
After the storm, a restore..
2008-10-15 19:38:22 +04:00
__testableParameters = True
# Perform checks on POST parameters
further enum refactoring
2010-11-08 12:44:32 +03:00
if conf.method == HTTPMETHOD.POST and not conf.data:
After the storm, a restore..
2008-10-15 19:38:22 +04:00
errMsg = "HTTP POST method depends on HTTP data value to be posted"
raise sqlmapSyntaxException, errMsg
if conf.data:
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196.
2010-06-30 01:07:23 +04:00
conf.data = conf.data.replace("\n", " ")
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 21:36:28 +03:00
conf.parameters[PLACE.POST] = urldecode(conf.data)
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196.
2010-06-30 01:07:23 +04:00
# Check if POST data is in xml syntax
if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
conf.paramDict["POSTxml"] = True
__paramDict = paramToDict("POSTxml", conf.data)
else:
further enum refactoring
2010-11-08 12:44:32 +03:00
__paramDict = paramToDict(PLACE.POST, conf.data)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
if __paramDict:
further enum refactoring
2010-11-08 12:44:32 +03:00
conf.paramDict[PLACE.POST] = __paramDict
After the storm, a restore..
2008-10-15 19:38:22 +04:00
__testableParameters = True
further enum refactoring
2010-11-08 12:44:32 +03:00
conf.method = HTTPMETHOD.POST
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 05:02:12 +03:00
minor just in case update
2011-02-04 16:08:54 +03:00
if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not conf.parameters.has_key(PLACE.GET):
little clean up
2011-02-04 15:25:14 +03:00
conf.url = "%s%s" % (conf.url, URI_INJECTION_MARK_CHAR)
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 23:36:01 +03:00
minor refactoring
2011-02-04 16:04:19 +03:00
if URI_INJECTION_MARK_CHAR in conf.url:
further enum refactoring
2010-11-08 12:44:32 +03:00
conf.parameters[PLACE.URI] = conf.url
conf.paramDict[PLACE.URI] = {}
minor refactoring
2011-02-04 16:04:19 +03:00
parts = conf.url.split(URI_INJECTION_MARK_CHAR)
more changes regarding path (URI) injection
2010-09-24 13:19:14 +04:00
for i in range(len(parts)-1):
result = str()
for j in range(len(parts)):
result += parts[j]
if i == j:
minor refactoring
2011-02-04 16:04:19 +03:00
result += URI_INJECTION_MARK_CHAR
conf.paramDict[PLACE.URI]["#%d%s" % (i+1, URI_INJECTION_MARK_CHAR)] = result
conf.url = conf.url.replace(URI_INJECTION_MARK_CHAR, str())
first commit regarding Feature #144
2010-09-22 15:56:35 +04:00
__testableParameters = True
After the storm, a restore..
2008-10-15 19:38:22 +04:00
# Perform checks on Cookie parameters
if conf.cookie:
further enum refactoring
2010-11-08 12:44:32 +03:00
conf.parameters[PLACE.COOKIE] = conf.cookie
__paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
if __paramDict:
further enum refactoring
2010-11-08 12:44:32 +03:00
conf.paramDict[PLACE.COOKIE] = __paramDict
After the storm, a restore..
2008-10-15 19:38:22 +04:00
__testableParameters = True
# Perform checks on User-Agent header value
if conf.httpHeaders:
for httpHeader, headerValue in conf.httpHeaders:
More replacements for refactoring. Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 15:36:48 +03:00
if httpHeader == PLACE.UA:
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 05:02:12 +03:00
# No need for url encoding/decoding the user agent
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 21:36:28 +03:00
conf.parameters[PLACE.UA] = urldecode(headerValue)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
condition = not conf.testParameter
More replacements for refactoring. Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 15:36:48 +03:00
condition |= PLACE.UA in conf.testParameter
After the storm, a restore..
2008-10-15 19:38:22 +04:00
condition |= "user-agent" in conf.testParameter
condition |= "useragent" in conf.testParameter
condition |= "ua" in conf.testParameter
if condition:
further enum refactoring
2010-11-08 12:44:32 +03:00
conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue }
After the storm, a restore..
2008-10-15 19:38:22 +04:00
__testableParameters = True
implementation of referer feature
2011-02-12 02:07:03 +03:00
elif httpHeader == PLACE.REFERER:
# No need for url encoding/decoding the referer
conf.parameters[PLACE.REFERER] = urldecode(headerValue)
condition = not conf.testParameter
condition |= PLACE.REFERER in conf.testParameter
condition |= "referer" in conf.testParameter
condition |= "referrer" in conf.testParameter
condition |= "ref" in conf.testParameter
if condition:
conf.paramDict[PLACE.REFERER] = { PLACE.REFERER: headerValue }
__testableParameters = True
After the storm, a restore..
2008-10-15 19:38:22 +04:00
if not conf.parameters:
errMsg = "you did not provide any GET, POST and Cookie "
errMsg += "parameter, neither an User-Agent header"
raise sqlmapGenericException, errMsg
elif not __testableParameters:
errMsg = "all testable parameters you provided are not present "
errMsg += "within the GET, POST and Cookie parameters"
raise sqlmapGenericException, errMsg
def __setOutputResume():
"""
Check and set the output text file and the resume functionality.
"""
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
if not conf.sessionFile:
conf.sessionFile = "%s%ssession" % (conf.outputPath, os.sep)
logger.info("using '%s' as session file" % conf.sessionFile)
if os.path.exists(conf.sessionFile):
added new option --flush-session
2010-03-04 16:01:18 +03:00
if not conf.flushSession:
refactoring
2011-01-30 14:36:03 +03:00
readSessionFP = codecs.open(conf.sessionFile, "r", UNICODE_ENCODING, 'replace')
speedup of initial session file handling
2010-05-11 17:36:30 +04:00
__url_cache = set()
__expression_cache = {}
Added resume functionality to -d and fixed logging with -d
2010-04-12 13:35:20 +04:00
Minor fixes
2010-05-30 18:53:13 +04:00
for line in readSessionFP.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used
added new option --flush-session
2010-03-04 16:01:18 +03:00
if line.count("][") == 4:
line = line.split("][")
Added resume functionality to -d and fixed logging with -d
2010-04-12 13:35:20 +04:00
added new option --flush-session
2010-03-04 16:01:18 +03:00
if len(line) != 5:
continue
Added resume functionality to -d and fixed logging with -d
2010-04-12 13:35:20 +04:00
added new option --flush-session
2010-03-04 16:01:18 +03:00
url, _, _, expression, value = line
removed all trailing spaces from blank lines
2010-11-03 13:08:27 +03:00
added new option --flush-session
2010-03-04 16:01:18 +03:00
if not value:
continue
removed all trailing spaces from blank lines
2010-11-03 13:08:27 +03:00
added new option --flush-session
2010-03-04 16:01:18 +03:00
if url[0] == "[":
url = url[1:]
removed all trailing spaces from blank lines
2010-11-03 13:08:27 +03:00
Minor fixes
2010-05-30 18:53:13 +04:00
value = value.rstrip('\r\n') # Strips both chars independently
Added resume functionality to -d and fixed logging with -d
2010-04-12 13:35:20 +04:00
if url not in ( conf.url, conf.hostname ):
added new option --flush-session
2010-03-04 16:01:18 +03:00
continue
Added resume functionality to -d and fixed logging with -d
2010-04-12 13:35:20 +04:00
speedup of initial session file handling
2010-05-11 17:36:30 +04:00
if url not in __url_cache:
added new option --flush-session
2010-03-04 16:01:18 +03:00
kb.resumedQueries[url] = {}
kb.resumedQueries[url][expression] = value
speedup of initial session file handling
2010-05-11 17:36:30 +04:00
__url_cache.add(url)
minor fix
2010-05-11 17:55:30 +04:00
__expression_cache[url] = set(expression)
removed all trailing spaces from blank lines
2010-11-03 13:08:27 +03:00
added new option --flush-session
2010-03-04 16:01:18 +03:00
resumeConfKb(expression, url, value)
removed all trailing spaces from blank lines
2010-11-03 13:08:27 +03:00
speedup of initial session file handling
2010-05-11 17:36:30 +04:00
if expression not in __expression_cache[url]:
added new option --flush-session
2010-03-04 16:01:18 +03:00
kb.resumedQueries[url][expression] = value
speedup of initial session file handling
2010-05-11 17:36:30 +04:00
__expression_cache[url].add(value)
added new option --flush-session
2010-03-04 16:01:18 +03:00
elif len(value) >= len(kb.resumedQueries[url][expression]):
kb.resumedQueries[url][expression] = value
speedup of initial session file handling
2010-05-11 17:36:30 +04:00
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.
2010-12-01 01:40:25 +03:00
if kb.injection.place is not None and kb.injection.parameter is not None:
kb.injections.append(kb.injection)
added new option --flush-session
2010-03-04 16:01:18 +03:00
readSessionFP.close()
else:
try:
os.remove(conf.sessionFile)
logger.info("flushing session file")
except OSError, msg:
errMsg = "unable to flush the session file (%s)" % msg
raise sqlmapFilePathException, errMsg
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
try:
refactoring
2011-01-30 14:36:03 +03:00
conf.sessionFP = codecs.open(conf.sessionFile, "a", UNICODE_ENCODING)
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
dataToSessionFile("\n[%s]\n" % time.strftime("%X %x"))
except IOError:
errMsg = "unable to write on the session file specified"
raise sqlmapFilePathException, errMsg
After the storm, a restore..
2008-10-15 19:38:22 +04:00
def __createFilesDir():
"""
Create the file directory.
"""
if not conf.rFile:
return
conf.filePath = paths.SQLMAP_FILES_PATH % conf.hostname
if not os.path.isdir(conf.filePath):
os.makedirs(conf.filePath, 0755)
def __createDumpDir():
"""
Create the dump directory.
"""
Minor bug fix
2010-06-02 15:01:41 +04:00
if not conf.dumpTable and not conf.dumpAll and not conf.search:
After the storm, a restore..
2008-10-15 19:38:22 +04:00
return
conf.dumpPath = paths.SQLMAP_DUMP_PATH % conf.hostname
if not os.path.isdir(conf.dumpPath):
os.makedirs(conf.dumpPath, 0755)
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments.
2010-05-28 20:43:04 +04:00
def __configureDumper():
if conf.xmlFile:
conf.dumper = xmldumper
else:
conf.dumper = dumper
conf.dumper.setOutputFile()
minor cosmetic update
2010-03-15 14:55:13 +03:00
def __createTargetDirs():
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
"""
Create the output directory.
"""
if not os.path.isdir(paths.SQLMAP_OUTPUT_PATH):
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-09 00:16:18 +03:00
try:
os.makedirs(paths.SQLMAP_OUTPUT_PATH, 0755)
cosmetics
2010-12-09 12:24:20 +03:00
except OSError, msg:
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-09 00:16:18 +03:00
tempDir = tempfile.mkdtemp(prefix='output')
cosmetics
2010-12-09 12:24:20 +03:00
warnMsg = "unable to create default root output directory "
warnMsg += "'%s' (%s). " % (paths.SQLMAP_OUTPUT_PATH, msg)
warnMsg += "using temporary directory '%s' instead" % tempDir
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-09 00:16:18 +03:00
logger.warn(warnMsg)
paths.SQLMAP_OUTPUT_PATH = tempDir
conf.outputPath = "%s%s%s" % (paths.SQLMAP_OUTPUT_PATH, os.sep, conf.hostname)
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
if not os.path.isdir(conf.outputPath):
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-09 00:16:18 +03:00
try:
os.makedirs(conf.outputPath, 0755)
cosmetics
2010-12-09 12:24:20 +03:00
except OSError, msg:
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-09 00:16:18 +03:00
tempDir = tempfile.mkdtemp(prefix='output')
cosmetics
2010-12-09 12:24:20 +03:00
warnMsg = "unable to create output directory "
warnMsg += "'%s' (%s). " % (conf.outputPath, msg)
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-09 00:16:18 +03:00
warnMsg += "using temporary directory '%s' instead" % tempDir
logger.warn(warnMsg)
conf.outputPath = tempDir
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
__createDumpDir()
__createFilesDir()
Adapted and merged in patch to support XML output (-x switch) - still in beta. Minor bug fixes and adjustments.
2010-05-28 20:43:04 +04:00
__configureDumper()
Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2009-09-26 03:03:45 +04:00
important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode
2011-01-02 13:37:32 +03:00
def __restoreCmdLineOptions():
"""
Restore command line options that could be possibly
changed during the testing of previous target.
"""
conf.regexp = cmdLineOptions.regexp
conf.string = cmdLineOptions.string
conf.textOnly = cmdLineOptions.textOnly
After the storm, a restore..
2008-10-15 19:38:22 +04:00
def initTargetEnv():
"""
Initialize target environment.
"""
Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation
2008-11-28 01:33:33 +03:00
if conf.multipleTargets:
we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode
2011-01-20 20:53:49 +03:00
if conf.sessionFP:
conf.sessionFP.close()
Minor code restyling
2010-04-06 14:15:19 +04:00
if conf.cj:
fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com
2010-04-09 14:16:15 +04:00
conf.cj.clear()
Minor code restyling
2010-04-06 14:15:19 +04:00
more update regarding error based injection support
2010-10-19 22:17:34 +04:00
conf.paramDict = {}
conf.parameters = {}
conf.sessionFile = None
bug fix
2010-12-18 13:02:01 +03:00
__setKnowledgeBaseAttributes(False)
important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode
2011-01-02 13:37:32 +03:00
__restoreCmdLineOptions()
bug fix
2010-12-18 13:02:01 +03:00
__setDBMS()
Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation
2008-11-28 01:33:33 +03:00
fix for Issue #170
2010-03-15 14:33:34 +03:00
def setupTargetEnv():
minor cosmetic update
2010-03-15 14:55:13 +03:00
__createTargetDirs()
After the storm, a restore..
2008-10-15 19:38:22 +04:00
__setRequestParams()
__setOutputResume()
Reference in New Issue Copy Permalink