sqlmap/plugins/dbms/maxdb/enumeration.py

246 lines
9.0 KiB
Python
Raw Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
"""
2020-12-31 13:46:27 +03:00
Copyright (c) 2006-2021 sqlmap developers (http://sqlmap.org/)
2017-10-11 15:50:46 +03:00
See the file 'LICENSE' for copying permission
"""
2019-11-04 14:53:29 +03:00
import re
2019-05-06 12:41:19 +03:00
from lib.core.common import isListLike
2020-02-11 17:33:17 +03:00
from lib.core.common import isTechniqueAvailable
2015-12-29 15:19:25 +03:00
from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import unsafeSQLIdentificatorNaming
2011-02-21 01:07:12 +03:00
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
2015-12-29 15:19:25 +03:00
from lib.core.data import paths
2011-02-21 01:07:12 +03:00
from lib.core.data import queries
2016-12-21 12:33:35 +03:00
from lib.core.enums import DBMS
2020-02-11 17:33:17 +03:00
from lib.core.enums import PAYLOAD
from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import SqlmapNoneDataException
2015-12-29 15:19:25 +03:00
from lib.core.exception import SqlmapUserQuitException
2012-02-16 18:42:28 +04:00
from lib.core.settings import CURRENT_DB
2017-04-18 14:53:41 +03:00
from lib.utils.brute import columnExists
2012-09-10 21:23:24 +04:00
from lib.utils.pivotdumptable import pivotDumpTable
from plugins.generic.enumeration import Enumeration as GenericEnumeration
from thirdparty import six
2019-05-03 00:51:54 +03:00
from thirdparty.six.moves import zip as _zip
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self)
kb.data.processChar = lambda x: x.replace('_', ' ') if x else x
def getPasswordHashes(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"
logger.warn(warnMsg)
return {}
def getDbs(self):
if len(kb.data.cachedDbs) > 0:
return kb.data.cachedDbs
2011-02-21 01:07:12 +03:00
infoMsg = "fetching database names"
2011-02-21 01:07:12 +03:00
logger.info(infoMsg)
2016-12-21 12:33:35 +03:00
rootQuery = queries[DBMS.MAXDB].dbs
query = rootQuery.inband.query
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.schemaname' % kb.aliasName], blind=True)
2011-02-21 01:41:42 +03:00
if retVal:
2019-05-28 15:02:44 +03:00
kb.data.cachedDbs = next(six.itervalues(retVal[0]))
2011-02-21 01:41:42 +03:00
2011-10-28 17:16:22 +04:00
if kb.data.cachedDbs:
kb.data.cachedDbs.sort()
return kb.data.cachedDbs
2011-02-21 01:41:42 +03:00
def getTables(self, bruteForce=None):
if len(kb.data.cachedTables) > 0:
return kb.data.cachedTables
2011-02-21 01:41:42 +03:00
self.forceDbmsEnum()
2012-02-16 18:42:28 +04:00
if conf.db == CURRENT_DB:
conf.db = self.getCurrentDb()
2011-02-21 01:41:42 +03:00
if conf.db:
2017-04-18 16:56:24 +03:00
dbs = conf.db.split(',')
else:
dbs = self.getDbs()
for db in (_ for _ in dbs if _):
dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)
infoMsg = "fetching tables for database"
infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, six.string_types) else db[0] for db in sorted(dbs)))
2011-02-21 01:41:42 +03:00
logger.info(infoMsg)
2016-12-21 12:33:35 +03:00
rootQuery = queries[DBMS.MAXDB].tables
2011-02-21 01:41:42 +03:00
for db in dbs:
query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')
2020-02-11 17:33:17 +03:00
blind = not isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION)
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.tablename' % kb.aliasName], blind=blind)
2011-02-21 01:07:12 +03:00
if retVal:
2019-05-06 12:41:19 +03:00
for table in list(retVal[0].values())[0]:
if db not in kb.data.cachedTables:
2011-02-21 01:41:42 +03:00
kb.data.cachedTables[db] = [table]
else:
kb.data.cachedTables[db].append(table)
2011-02-21 01:07:12 +03:00
2011-10-28 17:07:23 +04:00
for db, tables in kb.data.cachedTables.items():
kb.data.cachedTables[db] = sorted(tables) if tables else tables
2011-02-21 01:41:42 +03:00
return kb.data.cachedTables
2011-02-21 01:07:12 +03:00
2015-12-29 15:19:25 +03:00
def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMode=False):
self.forceDbmsEnum()
2011-02-21 01:07:12 +03:00
2012-02-16 18:42:28 +04:00
if conf.db is None or conf.db == CURRENT_DB:
if conf.db is None:
2012-10-04 20:28:36 +04:00
warnMsg = "missing database parameter. sqlmap is going "
warnMsg += "to use the current database to enumerate "
warnMsg += "table(s) columns"
logger.warn(warnMsg)
2011-02-21 01:07:12 +03:00
conf.db = self.getCurrentDb()
2011-02-21 01:41:42 +03:00
elif conf.db is not None:
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException(errMsg)
2011-02-21 01:41:42 +03:00
conf.db = safeSQLIdentificatorNaming(conf.db)
2011-02-21 01:41:42 +03:00
2015-12-29 15:19:25 +03:00
if conf.col:
2017-04-18 16:56:24 +03:00
colList = conf.col.split(',')
2015-12-29 15:19:25 +03:00
else:
colList = []
2018-02-13 17:53:50 +03:00
if conf.exclude:
2019-11-04 14:53:29 +03:00
colList = [_ for _ in colList if re.search(conf.exclude, _, re.I) is None]
2015-12-29 15:19:25 +03:00
for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
if conf.tbl:
2017-04-18 16:56:24 +03:00
tblList = conf.tbl.split(',')
else:
self.getTables()
if len(kb.data.cachedTables) > 0:
2019-05-06 12:41:19 +03:00
tblList = list(kb.data.cachedTables.values())
2019-05-15 11:30:47 +03:00
if tblList and isListLike(tblList[0]):
tblList = tblList[0]
else:
2012-02-01 13:17:38 +04:00
errMsg = "unable to retrieve the tables "
2012-03-01 15:52:30 +04:00
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException(errMsg)
for tbl in tblList:
2011-06-16 17:41:02 +04:00
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
2015-12-29 15:19:25 +03:00
if bruteForce:
resumeAvailable = False
for tbl in tblList:
for db, table, colName, colType in kb.brute.columns:
if db == conf.db and table == tbl:
resumeAvailable = True
break
if resumeAvailable and not conf.freshQueries or colList:
columns = {}
for column in colList:
columns[column] = None
for tbl in tblList:
for db, table, colName, colType in kb.brute.columns:
if db == conf.db and table == tbl:
columns[colName] = colType
if conf.db in kb.data.cachedColumns:
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] = columns
else:
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = {safeSQLIdentificatorNaming(tbl, True): columns}
return kb.data.cachedColumns
message = "do you want to use common column existence check? [y/N/q] "
2017-04-19 15:46:27 +03:00
choice = readInput(message, default='Y' if 'Y' in message else 'N').upper()
2015-12-29 15:19:25 +03:00
2017-04-18 16:48:05 +03:00
if choice == 'N':
2015-12-29 15:19:25 +03:00
return
2017-04-18 16:48:05 +03:00
elif choice == 'Q':
2015-12-29 15:19:25 +03:00
raise SqlmapUserQuitException
else:
return columnExists(paths.COMMON_COLUMNS)
2016-12-21 12:33:35 +03:00
rootQuery = queries[DBMS.MAXDB].columns
for tbl in tblList:
if conf.db is not None and len(kb.data.cachedColumns) > 0 and conf.db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[conf.db]:
infoMsg = "fetched tables' columns on "
2012-03-01 15:52:30 +04:00
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
2012-07-13 14:22:37 +04:00
return {conf.db: kb.data.cachedColumns[conf.db]}
2015-12-29 15:19:25 +03:00
if dumpMode and colList:
table = {}
2018-09-22 00:25:25 +03:00
table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList)
2015-12-29 15:19:25 +03:00
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
continue
infoMsg = "fetching columns "
2012-03-01 15:52:30 +04:00
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
2020-02-11 17:33:17 +03:00
blind = not isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION)
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER')
2020-02-11 17:33:17 +03:00
retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.columnname' % kb.aliasName, '%s.datatype' % kb.aliasName, '%s.len' % kb.aliasName], blind=blind)
if retVal:
table = {}
columns = {}
2019-05-03 00:51:54 +03:00
for columnname, datatype, length in _zip(retVal[0]["%s.columnname" % kb.aliasName], retVal[0]["%s.datatype" % kb.aliasName], retVal[0]["%s.len" % kb.aliasName]):
2011-06-16 17:41:02 +04:00
columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)
table[tbl] = columns
kb.data.cachedColumns[conf.db] = table
return kb.data.cachedColumns
2019-05-30 23:55:54 +03:00
def getPrivileges(self, *args, **kwargs):
2012-12-11 15:14:33 +04:00
warnMsg = "on SAP MaxDB it is not possible to enumerate the user privileges"
logger.warn(warnMsg)
return {}
2017-08-09 17:52:36 +03:00
def search(self):
warnMsg = "on SAP MaxDB search option is not available"
logger.warn(warnMsg)
2012-10-14 19:53:55 +04:00
def getHostname(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate the hostname"
logger.warn(warnMsg)
2019-05-29 16:52:33 +03:00
def getStatements(self):
warnMsg = "on SAP MaxDB it is not possible to enumerate the SQL statements"
logger.warn(warnMsg)
return []