sqlmap/plugins/dbms/postgresql/fingerprint.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

import re

from lib.core.agent import agent
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.session import setDbms
from lib.core.settings import PGSQL_ALIASES
from lib.core.settings import PGSQL_SYSTEM_DBS
from lib.request import inject
from lib.request.connect import Connect as Request

from plugins.generic.fingerprint import Fingerprint as GenericFingerprint

class Fingerprint(GenericFingerprint):
    def __init__(self):
        GenericFingerprint.__init__(self, DBMS.PGSQL)

    def getFingerprint(self):
        value  = ""
        wsOsFp = Format.getOs("web server", kb.headersFp)

        if wsOsFp:
            value += "%s\n" % wsOsFp

        if kb.data.banner:
            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)

            if dbmsOsFp:
                value += "%s\n" % dbmsOsFp

        value += "back-end DBMS: "

        if not conf.extensiveFp:
            value += DBMS.PGSQL
            return value

        actVer      = Format.getDbms()
        blank       = " " * 15
        value      += "active fingerprint: %s" % actVer

        if kb.bannerFp:
            banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
            banVer = Format.getDbms([banVer])
            value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)

        htmlErrorFp = Format.getErrorParsedDBMSes()

        if htmlErrorFp:
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)

        return value

    def checkDbms(self):
        """
        References for fingerprint:

        * http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2)
        """

        if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):
            setDbms(DBMS.PGSQL)

            self.getBanner()

            return True

        infoMsg = "testing %s" % DBMS.PGSQL
        logger.info(infoMsg)

        randInt = getUnicode(randomInt(1))
        result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt))

        if result:
            infoMsg = "confirming %s" % DBMS.PGSQL
            logger.info(infoMsg)

            result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt))

            if not result:
                warnMsg = "the back-end DBMS is not %s" % DBMS.PGSQL
                logger.warn(warnMsg)

                return False

            setDbms(DBMS.PGSQL)

            self.getBanner()

            if not conf.extensiveFp:
                return True

            infoMsg = "actively fingerprinting %s" % DBMS.PGSQL
            logger.info(infoMsg)

            if inject.checkBooleanExpression("LENGTH(TO_CHAR(1, 'EEEE'))>0"):
                Backend.setVersion(">= 9.0.0")
            elif inject.checkBooleanExpression("2=(SELECT DIV(6, 3))"):
                Backend.setVersionList([">= 8.4.0", "< 9.0.0"])
            elif inject.checkBooleanExpression("EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8"):
                Backend.setVersionList([">= 8.3.0", "< 8.4.0"])
            elif inject.checkBooleanExpression("ISFINITE(TRANSACTION_TIMESTAMP())"):
                Backend.setVersionList([">= 8.2.0", "< 8.3.0"])
            elif inject.checkBooleanExpression("9=(SELECT GREATEST(5, 9, 1))"):
                Backend.setVersionList([">= 8.1.0", "< 8.2.0"])
            elif inject.checkBooleanExpression("3=(SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5))"):
                Backend.setVersionList([">= 8.0.0", "< 8.1.0"])
            elif inject.checkBooleanExpression("'d'=(SELECT SUBSTR(MD5('sqlmap'), 1, 1))"):
                Backend.setVersionList([">= 7.4.0", "< 8.0.0"])
            elif inject.checkBooleanExpression("'p'=(SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1))"):
                Backend.setVersionList([">= 7.3.0", "< 7.4.0"])
            elif inject.checkBooleanExpression("8=(SELECT BIT_LENGTH(1))"):
                Backend.setVersionList([">= 7.2.0", "< 7.3.0"])
            elif inject.checkBooleanExpression("'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1))"):
                Backend.setVersionList([">= 7.1.0", "< 7.2.0"])
            elif inject.checkBooleanExpression("8=(SELECT POW(2, 3))"):
                Backend.setVersionList([">= 7.0.0", "< 7.1.0"])
            elif inject.checkBooleanExpression("'a'=(SELECT MAX('a'))"):
                Backend.setVersionList([">= 6.5.0", "< 6.5.3"])
            elif inject.checkBooleanExpression("VERSION()=VERSION()"):
                Backend.setVersionList([">= 6.4.0", "< 6.5.0"])
            elif inject.checkBooleanExpression("2=(SELECT SUBSTR(CURRENT_DATE, 1, 1))"):
                Backend.setVersionList([">= 6.3.0", "< 6.4.0"])
            elif inject.checkBooleanExpression("'s'=(SELECT SUBSTRING('sqlmap', 1, 1))"):
                Backend.setVersionList([">= 6.2.0", "< 6.3.0"])
            else:
                Backend.setVersion("< 6.2.0")

            return True
        else:
            warnMsg = "the back-end DBMS is not %s" % DBMS.PGSQL
            logger.warn(warnMsg)

            return False

    def checkDbmsOs(self, detailed=False):
        if kb.os:
            return

        infoMsg = "fingerprinting the back-end DBMS operating system"
        logger.info(infoMsg)

        self.createSupportTbl(self.fileTblName, self.tblField, "character(10000)")
        inject.goStacked("INSERT INTO %s(%s) VALUES (%s)" % (self.fileTblName, self.tblField, "VERSION()"))

        # Windows executables should always have ' Visual C++' or ' mingw'
        # patterns within the banner
        osWindows = ( " Visual C++", "mingw" )

        for osPattern in osWindows:
            query = "(SELECT LENGTH(%s) FROM %s WHERE %s " % (self.tblField, self.fileTblName, self.tblField)
            query += "LIKE '%" + osPattern + "%')>0"

            if inject.checkBooleanExpression(query):
                kb.os = "Windows"

                break

        if kb.os is None:
            kb.os = "Linux"

        infoMsg = "the back-end DBMS operating system is %s" % kb.os
        logger.info(infoMsg)

        self.cleanup(onlyFileTbl=True)

    def forceDbmsEnum(self):
        if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
            conf.db = "public"

            warnMsg  = "on %s it is only possible to enumerate " % DBMS.PGSQL
            warnMsg += "on the current schema and on system databases, "
            warnMsg += "sqlmap is going to use 'public' schema as "
            warnMsg += "database name"
            logger.warn(warnMsg)
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`#!/usr/bin/env python`

			`"""`
			$Id$

update of copyright string (until year) 2011-04-15 16:33:18 +04:00			`Copyright (c) 2006-2011 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`"""`

			`import re`

			`from lib.core.agent import agent`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
			`from lib.core.common import Format`
more unicode refactoring 2010-06-02 16:45:40 +04:00			`from lib.core.common import getUnicode`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`from lib.core.common import randomInt`
			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`from lib.core.enums import DBMS`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`from lib.core.session import setDbms`
			`from lib.core.settings import PGSQL_ALIASES`
			`from lib.core.settings import PGSQL_SYSTEM_DBS`
			`from lib.request import inject`
			`from lib.request.connect import Connect as Request`

			`from plugins.generic.fingerprint import Fingerprint as GenericFingerprint`

			`class Fingerprint(GenericFingerprint):`
			`def __init__(self):`
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 14:55:20 +03:00			`GenericFingerprint.__init__(self, DBMS.PGSQL)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`def getFingerprint(self):`
			`value = ""`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`wsOsFp = Format.getOs("web server", kb.headersFp)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`if wsOsFp:`
			`value += "%s\n" % wsOsFp`

			`if kb.data.banner:`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`if dbmsOsFp:`
			`value += "%s\n" % dbmsOsFp`

			`value += "back-end DBMS: "`

			`if not conf.extensiveFp:`
minor cosmetics 2010-12-04 01:28:09 +03:00			`value += DBMS.PGSQL`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`return value`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`actVer = Format.getDbms()`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`blank = " " * 15`
			`value += "active fingerprint: %s" % actVer`

			`if kb.bannerFp:`
			`banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`banVer = Format.getDbms([banVer])`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`htmlErrorFp = Format.getErrorParsedDBMSes()`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`if htmlErrorFp:`
			`value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)`

			`return value`

			`def checkDbms(self):`
			`"""`
			`References for fingerprint:`

			`* http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2)`
			`"""`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES):`
minor cosmetics 2010-12-04 01:28:09 +03:00			`setDbms(DBMS.PGSQL)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`self.getBanner()`

Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 15:47:07 +03:00			`return True`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`infoMsg = "testing %s" % DBMS.PGSQL`
Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods. 2010-03-31 14:50:47 +04:00			`logger.info(infoMsg)`

more unicode refactoring 2010-06-02 16:45:40 +04:00			`randInt = getUnicode(randomInt(1))`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`result = inject.checkBooleanExpression("%s::int=%s" % (randInt, randInt))`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`if result:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`infoMsg = "confirming %s" % DBMS.PGSQL`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`logger.info(infoMsg)`

Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`result = inject.checkBooleanExpression("COALESCE(%s, NULL)=%s" % (randInt, randInt))`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`if not result:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`warnMsg = "the back-end DBMS is not %s" % DBMS.PGSQL`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`logger.warn(warnMsg)`

			`return False`

minor cosmetics 2010-12-04 01:28:09 +03:00			`setDbms(DBMS.PGSQL)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`self.getBanner()`

			`if not conf.extensiveFp:`
			`return True`

Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`infoMsg = "actively fingerprinting %s" % DBMS.PGSQL`
			`logger.info(infoMsg)`

cosmetics 2011-04-12 14:24:09 +04:00			`if inject.checkBooleanExpression("LENGTH(TO_CHAR(1, 'EEEE'))>0"):`
reference (http://www.enterprisedb.com/docs/en/9.0/pg/release-9-0.html) 2011-04-12 14:30:33 +04:00			`Backend.setVersion(">= 9.0.0")`
added active fingerprint for pgsql >= 9.0.3 (reference: http://www.postgresql.org/docs/9.0/static/release-9-0.html) 2011-04-12 14:22:54 +04:00			`elif inject.checkBooleanExpression("2=(SELECT DIV(6, 3))"):`
Minor adjustments to PgSQL fingerprint 2011-04-12 14:35:33 +04:00			`Backend.setVersionList([">= 8.4.0", "< 9.0.0"])`
fix/refactor/cosmetics (references: http://www.postgresql.org/docs/6.4/static/release.htm,http://www.postgresql.org/docs/8.2/static/functions-datetime.html#FUNCTIONS-DATETIME-TABLE,http://www.postgresql.org/docs/8.3/static/release-8-3.html) 2010-12-31 00:53:34 +03:00			`elif inject.checkBooleanExpression("EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8"):`
Minor adjustments to PgSQL fingerprint 2011-04-12 14:35:33 +04:00			`Backend.setVersionList([">= 8.3.0", "< 8.4.0"])`
fix/refactor/cosmetics (references: http://www.postgresql.org/docs/6.4/static/release.htm,http://www.postgresql.org/docs/8.2/static/functions-datetime.html#FUNCTIONS-DATETIME-TABLE,http://www.postgresql.org/docs/8.3/static/release-8-3.html) 2010-12-31 00:53:34 +03:00			`elif inject.checkBooleanExpression("ISFINITE(TRANSACTION_TIMESTAMP())"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 8.2.0", "< 8.3.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("9=(SELECT GREATEST(5, 9, 1))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 8.1.0", "< 8.2.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("3=(SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 8.0.0", "< 8.1.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("'d'=(SELECT SUBSTR(MD5('sqlmap'), 1, 1))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 7.4.0", "< 8.0.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("'p'=(SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 7.3.0", "< 7.4.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("8=(SELECT BIT_LENGTH(1))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 7.2.0", "< 7.3.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 7.1.0", "< 7.2.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("8=(SELECT POW(2, 3))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 7.0.0", "< 7.1.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("'a'=(SELECT MAX('a'))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 6.5.0", "< 6.5.3"])`
fix/refactor/cosmetics (references: http://www.postgresql.org/docs/6.4/static/release.htm,http://www.postgresql.org/docs/8.2/static/functions-datetime.html#FUNCTIONS-DATETIME-TABLE,http://www.postgresql.org/docs/8.3/static/release-8-3.html) 2010-12-31 00:53:34 +03:00			`elif inject.checkBooleanExpression("VERSION()=VERSION()"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 6.4.0", "< 6.5.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("2=(SELECT SUBSTR(CURRENT_DATE, 1, 1))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 6.3.0", "< 6.4.0"])`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`elif inject.checkBooleanExpression("'s'=(SELECT SUBSTRING('sqlmap', 1, 1))"):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersionList([">= 6.2.0", "< 6.3.0"])`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`else:`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`Backend.setVersion("< 6.2.0")`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00
			`return True`
			`else:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`warnMsg = "the back-end DBMS is not %s" % DBMS.PGSQL`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`logger.warn(warnMsg)`

			`return False`

			`def checkDbmsOs(self, detailed=False):`
			`if kb.os:`
			`return`

			`infoMsg = "fingerprinting the back-end DBMS operating system"`
			`logger.info(infoMsg)`

Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments. 2010-03-27 02:23:25 +03:00			`self.createSupportTbl(self.fileTblName, self.tblField, "character(10000)")`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`inject.goStacked("INSERT INTO %s(%s) VALUES (%s)" % (self.fileTblName, self.tblField, "VERSION()"))`

			`# Windows executables should always have ' Visual C++' or ' mingw'`
			`# patterns within the banner`
			`osWindows = ( " Visual C++", "mingw" )`

			`for osPattern in osWindows:`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`query = "(SELECT LENGTH(%s) FROM %s WHERE %s " % (self.tblField, self.fileTblName, self.tblField)`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`query += "LIKE '%" + osPattern + "%')>0"`

Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`if inject.checkBooleanExpression(query):`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`kb.os = "Windows"`

			`break`

			`if kb.os is None:`
			`kb.os = "Linux"`

			`infoMsg = "the back-end DBMS operating system is %s" % kb.os`
			`logger.info(infoMsg)`

			`self.cleanup(onlyFileTbl=True)`

			`def forceDbmsEnum(self):`
			`if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":`
			`conf.db = "public"`

Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`warnMsg = "on %s it is only possible to enumerate " % DBMS.PGSQL`
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access. 2010-03-23 01:57:57 +03:00			`warnMsg += "on the current schema and on system databases, "`
			`warnMsg += "sqlmap is going to use 'public' schema as "`
			`warnMsg += "database name"`
			`logger.warn(warnMsg)`