sqlmap/plugins/dbms/maxdb/enumeration.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.common import Backend
from lib.core.common import randomStr
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapNoneDataException
from lib.core.settings import CURRENT_DB
from plugins.generic.enumeration import Enumeration as GenericEnumeration

class Enumeration(GenericEnumeration):
    def __init__(self):
        GenericEnumeration.__init__(self)

        kb.data.processChar = lambda x: x.replace('_', ' ') if x else x

    def getPasswordHashes(self):
        warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"
        logger.warn(warnMsg)

        return {}

    def getDbs(self):
        if len(kb.data.cachedDbs) > 0:
            return kb.data.cachedDbs

        infoMsg = "fetching database names"
        logger.info(infoMsg)

        rootQuery = queries[Backend.getIdentifiedDbms()].dbs
        randStr = randomStr()
        query = rootQuery.inband.query
        retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.schemaname' % randStr], blind=True)

        if retVal:
            kb.data.cachedDbs = retVal[0].values()[0]

        if kb.data.cachedDbs:
            kb.data.cachedDbs.sort()

        return kb.data.cachedDbs

    def getTables(self, bruteForce=None):
        if len(kb.data.cachedTables) > 0:
            return kb.data.cachedTables

        self.forceDbmsEnum()

        if conf.db == CURRENT_DB:
            conf.db = self.getCurrentDb()

        if conf.db:
            dbs = conf.db.split(",")
        else:
            dbs = self.getDbs()

        for db in filter(None, dbs):
            dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)

        infoMsg = "fetching tables for database"
        infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))
        logger.info(infoMsg)

        rootQuery = queries[Backend.getIdentifiedDbms()].tables

        for db in dbs:
            randStr = randomStr()
            query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')
            retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True)

            if retVal:
                for table in retVal[0].values()[0]:
                    if not kb.data.cachedTables.has_key(db):
                        kb.data.cachedTables[db] = [table]
                    else:
                        kb.data.cachedTables[db].append(table)

        for db, tables in kb.data.cachedTables.items():
            kb.data.cachedTables[db] = sorted(tables) if tables else tables

        return kb.data.cachedTables

    def getColumns(self, onlyColNames=False):
        self.forceDbmsEnum()

        if conf.db is None or conf.db == CURRENT_DB:
            if conf.db is None:
                warnMsg = "missing database parameter, sqlmap is going "
                warnMsg += "to use the current database to enumerate "
                warnMsg += "table(s) columns"
                logger.warn(warnMsg)

            conf.db = self.getCurrentDb()

        elif conf.db is not None:
            if  ',' in conf.db:
                errMsg = "only one database name is allowed when enumerating "
                errMsg += "the tables' columns"
                raise sqlmapMissingMandatoryOptionException, errMsg

        conf.db = safeSQLIdentificatorNaming(conf.db)

        if conf.tbl:
            tblList = conf.tbl.split(",")
        else:
            self.getTables()

            if len(kb.data.cachedTables) > 0:
                tblList = kb.data.cachedTables.values()

                if isinstance(tblList[0], (set, tuple, list)):
                    tblList = tblList[0]
            else:
                errMsg = "unable to retrieve the tables "
                errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
                raise sqlmapNoneDataException, errMsg

        for tbl in tblList:
            tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)

        rootQuery = queries[Backend.getIdentifiedDbms()].columns

        for tbl in tblList:
            if conf.db is not None and len(kb.data.cachedColumns) > 0 \
              and conf.db in kb.data.cachedColumns and tbl in \
              kb.data.cachedColumns[conf.db]:
                infoMsg = "fetched tables' columns on "
                infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
                logger.info(infoMsg)

                return { conf.db: kb.data.cachedColumns[conf.db]}

            infoMsg = "fetching columns "
            infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
            infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
            logger.info(infoMsg)

            randStr = randomStr()
            query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER')
            retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.columnname' % randStr,'%s.datatype' % randStr,'%s.len' % randStr], blind=True)

            if retVal:
                table = {}
                columns = {}

                for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):
                    columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)

                table[tbl] = columns
                kb.data.cachedColumns[conf.db] = table

        return kb.data.cachedColumns

    def searchDb(self):
        warnMsg = "on SAP MaxDB it is not possible to search databases"
        logger.warn(warnMsg)

        return []
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`#!/usr/bin/env python`

			`"""`
updating copyright date 2012-01-11 18:59:46 +04:00			`Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`"""`

--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00			`from lib.core.common import Backend`
			`from lib.core.common import randomStr`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`from lib.core.common import safeSQLIdentificatorNaming`
			`from lib.core.common import unsafeSQLIdentificatorNaming`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00			`from lib.core.data import conf`
implemented --banner for MaxDB and some minor fixes 2010-11-02 23:51:55 +03:00			`from lib.core.data import kb`
implemented active fingerprinting for MaxDB 2010-08-30 18:16:23 +04:00			`from lib.core.data import logger`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00			`from lib.core.data import queries`
minor update 2011-02-21 01:45:23 +03:00			`from lib.core.exception import sqlmapMissingMandatoryOptionException`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`from lib.core.exception import sqlmapNoneDataException`
some more refactorings 2012-02-16 18:42:28 +04:00			`from lib.core.settings import CURRENT_DB`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`from plugins.generic.enumeration import Enumeration as GenericEnumeration`

			`class Enumeration(GenericEnumeration):`
			`def __init__(self):`
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 14:55:20 +03:00			`GenericEnumeration.__init__(self)`
removed all trailing spaces from blank lines 2010-11-03 13:08:27 +03:00
implemented --banner for MaxDB and some minor fixes 2010-11-02 23:51:55 +03:00			`kb.data.processChar = lambda x: x.replace('_', ' ') if x else x`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`def getPasswordHashes(self):`
			`warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"`
			`logger.warn(warnMsg)`

			`return {}`

Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`def getDbs(self):`
			`if len(kb.data.cachedDbs) > 0:`
			`return kb.data.cachedDbs`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`infoMsg = "fetching database names"`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00			`logger.info(infoMsg)`

Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`rootQuery = queries[Backend.getIdentifiedDbms()].dbs`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00			`randStr = randomStr()`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`query = rootQuery.inband.query`
			`retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.schemaname' % randStr], blind=True)`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00
			`if retVal:`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`kb.data.cachedDbs = retVal[0].values()[0]`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00
minor update 2011-10-28 17:16:22 +04:00			`if kb.data.cachedDbs:`
			`kb.data.cachedDbs.sort()`

Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`return kb.data.cachedDbs`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00
			`def getTables(self, bruteForce=None):`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`if len(kb.data.cachedTables) > 0:`
			`return kb.data.cachedTables`

further improvement of MaxDB support 2011-02-21 01:41:42 +03:00			`self.forceDbmsEnum()`

some more refactorings 2012-02-16 18:42:28 +04:00			`if conf.db == CURRENT_DB:`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`conf.db = self.getCurrentDb()`

further improvement of MaxDB support 2011-02-21 01:41:42 +03:00			`if conf.db:`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`dbs = conf.db.split(",")`
			`else:`
			`dbs = self.getDbs()`

just in case commit to prevent join string iteration over 'None' values 2011-07-30 17:01:37 +04:00			`for db in filter(None, dbs):`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)`

			`infoMsg = "fetching tables for database"`
Minor bug fixes for -d 2012-01-14 01:46:21 +04:00			`infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00			`logger.info(infoMsg)`

			`rootQuery = queries[Backend.getIdentifiedDbms()].tables`

			`for db in dbs:`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00			`randStr = randomStr()`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00			`query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER')`
			`retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True)`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00
			`if retVal:`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00			`for table in retVal[0].values()[0]:`
			`if not kb.data.cachedTables.has_key(db):`
			`kb.data.cachedTables[db] = [table]`
			`else:`
			`kb.data.cachedTables[db].append(table)`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00
minor update 2011-10-28 17:07:23 +04:00			`for db, tables in kb.data.cachedTables.items():`
			`kb.data.cachedTables[db] = sorted(tables) if tables else tables`

further improvement of MaxDB support 2011-02-21 01:41:42 +03:00			`return kb.data.cachedTables`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`def getColumns(self, onlyColNames=False):`
			`self.forceDbmsEnum()`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00
some more refactorings 2012-02-16 18:42:28 +04:00			`if conf.db is None or conf.db == CURRENT_DB:`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`if conf.db is None:`
			`warnMsg = "missing database parameter, sqlmap is going "`
			`warnMsg += "to use the current database to enumerate "`
			`warnMsg += "table(s) columns"`
			`logger.warn(warnMsg)`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`conf.db = self.getCurrentDb()`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`elif conf.db is not None:`
			`if ',' in conf.db:`
			`errMsg = "only one database name is allowed when enumerating "`
			`errMsg += "the tables' columns"`
			`raise sqlmapMissingMandatoryOptionException, errMsg`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`conf.db = safeSQLIdentificatorNaming(conf.db)`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`if conf.tbl:`
			`tblList = conf.tbl.split(",")`
			`else:`
			`self.getTables()`

			`if len(kb.data.cachedTables) > 0:`
			`tblList = kb.data.cachedTables.values()`

			`if isinstance(tblList[0], (set, tuple, list)):`
			`tblList = tblList[0]`
			`else:`
minor fix 2012-02-01 13:17:38 +04:00			`errMsg = "unable to retrieve the tables "`
minor appereance fix 2012-03-01 15:52:30 +04:00			`errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`raise sqlmapNoneDataException, errMsg`

			`for tbl in tblList:`
some fixes 2011-06-16 17:41:02 +04:00			`tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00
			`rootQuery = queries[Backend.getIdentifiedDbms()].columns`

			`for tbl in tblList:`
			`if conf.db is not None and len(kb.data.cachedColumns) > 0 \`
some fixes 2011-06-16 18:27:44 +04:00			`and conf.db in kb.data.cachedColumns and tbl in \`
			`kb.data.cachedColumns[conf.db]:`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`infoMsg = "fetched tables' columns on "`
minor appereance fix 2012-03-01 15:52:30 +04:00			`infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`logger.info(infoMsg)`

			`return { conf.db: kb.data.cachedColumns[conf.db]}`

			`infoMsg = "fetching columns "`
minor appereance fix 2012-03-01 15:52:30 +04:00			`infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)`
			`infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00			`logger.info(infoMsg)`

			`randStr = randomStr()`
			`query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER')`
			`retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.columnname' % randStr,'%s.datatype' % randStr,'%s.len' % randStr], blind=True)`

			`if retVal:`
			`table = {}`
			`columns = {}`

			`for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]):`
some fixes 2011-06-16 17:41:02 +04:00			`columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length)`
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-05-01 02:11:36 +04:00
			`table[tbl] = columns`
			`kb.data.cachedColumns[conf.db] = table`

			`return kb.data.cachedColumns`

			`def searchDb(self):`
			`warnMsg = "on SAP MaxDB it is not possible to search databases"`
			`logger.warn(warnMsg)`

			`return []`