sqlmap/plugins/dbms/sybase/enumeration.py

277 lines
9.3 KiB
Python
Raw Normal View History

#!/usr/bin/env python2
2010-10-13 22:55:17 +04:00
"""
2013-01-18 18:07:51 +04:00
Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
2010-10-13 22:55:17 +04:00
"""
2011-02-19 21:04:27 +03:00
from lib.core.common import Backend
2011-08-09 18:20:25 +04:00
from lib.core.common import filterPairValues
2011-02-19 21:04:27 +03:00
from lib.core.common import isTechniqueAvailable
from lib.core.common import randomStr
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import unsafeSQLIdentificatorNaming
2011-02-19 21:04:27 +03:00
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
2012-08-21 13:30:01 +04:00
from lib.core.dicts import SYBASE_TYPES
2011-02-19 21:04:27 +03:00
from lib.core.enums import PAYLOAD
from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import SqlmapNoneDataException
2012-02-16 18:42:28 +04:00
from lib.core.settings import CURRENT_DB
2012-09-10 21:23:24 +04:00
from lib.utils.pivotdumptable import pivotDumpTable
2010-10-13 22:55:17 +04:00
from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self)
2011-02-19 21:04:27 +03:00
def getUsers(self):
infoMsg = "fetching database users"
logger.info(infoMsg)
rootQuery = queries[Backend.getIdentifiedDbms()].users
randStr = randomStr()
query = rootQuery.inband.query
2012-12-05 13:45:17 +04:00
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
blinds = (False, True)
2011-02-19 21:04:27 +03:00
else:
blinds = (True,)
2011-02-19 21:04:27 +03:00
for blind in blinds:
2012-09-10 21:23:24 +04:00
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
2011-02-19 21:04:27 +03:00
if retVal:
kb.data.cachedUsers = retVal[0].values()[0]
break
return kb.data.cachedUsers
def getPrivileges(self, *args):
warnMsg = "on Sybase it is not possible to fetch "
warnMsg += "database users privileges, sqlmap will check whether "
warnMsg += "or not the database users are database administrators"
logger.warn(warnMsg)
users = []
areAdmins = set()
2011-02-21 01:45:23 +03:00
if conf.user:
2013-01-10 14:54:07 +04:00
users = [conf.user]
elif not len(kb.data.cachedUsers):
users = self.getUsers()
else:
users = kb.data.cachedUsers
2011-02-19 21:04:27 +03:00
for user in users:
if user is None:
continue
2011-02-19 21:04:27 +03:00
isDba = self.isDba(user)
2011-02-19 21:04:27 +03:00
if isDba is True:
areAdmins.add(user)
kb.data.cachedUsersPrivileges[user] = None
return (kb.data.cachedUsersPrivileges, areAdmins)
2011-02-19 21:04:27 +03:00
def getDbs(self):
if len(kb.data.cachedDbs) > 0:
return kb.data.cachedDbs
infoMsg = "fetching database names"
2011-02-19 21:04:27 +03:00
logger.info(infoMsg)
rootQuery = queries[Backend.getIdentifiedDbms()].dbs
randStr = randomStr()
query = rootQuery.inband.query
2012-12-05 13:45:17 +04:00
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
2011-02-19 21:04:27 +03:00
blinds = [False, True]
else:
blinds = [True]
for blind in blinds:
2012-09-10 21:23:24 +04:00
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
2011-02-19 21:04:27 +03:00
if retVal:
kb.data.cachedDbs = retVal[0].values()[0]
2011-02-19 21:04:27 +03:00
break
2011-10-28 17:16:22 +04:00
if kb.data.cachedDbs:
kb.data.cachedDbs.sort()
return kb.data.cachedDbs
2011-02-19 21:36:26 +03:00
def getTables(self, bruteForce=None):
if len(kb.data.cachedTables) > 0:
return kb.data.cachedTables
2011-02-19 21:36:26 +03:00
self.forceDbmsEnum()
2011-02-19 21:36:26 +03:00
2012-02-16 18:42:28 +04:00
if conf.db == CURRENT_DB:
conf.db = self.getCurrentDb()
2011-02-19 21:36:26 +03:00
if conf.db:
dbs = conf.db.split(",")
2011-02-19 21:36:26 +03:00
else:
dbs = self.getDbs()
for db in dbs:
dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db)
dbs = filter(None, dbs)
infoMsg = "fetching tables for database"
2012-01-14 01:46:21 +04:00
infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs)))
logger.info(infoMsg)
2011-02-19 21:36:26 +03:00
2012-12-05 13:45:17 +04:00
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
2011-02-19 21:36:26 +03:00
blinds = [False, True]
else:
blinds = [True]
2011-05-09 20:09:18 +04:00
rootQuery = queries[Backend.getIdentifiedDbms()].tables
2011-02-19 21:36:26 +03:00
for db in dbs:
for blind in blinds:
randStr = randomStr()
query = rootQuery.inband.query % db
2012-09-10 21:23:24 +04:00
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind)
2011-02-19 21:36:26 +03:00
if retVal:
for table in retVal[0].values()[0]:
if db not in kb.data.cachedTables:
2011-02-19 21:36:26 +03:00
kb.data.cachedTables[db] = [table]
else:
kb.data.cachedTables[db].append(table)
break
2011-10-28 17:07:23 +04:00
for db, tables in kb.data.cachedTables.items():
kb.data.cachedTables[db] = sorted(tables) if tables else tables
2011-02-19 21:36:26 +03:00
return kb.data.cachedTables
def getColumns(self, onlyColNames=False):
self.forceDbmsEnum()
2011-02-19 21:36:26 +03:00
2012-02-16 18:42:28 +04:00
if conf.db is None or conf.db == CURRENT_DB:
if conf.db is None:
2012-10-04 20:28:36 +04:00
warnMsg = "missing database parameter. sqlmap is going "
warnMsg += "to use the current database to enumerate "
warnMsg += "table(s) columns"
logger.warn(warnMsg)
2011-02-19 21:36:26 +03:00
conf.db = self.getCurrentDb()
elif conf.db is not None:
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db)
2011-06-15 22:49:35 +04:00
if conf.col:
colList = conf.col.split(",")
else:
colList = []
for col in colList:
colList[colList.index(col)] = safeSQLIdentificatorNaming(col)
if conf.tbl:
tblList = conf.tbl.split(",")
else:
self.getTables()
if len(kb.data.cachedTables) > 0:
tblList = kb.data.cachedTables.values()
if isinstance(tblList[0], (set, tuple, list)):
tblList = tblList[0]
else:
2012-02-01 13:17:38 +04:00
errMsg = "unable to retrieve the tables "
2012-03-01 15:52:30 +04:00
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException(errMsg)
for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl)
rootQuery = queries[Backend.getIdentifiedDbms()].columns
2011-02-19 21:36:26 +03:00
2012-12-05 13:45:17 +04:00
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
2011-02-19 21:36:26 +03:00
blinds = [False, True]
else:
blinds = [True]
for tbl in tblList:
if conf.db is not None and len(kb.data.cachedColumns) > 0 \
and conf.db in kb.data.cachedColumns and tbl in \
kb.data.cachedColumns[conf.db]:
infoMsg = "fetched tables' columns on "
2012-03-01 15:52:30 +04:00
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
2011-02-20 19:28:48 +03:00
2012-07-13 14:22:37 +04:00
return {conf.db: kb.data.cachedColumns[conf.db]}
2011-02-20 19:28:48 +03:00
2011-06-15 22:49:35 +04:00
if colList:
table = {}
2013-01-10 19:09:28 +04:00
table[safeSQLIdentificatorNaming(tbl)] = dict((_, None) for _ in colList)
2011-06-16 17:41:02 +04:00
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
2011-06-15 22:49:35 +04:00
continue
infoMsg = "fetching columns "
2012-03-01 15:52:30 +04:00
infoMsg += "for table '%s' " % unsafeSQLIdentificatorNaming(tbl)
infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
2011-02-20 19:28:48 +03:00
for blind in blinds:
randStr = randomStr()
query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl))
2013-01-10 16:18:44 +04:00
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.usertype' % randStr], blind=blind)
2011-02-20 19:28:48 +03:00
if retVal:
table = {}
columns = {}
2011-02-20 19:28:48 +03:00
2011-08-09 18:20:25 +04:00
for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr])):
2012-09-10 21:26:51 +04:00
columns[name] = SYBASE_TYPES.get(type_, type_)
2011-02-20 19:28:48 +03:00
2011-06-16 17:41:02 +04:00
table[safeSQLIdentificatorNaming(tbl)] = columns
kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table
2011-02-20 19:28:48 +03:00
break
2011-02-20 19:28:48 +03:00
return kb.data.cachedColumns
2011-02-20 19:28:48 +03:00
def searchDb(self):
warnMsg = "on Sybase searching of databases is not implemented"
logger.warn(warnMsg)
return []
def searchTable(self):
warnMsg = "on Sybase searching of tables is not implemented"
logger.warn(warnMsg)
return []
def searchColumn(self):
warnMsg = "on Sybase searching of columns is not implemented"
logger.warn(warnMsg)
return []
2012-03-08 19:51:30 +04:00
def search(self):
warnMsg = "on Sybase search option is not available"
logger.warn(warnMsg)
2012-10-14 19:53:55 +04:00
def getHostname(self):
warnMsg = "on Sybase it is not possible to enumerate the hostname"
logger.warn(warnMsg)