sqlmap/plugins/dbms/maxdb/fingerprint.py

#!/usr/bin/env python

"""
Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.agent import agent
from lib.core.common import Backend
from lib.core.common import Format
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.session import setDbms
from lib.core.settings import MAXDB_ALIASES
from lib.request import inject
from lib.request.connect import Connect as Request
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint

class Fingerprint(GenericFingerprint):
    def __init__(self):
        GenericFingerprint.__init__(self, DBMS.MAXDB)

    def _versionCheck(self):
        infoMsg = "executing %s SYSINFO version check" % DBMS.MAXDB
        logger.info(infoMsg)

        query = agent.prefixQuery("/* NoValue */")
        query = agent.suffixQuery(query)
        payload = agent.payload(newValue=query)
        result = Request.queryPage(payload)

        if not result:
            warnMsg = "unable to perform %s version check" % DBMS.MAXDB
            logger.warn(warnMsg)

            return None

        minor, major = None, None

        for version in (6, 7):
            result = inject.checkBooleanExpression("%d=(SELECT MAJORVERSION FROM SYSINFO.VERSION)" % version)

            if result:
                major = version

        for version in xrange(0, 10):
            result = inject.checkBooleanExpression("%d=(SELECT MINORVERSION FROM SYSINFO.VERSION)" % version)

            if result:
                minor = version

        if major and minor:
            return "%s.%s" % (major, minor)
        else:
            return None

    def getFingerprint(self):
        value = ""
        wsOsFp = Format.getOs("web server", kb.headersFp)

        if wsOsFp:
            value += "%s\n" % wsOsFp

        if kb.data.banner:
            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)

            if dbmsOsFp:
                value += "%s\n" % dbmsOsFp

        blank = " " * 15
        value += "back-end DBMS: "

        if not conf.extensiveFp:
            value += DBMS.MAXDB
            return value

        actVer = Format.getDbms() + " (%s)" % self._versionCheck()
        blank = " " * 15
        value += "active fingerprint: %s" % actVer

        if kb.bannerFp:
            value += "\n%sbanner parsing fingerprint: -" % blank

        htmlErrorFp = Format.getErrorParsedDBMSes()

        if htmlErrorFp:
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)

        return value

    def checkDbms(self):
        if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):
            setDbms(DBMS.MAXDB)

            self.getBanner()

            return True

        infoMsg = "testing %s" % DBMS.MAXDB
        logger.info(infoMsg)

        result = inject.checkBooleanExpression("ALPHA(NULL) IS NULL")

        if result:
            infoMsg = "confirming %s" % DBMS.MAXDB
            logger.info(infoMsg)

            result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")

            if not result:
                warnMsg = "the back-end DBMS is not %s" % DBMS.MAXDB
                logger.warn(warnMsg)

                return False

            setDbms(DBMS.MAXDB)

            self.getBanner()

            return True
        else:
            warnMsg = "the back-end DBMS is not %s" % DBMS.MAXDB
            logger.warn(warnMsg)

            return False

    def forceDbmsEnum(self):
        if conf.db:
            conf.db = conf.db.upper()
        else:
            conf.db = "USER"

        if conf.tbl:
            conf.tbl = conf.tbl.upper()
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`#!/usr/bin/env python`

			`"""`
modified homepage address 2012-07-12 21:38:03 +04:00			`Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`"""`

			`from lib.core.agent import agent`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`from lib.core.common import Backend`
			`from lib.core.common import Format`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
further refactoring (all enumerations are now put into enums.py) 2010-11-08 12:20:02 +03:00			`from lib.core.enums import DBMS`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`from lib.core.session import setDbms`
			`from lib.core.settings import MAXDB_ALIASES`
update 2010-12-09 14:23:44 +03:00			`from lib.request import inject`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`from lib.request.connect import Connect as Request`
			`from plugins.generic.fingerprint import Fingerprint as GenericFingerprint`

			`class Fingerprint(GenericFingerprint):`
			`def __init__(self):`
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 14:55:20 +03:00			`GenericFingerprint.__init__(self, DBMS.MAXDB)`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`def _versionCheck(self):`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`infoMsg = "executing %s SYSINFO version check" % DBMS.MAXDB`
implemented active fingerprinting for MaxDB 2010-08-30 18:16:23 +04:00			`logger.info(infoMsg)`

Minor code restyling 2011-04-30 17:20:05 +04:00			`query = agent.prefixQuery("/* NoValue */")`
			`query = agent.suffixQuery(query)`
implemented active fingerprinting for MaxDB 2010-08-30 18:16:23 +04:00			`payload = agent.payload(newValue=query)`
Minor code restyling 2011-04-30 17:20:05 +04:00			`result = Request.queryPage(payload)`
implemented active fingerprinting for MaxDB 2010-08-30 18:16:23 +04:00
			`if not result:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`warnMsg = "unable to perform %s version check" % DBMS.MAXDB`
implemented active fingerprinting for MaxDB 2010-08-30 18:16:23 +04:00			`logger.warn(warnMsg)`

			`return None`

			`minor, major = None, None`

Some more refactoring 2012-07-06 19:18:22 +04:00			`for version in (6, 7):`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`result = inject.checkBooleanExpression("%d=(SELECT MAJORVERSION FROM SYSINFO.VERSION)" % version)`
implemented active fingerprinting for MaxDB 2010-08-30 18:16:23 +04:00
			`if result:`
			`major = version`

			`for version in xrange(0, 10):`
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`result = inject.checkBooleanExpression("%d=(SELECT MINORVERSION FROM SYSINFO.VERSION)" % version)`
implemented active fingerprinting for MaxDB 2010-08-30 18:16:23 +04:00
			`if result:`
			`minor = version`

			`if major and minor:`
			`return "%s.%s" % (major, minor)`
			`else:`
			`return None`

added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`def getFingerprint(self):`
Minor code restyling 2011-04-30 17:20:05 +04:00			`value = ""`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`wsOsFp = Format.getOs("web server", kb.headersFp)`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`if wsOsFp:`
			`value += "%s\n" % wsOsFp`

			`if kb.data.banner:`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`if dbmsOsFp:`
			`value += "%s\n" % dbmsOsFp`

Minor code restyling 2011-04-30 17:20:05 +04:00			`blank = " " * 15`
			`value += "back-end DBMS: "`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`if not conf.extensiveFp:`
minor update 2010-11-02 15:08:28 +03:00			`value += DBMS.MAXDB`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`return value`

Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 17:14:19 +04:00			`actVer = Format.getDbms() + " (%s)" % self._versionCheck()`
Minor code restyling 2011-04-30 17:20:05 +04:00			`blank = " " * 15`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`value += "active fingerprint: %s" % actVer`

			`if kb.bannerFp:`
			`value += "\n%sbanner parsing fingerprint: -" % blank`

refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`htmlErrorFp = Format.getErrorParsedDBMSes()`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`if htmlErrorFp:`
			`value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)`

			`return value`

			`def checkDbms(self):`
refactoring (class names should always be Capital cased) 2011-01-28 19:36:09 +03:00			`if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES):`
refactoring of hard coded dbms names 2010-11-02 14:59:24 +03:00			`setDbms(DBMS.MAXDB)`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`self.getBanner()`

Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 15:47:07 +03:00			`return True`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
Minor variable rename 2011-04-30 19:29:59 +04:00			`infoMsg = "testing %s" % DBMS.MAXDB`
			`logger.info(infoMsg)`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
minor update for MaxDB 2011-02-21 00:17:16 +03:00			`result = inject.checkBooleanExpression("ALPHA(NULL) IS NULL")`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`if result:`
Minor variable rename 2011-04-30 19:29:59 +04:00			`infoMsg = "confirming %s" % DBMS.MAXDB`
			`logger.info(infoMsg)`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. 2010-12-14 00:33:42 +03:00			`result = inject.checkBooleanExpression("MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`if not result:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`warnMsg = "the back-end DBMS is not %s" % DBMS.MAXDB`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`logger.warn(warnMsg)`

			`return False`

refactoring of hard coded dbms names 2010-11-02 14:59:24 +03:00			`setDbms(DBMS.MAXDB)`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00
			`self.getBanner()`

			`return True`
			`else:`
Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-20 02:06:15 +03:00			`warnMsg = "the back-end DBMS is not %s" % DBMS.MAXDB`
added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 17:29:19 +04:00			`logger.warn(warnMsg)`

			`return False`

			`def forceDbmsEnum(self):`
further improvement of MaxDB support 2011-02-21 01:41:42 +03:00			`if conf.db:`
			`conf.db = conf.db.upper()`
			`else:`
			`conf.db = "USER"`
--dump now works on MaxDB too 2011-02-21 01:07:12 +03:00
			`if conf.tbl:`
removing of unused imports together with some general code refactoring 2012-02-22 14:40:11 +04:00			`conf.tbl = conf.tbl.upper()`