sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

laying foundation for DNS based data retrieval

Browse Source
This commit is contained in:
Miroslav Stampar 2012-03-27 18:59:12 +00:00
parent 645fc8a21c
commit 1b072f6415
5 changed files with 74 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/parse/cmdline.py
View File

@ -628,6 +628,9 @@ def cmdLineParser():
parser.add_option("--test-filter", dest="testFilter", parser.add_option("--test-filter", dest="testFilter",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
parser.add_option("--dns-domain", dest="dnsDomain",
help=SUPPRESS_HELP)
parser.add_option_group(target) parser.add_option_group(target)
parser.add_option_group(request) parser.add_option_group(request)
parser.add_option_group(optimization) parser.add_option_group(optimization)

44
lib/request/dnsquery.py Normal file
View File

@ -0,0 +1,44 @@
#!/usr/bin/env python
"""
$Id$
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
class DNSQuery:
"""
Used for making fake DNS resolution responses based on received
raw request
Reference(s):
http://code.activestate.com/recipes/491264-mini-fake-dns-server/
https://code.google.com/p/marlon-tools/source/browse/tools/dnsproxy/dnsproxy.py
"""
def __init__(self, raw):
self._raw = raw
self._query = ""
type_ = (ord(raw[2]) >> 3) & 15 # Opcode bits
if type_ == 0: # Standard query
i = 12
j = ord(raw[i])
while j != 0:
self._query += raw[i+1:i+j+1] + '.'
i = i + j + 1
j = ord(raw[i])
def response(self, resolution):
retval = ""
if self._query:
retval += self._raw[:2] + "\x81\x80"
retval += self._raw[4:6] + self._raw[4:6] + "\x00\x00\x00\x00" # Questions and Answers Counts
retval += self._raw[12:] # Original Domain Name Question
retval += "\xc0\x0c" # Pointer to domain name
retval += "\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04" # Response type, ttl and resource data length -> 4 bytes
retval += "".join(chr(int(_)) for _ in resolution.split('.')) # 4 bytes of IP
return retval

10
lib/techniques/dns/__init__.py Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/env python
"""
$Id$
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
pass

16
lib/techniques/dns/use.py Normal file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env python
"""
$Id$
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
def dnsUse(expression, expected=None, dump=False):
"""
Retrieve the output of a SQL query taking advantage of the DNS
resolution mechanism by making request back to attacker's machine.
"""
raise NotImplementedError

2
procs/README.txt
View File

@ -1,3 +1,3 @@
Files in this folder represent SQL Procedural Language snippets used Files in this folder represent SQL (Procedural Language) snippets used
by sqlmap on the target system. They are licensed under the terms of by sqlmap on the target system. They are licensed under the terms of
the GNU Lesser General Public License. the GNU Lesser General Public License.