From 367d0639f0e3ea0bd464f129a877eaf786d9b96d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 28 Jan 2011 16:36:09 +0000 Subject: [PATCH] refactoring (class names should always be Capital cased) --- extra/gprof2dot/gprof2dot.py | 2 +- extra/xdot/xdot.py | 2 +- lib/controller/action.py | 8 +- lib/controller/checks.py | 26 +- lib/controller/handler.py | 8 +- lib/core/agent.py | 64 +-- lib/core/common.py | 576 ++++++++++++------------ lib/core/option.py | 6 +- lib/core/session.py | 26 +- lib/core/shell.py | 4 +- lib/core/unescaper.py | 4 +- lib/core/xmldump.py | 6 +- lib/parse/banner.py | 12 +- lib/request/direct.py | 4 +- lib/request/inject.py | 42 +- lib/takeover/abstraction.py | 18 +- lib/takeover/metasploit.py | 18 +- lib/takeover/udf.py | 18 +- lib/takeover/xp_cmdshell.py | 8 +- lib/techniques/blind/inference.py | 8 +- lib/techniques/brute/use.py | 4 +- lib/techniques/error/use.py | 34 +- lib/techniques/inband/union/test.py | 10 +- lib/techniques/inband/union/use.py | 36 +- lib/utils/hash.py | 8 +- lib/utils/resume.py | 10 +- plugins/dbms/access/fingerprint.py | 22 +- plugins/dbms/firebird/fingerprint.py | 32 +- plugins/dbms/maxdb/fingerprint.py | 14 +- plugins/dbms/mssqlserver/enumeration.py | 8 +- plugins/dbms/mssqlserver/fingerprint.py | 26 +- plugins/dbms/mysql/fingerprint.py | 74 +-- plugins/dbms/oracle/enumeration.py | 6 +- plugins/dbms/oracle/fingerprint.py | 18 +- plugins/dbms/postgresql/fingerprint.py | 46 +- plugins/dbms/sqlite/fingerprint.py | 18 +- plugins/dbms/sybase/fingerprint.py | 24 +- plugins/generic/enumeration.py | 240 +++++----- plugins/generic/filesystem.py | 12 +- plugins/generic/fingerprint.py | 4 +- plugins/generic/misc.py | 14 +- plugins/generic/takeover.py | 30 +- 42 files changed, 775 insertions(+), 775 deletions(-) diff --git a/extra/gprof2dot/gprof2dot.py b/extra/gprof2dot/gprof2dot.py index b9571473b..8978b8e93 100755 --- a/extra/gprof2dot/gprof2dot.py +++ b/extra/gprof2dot/gprof2dot.py @@ -1036,7 +1036,7 @@ class CallgrindParser(LineParser): """Parser for valgrind's callgrind tool. See also: - - http://valgrind.org/docs/manual/cl-format.html + - http://valgrind.org/docs/manual/cl-Format.html """ _call_re = re.compile('^calls=\s*(\d+)\s+((\d+|\+\d+|-\d+|\*)\s+)+$') diff --git a/extra/xdot/xdot.py b/extra/xdot/xdot.py index 42bc060cb..4bc94640e 100644 --- a/extra/xdot/xdot.py +++ b/extra/xdot/xdot.py @@ -16,7 +16,7 @@ # along with this program. If not, see . # -'''Visualize dot graphs via the xdot format.''' +'''Visualize dot graphs via the xdot Format.''' __author__ = "Jose Fonseca" diff --git a/lib/controller/action.py b/lib/controller/action.py index 8989f6929..597fff194 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission """ from lib.controller.handler import setHandler -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import dataToStdout from lib.core.data import conf from lib.core.data import kb @@ -31,8 +31,8 @@ def action(): # system to be able to go ahead with the injection setHandler() - if not backend.getDbms() or not conf.dbmsHandler: - htmlParsed = format.getErrorParsedDBMSes() + if not Backend.getDbms() or not conf.dbmsHandler: + htmlParsed = Format.getErrorParsedDBMSes() errMsg = "sqlmap was not able to fingerprint the " errMsg += "back-end database management system" diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 60fc7bd49..793ef8166 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -13,11 +13,11 @@ import time from lib.core.agent import agent from lib.core.common import aliasToDbmsEnum -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import beep from lib.core.common import extractRegexResult from lib.core.common import findDynamicContent -from lib.core.common import format +from lib.core.common import Format from lib.core.common import getComparePageRatio from lib.core.common import getCompiledRegex from lib.core.common import getSortedInjectionTests @@ -140,19 +140,19 @@ def checkSqlInjection(place, parameter, value): continue - if len(backend.getErrorParsedDBMSes()) > 0 and dbms not in backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None: + if len(Backend.getErrorParsedDBMSes()) > 0 and dbms not in Backend.getErrorParsedDBMSes() and kb.skipOthersDbms is None: msg = "parsed error message(s) showed that the " - msg += "back-end DBMS could be %s. " % format.getErrorParsedDBMSes() + msg += "back-end DBMS could be %s. " % Format.getErrorParsedDBMSes() msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]" if conf.realTest or readInput(msg, default="Y") in ("y", "Y"): - kb.skipOthersDbms = backend.getErrorParsedDBMSes() + kb.skipOthersDbms = Backend.getErrorParsedDBMSes() if kb.skipOthersDbms and dbms not in kb.skipOthersDbms: debugMsg = "skipping test '%s' because " % title debugMsg += "the parsed error message(s) showed " debugMsg += "that the back-end DBMS could be " - debugMsg += "%s" % format.getErrorParsedDBMSes() + debugMsg += "%s" % Format.getErrorParsedDBMSes() logger.debug(debugMsg) continue @@ -350,7 +350,7 @@ def checkSqlInjection(place, parameter, value): # Force back-end DBMS according to the current # test value for proper payload unescaping - backend.forceDbms(dbms) + Backend.forceDbms(dbms) # Skip test if the user provided custom column # range and this is not a custom UNION test @@ -362,7 +362,7 @@ def checkSqlInjection(place, parameter, value): configUnion(test.request.char, test.request.columns) - if not backend.getIdentifiedDbms(): + if not Backend.getIdentifiedDbms(): warnMsg = "using unescaped version of the test " warnMsg += "because of zero knowledge of the " warnMsg += "back-end DBMS" @@ -382,7 +382,7 @@ def checkSqlInjection(place, parameter, value): where = vector[6] # Reset forced back-end DBMS value - backend.flushForcedDbms() + Backend.flushForcedDbms() # If the injection test was successful feed the injection # object with the test's details @@ -421,11 +421,11 @@ def checkSqlInjection(place, parameter, value): if hasattr(test, "details"): for dKey, dValue in test.details.items(): if dKey == "dbms": - injection.dbms = backend.setDbms(dValue) + injection.dbms = Backend.setDbms(dValue) elif dKey == "dbms_version" and injection.dbms_version is None: - injection.dbms_version = backend.setVersion(dValue) + injection.dbms_version = Backend.setVersion(dValue) elif dKey == "os" and injection.os is None: - injection.os = backend.setOs(dValue) + injection.os = Backend.setOs(dValue) if conf.beep or conf.realTest: beep() @@ -488,7 +488,7 @@ def heuristicCheckSqlInjection(place, parameter): infoMsg += "parameter '%s' might " % parameter if result: - infoMsg += "be injectable (possible DBMS: %s)" % (format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION) + infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION) logger.info(infoMsg) else: infoMsg += "not be injectable" diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 5ff5bb68b..e4ee8a5af 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import popValue from lib.core.common import pushValue from lib.core.data import conf @@ -63,11 +63,11 @@ def setHandler(): ( SYBASE_ALIASES, SybaseMap, SybaseConn ), ] - if backend.getIdentifiedDbms() is not None: + if Backend.getIdentifiedDbms() is not None: for i in xrange(len(dbmsObj)): dbmsAliases, _, _ = dbmsObj[i] - if backend.getIdentifiedDbms().lower() in dbmsAliases: + if Backend.getIdentifiedDbms().lower() in dbmsAliases: if i > 0: pushValue(dbmsObj[i]) dbmsObj.remove(dbmsObj[i]) @@ -102,4 +102,4 @@ def setHandler(): # At this point back-end DBMS is correctly fingerprinted, no need # to enforce it anymore - backend.flushForcedDbms() + Backend.flushForcedDbms() diff --git a/lib/core/agent.py b/lib/core/agent.py index e64d7c7f4..9fa48e8aa 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -11,7 +11,7 @@ import re from xml.etree import ElementTree as ET -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getCompiledRegex from lib.core.common import isDBMSVersionAtLeast from lib.core.common import isTechniqueAvailable @@ -222,8 +222,8 @@ class Agent: payload = payload.replace("[ORIGVALUE]", origvalue) if "[INFERENCE]" in payload: - if backend.getIdentifiedDbms() is not None: - inference = queries[backend.getIdentifiedDbms()].inference + if Backend.getIdentifiedDbms() is not None: + inference = queries[Backend.getIdentifiedDbms()].inference if "dbms_version" in inference: if isDBMSVersionAtLeast(inference.dbms_version): @@ -281,17 +281,17 @@ class Agent: # SQLite version 2 does not support neither CAST() nor IFNULL(), # introduced only in SQLite version 3 - if backend.getIdentifiedDbms() == DBMS.SQLITE: + if Backend.getIdentifiedDbms() == DBMS.SQLITE: return field if field.startswith("(CASE"): nulledCastedField = field else: - nulledCastedField = queries[backend.getIdentifiedDbms()].cast.query % field - if backend.getIdentifiedDbms() == DBMS.ACCESS: - nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField) + nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field + if Backend.getIdentifiedDbms() == DBMS.ACCESS: + nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField) else: - nulledCastedField = queries[backend.getIdentifiedDbms()].isnull.query % nulledCastedField + nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField return nulledCastedField @@ -325,7 +325,7 @@ class Agent: @rtype: C{str} """ - if not backend.getDbms(): + if not Backend.getDbms(): return fields if fields.startswith("(CASE"): @@ -333,7 +333,7 @@ class Agent: else: fields = fields.replace(", ", ",") fieldsSplitted = fields.split(",") - dbmsDelimiter = queries[backend.getIdentifiedDbms()].delimiter.query + dbmsDelimiter = queries[Backend.getIdentifiedDbms()].delimiter.query nulledCastedFields = [] for field in fieldsSplitted: @@ -396,13 +396,13 @@ class Agent: def simpleConcatQuery(self, query1, query2): concatenatedQuery = "" - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2) - elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE): + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE): concatenatedQuery = "%s||%s" % (query1, query2) - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): concatenatedQuery = "%s+%s" % (query1, query2) return concatenatedQuery @@ -444,7 +444,7 @@ class Agent: concatenatedQuery = query fieldsSelectFrom, fieldsSelect, fieldsNoSelect, fieldsSelectTop, fieldsSelectCase, _, fieldsToCastStr, fieldsExists = self.getFields(query) - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: if fieldsExists: concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1) concatenatedQuery += ",'%s')" % kb.misc.stop @@ -460,7 +460,7 @@ class Agent: elif fieldsNoSelect: concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop) - elif backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE): + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE): if fieldsExists: concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1) concatenatedQuery += "||'%s'" % kb.misc.stop @@ -476,7 +476,7 @@ class Agent: elif fieldsNoSelect: concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop) - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): if fieldsExists: concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1) concatenatedQuery += "+'%s'" % kb.misc.stop @@ -545,8 +545,8 @@ class Agent: intoRegExp = intoRegExp.group(1) query = query[:query.index(intoRegExp)] - if backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[backend.getIdentifiedDbms()]): - inbandQuery = inbandQuery[:-len(FROM_TABLE[backend.getIdentifiedDbms()])] + if Backend.getIdentifiedDbms() in FROM_TABLE and inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): + inbandQuery = inbandQuery[:-len(FROM_TABLE[Backend.getIdentifiedDbms()])] for element in range(0, count): if element > 0: @@ -565,9 +565,9 @@ class Agent: conditionIndex = query.index(" FROM ") inbandQuery += query[conditionIndex:] - if backend.getIdentifiedDbms() in FROM_TABLE: + if Backend.getIdentifiedDbms() in FROM_TABLE: if " FROM " not in inbandQuery or "(CASE " in inbandQuery: - inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()] + inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()] if intoRegExp: inbandQuery += intoRegExp @@ -584,8 +584,8 @@ class Agent: else: inbandQuery += char - if backend.getIdentifiedDbms() in FROM_TABLE: - inbandQuery += FROM_TABLE[backend.getIdentifiedDbms()] + if Backend.getIdentifiedDbms() in FROM_TABLE: + inbandQuery += FROM_TABLE[Backend.getIdentifiedDbms()] inbandQuery = self.suffixQuery(inbandQuery, comment, suffix) @@ -614,21 +614,21 @@ class Agent: """ limitedQuery = query - limitStr = queries[backend.getIdentifiedDbms()].limit.query + limitStr = queries[Backend.getIdentifiedDbms()].limit.query fromIndex = limitedQuery.index(" FROM ") untilFrom = limitedQuery[:fromIndex] fromFrom = limitedQuery[fromIndex+1:] orderBy = False - if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE): - limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num, 1) + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE): + limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1) limitedQuery += " %s" % limitStr - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: - limitStr = queries[backend.getIdentifiedDbms()].limit.query % (num+1, num+1) + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1) limitedQuery += " %s" % limitStr - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery: orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):] limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")] @@ -640,7 +640,7 @@ class Agent: limitedQuery = limitedQuery % fromFrom limitedQuery += "=%d" % (num + 1) - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): forgeNotIn = True if " ORDER BY " in limitedQuery: @@ -654,7 +654,7 @@ class Agent: limitedQuery = limitedQuery.replace("DISTINCT %s" % notDistinct, notDistinct) if limitedQuery.startswith("SELECT TOP ") or limitedQuery.startswith("TOP "): - topNums = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I) + topNums = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, limitedQuery, re.I) if topNums: topNums = topNums.groups() @@ -700,8 +700,8 @@ class Agent: @rtype: C{str} """ - if backend.getIdentifiedDbms() is not None and hasattr(queries[backend.getIdentifiedDbms()], "case"): - return queries[backend.getIdentifiedDbms()].case.query % expression + if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"): + return queries[Backend.getIdentifiedDbms()].case.query % expression else: return expression diff --git a/lib/core/common.py b/lib/core/common.py index 27987118b..ea80be9e7 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -127,6 +127,279 @@ class DynamicContentItem: self.lineContentBefore = lineContentBefore self.lineContentAfter = lineContentAfter +class Format: + @staticmethod + def humanize(values, chain=" or "): + strJoin = "|".join([v for v in values]) + + return strJoin.replace("|", chain) + + # Get methods + @staticmethod + def getDbms(versions=None): + """ + Format the back-end DBMS fingerprint value and return its + values formatted as a human readable string. + + @return: detected back-end DBMS based upon fingerprint techniques. + @rtype: C{str} + """ + + if versions is None and Backend.getVersionList(): + versions = Backend.getVersionList() + + if versions is None: + return Backend.getDbms() + else: + return "%s %s" % (Backend.getDbms(), " and ".join([v for v in versions])) + + @staticmethod + def getErrorParsedDBMSes(): + """ + Parses the knowledge base htmlFp list and return its values + formatted as a human readable string. + + @return: list of possible back-end DBMS based upon error messages + parsing. + @rtype: C{str} + """ + + htmlParsed = "" + + if len(kb.htmlFp) == 0: + return None + elif len(kb.htmlFp) == 1: + htmlParsed = kb.htmlFp[0] + elif len(kb.htmlFp) > 1: + htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp]) + + return htmlParsed + + @staticmethod + def getOs(target, info): + """ + Formats the back-end operating system fingerprint value + and return its values formatted as a human readable string. + + Example of info (kb.headersFp) dictionary: + + { + 'distrib': set(['Ubuntu']), + 'type': set(['Linux']), + 'technology': set(['PHP 5.2.6', 'Apache 2.2.9']), + 'release': set(['8.10']) + } + + Example of info (kb.bannerFp) dictionary: + + { + 'sp': set(['Service Pack 4']), + 'dbmsVersion': '8.00.194', + 'dbmsServicePack': '0', + 'distrib': set(['2000']), + 'dbmsRelease': '2000', + 'type': set(['Windows']) + } + + @return: detected back-end operating system based upon fingerprint + techniques. + @rtype: C{str} + """ + + infoStr = "" + + if info and "type" in info: + infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"])) + + if "distrib" in info: + infoStr += " %s" % Format.humanize(info["distrib"]) + + if "release" in info: + infoStr += " %s" % Format.humanize(info["release"]) + + if "sp" in info: + infoStr += " %s" % Format.humanize(info["sp"]) + + if "codename" in info: + infoStr += " (%s)" % Format.humanize(info["codename"]) + + if "technology" in info: + infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ") + + return infoStr + +class Backend: + # Set methods + @staticmethod + def setDbms(dbms): + dbms = aliasToDbmsEnum(dbms) + + if dbms is None: + return None + + # Little precaution, in theory this condition should always be false + elif kb.dbms is not None and kb.dbms != dbms: + msg = "sqlmap previously fingerprinted back-end DBMS " + msg += "%s. However now it has been fingerprinted " % kb.dbms + msg += "to be %s. " % dbms + msg += "Please, specify which DBMS is " + msg += "correct [%s (default)/%s] " % (kb.dbms, dbms) + + while True: + inp = readInput(msg, default=kb.dbms) + + if aliasToDbmsEnum(inp) == kb.dbms: + break + elif aliasToDbmsEnum(inp) == dbms: + kb.dbms = aliasToDbmsEnum(inp) + break + else: + warnMsg = "invalid value" + logger.warn(warnMsg) + + elif kb.dbms is None: + kb.dbms = aliasToDbmsEnum(dbms) + + return kb.dbms + + @staticmethod + def setVersion(version): + if isinstance(version, basestring): + kb.dbmsVersion = [ version ] + + return kb.dbmsVersion + + @staticmethod + def setVersionList(versionsList): + if isinstance(versionsList, list): + kb.dbmsVersion = versionsList + elif isinstance(version, basestring): + Backend.setVersion(versionsList) + else: + logger.error("invalid format of versionsList") + + @staticmethod + def forceDbms(dbms): + kb.misc.forcedDbms = aliasToDbmsEnum(dbms) + + @staticmethod + def flushForcedDbms(): + kb.misc.forcedDbms = None + + @staticmethod + def setOs(os): + if os is None: + return None + + # Little precaution, in theory this condition should always be false + elif kb.os is not None and kb.os != os: + msg = "sqlmap previously fingerprinted back-end DBMS " + msg += "operating system %s. However now it has " % kb.os + msg += "been fingerprinted to be %s. " % os + msg += "Please, specify which OS is " + msg += "correct [%s (default)/%s] " % (kb.os, os) + + while True: + inp = readInput(msg, default=kb.os) + + if inp == kb.os: + break + elif inp == os: + kb.os = inp + break + else: + warnMsg = "invalid value" + logger.warn(warnMsg) + + elif kb.os is None: + kb.os = os + + return kb.os + + # Get methods + @staticmethod + def getForcedDbms(): + return aliasToDbmsEnum(kb.misc.forcedDbms) + + @staticmethod + def getDbms(): + return aliasToDbmsEnum(kb.dbms) + + @staticmethod + def getErrorParsedDBMSes(): + """ + Returns array with parsed DBMS names till now + + This functions is called to: + + 1. Sort the tests, getSortedInjectionTests() - detection phase. + 2. Ask user whether or not skip specific DBMS tests in detection phase, + lib/controller/checks.py - detection phase. + 3. Sort the fingerprint of the DBMS, lib/controller/handler.py - + fingerprint phase. + """ + + return kb.htmlFp + + @staticmethod + def getIdentifiedDbms(): + dbms = None + + if Backend.getForcedDbms() is not None: + dbms = Backend.getForcedDbms() + elif Backend.getDbms() is not None: + dbms = kb.dbms + elif conf.dbms is not None: + dbms = conf.dbms + elif len(Backend.getErrorParsedDBMSes()) > 0: + dbms = Backend.getErrorParsedDBMSes()[0] + + return aliasToDbmsEnum(dbms) + + @staticmethod + def getVersion(): + if len(kb.dbmsVersion) > 0: + return kb.dbmsVersion[0] + else: + return None + + @staticmethod + def getVersionList(): + if len(kb.dbmsVersion) > 0: + return kb.dbmsVersion + else: + return None + + # Comparison methods + @staticmethod + def isDbms(dbms): + return Backend.getDbms() is not None and Backend.getDbms() == aliasToDbmsEnum(dbms) + + @staticmethod + def isDbmsWithin(aliases): + return Backend.getDbms() is not None and Backend.getDbms().lower() in aliases + + @staticmethod + def isVersion(version): + return Backend.getVersion() is not None and Backend.getVersion() == version + + @staticmethod + def isVersionWithin(versionList): + if Backend.getVersionList() is None: + return False + + for dbmsVersion in Backend.getVersionList(): + if dbmsVersion == UNKNOWN_DBMS_VERSION: + continue + elif dbmsVersion in versionList: + return True + + return False + + @staticmethod + def isVersionGreaterOrEqualThan(version): + return Backend.getVersion() is not None and str(Backend.getVersion()) >= str(version) + def paramToDict(place, parameters=None): """ Split the parameters into names and values, check if these parameters @@ -512,14 +785,14 @@ def parsePasswordHash(password): if not password or password == " ": password = "NULL" - if backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password): + if Backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password): hexPassword = password password = "%s\n" % hexPassword password += "%sheader: %s\n" % (blank, hexPassword[:6]) password += "%ssalt: %s\n" % (blank, hexPassword[6:14]) password += "%smixedcase: %s\n" % (blank, hexPassword[14:54]) - if not backend.isVersionWithin(("2005", "2008")): + if not Backend.isVersionWithin(("2005", "2008")): password += "%suppercase: %s" % (blank, hexPassword[54:]) return password @@ -817,25 +1090,25 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True) def getDelayQuery(andCond=False): query = None - if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): if not kb.data.banner: conf.dbmsHandler.getVersionFromBanner() banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None - if banVer is None or (backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"): - query = queries[backend.getIdentifiedDbms()].timedelay.query % conf.timeSec + if banVer is None or (Backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (Backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"): + query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec else: - query = queries[backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: - query = queries[backend.getIdentifiedDbms()].timedelay.query + query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + query = queries[Backend.getIdentifiedDbms()].timedelay.query else: - query = queries[backend.getIdentifiedDbms()].timedelay.query % conf.timeSec + query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec if andCond: - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ): query = query.replace("SELECT ", "") - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: query = "(%s)>0" % query return query @@ -1791,8 +2064,8 @@ def isDBMSVersionAtLeast(version): retVal = None - if backend.getVersion() and backend.getVersion() != UNKNOWN_DBMS_VERSION: - value = backend.getVersion().replace(" ", "").rstrip('.') + if Backend.getVersion() and Backend.getVersion() != UNKNOWN_DBMS_VERSION: + value = Backend.getVersion().replace(" ", "").rstrip('.') while True: index = value.find('.', value.find('.') + 1) @@ -1910,14 +2183,14 @@ def getSortedInjectionTests(): retVal = SORTORDER.LAST elif 'details' in test and 'dbms' in test.details: - if test.details.dbms in backend.getErrorParsedDBMSes(): + if test.details.dbms in Backend.getErrorParsedDBMSes(): retVal = SORTORDER.SECOND else: retVal = SORTORDER.THIRD return retVal - if backend.getErrorParsedDBMSes(): + if Backend.getErrorParsedDBMSes(): retVal = sorted(retVal, key=priorityFunction) return retVal @@ -1955,279 +2228,6 @@ def unicodeToSafeHTMLValue(value): return retVal -class format: - @staticmethod - def humanize(values, chain=" or "): - strJoin = "|".join([v for v in values]) - - return strJoin.replace("|", chain) - - # Get methods - @staticmethod - def getDbms(versions=None): - """ - Format the back-end DBMS fingerprint value and return its - values formatted as a human readable string. - - @return: detected back-end DBMS based upon fingerprint techniques. - @rtype: C{str} - """ - - if versions is None and backend.getVersionList(): - versions = backend.getVersionList() - - if versions is None: - return backend.getDbms() - else: - return "%s %s" % (backend.getDbms(), " and ".join([v for v in versions])) - - @staticmethod - def getErrorParsedDBMSes(): - """ - Parses the knowledge base htmlFp list and return its values - formatted as a human readable string. - - @return: list of possible back-end DBMS based upon error messages - parsing. - @rtype: C{str} - """ - - htmlParsed = "" - - if len(kb.htmlFp) == 0: - return None - elif len(kb.htmlFp) == 1: - htmlParsed = kb.htmlFp[0] - elif len(kb.htmlFp) > 1: - htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp]) - - return htmlParsed - - @staticmethod - def getOs(target, info): - """ - Formats the back-end operating system fingerprint value - and return its values formatted as a human readable string. - - Example of info (kb.headersFp) dictionary: - - { - 'distrib': set(['Ubuntu']), - 'type': set(['Linux']), - 'technology': set(['PHP 5.2.6', 'Apache 2.2.9']), - 'release': set(['8.10']) - } - - Example of info (kb.bannerFp) dictionary: - - { - 'sp': set(['Service Pack 4']), - 'dbmsVersion': '8.00.194', - 'dbmsServicePack': '0', - 'distrib': set(['2000']), - 'dbmsRelease': '2000', - 'type': set(['Windows']) - } - - @return: detected back-end operating system based upon fingerprint - techniques. - @rtype: C{str} - """ - - infoStr = "" - - if info and "type" in info: - infoStr += "%s operating system: %s" % (target, format.humanize(info["type"])) - - if "distrib" in info: - infoStr += " %s" % format.humanize(info["distrib"]) - - if "release" in info: - infoStr += " %s" % format.humanize(info["release"]) - - if "sp" in info: - infoStr += " %s" % format.humanize(info["sp"]) - - if "codename" in info: - infoStr += " (%s)" % format.humanize(info["codename"]) - - if "technology" in info: - infoStr += "\nweb application technology: %s" % format.humanize(info["technology"], ", ") - - return infoStr - -class backend: - # Set methods - @staticmethod - def setDbms(dbms): - dbms = aliasToDbmsEnum(dbms) - - if dbms is None: - return None - - # Little precaution, in theory this condition should always be false - elif kb.dbms is not None and kb.dbms != dbms: - msg = "sqlmap previously fingerprinted back-end DBMS " - msg += "%s. However now it has been fingerprinted " % kb.dbms - msg += "to be %s. " % dbms - msg += "Please, specify which DBMS is " - msg += "correct [%s (default)/%s] " % (kb.dbms, dbms) - - while True: - inp = readInput(msg, default=kb.dbms) - - if aliasToDbmsEnum(inp) == kb.dbms: - break - elif aliasToDbmsEnum(inp) == dbms: - kb.dbms = aliasToDbmsEnum(inp) - break - else: - warnMsg = "invalid value" - logger.warn(warnMsg) - - elif kb.dbms is None: - kb.dbms = aliasToDbmsEnum(dbms) - - return kb.dbms - - @staticmethod - def setVersion(version): - if isinstance(version, basestring): - kb.dbmsVersion = [ version ] - - return kb.dbmsVersion - - @staticmethod - def setVersionList(versionsList): - if isinstance(versionsList, list): - kb.dbmsVersion = versionsList - elif isinstance(version, basestring): - backend.setVersion(versionsList) - else: - logger.error("invalid format of versionsList") - - @staticmethod - def forceDbms(dbms): - kb.misc.forcedDbms = aliasToDbmsEnum(dbms) - - @staticmethod - def flushForcedDbms(): - kb.misc.forcedDbms = None - - @staticmethod - def setOs(os): - if os is None: - return None - - # Little precaution, in theory this condition should always be false - elif kb.os is not None and kb.os != os: - msg = "sqlmap previously fingerprinted back-end DBMS " - msg += "operating system %s. However now it has " % kb.os - msg += "been fingerprinted to be %s. " % os - msg += "Please, specify which OS is " - msg += "correct [%s (default)/%s] " % (kb.os, os) - - while True: - inp = readInput(msg, default=kb.os) - - if inp == kb.os: - break - elif inp == os: - kb.os = inp - break - else: - warnMsg = "invalid value" - logger.warn(warnMsg) - - elif kb.os is None: - kb.os = os - - return kb.os - - # Get methods - @staticmethod - def getForcedDbms(): - return aliasToDbmsEnum(kb.misc.forcedDbms) - - @staticmethod - def getDbms(): - return aliasToDbmsEnum(kb.dbms) - - @staticmethod - def getErrorParsedDBMSes(): - """ - Returns array with parsed DBMS names till now - - This functions is called to: - - 1. Sort the tests, getSortedInjectionTests() - detection phase. - 2. Ask user whether or not skip specific DBMS tests in detection phase, - lib/controller/checks.py - detection phase. - 3. Sort the fingerprint of the DBMS, lib/controller/handler.py - - fingerprint phase. - """ - - return kb.htmlFp - - @staticmethod - def getIdentifiedDbms(): - dbms = None - - if backend.getForcedDbms() is not None: - dbms = backend.getForcedDbms() - elif backend.getDbms() is not None: - dbms = kb.dbms - elif conf.dbms is not None: - dbms = conf.dbms - elif len(backend.getErrorParsedDBMSes()) > 0: - dbms = backend.getErrorParsedDBMSes()[0] - - return aliasToDbmsEnum(dbms) - - @staticmethod - def getVersion(): - if len(kb.dbmsVersion) > 0: - return kb.dbmsVersion[0] - else: - return None - - @staticmethod - def getVersionList(): - if len(kb.dbmsVersion) > 0: - return kb.dbmsVersion - else: - return None - - # Comparison methods - @staticmethod - def isDbms(dbms): - return backend.getDbms() is not None and backend.getDbms() == aliasToDbmsEnum(dbms) - - @staticmethod - def isDbmsWithin(aliases): - return backend.getDbms() is not None and backend.getDbms().lower() in aliases - - @staticmethod - def isVersion(version): - return backend.getVersion() is not None and backend.getVersion() == version - - @staticmethod - def isVersionWithin(versionList): - if backend.getVersionList() is None: - return False - - for dbmsVersion in backend.getVersionList(): - if dbmsVersion == UNKNOWN_DBMS_VERSION: - continue - elif dbmsVersion in versionList: - return True - - return False - - @staticmethod - def isVersionGreaterOrEqualThan(version): - return backend.getVersion() is not None and str(backend.getVersion()) >= str(version) - def showHttpErrorCodes(): """ Shows all HTTP error codes raised till now diff --git a/lib/core/option.py b/lib/core/option.py index 4b7110ded..01ce63e6f 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -24,7 +24,7 @@ from extra.clientform.clientform import ParseResponse from extra.keepalive import keepalive from extra.xmlobject import xmlobject from lib.controller.checks import checkConnection -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import extractRegexResult from lib.core.common import getConsoleWidth from lib.core.common import getFileItems @@ -595,7 +595,7 @@ def __setDBMS(): dbmsRegExp = re.search("%s ([\d\.]+)" % firstRegExp, conf.dbms, re.I) if dbmsRegExp: - backend.setVersion(str(dbmsRegExp.group(2))) + Backend.setVersion(str(dbmsRegExp.group(2))) if conf.dbms not in SUPPORTED_DBMS: errMsg = "you provided an unsupported back-end database management " @@ -1255,7 +1255,7 @@ def __setKnowledgeBaseAttributes(flushAll=True): def __saveCmdline(): """ Saves the command line options on a sqlmap configuration INI file - format. + Format. """ if not conf.saveCmdline: diff --git a/lib/core/session.py b/lib/core/session.py index 0609edf24..f4ce4b087 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -9,8 +9,8 @@ See the file 'doc/COPYING' for copying permission import re -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import dataToSessionFile from lib.core.common import getFilteredPageContent from lib.core.common import readInput @@ -91,9 +91,9 @@ def setDbms(dbms): if dbmsRegExp: dbms = dbmsRegExp.group(1) - backend.setDbms(dbms) + Backend.setDbms(dbms) - logger.info("the back-end DBMS is %s" % backend.getDbms()) + logger.info("the back-end DBMS is %s" % Backend.getDbms()) def setOs(): """ @@ -120,15 +120,15 @@ def setOs(): return if "type" in kb.bannerFp: - kb.os = format.humanize(kb.bannerFp["type"]) + kb.os = Format.humanize(kb.bannerFp["type"]) infoMsg = "the back-end DBMS operating system is %s" % kb.os if "distrib" in kb.bannerFp: - kb.osVersion = format.humanize(kb.bannerFp["distrib"]) + kb.osVersion = Format.humanize(kb.bannerFp["distrib"]) infoMsg += " %s" % kb.osVersion if "sp" in kb.bannerFp: - kb.osSP = int(format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", "")) + kb.osSP = int(Format.humanize(kb.bannerFp["sp"]).replace("Service Pack ", "")) elif "sp" not in kb.bannerFp and kb.os == "Windows": kb.osSP = 0 @@ -195,11 +195,11 @@ def resumeConfKb(expression, url, value): test = readInput(message, default="N") if not test or test[0] in ("n", "N"): - backend.setDbms(dbms) - backend.setVersionList(dbmsVersion) + Backend.setDbms(dbms) + Backend.setVersionList(dbmsVersion) else: - backend.setDbms(dbms) - backend.setVersionList(dbmsVersion) + Backend.setDbms(dbms) + Backend.setVersionList(dbmsVersion) elif expression == "OS" and url == conf.url: os = unSafeFormatString(value[:-1]) @@ -236,7 +236,7 @@ def resumeConfKb(expression, url, value): if '.' in table: db, table = table.split('.') else: - db = "%s%s" % (backend.getIdentifiedDbms(), METADB_SUFFIX) + db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX) logMsg = "resuming brute forced table name " logMsg += "'%s' from session file" % table @@ -251,7 +251,7 @@ def resumeConfKb(expression, url, value): if '.' in table: db, table = table.split('.') else: - db = "%s%s" % (backend.getIdentifiedDbms(), METADB_SUFFIX) + db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX) logMsg = "resuming brute forced column name " logMsg += "'%s' for table '%s' from session file" % (colName, table) diff --git a/lib/core/shell.py b/lib/core/shell.py index 064b6912b..2a7186ef3 100644 --- a/lib/core/shell.py +++ b/lib/core/shell.py @@ -12,7 +12,7 @@ import os import rlcompleter from lib.core import readlineng as readline -from lib.core.common import backend +from lib.core.common import Backend from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths @@ -35,7 +35,7 @@ def loadHistory(): def queriesForAutoCompletion(): autoComplQueries = {} - for item in queries[backend.getIdentifiedDbms()]._toflat(): + for item in queries[Backend.getIdentifiedDbms()]._toflat(): if item._has_key('query') and len(item.query) > 1 and item._name != 'blind': autoComplQueries[item.query] = None diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py index 246943219..a57a37954 100644 --- a/lib/core/unescaper.py +++ b/lib/core/unescaper.py @@ -7,12 +7,12 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import backend +from lib.core.common import Backend from lib.core.datatype import advancedDict class Unescaper(advancedDict): def unescape(self, expression, quote=True, dbms=None): - identifiedDbms = backend.getIdentifiedDbms() + identifiedDbms = Backend.getIdentifiedDbms() if not expression: return expression diff --git a/lib/core/xmldump.py b/lib/core/xmldump.py index 31f814ff6..0bbe70818 100644 --- a/lib/core/xmldump.py +++ b/lib/core/xmldump.py @@ -76,7 +76,7 @@ ENTITIES = {'"':'"',"'":"'"} class XMLDump: ''' - This class purpose is to dump the data into an xml format. + This class purpose is to dump the data into an xml Format. The format of the xml file is described in the scheme file xml/sqlmap.xsd ''' @@ -118,7 +118,7 @@ class XMLDump: def __createTextNode(self,data): ''' Creates a text node with utf8 data inside. - The text is escaped to an fit the xml text format. + The text is escaped to an fit the xml text Format. ''' if data is None : return self.__doc.createTextNode(u'') @@ -129,7 +129,7 @@ class XMLDump: def __createAttribute(self,attrName,attrValue): ''' Creates an attribute node with utf8 data inside. - The text is escaped to an fit the xml text format. + The text is escaped to an fit the xml text Format. ''' attr = self.__doc.createAttribute(attrName) if attrValue is None : diff --git a/lib/parse/banner.py b/lib/parse/banner.py index 9c90d2a72..8e14a8963 100644 --- a/lib/parse/banner.py +++ b/lib/parse/banner.py @@ -13,7 +13,7 @@ from xml.sax.handler import ContentHandler from lib.core.common import checkFile from lib.core.common import getCompiledRegex -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import parseXmlFile from lib.core.common import sanitizeStr from lib.core.data import kb @@ -97,13 +97,13 @@ def bannerParser(banner): xmlfile = None - if backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.getIdentifiedDbms() == DBMS.MSSQL: xmlfile = paths.MSSQL_XML - elif backend.getIdentifiedDbms() == DBMS.MYSQL: + elif Backend.getIdentifiedDbms() == DBMS.MYSQL: xmlfile = paths.MYSQL_XML - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: xmlfile = paths.ORACLE_XML - elif backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.getIdentifiedDbms() == DBMS.PGSQL: xmlfile = paths.PGSQL_XML if not xmlfile: @@ -111,7 +111,7 @@ def bannerParser(banner): checkFile(xmlfile) - if backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.getIdentifiedDbms() == DBMS.MSSQL: handler = MSSQLBannerHandler(banner, kb.bannerFp) parseXmlFile(xmlfile, handler) diff --git a/lib/request/direct.py b/lib/request/direct.py index 8b1b42b7a..be98cdbe6 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission from lib.core.agent import agent from lib.core.common import dataToSessionFile -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getUnicode from lib.core.convert import base64pickle from lib.core.convert import base64unpickle @@ -26,7 +26,7 @@ def direct(query, content=True): select = True query = agent.payloadDirect(query) - if backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query: + if Backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query: query = "%s FROM DUAL" % query for sqlTitle, sqlStatements in SQL_STATEMENTS.items(): diff --git a/lib/request/inject.py b/lib/request/inject.py index edbcd791a..ff4fd1eb7 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -11,7 +11,7 @@ import re import time from lib.core.agent import agent -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import calculateDeltaSeconds from lib.core.common import cleanQuery from lib.core.common import dataToSessionFile @@ -54,7 +54,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) - if (conf.eta or conf.threads > 1) and backend.getIdentifiedDbms() and not timeBasedCompare: + if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare: _, length, _ = queryOutputLength(expression, payload) else: length = None @@ -140,7 +140,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression) rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I) - if rdbRegExp and backend.getIdentifiedDbms() == DBMS.FIREBIRD: + if rdbRegExp and Backend.getIdentifiedDbms() == DBMS.FIREBIRD: expressionFieldsList = [expressionFields] if len(expressionFieldsList) > 1: @@ -155,14 +155,14 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r # forge the SQL limiting the query output one entry per time # NOTE: I assume that only queries that get data from a table # can return multiple entries - if fromUser and " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))): - limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) + if fromUser and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))): + limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) - if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit): - if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): - limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query - limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query + if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query + limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query if limitGroupStart.isdigit(): startLimit = int(limitRegExp.group(int(limitGroupStart))) @@ -170,10 +170,10 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r stopLimit = limitRegExp.group(int(limitGroupStop)) limitCond = int(stopLimit) > 1 - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): if limitRegExp: - limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query - limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query + limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query + limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query if limitGroupStart.isdigit(): startLimit = int(limitRegExp.group(int(limitGroupStart))) @@ -185,7 +185,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r stopLimit = int(topLimit.group(1)) limitCond = int(stopLimit) > 1 - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: limitCond = False else: limitCond = True @@ -199,23 +199,23 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r # From now on we need only the expression until the " LIMIT " # (or similar, depending on the back-end DBMS) word - if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): stopLimit += startLimit - untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query) + untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query) expression = expression[:untilLimitChar] - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): stopLimit += startLimit if not stopLimit or stopLimit <= 1: - if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]): + if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): test = False else: test = True if test: # Count the number of SQL query entries output - countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0] + countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0] countedExpression = expression.replace(expressionFields, countFirstField, 1) if re.search(" ORDER BY ", expression, re.I): @@ -309,8 +309,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r return outputs - elif backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper(): - expression += FROM_TABLE[backend.getIdentifiedDbms()] + elif Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper(): + expression += FROM_TABLE[Backend.getIdentifiedDbms()] outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, resumeValue=resumeValue, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar) returnValue = ", ".join([output for output in outputs]) @@ -492,7 +492,7 @@ def goStacked(expression, silent=False): if conf.direct: return direct(expression), None - comment = queries[backend.getIdentifiedDbms()].comment.query + comment = queries[Backend.getIdentifiedDbms()].comment.query query = agent.prefixQuery("; %s" % expression) query = agent.suffixQuery("%s;%s" % (query, comment)) payload = agent.payload(newValue=query) diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 0d16c3d18..69d29de13 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.common import dataToStdout -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import isTechniqueAvailable from lib.core.common import readInput from lib.core.data import conf @@ -41,10 +41,10 @@ class Abstraction(Web, UDF, xp_cmdshell): if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): self.webBackdoorRunCmd(cmd) - elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): self.udfExecCmd(cmd, silent=silent) - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: self.xpCmdshellExecCmd(cmd, silent=silent) else: @@ -55,10 +55,10 @@ class Abstraction(Web, UDF, xp_cmdshell): if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): return self.webBackdoorRunCmd(cmd) - elif backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): return self.udfEvalCmd(cmd, first, last) - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: return self.xpCmdshellEvalCmd(cmd, first, last) else: @@ -93,13 +93,13 @@ class Abstraction(Web, UDF, xp_cmdshell): logger.info(infoMsg) else: - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): infoMsg = "going to use injected sys_eval and sys_exec " infoMsg += "user-defined functions for operating system " infoMsg += "command execution" logger.info(infoMsg) - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: infoMsg = "going to use xp_cmdshell extended procedure for " infoMsg += "operating system command execution" logger.info(infoMsg) @@ -151,9 +151,9 @@ class Abstraction(Web, UDF, xp_cmdshell): warnMsg += "the session user is not a database administrator" logger.warn(warnMsg) - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): self.udfInjectSys() - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: if mandatory: self.xpCmdshellInit() else: diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index d00783273..9018514a2 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -19,7 +19,7 @@ from subprocess import PIPE from subprocess import Popen as execute from lib.core.common import dataToStdout -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getLocalIP from lib.core.common import getRemoteIP from lib.core.common import getUnicode @@ -187,13 +187,13 @@ class Metasploit: if __payloadStr == "windows/vncinject": choose = False - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: debugMsg = "by default MySQL on Windows runs as SYSTEM " debugMsg += "user, it is likely that the the VNC " debugMsg += "injection will be successful" logger.debug(debugMsg) - elif backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.getIdentifiedDbms() == DBMS.PGSQL: choose = True warnMsg = "by default PostgreSQL on Windows runs as " @@ -201,12 +201,12 @@ class Metasploit: warnMsg += "injection will be successful" logger.warn(warnMsg) - elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")): + elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): choose = True warnMsg = "it is unlikely that the VNC injection will be " warnMsg += "successful because usually Microsoft SQL Server " - warnMsg += "%s runs as Network Service " % backend.getVersion() + warnMsg += "%s runs as Network Service " % Backend.getVersion() warnMsg += "or the Administrator is not logged in" logger.warn(warnMsg) @@ -230,12 +230,12 @@ class Metasploit: break elif choice == "1": - if backend.getIdentifiedDbms() == DBMS.PGSQL: + if Backend.getIdentifiedDbms() == DBMS.PGSQL: logger.warn("beware that the VNC injection might not work") break - elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")): + elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): break elif not choice.isdigit(): @@ -555,7 +555,7 @@ class Metasploit: # This is useful for sqlmap because on PostgreSQL it is not # possible to write files bigger than 8192 bytes abusing the # lo_export() feature implemented in sqlmap. - if backend.getIdentifiedDbms() == DBMS.PGSQL: + if Backend.getIdentifiedDbms() == DBMS.PGSQL: self.__fileFormat = "exe-small" else: self.__fileFormat = "exe" @@ -657,7 +657,7 @@ class Metasploit: self.__forgeMsfConsoleResource() self.__forgeMsfConsoleCmd() - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile) else: self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile) diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 1764b46dc..d6baae45d 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -11,7 +11,7 @@ import os from lib.core.agent import agent from lib.core.common import dataToStdout -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import isTechniqueAvailable from lib.core.common import readInput from lib.core.data import conf @@ -51,7 +51,7 @@ class UDF: def __checkExistUdf(self, udf): logger.info("checking if UDF '%s' already exist" % udf) - query = agent.forgeCaseStatement(queries[backend.getIdentifiedDbms()].check_udf.query % (udf, udf)) + query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf)) exists = inject.getValue(query, resumeValue=False, unpack=False, charsetType=2) if exists == "1": @@ -104,7 +104,7 @@ class UDF: return output def udfCheckNeeded(self): - if ( not conf.rFile or ( conf.rFile and backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs: + if ( not conf.rFile or ( conf.rFile and Backend.getIdentifiedDbms() != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs: self.sysUdfs.pop("sys_fileread") if not conf.osPwn: @@ -143,9 +143,9 @@ class UDF: if udf in self.udfToCreate and udf not in self.createdUdf: self.udfCreateFromSharedLib(udf, inpRet) - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: supportTblType = "longtext" - elif backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.getIdentifiedDbms() == DBMS.PGSQL: supportTblType = "text" self.udfCreateSupportTbl(supportTblType) @@ -156,8 +156,8 @@ class UDF: self.udfInjectCore(self.sysUdfs) def udfInjectCustom(self): - if backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ): - errMsg = "UDF injection feature is not yet implemented on %s" % backend.getIdentifiedDbms() + if Backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ): + errMsg = "UDF injection feature is not yet implemented on %s" % Backend.getIdentifiedDbms() raise sqlmapUnsupportedFeatureException(errMsg) if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: @@ -236,9 +236,9 @@ class UDF: else: logger.warn("you need to specify the name of the UDF") - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: defaultType = "string" - elif backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.getIdentifiedDbms() == DBMS.PGSQL: defaultType = "text" self.udfs[udfName]["input"] = [] diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index fc31964f5..5a4e261b7 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import wasLastRequestDelayed @@ -30,7 +30,7 @@ class xp_cmdshell: def __xpCmdshellCreate(self): cmd = "" - if backend.isVersionWithin(("2005", "2008")): + if Backend.isVersionWithin(("2005", "2008")): logger.debug("activating sp_OACreate") cmd += "EXEC master..sp_configure 'show advanced options', 1; " @@ -49,7 +49,7 @@ class xp_cmdshell: cmd += "EXEC sp_OADestroy @ID'; " cmd += "EXEC master..sp_executesql @%s;" % self.__randStr - if backend.isVersionWithin(("2005", "2008")): + if Backend.isVersionWithin(("2005", "2008")): cmd += " RECONFIGURE WITH OVERRIDE;" inject.goStacked(cmd) @@ -81,7 +81,7 @@ class xp_cmdshell: return cmd def __xpCmdshellConfigure(self, mode): - if backend.isVersionWithin(("2005", "2008")): + if Backend.isVersionWithin(("2005", "2008")): cmd = self.__xpCmdshellConfigure2005(mode) else: cmd = self.__xpCmdshellConfigure2000(mode) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 50e177039..2c4f5cd0c 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -12,7 +12,7 @@ import time import traceback from lib.core.agent import agent -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import dataToSessionFile from lib.core.common import dataToStdout from lib.core.common import decodeIntToUnicode @@ -75,7 +75,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None elif ( isinstance(lastChar, basestring) and lastChar.isdigit() ) or isinstance(lastChar, int): lastChar = int(lastChar) - if backend.getDbms(): + if Backend.getDbms(): _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression) nulledCastedField = agent.nullAndCastField(fieldToCastStr) expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1) @@ -125,7 +125,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None hintlock.release() if hintValue is not None and len(hintValue) >= idx: - if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB): + if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB): posValue = hintValue[idx-1] else: posValue = ord(hintValue[idx-1]) @@ -459,7 +459,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None # check it via equal against the substring-query output if commonPattern is not None: # Substring-query containing equals commonPattern - subquery = queries[backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern)) + subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern)) testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False) query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue))) query = agent.suffixQuery(query) diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py index 3f3e4ef00..b0cd102af 100644 --- a/lib/techniques/brute/use.py +++ b/lib/techniques/brute/use.py @@ -15,7 +15,7 @@ from lib.core.common import dataToSessionFile from lib.core.common import dataToStdout from lib.core.common import filterListValue from lib.core.common import getFileItems -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getPageTextWordsSet from lib.core.common import popValue from lib.core.common import pushValue @@ -32,7 +32,7 @@ from lib.core.session import safeFormatString from lib.request import inject def tableExists(tableFile, regex=None): - tables = getFileItems(tableFile, lowercase=backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True) + tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS), unique=True) retVal = [] infoMsg = "checking table existence using items from '%s'" % tableFile diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index cb6b32823..edecf9127 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -14,7 +14,7 @@ from lib.core.agent import agent from lib.core.common import calculateDeltaSeconds from lib.core.common import dataToSessionFile from lib.core.common import extractRegexResult -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import initTechnique from lib.core.common import isNumPosStrValue from lib.core.common import randomInt @@ -40,7 +40,7 @@ def __oneShotErrorUse(expression, field): check = "%s(?P.*?)%s" % (kb.misc.start, kb.misc.stop) nulledCastedField = agent.nullAndCastField(field) - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: # Fix for MySQL odd behaviour ('Subquery returns more than 1 row') nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))") @@ -143,14 +143,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): # entry per time # NOTE: I assume that only queries that get data from a table can # return multiple entries - if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper(): - limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) + if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper(): + limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) - if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit): - if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): - limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query - limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query + if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query + limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query if limitGroupStart.isdigit(): startLimit = int(limitRegExp.group(int(limitGroupStart))) @@ -158,10 +158,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): stopLimit = limitRegExp.group(int(limitGroupStop)) limitCond = int(stopLimit) > 1 - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): if limitRegExp: - limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query - limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query + limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query + limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query if limitGroupStart.isdigit(): startLimit = int(limitRegExp.group(int(limitGroupStart))) @@ -173,7 +173,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): stopLimit = int(topLimit.group(1)) limitCond = int(stopLimit) > 1 - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: limitCond = False else: limitCond = True @@ -187,12 +187,12 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): # From now on we need only the expression until the " LIMIT " # (or similar, depending on the back-end DBMS) word - if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): stopLimit += startLimit - untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query) + untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query) expression = expression[:untilLimitChar] - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): stopLimit += startLimit elif dump: if conf.limitStart: @@ -201,14 +201,14 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): stopLimit = conf.limitStop if not stopLimit or stopLimit <= 1: - if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]): + if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): test = False else: test = True if test: # Count the number of SQL query entries output - countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0] + countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0] countedExpression = expression.replace(expressionFields, countFirstField, 1) if re.search(" ORDER BY ", expression, re.I): diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py index 3a0a1fac3..318fd3c64 100644 --- a/lib/techniques/inband/union/test.py +++ b/lib/techniques/inband/union/test.py @@ -13,7 +13,7 @@ import time from lib.core.agent import agent from lib.core.common import clearConsoleLine from lib.core.common import dataToStdout -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import extractRegexResult from lib.core.common import getUnicode from lib.core.common import parseUnionPage @@ -102,14 +102,14 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix query = agent.prefixQuery("UNION ALL SELECT %s" % conf.uChar) for count in range(conf.uColsStart, conf.uColsStop+1): - if backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[backend.getIdentifiedDbms()]): - query = query[:-len(FROM_TABLE[backend.getIdentifiedDbms()])] + if Backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): + query = query[:-len(FROM_TABLE[Backend.getIdentifiedDbms()])] if count: query += ", %s" % conf.uChar - if backend.getIdentifiedDbms() in FROM_TABLE: - query += FROM_TABLE[backend.getIdentifiedDbms()] + if Backend.getIdentifiedDbms() in FROM_TABLE: + query += FROM_TABLE[Backend.getIdentifiedDbms()] status = "%d/%d" % (count, conf.uColsStop) debugMsg = "testing %s columns (%d%%)" % (status, round(100.0*count/conf.uColsStop)) diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index 5019399d7..24f1b40ce 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -12,7 +12,7 @@ import time from lib.core.agent import agent from lib.core.common import calculateDeltaSeconds -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getUnicode from lib.core.common import initTechnique from lib.core.common import isNumPosStrValue @@ -101,14 +101,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack # entry per time # NOTE: I assume that only queries that get data from a table can # return multiple entries - if " FROM " in expression.upper() and ((backend.getIdentifiedDbms() not in FROM_TABLE) or (backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper(): - limitRegExp = re.search(queries[backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) + if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper(): + limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I) topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) - if limitRegExp or (backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit): - if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): - limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query - limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query + if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query + limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query if limitGroupStart.isdigit(): startLimit = int(limitRegExp.group(int(limitGroupStart))) @@ -116,10 +116,10 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack stopLimit = limitRegExp.group(int(limitGroupStop)) limitCond = int(stopLimit) > 1 - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): if limitRegExp: - limitGroupStart = queries[backend.getIdentifiedDbms()].limitgroupstart.query - limitGroupStop = queries[backend.getIdentifiedDbms()].limitgroupstop.query + limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query + limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query if limitGroupStart.isdigit(): startLimit = int(limitRegExp.group(int(limitGroupStart))) @@ -131,7 +131,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack stopLimit = int(topLimit.group(1)) limitCond = int(stopLimit) > 1 - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: limitCond = False else: limitCond = True @@ -145,12 +145,12 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack # From now on we need only the expression until the " LIMIT " # (or similar, depending on the back-end DBMS) word - if backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): stopLimit += startLimit - untilLimitChar = expression.index(queries[backend.getIdentifiedDbms()].limitstring.query) + untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query) expression = expression[:untilLimitChar] - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): stopLimit += startLimit elif dump: if conf.limitStart: @@ -159,14 +159,14 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack stopLimit = conf.limitStop if not stopLimit or stopLimit <= 1: - if backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[backend.getIdentifiedDbms()]): + if Backend.getIdentifiedDbms() in FROM_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): test = False else: test = True if test: # Count the number of SQL query entries output - countFirstField = queries[backend.getIdentifiedDbms()].count.query % expressionFieldsList[0] + countFirstField = queries[Backend.getIdentifiedDbms()].count.query % expressionFieldsList[0] countedExpression = origExpr.replace(expressionFields, countFirstField, 1) if re.search(" ORDER BY ", expression, re.I): @@ -214,9 +214,9 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack try: for num in xrange(startLimit, stopLimit): - if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): field = expressionFieldsList[0] - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: field = expressionFieldsList else: field = None diff --git a/lib/utils/hash.py b/lib/utils/hash.py index cf91748be..32fad04a1 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -22,7 +22,7 @@ from lib.core.common import clearConsoleLine from lib.core.common import dataToStdout from lib.core.common import getCompiledRegex from lib.core.common import getFileItems -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getPublicTypeMembers from lib.core.common import getUnicode from lib.core.common import paths @@ -270,9 +270,9 @@ def hashRecognition(value): if value: for name, regex in getPublicTypeMembers(HASH): # Hashes for Oracle and old MySQL look the same hence these checks - if backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD: + if Backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD: continue - elif backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD: + elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD: continue elif getCompiledRegex(regex).match(value): retVal = regex @@ -454,7 +454,7 @@ def dictionaryAttack(attack_dict): clearConsoleLine() if len(hash_regexes) == 0: - warnMsg = "unknown hash format. " + warnMsg = "unknown hash Format. " warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net." logger.warn(warnMsg) diff --git a/lib/utils/resume.py b/lib/utils/resume.py index 612647603..099bf457a 100644 --- a/lib/utils/resume.py +++ b/lib/utils/resume.py @@ -13,7 +13,7 @@ import time from lib.core.common import calculateDeltaSeconds from lib.core.common import dataToSessionFile from lib.core.common import dataToStdout -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import safeStringFormat from lib.core.common import randomStr from lib.core.common import replaceNewlineTabs @@ -35,7 +35,7 @@ def queryOutputLength(expression, payload): Returns the query output length. """ - lengthQuery = queries[backend.getIdentifiedDbms()].length.query + lengthQuery = queries[Backend.getIdentifiedDbms()].length.query select = re.search("\ASELECT\s+", expression, re.I) selectTopExpr = re.search("\ASELECT\s+TOP\s+[\d]+\s+(.+?)\s+FROM", expression, re.I) selectDistinctExpr = re.search("\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I) @@ -61,7 +61,7 @@ def queryOutputLength(expression, payload): if selectDistinctExpr: lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % regExpr, expression) - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): lengthExpr += " AS %s" % randomStr(lowercase=True) elif select: lengthExpr = expression.replace(regExpr, lengthQuery % regExpr, 1) @@ -146,10 +146,10 @@ def resume(expression, payload): if not payload: return None - if not backend.getIdentifiedDbms(): + if not Backend.getIdentifiedDbms(): return None - substringQuery = queries[backend.getIdentifiedDbms()].substring.query + substringQuery = queries[Backend.getIdentifiedDbms()].substring.query select = re.search("\ASELECT ", expression, re.I) _, length, regExpr = queryOutputLength(expression, payload) diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index cb460188b..a006423f9 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import getCurrentThreadData from lib.core.common import randomInt from lib.core.common import randomStr @@ -38,9 +38,9 @@ class Fingerprint(GenericFingerprint): retVal = None table = None - if backend.isVersionWithin(("97", "2000")): + if Backend.isVersionWithin(("97", "2000")): table = "MSysAccessObjects" - elif backend.isVersionWithin(("2002-2003", "2007")): + elif Backend.isVersionWithin(("2002-2003", "2007")): table = "MSysAccessStorage" if table is not None: @@ -115,13 +115,13 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp @@ -132,7 +132,7 @@ class Fingerprint(GenericFingerprint): value += DBMS.ACCESS return value - actVer = format.getDbms() + " (%s)" % (self.__sandBoxCheck()) + actVer = Format.getDbms() + " (%s)" % (self.__sandBoxCheck()) blank = " " * 15 value += "active fingerprint: %s" % actVer @@ -142,10 +142,10 @@ class Fingerprint(GenericFingerprint): if re.search("-log$", kb.data.banner): banVer += ", logging enabled" - banVer = format.getDbms([banVer]) + banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -155,7 +155,7 @@ class Fingerprint(GenericFingerprint): return value def checkDbms(self): - if not conf.extensiveFp and (backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES): + if not conf.extensiveFp and (Backend.isDbmsWithin(ACCESS_ALIASES) or conf.dbms in ACCESS_ALIASES): setDbms(DBMS.ACCESS) return True @@ -187,7 +187,7 @@ class Fingerprint(GenericFingerprint): version = self.__sysTablesCheck() if version is not None: - backend.setVersion(version) + Backend.setVersion(version) return True else: diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index 20cef4513..f49d3fc7e 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import getUnicode from lib.core.common import randomInt from lib.core.common import randomRange @@ -34,25 +34,25 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp value += "back-end DBMS: " - actVer = format.getDbms() + actVer = Format.getDbms() if not conf.extensiveFp: value += actVer return value - actVer = format.getDbms() + " (%s)" % (self.__dialectCheck()) + actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck()) blank = " " * 15 value += "active fingerprint: %s" % actVer @@ -62,10 +62,10 @@ class Fingerprint(GenericFingerprint): if re.search("-log$", kb.data.banner): banVer += ", logging enabled" - banVer = format.getDbms([banVer]) + banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -101,23 +101,23 @@ class Fingerprint(GenericFingerprint): def __dialectCheck(self): retVal = None - if backend.getIdentifiedDbms(): + if Backend.getIdentifiedDbms(): result = inject.checkBooleanExpression("EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)") retVal = "dialect 3" if result else "dialect 1" return retVal def checkDbms(self): - if not conf.extensiveFp and (backend.isDbmsWithin(FIREBIRD_ALIASES) \ - or conf.dbms in FIREBIRD_ALIASES) and backend.getVersion() and \ - backend.getVersion() != UNKNOWN_DBMS_VERSION: - v = backend.getVersion().replace(">", "") + if not conf.extensiveFp and (Backend.isDbmsWithin(FIREBIRD_ALIASES) \ + or conf.dbms in FIREBIRD_ALIASES) and Backend.getVersion() and \ + Backend.getVersion() != UNKNOWN_DBMS_VERSION: + v = Backend.getVersion().replace(">", "") v = v.replace("=", "") v = v.replace(" ", "") - backend.setVersion(v) + Backend.setVersion(v) - setDbms("%s %s" % (DBMS.FIREBIRD, backend.getVersion())) + setDbms("%s %s" % (DBMS.FIREBIRD, Backend.getVersion())) self.getBanner() @@ -149,7 +149,7 @@ class Fingerprint(GenericFingerprint): version = self.__sysTablesCheck() if version is not None: - backend.setVersion(version) + Backend.setVersion(version) setDbms("%s %s" % (DBMS.FIREBIRD, version)) self.getBanner() diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py index cfbd4348a..6a6ca0035 100644 --- a/plugins/dbms/maxdb/fingerprint.py +++ b/plugins/dbms/maxdb/fingerprint.py @@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import randomInt from lib.core.common import randomRange from lib.core.data import conf @@ -66,13 +66,13 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp @@ -84,14 +84,14 @@ class Fingerprint(GenericFingerprint): value += DBMS.MAXDB return value - actVer = format.getDbms() + " (%s)" % self.__versionCheck() + actVer = Format.getDbms() + " (%s)" % self.__versionCheck() blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: value += "\n%sbanner parsing fingerprint: -" % blank - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -99,7 +99,7 @@ class Fingerprint(GenericFingerprint): return value def checkDbms(self): - if not conf.extensiveFp and (backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES): + if not conf.extensiveFp and (Backend.isDbmsWithin(MAXDB_ALIASES) or conf.dbms in MAXDB_ALIASES): setDbms(DBMS.MAXDB) self.getBanner() diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 460cc6ab6..a6a93044f 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission from lib.core.agent import agent from lib.core.common import arrayizeValue -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getRange from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable @@ -41,7 +41,7 @@ class Enumeration(GenericEnumeration): infoMsg += " for database '%s'" % conf.db logger.info(infoMsg) - rootQuery = queries[backend.getIdentifiedDbms()].tables + rootQuery = queries[Backend.getIdentifiedDbms()].tables if not conf.db: if not len(kb.data.cachedDbs): @@ -111,7 +111,7 @@ class Enumeration(GenericEnumeration): return kb.data.cachedTables def searchTable(self): - rootQuery = queries[backend.getIdentifiedDbms()].search_table + rootQuery = queries[Backend.getIdentifiedDbms()].search_table foundTbls = {} tblList = conf.tbl.split(",") tblCond = rootQuery.inband.condition @@ -198,7 +198,7 @@ class Enumeration(GenericEnumeration): return foundTbls def searchColumn(self): - rootQuery = queries[backend.getIdentifiedDbms()].search_column + rootQuery = queries[Backend.getIdentifiedDbms()].search_column foundCols = {} dbs = {} colList = conf.col.split(",") diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 6894ca14d..551b7e610 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import getUnicode from lib.core.common import randomInt from lib.core.data import conf @@ -30,19 +30,19 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp value += "back-end DBMS: " - actVer = format.getDbms() + actVer = Format.getDbms() if not conf.extensiveFp: value += actVer @@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint): value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -71,10 +71,10 @@ class Fingerprint(GenericFingerprint): return value def checkDbms(self): - if not conf.extensiveFp and (backend.isDbmsWithin(MSSQL_ALIASES) \ - or conf.dbms in MSSQL_ALIASES) and backend.getVersion() and \ - backend.getVersion().isdigit(): - setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion())) + if not conf.extensiveFp and (Backend.isDbmsWithin(MSSQL_ALIASES) \ + or conf.dbms in MSSQL_ALIASES) and Backend.getVersion() and \ + Backend.getVersion().isdigit(): + setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion())) self.getBanner() @@ -103,10 +103,10 @@ class Fingerprint(GenericFingerprint): result = inject.checkBooleanExpression(check) if result: - backend.setVersion(version) + Backend.setVersion(version) - if backend.getVersion(): - setDbms("%s %s" % (DBMS.MSSQL, backend.getVersion())) + if Backend.getVersion(): + setDbms("%s %s" % (DBMS.MSSQL, Backend.getVersion())) else: setDbms(DBMS.MSSQL) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index e9dc91e8f..3e3a93560 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import getUnicode from lib.core.common import randomInt from lib.core.data import conf @@ -97,19 +97,19 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp value += "back-end DBMS: " - actVer = format.getDbms() + actVer = Format.getDbms() if not conf.extensiveFp: value += actVer @@ -120,7 +120,7 @@ class Fingerprint(GenericFingerprint): value += "active fingerprint: %s" % actVer if comVer: - comVer = format.getDbms([comVer]) + comVer = Format.getDbms([comVer]) value += "\n%scomment injection fingerprint: %s" % (blank, comVer) if kb.bannerFp: @@ -129,10 +129,10 @@ class Fingerprint(GenericFingerprint): if re.search("-log$", kb.data.banner): banVer += ", logging enabled" - banVer = format.getDbms([banVer] if banVer else None) + banVer = Format.getDbms([banVer] if banVer else None) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -150,18 +150,18 @@ class Fingerprint(GenericFingerprint): * http://dev.mysql.com/doc/refman/6.0/en/news-6-0-x.html (manual has been withdrawn) """ - if not conf.extensiveFp and (backend.isDbmsWithin(MYSQL_ALIASES) \ - or conf.dbms in MYSQL_ALIASES) and backend.getVersion() and \ - backend.getVersion() != UNKNOWN_DBMS_VERSION: - v = backend.getVersion().replace(">", "") + if not conf.extensiveFp and (Backend.isDbmsWithin(MYSQL_ALIASES) \ + or conf.dbms in MYSQL_ALIASES) and Backend.getVersion() and \ + Backend.getVersion() != UNKNOWN_DBMS_VERSION: + v = Backend.getVersion().replace(">", "") v = v.replace("=", "") v = v.replace(" ", "") - backend.setVersion(v) + Backend.setVersion(v) - setDbms("%s %s" % (DBMS.MYSQL, backend.getVersion())) + setDbms("%s %s" % (DBMS.MYSQL, Backend.getVersion())) - if backend.isVersionGreaterOrEqualThan("5"): + if Backend.isVersionGreaterOrEqualThan("5"): kb.data.has_information_schema = True self.getBanner() @@ -190,7 +190,7 @@ class Fingerprint(GenericFingerprint): #if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.TABLES LIMIT 0, 1)" % (randInt, randInt)): if inject.checkBooleanExpression("EXISTS(SELECT %s FROM information_schema.TABLES)" % randInt): kb.data.has_information_schema = True - backend.setVersion(">= 5.0.0") + Backend.setVersion(">= 5.0.0") setDbms("%s 5" % DBMS.MYSQL) self.getBanner() @@ -202,43 +202,43 @@ class Fingerprint(GenericFingerprint): # Check if it is MySQL >= 5.5.0 if inject.checkBooleanExpression("TO_SECONDS(950501)>0"): - backend.setVersion(">= 5.5.0") + Backend.setVersion(">= 5.5.0") # Check if it is MySQL >= 5.1.2 and < 5.5.0 elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"): if inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1)" % (randInt, randInt)): - backend.setVersionList([">= 5.1.12", "< 5.5.0"]) + Backend.setVersionList([">= 5.1.12", "< 5.5.0"]) elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1)" % (randInt,randInt)): - backend.setVersionList([">= 5.1.7", "< 5.1.12"]) + Backend.setVersionList([">= 5.1.7", "< 5.1.12"]) elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1)" % (randInt, randInt)): - backend.setVersion("= 5.1.6") + Backend.setVersion("= 5.1.6") elif inject.checkBooleanExpression("%s=(SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1)" % (randInt, randInt)): - backend.setVersionList([">= 5.1.5", "< 5.1.6"]) + Backend.setVersionList([">= 5.1.5", "< 5.1.6"]) else: - backend.setVersionList([">= 5.1.2", "< 5.1.5"]) + Backend.setVersionList([">= 5.1.2", "< 5.1.5"]) # Check if it is MySQL >= 5.0.0 and < 5.1.2 elif inject.checkBooleanExpression("@@hostname=@@hostname"): - backend.setVersionList([">= 5.0.38", "< 5.1.2"]) + Backend.setVersionList([">= 5.0.38", "< 5.1.2"]) elif inject.checkBooleanExpression("@@character_set_filesystem=@@character_set_filesystem"): - backend.setVersionList([">= 5.0.19", "< 5.0.38"]) + Backend.setVersionList([">= 5.0.19", "< 5.0.38"]) elif not inject.checkBooleanExpression("%s=(SELECT %s FROM DUAL WHERE %s!=%s)" % (randInt, randInt, randInt, randInt)): - backend.setVersionList([">= 5.0.11", "< 5.0.19"]) + Backend.setVersionList([">= 5.0.11", "< 5.0.19"]) elif inject.checkBooleanExpression("@@div_precision_increment=@@div_precision_increment"): - backend.setVersionList([">= 5.0.6", "< 5.0.11"]) + Backend.setVersionList([">= 5.0.6", "< 5.0.11"]) elif inject.checkBooleanExpression("@@automatic_sp_privileges=@@automatic_sp_privileges"): - backend.setVersionList([">= 5.0.3", "< 5.0.6"]) + Backend.setVersionList([">= 5.0.3", "< 5.0.6"]) else: - backend.setVersionList([">= 5.0.0", "< 5.0.3"]) + Backend.setVersionList([">= 5.0.0", "< 5.0.3"]) # For cases when information_schema is missing elif inject.checkBooleanExpression("DATABASE() LIKE SCHEMA()"): - backend.setVersion(">= 5.0.2") + Backend.setVersion(">= 5.0.2") setDbms("%s 5" % DBMS.MYSQL) self.getBanner() elif inject.checkBooleanExpression("STRCMP(LOWER(CURRENT_USER()), UPPER(CURRENT_USER()))=0"): - backend.setVersion("< 5.0.0") + Backend.setVersion("< 5.0.0") setDbms("%s 4" % DBMS.MYSQL) self.getBanner() @@ -247,20 +247,20 @@ class Fingerprint(GenericFingerprint): # Check which version of MySQL < 5.0.0 it is if inject.checkBooleanExpression("3=(SELECT COERCIBILITY(USER()))"): - backend.setVersionList([">= 4.1.11", "< 5.0.0"]) + Backend.setVersionList([">= 4.1.11", "< 5.0.0"]) elif inject.checkBooleanExpression("2=(SELECT COERCIBILITY(USER()))"): - backend.setVersionList([">= 4.1.1", "< 4.1.11"]) + Backend.setVersionList([">= 4.1.1", "< 4.1.11"]) elif inject.checkBooleanExpression("CURRENT_USER()=CURRENT_USER()"): - backend.setVersionList([">= 4.0.6", "< 4.1.1"]) + Backend.setVersionList([">= 4.0.6", "< 4.1.1"]) if inject.checkBooleanExpression("'utf8'=(SELECT CHARSET(CURRENT_USER()))"): - backend.setVersion("= 4.1.0") + Backend.setVersion("= 4.1.0") else: - backend.setVersionList([">= 4.0.6", "< 4.1.0"]) + Backend.setVersionList([">= 4.0.6", "< 4.1.0"]) else: - backend.setVersionList([">= 4.0.0", "< 4.0.6"]) + Backend.setVersionList([">= 4.0.0", "< 4.0.6"]) else: - backend.setVersion("< 4.0.0") + Backend.setVersion("< 4.0.0") setDbms("%s 3" % DBMS.MYSQL) self.getBanner() diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index 11384382a..ef109119f 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.agent import agent -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getRange from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable @@ -30,7 +30,7 @@ class Enumeration(GenericEnumeration): def getRoles(self, query2=False): infoMsg = "fetching database users roles" - rootQuery = queries[backend.getIdentifiedDbms()].roles + rootQuery = queries[Backend.getIdentifiedDbms()].roles if conf.user == "CU": infoMsg += " for current user" @@ -179,7 +179,7 @@ class Enumeration(GenericEnumeration): return [] def searchColumn(self): - rootQuery = queries[backend.getIdentifiedDbms()].search_column + rootQuery = queries[Backend.getIdentifiedDbms()].search_column foundCols = {} dbs = { "USERS": {} } colList = conf.col.split(",") diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index 724453972..c5ca94a8b 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -29,13 +29,13 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp @@ -46,16 +46,16 @@ class Fingerprint(GenericFingerprint): value += DBMS.ORACLE return value - actVer = format.getDbms() + actVer = Format.getDbms() blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None - banVer = format.getDbms([banVer]) + banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint): return value def checkDbms(self): - if not conf.extensiveFp and (backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES): + if not conf.extensiveFp and (Backend.isDbmsWithin(ORACLE_ALIASES) or conf.dbms in ORACLE_ALIASES): setDbms(DBMS.ORACLE) self.getBanner() @@ -112,7 +112,7 @@ class Fingerprint(GenericFingerprint): output = inject.checkBooleanExpression("%d=(SELECT SUBSTR((VERSION), 1, %d) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1)" % (number, 1 if number < 10 else 2)) if output: - backend.setVersion(version) + Backend.setVersion(version) break return True diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index 5207ec85a..29d0af462 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -10,8 +10,8 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import getUnicode from lib.core.common import randomInt from lib.core.data import conf @@ -32,13 +32,13 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp @@ -49,16 +49,16 @@ class Fingerprint(GenericFingerprint): value += DBMS.PGSQL return value - actVer = format.getDbms() + actVer = Format.getDbms() blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None - banVer = format.getDbms([banVer]) + banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -72,7 +72,7 @@ class Fingerprint(GenericFingerprint): * http://www.postgresql.org/docs/8.4/interactive/release.html (up to 8.4.2) """ - if not conf.extensiveFp and (backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES): + if not conf.extensiveFp and (Backend.isDbmsWithin(PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES): setDbms(DBMS.PGSQL) self.getBanner() @@ -108,35 +108,35 @@ class Fingerprint(GenericFingerprint): logger.info(infoMsg) if inject.checkBooleanExpression("2=(SELECT DIV(6, 3))"): - backend.setVersion(">= 8.4.0") + Backend.setVersion(">= 8.4.0") elif inject.checkBooleanExpression("EXTRACT(ISODOW FROM CURRENT_TIMESTAMP)<8"): - backend.setVersionList([">= 8.3.0", "< 8.4"]) + Backend.setVersionList([">= 8.3.0", "< 8.4"]) elif inject.checkBooleanExpression("ISFINITE(TRANSACTION_TIMESTAMP())"): - backend.setVersionList([">= 8.2.0", "< 8.3.0"]) + Backend.setVersionList([">= 8.2.0", "< 8.3.0"]) elif inject.checkBooleanExpression("9=(SELECT GREATEST(5, 9, 1))"): - backend.setVersionList([">= 8.1.0", "< 8.2.0"]) + Backend.setVersionList([">= 8.1.0", "< 8.2.0"]) elif inject.checkBooleanExpression("3=(SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5))"): - backend.setVersionList([">= 8.0.0", "< 8.1.0"]) + Backend.setVersionList([">= 8.0.0", "< 8.1.0"]) elif inject.checkBooleanExpression("'d'=(SELECT SUBSTR(MD5('sqlmap'), 1, 1))"): - backend.setVersionList([">= 7.4.0", "< 8.0.0"]) + Backend.setVersionList([">= 7.4.0", "< 8.0.0"]) elif inject.checkBooleanExpression("'p'=(SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1))"): - backend.setVersionList([">= 7.3.0", "< 7.4.0"]) + Backend.setVersionList([">= 7.3.0", "< 7.4.0"]) elif inject.checkBooleanExpression("8=(SELECT BIT_LENGTH(1))"): - backend.setVersionList([">= 7.2.0", "< 7.3.0"]) + Backend.setVersionList([">= 7.2.0", "< 7.3.0"]) elif inject.checkBooleanExpression("'a'=(SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1))"): - backend.setVersionList([">= 7.1.0", "< 7.2.0"]) + Backend.setVersionList([">= 7.1.0", "< 7.2.0"]) elif inject.checkBooleanExpression("8=(SELECT POW(2, 3))"): - backend.setVersionList([">= 7.0.0", "< 7.1.0"]) + Backend.setVersionList([">= 7.0.0", "< 7.1.0"]) elif inject.checkBooleanExpression("'a'=(SELECT MAX('a'))"): - backend.setVersionList([">= 6.5.0", "< 6.5.3"]) + Backend.setVersionList([">= 6.5.0", "< 6.5.3"]) elif inject.checkBooleanExpression("VERSION()=VERSION()"): - backend.setVersionList([">= 6.4.0", "< 6.5.0"]) + Backend.setVersionList([">= 6.4.0", "< 6.5.0"]) elif inject.checkBooleanExpression("2=(SELECT SUBSTR(CURRENT_DATE, 1, 1))"): - backend.setVersionList([">= 6.3.0", "< 6.4.0"]) + Backend.setVersionList([">= 6.3.0", "< 6.4.0"]) elif inject.checkBooleanExpression("'s'=(SELECT SUBSTRING('sqlmap', 1, 1))"): - backend.setVersionList([">= 6.2.0", "< 6.3.0"]) + Backend.setVersionList([">= 6.2.0", "< 6.3.0"]) else: - backend.setVersion("< 6.2.0") + Backend.setVersion("< 6.2.0") return True else: diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py index 25ee5416c..ab471bcd8 100644 --- a/plugins/dbms/sqlite/fingerprint.py +++ b/plugins/dbms/sqlite/fingerprint.py @@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp @@ -45,16 +45,16 @@ class Fingerprint(GenericFingerprint): value += DBMS.SQLITE return value - actVer = format.getDbms() + actVer = Format.getDbms() blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp["dbmsVersion"] - banVer = format.getDbms([banVer]) + banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -69,7 +69,7 @@ class Fingerprint(GenericFingerprint): * http://www.sqlite.org/cvstrac/wiki?p=LoadableExtensions """ - if not conf.extensiveFp and (backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES): + if not conf.extensiveFp and (Backend.isDbmsWithin(SQLITE_ALIASES) or conf.dbms in SQLITE_ALIASES): setDbms(DBMS.SQLITE) self.getBanner() @@ -98,7 +98,7 @@ class Fingerprint(GenericFingerprint): result = inject.checkBooleanExpression("RANDOMBLOB(-1)>0") version = '3' if result else '2' - backend.setVersion(version) + Backend.setVersion(version) setDbms(DBMS.SQLITE) diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py index ef1c585ed..adcea339a 100644 --- a/plugins/dbms/sybase/fingerprint.py +++ b/plugins/dbms/sybase/fingerprint.py @@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.agent import agent -from lib.core.common import backend -from lib.core.common import format +from lib.core.common import Backend +from lib.core.common import Format from lib.core.common import randomInt from lib.core.data import conf from lib.core.data import kb @@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint): def getFingerprint(self): value = "" - wsOsFp = format.getOs("web server", kb.headersFp) + wsOsFp = Format.getOs("web server", kb.headersFp) if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: - dbmsOsFp = format.getOs("back-end DBMS", kb.bannerFp) + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) if dbmsOsFp: value += "%s\n" % dbmsOsFp @@ -45,16 +45,16 @@ class Fingerprint(GenericFingerprint): value += DBMS.SYBASE return value - actVer = format.getDbms() + actVer = Format.getDbms() blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp["dbmsVersion"] - banVer = format.getDbms([banVer]) + banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) - htmlErrorFp = format.getErrorParsedDBMSes() + htmlErrorFp = Format.getErrorParsedDBMSes() if htmlErrorFp: value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) @@ -62,10 +62,10 @@ class Fingerprint(GenericFingerprint): return value def checkDbms(self): - if not conf.extensiveFp and (backend.isDbmsWithin(SYBASE_ALIASES) \ - or conf.dbms in SYBASE_ALIASES) and backend.getVersion() and \ - backend.getVersion().isdigit(): - setDbms("%s %s" % (DBMS.SYBASE, backend.getVersion())) + if not conf.extensiveFp and (Backend.isDbmsWithin(SYBASE_ALIASES) \ + or conf.dbms in SYBASE_ALIASES) and Backend.getVersion() and \ + Backend.getVersion().isdigit(): + setDbms("%s %s" % (DBMS.SYBASE, Backend.getVersion())) self.getBanner() @@ -107,7 +107,7 @@ class Fingerprint(GenericFingerprint): result = inject.checkBooleanExpression("@@VERSION_NUMBER/1000=%d" % version) if result: - backend.setVersion(str(version)) + Backend.setVersion(str(version)) break return True diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 25c08447e..687acb98c 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -12,13 +12,13 @@ import time from lib.core.agent import agent from lib.core.common import arrayizeValue -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import dataToStdout from lib.core.common import getRange from lib.core.common import getCompiledRegex from lib.core.common import getConsoleWidth from lib.core.common import getFileItems -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import getUnicode from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable @@ -86,7 +86,7 @@ class Enumeration: infoMsg = "fetching banner" logger.info(infoMsg) - query = queries[backend.getIdentifiedDbms()].banner.query + query = queries[Backend.getIdentifiedDbms()].banner.query kb.data.banner = inject.getValue(query) bannerParser(kb.data.banner) @@ -108,7 +108,7 @@ class Enumeration: infoMsg = "fetching current user" logger.info(infoMsg) - query = queries[backend.getIdentifiedDbms()].current_user.query + query = queries[Backend.getIdentifiedDbms()].current_user.query if not kb.data.currentUser: kb.data.currentUser = inject.getValue(query) @@ -119,7 +119,7 @@ class Enumeration: infoMsg = "fetching current database" logger.info(infoMsg) - query = queries[backend.getIdentifiedDbms()].current_db.query + query = queries[Backend.getIdentifiedDbms()].current_db.query if not kb.data.currentDb: kb.data.currentDb = inject.getValue(query) @@ -130,11 +130,11 @@ class Enumeration: infoMsg = "testing if current user is DBA" logger.info(infoMsg) - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: self.getCurrentUser() - query = queries[backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0] + query = queries[Backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0] else: - query = queries[backend.getIdentifiedDbms()].is_dba.query + query = queries[Backend.getIdentifiedDbms()].is_dba.query query = agent.forgeCaseStatement(query) @@ -146,10 +146,10 @@ class Enumeration: infoMsg = "fetching database users" logger.info(infoMsg) - rootQuery = queries[backend.getIdentifiedDbms()].users + rootQuery = queries[Backend.getIdentifiedDbms()].users - condition = ( backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")) ) - condition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema ) + condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) ) + condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema ) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if condition: @@ -175,14 +175,14 @@ class Enumeration: errMsg = "unable to retrieve the number of database users" raise sqlmapNoneDataException, errMsg - if backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.getIdentifiedDbms() == DBMS.ORACLE: plusOne = True else: plusOne = False indexRange = getRange(count, plusOne=plusOne) for index in indexRange: - if backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB): + if Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MAXDB): query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ") elif condition: query = rootQuery.blind.query2 % index @@ -202,7 +202,7 @@ class Enumeration: def getPasswordHashes(self): infoMsg = "fetching database users password hashes" - rootQuery = queries[backend.getIdentifiedDbms()].passwords + rootQuery = queries[Backend.getIdentifiedDbms()].passwords if conf.user == "CU": infoMsg += " for current user" @@ -211,7 +211,7 @@ class Enumeration: logger.info(infoMsg) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")): + if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): query = rootQuery.inband.query2 else: query = rootQuery.inband.query @@ -224,7 +224,7 @@ class Enumeration: query += " WHERE " query += " OR ".join("%s = '%s'" % (condition, user) for user in users) else: - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: parsedUser = re.search("[\047]*(.*?)[\047]*\@", conf.user) if parsedUser: @@ -261,7 +261,7 @@ class Enumeration: retrievedUsers = set() for user in users: - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: parsedUser = re.search("[\047]*(.*?)[\047]*\@", user) if parsedUser: @@ -274,7 +274,7 @@ class Enumeration: infoMsg += "for user '%s'" % user logger.info(infoMsg) - if backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")): + if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): query = rootQuery.blind.count2 % user else: query = rootQuery.blind.count % user @@ -291,14 +291,14 @@ class Enumeration: passwords = [] - if backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.getIdentifiedDbms() == DBMS.ORACLE: plusOne = True else: plusOne = False indexRange = getRange(count, plusOne=plusOne) for index in indexRange: - if backend.getIdentifiedDbms() == DBMS.SYBASE: + if Backend.getIdentifiedDbms() == DBMS.SYBASE: if index > 0: warnMsg = "unable to retrieve other password " warnMsg += "hashes for user '%s'" % user @@ -307,15 +307,15 @@ class Enumeration: else: query = rootQuery.blind.query % user getCurrentThreadData().disableStdOut = True - elif backend.getIdentifiedDbms() == DBMS.MSSQL: - if backend.isVersionWithin(("2005", "2008")): + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.isVersionWithin(("2005", "2008")): query = rootQuery.blind.query2 % (user, index, user) else: query = rootQuery.blind.query % (user, index, user) else: query = rootQuery.blind.query % (user, index) password = inject.getValue(query, inband=False, error=False) - if backend.getIdentifiedDbms() == DBMS.SYBASE: + if Backend.getIdentifiedDbms() == DBMS.SYBASE: getCurrentThreadData().disableStdOut = False password = "0x%s" % strToHex(password) infoMsg = "retrieved: %s" % password @@ -352,31 +352,31 @@ class Enumeration: def __isAdminFromPrivileges(self, privileges): # In PostgreSQL the usesuper privilege means that the # user is DBA - dbaCondition = ( backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges ) + dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges ) # In Oracle the DBA privilege means that the # user is DBA - dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges ) + dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges ) # In MySQL >= 5.0 the SUPER privilege means # that the user is DBA - dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges ) + dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges ) # In MySQL < 5.0 the super_priv privilege means # that the user is DBA - dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges ) + dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges ) # In Firebird there is no specific privilege that means # that the user is DBA # TODO: confirm - dbaCondition |= ( backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges ) + dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges ) return dbaCondition def getPrivileges(self, query2=False): infoMsg = "fetching database users privileges" - rootQuery = queries[backend.getIdentifiedDbms()].privileges + rootQuery = queries[Backend.getIdentifiedDbms()].privileges if conf.user == "CU": infoMsg += " for current user" @@ -432,10 +432,10 @@ class Enumeration: } if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.inband.query2 condition = rootQuery.inband.condition2 - elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: query = rootQuery.inband.query2 condition = rootQuery.inband.condition2 else: @@ -447,7 +447,7 @@ class Enumeration: query += " WHERE " # NOTE: I assume that the user provided is not in # MySQL >= 5.0 syntax 'user'@'host' - if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: queryUser = "%" + conf.user + "%" query += " OR ".join("%s LIKE '%s'" % (condition, "%" + user + "%") for user in users) else: @@ -455,7 +455,7 @@ class Enumeration: values = inject.getValue(query, blind=False) - if not values and backend.getIdentifiedDbms() == DBMS.ORACLE and not query2: + if not values and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2: infoMsg = "trying with table USER_SYS_PRIVS" logger.info(infoMsg) @@ -477,19 +477,19 @@ class Enumeration: # In PostgreSQL we get 1 if the privilege is # True, 0 otherwise - if backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit(): + if Backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit(): for position, pgsqlPriv in pgsqlPrivs: if count == position and int(privilege) == 1: privileges.add(pgsqlPriv) # In MySQL >= 5.0 and Oracle we get the list # of privileges as string - elif backend.getIdentifiedDbms() == DBMS.ORACLE or ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ): + elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ): privileges.add(privilege) # In MySQL < 5.0 we get Y if the privilege is # True, N otherwise - elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: for position, mysqlPriv in mysqlPrivs: if count == position and privilege.upper() == "Y": privileges.add(mysqlPriv) @@ -506,7 +506,7 @@ class Enumeration: conditionChar = "=" if conf.user: - if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: conditionChar = " LIKE " if "," in conf.user: @@ -533,7 +533,7 @@ class Enumeration: for user in users: unescapedUser = None - if backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: unescapedUser = unescaper.unescape(user, quote=False) if user in retrievedUsers: @@ -548,18 +548,18 @@ class Enumeration: else: queryUser = user - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.blind.count2 % queryUser - elif backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: query = rootQuery.blind.count % (conditionChar, queryUser) - elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: query = rootQuery.blind.count2 % queryUser else: query = rootQuery.blind.count % queryUser count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): - if not (isinstance(count, basestring) and count.isdigit()) and backend.getIdentifiedDbms() == DBMS.ORACLE and not query2: + if not (isinstance(count, basestring) and count.isdigit()) and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2: infoMsg = "trying with table USER_SYS_PRIVS" logger.info(infoMsg) @@ -575,20 +575,20 @@ class Enumeration: privileges = set() - if backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.getIdentifiedDbms() == DBMS.ORACLE: plusOne = True else: plusOne = False indexRange = getRange(count, plusOne=plusOne) for index in indexRange: - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.blind.query2 % (queryUser, index) - elif backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: query = rootQuery.blind.query % (conditionChar, queryUser, index) - elif backend.getIdentifiedDbms() == DBMS.ORACLE and query2: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: query = rootQuery.blind.query2 % (queryUser, index) - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: query = rootQuery.blind.query % (index, queryUser) else: query = rootQuery.blind.query % (queryUser, index) @@ -596,7 +596,7 @@ class Enumeration: # In PostgreSQL we get 1 if the privilege is True, # 0 otherwise - if backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege: + if Backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege: privilege = privilege.replace(", ", ",") privs = privilege.split(",") i = 1 @@ -611,12 +611,12 @@ class Enumeration: # In MySQL >= 5.0 and Oracle we get the list # of privileges as string - elif backend.getIdentifiedDbms() == DBMS.ORACLE or ( backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ): + elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ): privileges.add(privilege) # In MySQL < 5.0 we get Y if the privilege is # True, N otherwise - elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: privilege = privilege.replace(", ", ",") privs = privilege.split(",") i = 1 @@ -630,7 +630,7 @@ class Enumeration: i += 1 # In Firebird we get one letter for each privilege - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: privileges.add(firebirdPrivs[privilege.strip()]) if self.__isAdminFromPrivileges(privileges): @@ -639,7 +639,7 @@ class Enumeration: # In MySQL < 5.0 we break the cycle after the first # time we get the user's privileges otherwise we # duplicate the same query - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: break if privileges: @@ -659,14 +659,14 @@ class Enumeration: return ( kb.data.cachedUsersPrivileges, areAdmins ) def getRoles(self, query2=False): - warnMsg = "on %s the concept of roles does not " % backend.getIdentifiedDbms() + warnMsg = "on %s the concept of roles does not " % Backend.getIdentifiedDbms() warnMsg += "exist. sqlmap will enumerate privileges instead" logger.warn(warnMsg) return self.getPrivileges(query2) def getDbs(self): - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: warnMsg = "information_schema not available, " warnMsg += "back-end DBMS is MySQL < 5. database " warnMsg += "names will be fetched from 'mysql' database" @@ -675,10 +675,10 @@ class Enumeration: infoMsg = "fetching database names" logger.info(infoMsg) - rootQuery = queries[backend.getIdentifiedDbms()].dbs + rootQuery = queries[Backend.getIdentifiedDbms()].dbs if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.inband.query2 else: query = rootQuery.inband.query @@ -691,7 +691,7 @@ class Enumeration: infoMsg = "fetching number of databases" logger.info(infoMsg) - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.blind.count2 else: query = rootQuery.blind.count @@ -704,9 +704,9 @@ class Enumeration: indexRange = getRange(count) for index in indexRange: - if backend.getIdentifiedDbms() == DBMS.SYBASE: + if Backend.getIdentifiedDbms() == DBMS.SYBASE: query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ") - elif backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.blind.query2 % index else: query = rootQuery.blind.query % index @@ -726,13 +726,13 @@ class Enumeration: self.forceDbmsEnum() - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" logger.error(errMsg) bruteForce = True - elif backend.getIdentifiedDbms() == DBMS.ACCESS: + elif Backend.getIdentifiedDbms() == DBMS.ACCESS: errMsg = "cannot retrieve table names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) @@ -771,7 +771,7 @@ class Enumeration: infoMsg += " for database '%s'" % conf.db logger.info(infoMsg) - rootQuery = queries[backend.getIdentifiedDbms()].tables + rootQuery = queries[Backend.getIdentifiedDbms()].tables if conf.db: if "," in conf.db: @@ -789,7 +789,7 @@ class Enumeration: condition = rootQuery.inband.condition if 'condition' in rootQuery.inband else None if condition: - if conf.db and backend.getIdentifiedDbms() != DBMS.SQLITE: + if conf.db and Backend.getIdentifiedDbms() != DBMS.SQLITE: if "," in conf.db: dbs = conf.db.split(",") query += " WHERE " @@ -802,12 +802,12 @@ class Enumeration: infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList) logger.info(infoMsg) - if backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): query = safeStringFormat(query, conf.db) value = inject.getValue(query, blind=False) if value: - if backend.getIdentifiedDbms() == DBMS.SQLITE: + if Backend.getIdentifiedDbms() == DBMS.SQLITE: if isinstance(value, basestring): value = [[ DBMS.SQLITE, value ]] elif isinstance(value, (list, tuple, set)): @@ -836,7 +836,7 @@ class Enumeration: infoMsg += "database '%s'" % db logger.info(infoMsg) - if backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB): + if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB): query = rootQuery.blind.count else: query = rootQuery.blind.count % db @@ -850,18 +850,18 @@ class Enumeration: tables = [] - if backend.getIdentifiedDbms() in ( DBMS.MSSQL, DBMS.ORACLE ): + if Backend.getIdentifiedDbms() in ( DBMS.MSSQL, DBMS.ORACLE ): plusOne = True else: plusOne = False indexRange = getRange(count, plusOne=plusOne) for index in indexRange: - if backend.getIdentifiedDbms() == DBMS.SYBASE: + if Backend.getIdentifiedDbms() == DBMS.SYBASE: query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) - elif backend.getIdentifiedDbms() == DBMS.MAXDB: + elif Backend.getIdentifiedDbms() == DBMS.MAXDB: query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") - elif backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD): + elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD): query = rootQuery.blind.query % index else: query = rootQuery.blind.query % (db, index) @@ -902,13 +902,13 @@ class Enumeration: conf.db = self.getCurrentDb() - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" logger.error(errMsg) bruteForce = True - elif backend.getIdentifiedDbms() == DBMS.ACCESS: + elif Backend.getIdentifiedDbms() == DBMS.ACCESS: errMsg = "cannot retrieve column names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) @@ -959,13 +959,13 @@ class Enumeration: "37":"VARCHAR" } - rootQuery = queries[backend.getIdentifiedDbms()].columns + rootQuery = queries[Backend.getIdentifiedDbms()].columns condition = rootQuery.blind.condition if 'condition' in rootQuery.blind else None infoMsg = "fetching columns " if conf.col: - if backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.getIdentifiedDbms() == DBMS.ORACLE: conf.col = conf.col.upper() colList = conf.col.split(",") condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + col + "%") for col in colList) + ")" @@ -978,24 +978,24 @@ class Enumeration: logger.info(infoMsg) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.inband.query % (conf.tbl, conf.db) query += condQuery - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: query = rootQuery.inband.query % conf.tbl.upper() query += condQuery - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.tbl) query += condQuery.replace("[DB]", conf.db) - elif backend.getIdentifiedDbms() == DBMS.SQLITE: + elif Backend.getIdentifiedDbms() == DBMS.SQLITE: query = rootQuery.inband.query % conf.tbl value = inject.getValue(query, blind=False) - if backend.getIdentifiedDbms() == DBMS.SQLITE: + if Backend.getIdentifiedDbms() == DBMS.SQLITE: parseSqliteTableSchema(value) elif value: table = {} @@ -1018,19 +1018,19 @@ class Enumeration: infoMsg += " on database '%s'" % conf.db logger.info(infoMsg) - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.count % (conf.tbl, conf.db) query += condQuery - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: query = rootQuery.blind.count % conf.tbl.upper() query += condQuery - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: query = rootQuery.blind.count % (conf.db, conf.db, conf.tbl) query += condQuery.replace("[DB]", conf.db) - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: query = rootQuery.blind.count % (conf.tbl) query += condQuery - elif backend.getIdentifiedDbms() == DBMS.SQLITE: + elif Backend.getIdentifiedDbms() == DBMS.SQLITE: query = rootQuery.blind.query % conf.tbl value = inject.getValue(query, inband=False, error=False) @@ -1052,22 +1052,22 @@ class Enumeration: indexRange = getRange(count) for index in indexRange: - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.query % (conf.tbl, conf.db) query += condQuery field = None - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: query = rootQuery.blind.query % (conf.tbl.upper()) query += condQuery field = None - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: query = rootQuery.blind.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.tbl) query += condQuery.replace("[DB]", conf.db) field = condition.replace("[DB]", conf.db) - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: query = rootQuery.blind.query % (conf.tbl) query += condQuery field = None @@ -1076,20 +1076,20 @@ class Enumeration: column = inject.getValue(query, inband=False, error=False) if not onlyColNames: - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.query2 % (conf.tbl, column, conf.db) - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: query = rootQuery.blind.query2 % (conf.tbl.upper(), column) - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db, conf.db, conf.db, conf.tbl) - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: query = rootQuery.blind.query2 % (conf.tbl, column) colType = inject.getValue(query, inband=False, error=False) - if backend.getIdentifiedDbms() == DBMS.FIREBIRD: + if Backend.getIdentifiedDbms() == DBMS.FIREBIRD: colType = firebirdTypes[colType] if colType in firebirdTypes else colType columns[column] = colType @@ -1135,9 +1135,9 @@ class Enumeration: conf.db = self.getCurrentDb() - rootQuery = queries[backend.getIdentifiedDbms()].dump_table + rootQuery = queries[Backend.getIdentifiedDbms()].dump_table - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: if '-' in conf.tbl: conf.tbl = "`%s`" % conf.tbl if '-' in conf.db: @@ -1180,9 +1180,9 @@ class Enumeration: entriesCount = 0 if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.getIdentifiedDbms() == DBMS.ORACLE: query = rootQuery.inband.query % (colString, conf.tbl.upper()) - elif backend.getIdentifiedDbms() == DBMS.SQLITE: + elif Backend.getIdentifiedDbms() == DBMS.SQLITE: query = rootQuery.inband.query % (colString, conf.tbl) else: query = rootQuery.inband.query % (colString, conf.db, conf.tbl) @@ -1228,9 +1228,9 @@ class Enumeration: infoMsg += "on database '%s'" % conf.db logger.info(infoMsg) - if backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.getIdentifiedDbms() == DBMS.ORACLE: query = rootQuery.blind.count % conf.tbl.upper() - elif backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD): + elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD): query = rootQuery.blind.count % conf.tbl else: query = rootQuery.blind.count % (conf.db, conf.tbl) @@ -1250,14 +1250,14 @@ class Enumeration: lengths = {} entries = {} - if backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MSSQL, DBMS.SYBASE): plusOne = True else: plusOne = False indexRange = getRange(count, dump=True, plusOne=plusOne) try: - if backend.getIdentifiedDbms() == DBMS.ACCESS: + if Backend.getIdentifiedDbms() == DBMS.ACCESS: validColumnList = False validPivotValue = False @@ -1334,22 +1334,22 @@ class Enumeration: if column not in entries: entries[column] = [] - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.query % (column, conf.db, conf.tbl, index) - elif backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.getIdentifiedDbms() == DBMS.ORACLE: query = rootQuery.blind.query % (column, column, conf.tbl.upper(), index) - elif backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): query = rootQuery.blind.query % (column, index, conf.db, conf.tbl, colList[0], colList[0], colList[0]) - elif backend.getIdentifiedDbms() == DBMS.SQLITE: + elif Backend.getIdentifiedDbms() == DBMS.SQLITE: query = rootQuery.blind.query % (column, conf.tbl, index) - elif backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: query = rootQuery.blind.query % (index, column, conf.tbl) value = inject.getValue(query, inband=False, error=False) @@ -1393,7 +1393,7 @@ class Enumeration: return kb.data.dumpedTable def dumpAll(self): - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" raise sqlmapUnsupportedFeatureException, errMsg @@ -1494,10 +1494,10 @@ class Enumeration: def searchDb(self): foundDbs = [] - rootQuery = queries[backend.getIdentifiedDbms()].search_db + rootQuery = queries[Backend.getIdentifiedDbms()].search_db dbList = conf.db.split(",") - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: dbCond = rootQuery.inband.condition2 else: dbCond = rootQuery.inband.condition @@ -1522,7 +1522,7 @@ class Enumeration: dbQuery = dbQuery % db if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.inband.query2 else: query = rootQuery.inband.query @@ -1543,7 +1543,7 @@ class Enumeration: infoMsg += " '%s'" % db logger.info(infoMsg) - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.blind.count2 else: query = rootQuery.blind.count @@ -1563,7 +1563,7 @@ class Enumeration: indexRange = getRange(count) for index in indexRange: - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: query = rootQuery.blind.query2 else: query = rootQuery.blind.query @@ -1578,12 +1578,12 @@ class Enumeration: def searchTable(self): bruteForce = False - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" bruteForce = True - elif backend.getIdentifiedDbms() == DBMS.ACCESS: + elif Backend.getIdentifiedDbms() == DBMS.ACCESS: errMsg = "cannot retrieve table names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) @@ -1601,7 +1601,7 @@ class Enumeration: regex = "|".join(conf.tbl.split(",")) return tableExists(paths.COMMON_TABLES, regex) - rootQuery = queries[backend.getIdentifiedDbms()].search_table + rootQuery = queries[Backend.getIdentifiedDbms()].search_table foundTbls = {} tblList = conf.tbl.split(",") tblCond = rootQuery.inband.condition @@ -1610,7 +1610,7 @@ class Enumeration: tblConsider, tblCondParam = self.likeOrExact("table") for tbl in tblList: - if backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.getIdentifiedDbms() == DBMS.ORACLE: tbl = tbl.upper() infoMsg = "searching table" @@ -1720,12 +1720,12 @@ class Enumeration: def searchColumn(self): bruteForce = False - if backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" bruteForce = True - elif backend.getIdentifiedDbms() == DBMS.ACCESS: + elif Backend.getIdentifiedDbms() == DBMS.ACCESS: errMsg = "cannot retrieve column names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) @@ -1751,7 +1751,7 @@ class Enumeration: return - rootQuery = queries[backend.getIdentifiedDbms()].search_column + rootQuery = queries[Backend.getIdentifiedDbms()].search_column foundCols = {} dbs = {} colList = conf.col.split(",") @@ -1968,7 +1968,7 @@ class Enumeration: return output def sqlShell(self): - infoMsg = "calling %s shell. To quit type " % backend.getIdentifiedDbms() + infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms() infoMsg += "'x' or 'q' and press ENTER" logger.info(infoMsg) diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index a9879630a..189443e5e 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -13,7 +13,7 @@ import os from lib.core.agent import agent from lib.core.common import dataToOutFile -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import isTechniqueAvailable from lib.core.common import randomStr from lib.core.common import readInput @@ -87,13 +87,13 @@ class Filesystem: return fileLines def __checkWrittenFile(self, wFile, dFile, fileType): - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile - elif backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.getIdentifiedDbms() == DBMS.PGSQL: lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: self.createSupportTbl(self.fileTblName, self.tblField, "text") # Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx @@ -271,7 +271,7 @@ class Filesystem: fileContent = self.unionReadFile(rFile) - if fileContent in ( None, "" ) and backend.getIdentifiedDbms() != DBMS.PGSQL: + if fileContent in ( None, "" ) and Backend.getIdentifiedDbms() != DBMS.PGSQL: self.cleanup(onlyFileTbl=True) return @@ -289,7 +289,7 @@ class Filesystem: fileContent = self.__unhexString(fileContent) rFilePath = dataToOutFile(fileContent) - if backend.getIdentifiedDbms() != DBMS.PGSQL: + if Backend.getIdentifiedDbms() != DBMS.PGSQL: self.cleanup(onlyFileTbl=True) return rFilePath diff --git a/plugins/generic/fingerprint.py b/plugins/generic/fingerprint.py index fa5aa4802..7ed3e1159 100644 --- a/plugins/generic/fingerprint.py +++ b/plugins/generic/fingerprint.py @@ -7,7 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import readInput from lib.core.data import kb from lib.core.data import logger @@ -19,7 +19,7 @@ class Fingerprint: """ def __init__(self, dbms): - backend.forceDbms(dbms) + Backend.forceDbms(dbms) def getFingerprint(self): errMsg = "'getFingerprint' method must be defined " diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 3b828a47f..695c6053c 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -10,7 +10,7 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.common import getCompiledRegex -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import isTechniqueAvailable from lib.core.common import normalizePath from lib.core.common import ntToPosixSlashes @@ -57,19 +57,19 @@ class Miscellaneous: infoMsg = "detecting back-end DBMS version from its banner" logger.info(infoMsg) - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: first, last = 1, 6 - elif backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.getIdentifiedDbms() == DBMS.PGSQL: first, last = 12, 6 - elif backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.getIdentifiedDbms() == DBMS.MSSQL: first, last = 29, 9 else: raise sqlmapUnsupportedFeatureException, "unsupported DBMS" - query = queries[backend.getIdentifiedDbms()].substring.query % (queries[backend.getIdentifiedDbms()].banner.query, first, last) + query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last) if conf.direct: query = "SELECT %s" % query @@ -120,7 +120,7 @@ class Miscellaneous: if not onlyFileTbl: inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True) - if backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.getIdentifiedDbms() == DBMS.MSSQL: return if udfDict is None: @@ -133,7 +133,7 @@ class Miscellaneous: if not output or output in ("y", "Y"): dropStr = "DROP FUNCTION %s" % udf - if backend.getIdentifiedDbms() == DBMS.PGSQL: + if Backend.getIdentifiedDbms() == DBMS.PGSQL: inp = ", ".join(i for i in inpRet["input"]) dropStr += "(%s)" % inp diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 8d07af381..425b8f215 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -9,7 +9,7 @@ See the file 'doc/COPYING' for copying permission import os -from lib.core.common import backend +from lib.core.common import Backend from lib.core.common import isTechniqueAvailable from lib.core.common import readInput from lib.core.common import runningAsAdmin @@ -45,7 +45,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): def osCmd(self): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: web = False - elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: infoMsg = "going to use a web backdoor for command execution" logger.info(infoMsg) @@ -66,7 +66,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): def osShell(self): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: web = False - elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: infoMsg = "going to use a web backdoor for command prompt" logger.info(infoMsg) @@ -149,7 +149,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): errMsg += "is unlikely to receive commands send from you" logger.error(errMsg) - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): self.sysUdfs.pop("sys_bineval") if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: @@ -159,7 +159,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.initEnv(web=web) if tunnel == 1: - if backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): msg = "how do you want to execute the Metasploit shellcode " msg += "on the back-end database underlying operating system?" msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)" @@ -189,7 +189,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.uploadMsfPayloadStager() if kb.os == "Windows" and conf.privEsc: - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: debugMsg = "by default MySQL on Windows runs as SYSTEM " debugMsg += "user, no need to privilege escalate" logger.debug(debugMsg) @@ -207,7 +207,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.uploadIcmpshSlave(web=web) self.icmpPwn() - elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and backend.getIdentifiedDbms() == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: web = True infoMsg = "going to use a web backdoor to establish the tunnel" @@ -256,13 +256,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): raise sqlmapUnsupportedDBMSException(errMsg) if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: - if backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ): + if Backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ): errMsg = "on this back-end DBMS it is only possible to " errMsg += "perform the SMB relay attack if stacked " errMsg += "queries are supported" raise sqlmapUnsupportedDBMSException(errMsg) - elif backend.getIdentifiedDbms() == DBMS.MYSQL: + elif Backend.getIdentifiedDbms() == DBMS.MYSQL: debugMsg = "since stacked queries are not supported, " debugMsg += "sqlmap is going to perform the SMB relay " debugMsg += "attack via inference blind SQL injection" @@ -271,19 +271,19 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): printWarn = True warnMsg = "it is unlikely that this attack will be successful " - if backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.getIdentifiedDbms() == DBMS.MYSQL: warnMsg += "because by default MySQL on Windows runs as " warnMsg += "Local System which is not a real user, it does " warnMsg += "not send the NTLM session hash when connecting to " warnMsg += "a SMB service" - elif backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.getIdentifiedDbms() == DBMS.PGSQL: warnMsg += "because by default PostgreSQL on Windows runs " warnMsg += "as postgres user which is a real user of the " warnMsg += "system, but not within the Administrators group" - elif backend.getIdentifiedDbms() == DBMS.MSSQL and backend.isVersionWithin(("2005", "2008")): - warnMsg += "because often Microsoft SQL Server %s " % backend.getVersion() + elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): + warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion() warnMsg += "runs as Network Service which is not a real user, " warnMsg += "it does not send the NTLM session hash when " warnMsg += "connecting to a SMB service" @@ -300,14 +300,14 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: return - if not backend.getIdentifiedDbms() == DBMS.MSSQL or not backend.isVersionWithin(("2000", "2005")): + if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")): errMsg = "the back-end DBMS must be Microsoft SQL Server " errMsg += "2000 or 2005 to be able to exploit the heap-based " errMsg += "buffer overflow in the 'sp_replwritetovarbin' " errMsg += "stored procedure (MS09-004)" raise sqlmapUnsupportedDBMSException(errMsg) - infoMsg = "going to exploit the Microsoft SQL Server %s " % backend.getVersion() + infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion() infoMsg += "'sp_replwritetovarbin' stored procedure heap-based " infoMsg += "buffer overflow (MS09-004)" logger.info(infoMsg)