diff --git a/lib/core/option.py b/lib/core/option.py index 95c603d38..24f1a427a 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1119,7 +1119,6 @@ def __setKnowledgeBaseAttributes(flushAll=True): logger.debug(debugMsg) kb.absFilePaths = set() - kb.assumeEmpty = False kb.authHeader = None kb.bannerFp = advancedDict() diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 49c7aaee5..fd8c67154 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -8,11 +8,13 @@ See the file 'doc/COPYING' for copying permission """ from lib.core.common import dataToStdout +from lib.core.common import isTechniqueAvailable from lib.core.common import readInput from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.enums import DBMS +from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.shell import autoCompletion from lib.takeover.udf import UDF @@ -35,7 +37,7 @@ class Abstraction(Web, UDF, xp_cmdshell): xp_cmdshell.__init__(self) def execCmd(self, cmd, silent=False): - if self.webBackdoorUrl and not kb.stackedTest: + if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): self.webBackdoorRunCmd(cmd) elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): @@ -49,7 +51,7 @@ class Abstraction(Web, UDF, xp_cmdshell): raise sqlmapUnsupportedFeatureException, errMsg def evalCmd(self, cmd, first=None, last=None): - if self.webBackdoorUrl and not kb.stackedTest: + if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): return self.webBackdoorRunCmd(cmd) elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): @@ -84,7 +86,7 @@ class Abstraction(Web, UDF, xp_cmdshell): self.execCmd(cmd) def shell(self): - if self.webBackdoorUrl and not kb.stackedTest: + if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): infoMsg = "calling OS shell. To quit type " infoMsg += "'x' or 'q' and press ENTER" logger.info(infoMsg) diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 47d53861a..e1b4e0a10 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -11,12 +11,14 @@ import os from lib.core.agent import agent from lib.core.common import dataToStdout +from lib.core.common import isTechniqueAvailable from lib.core.common import readInput from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries from lib.core.enums import DBMS +from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapUnsupportedFeatureException @@ -157,7 +159,7 @@ class UDF: errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms raise sqlmapUnsupportedFeatureException(errMsg) - if not kb.stackedTest and not conf.direct: + if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: return self.checkDbmsOs() diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 07c4777cc..608d2c711 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -279,26 +279,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if conf.threadContinue: charStart = time.time() val = getChar(curidx) - if val is None: - if not kb.assumeEmpty: - iolock.acquire() - - warnMsg = "failed to get character at index %d (expected %d total)." % (curidx, length) - logger.warn(warnMsg) - - message = "assume empty character? [Y/n/a]" - choice = readInput(message, default="Y") - iolock.release() - - if choice in ("a", "A"): - kb.assumeEmpty = True - elif not choice or choice in ("y", "Y"): - pass # do nothing - else: - raise sqlmapValueException - - val = '' + val = '?' else: break diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 492952553..0310a5743 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -10,12 +10,14 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.agent import agent +from lib.core.common import isTechniqueAvailable from lib.core.common import normalizePath from lib.core.common import ntToPosixSlashes from lib.core.common import randomStr from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths +from lib.core.enums import PAYLOAD from lib.request import inject from lib.request.connect import Connect as Request @@ -100,7 +102,7 @@ class Takeover(GenericTakeover): logger.debug("keeping existing UDF '%s' as requested" % udf) def uncPathRequest(self): - if not kb.stackedTest: + if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath) query = agent.suffixQuery(query) payload = agent.payload(newValue=query) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index cebd317b1..082ec7d8d 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -18,6 +18,7 @@ from lib.core.common import getConsoleWidth from lib.core.common import getFileItems from lib.core.common import getUnicode from lib.core.common import isNumPosStrValue +from lib.core.common import isTechniqueAvailable from lib.core.common import parsePasswordHash from lib.core.common import parseSqliteTableSchema from lib.core.common import popValue @@ -34,6 +35,7 @@ from lib.core.data import paths from lib.core.data import queries from lib.core.enums import DBMS from lib.core.enums import EXPECTED +from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapUnsupportedFeatureException @@ -1758,7 +1760,7 @@ class Enumeration: return output else: - if not kb.stackedTest and not conf.direct: + if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: warnMsg = "execution of custom SQL queries is only " warnMsg += "available when stacked queries are supported" logger.warn(warnMsg) diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index dabff2ff0..3ca7deb8c 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -13,12 +13,14 @@ import os from lib.core.agent import agent from lib.core.common import dataToOutFile +from lib.core.common import isTechniqueAvailable from lib.core.common import randomStr from lib.core.common import readInput from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.enums import DBMS +from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapUndefinedMethod from lib.request import inject @@ -254,8 +256,8 @@ class Filesystem: self.checkDbmsOs() - if conf.direct or kb.stackedTest: - if kb.stackedTest: + if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): debugMsg = "going to read the file with stacked query SQL " debugMsg += "injection technique" logger.debug(debugMsg) @@ -294,8 +296,8 @@ class Filesystem: def writeFile(self, wFile, dFile, fileType=None, confirm=True): self.checkDbmsOs() - if conf.direct or kb.stackedTest: - if kb.stackedTest: + if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED): debugMsg = "going to upload the %s file with " % fileType debugMsg += "stacked query SQL injection technique" logger.debug(debugMsg) diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 7b99f67ea..c1223ab80 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission import re from lib.core.common import getCompiledRegex +from lib.core.common import isTechniqueAvailable from lib.core.common import normalizePath from lib.core.common import ntToPosixSlashes from lib.core.common import posixToNtSlashes @@ -19,6 +20,7 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries from lib.core.enums import DBMS +from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.session import setRemoteTempPath @@ -94,7 +96,7 @@ class Miscellaneous: Cleanup database from sqlmap create tables and functions """ - if not kb.stackedTest and not conf.direct: + if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: return if kb.os == "Windows": diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 394d9f2ae..b9ed105d6 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -9,12 +9,14 @@ See the file 'doc/COPYING' for copying permission import os +from lib.core.common import isTechniqueAvailable from lib.core.common import readInput from lib.core.common import runningAsAdmin from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.enums import DBMS +from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapMissingDependence from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapMissingPrivileges @@ -40,9 +42,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): Abstraction.__init__(self) def osCmd(self): - if kb.stackedTest or conf.direct: + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: web = False - elif not kb.stackedTest and kb.dbms == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL: infoMsg = "going to use a web backdoor for command execution" logger.info(infoMsg) @@ -61,9 +63,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.cleanup() def osShell(self): - if kb.stackedTest or conf.direct: + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: web = False - elif not kb.stackedTest and kb.dbms == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL: infoMsg = "going to use a web backdoor for command prompt" logger.info(infoMsg) @@ -149,7 +151,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): self.sysUdfs.pop("sys_bineval") - if kb.stackedTest or conf.direct: + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: web = False self.getRemoteTempPath() @@ -204,7 +206,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.uploadIcmpshSlave(web=web) self.icmpPwn() - elif not kb.stackedTest and kb.dbms == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL: web = True infoMsg = "going to use a web backdoor to establish the tunnel" @@ -252,7 +254,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): errMsg += "relay attack" raise sqlmapUnsupportedDBMSException(errMsg) - if not kb.stackedTest and not conf.direct: + if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: if kb.dbms in ( DBMS.PGSQL, DBMS.MSSQL ): errMsg = "on this back-end DBMS it is only possible to " errMsg += "perform the SMB relay attack if stacked " @@ -294,7 +296,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.smb() def osBof(self): - if not kb.stackedTest and not conf.direct: + if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: return if not kb.dbms == DBMS.MSSQL or kb.dbmsVersion[0] not in ( "2000", "2005" ): @@ -320,7 +322,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): raise sqlmapUndefinedMethod, errMsg def __regInit(self): - if not kb.stackedTest and not conf.direct: + if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: return self.checkDbmsOs()