update

lib/core/option.py

@@ -1119,7 +1119,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     logger.debug(debugMsg)
 
     kb.absFilePaths    = set()
-    kb.assumeEmpty     = False
     kb.authHeader      = None
     kb.bannerFp        = advancedDict()
 

lib/takeover/abstraction.py

@@ -8,11 +8,13 @@ See the file 'doc/COPYING' for copying permission
 """
 
 from lib.core.common import dataToStdout
+from lib.core.common import isTechniqueAvailable
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
+from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapUnsupportedFeatureException
 from lib.core.shell import autoCompletion
 from lib.takeover.udf import UDF
@@ -35,7 +37,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
         xp_cmdshell.__init__(self)
 
     def execCmd(self, cmd, silent=False):
-        if self.webBackdoorUrl and not kb.stackedTest:
+        if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
             self.webBackdoorRunCmd(cmd)
 
         elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
@@ -49,7 +51,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
             raise sqlmapUnsupportedFeatureException, errMsg
 
     def evalCmd(self, cmd, first=None, last=None):
-        if self.webBackdoorUrl and not kb.stackedTest:
+        if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
             return self.webBackdoorRunCmd(cmd)
 
         elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
@@ -84,7 +86,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
             self.execCmd(cmd)
 
     def shell(self):
-        if self.webBackdoorUrl and not kb.stackedTest:
+        if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
             infoMsg  = "calling OS shell. To quit type "
             infoMsg += "'x' or 'q' and press ENTER"
             logger.info(infoMsg)

lib/takeover/udf.py

@@ -11,12 +11,14 @@ import os
 
 from lib.core.agent import agent
 from lib.core.common import dataToStdout
+from lib.core.common import isTechniqueAvailable
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.enums import DBMS
+from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.exception import sqlmapUnsupportedFeatureException
@@ -157,7 +159,7 @@ class UDF:
             errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms
             raise sqlmapUnsupportedFeatureException(errMsg)
 
-        if not kb.stackedTest and not conf.direct:
+        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
             return
 
         self.checkDbmsOs()

lib/techniques/blind/inference.py

@@ -279,26 +279,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                     if conf.threadContinue:
                         charStart = time.time()
                         val = getChar(curidx)
-
                         if val is None:
-                            if not kb.assumeEmpty:
+                            val = '?'
-                                iolock.acquire()
-
-                                warnMsg = "failed to get character at index %d (expected %d total)." % (curidx, length)
-                                logger.warn(warnMsg)
-
-                                message = "assume empty character? [Y/n/a]"
-                                choice = readInput(message, default="Y")
-                                iolock.release()
-
-                                if choice in ("a", "A"):
-                                    kb.assumeEmpty = True
-                                elif not choice or choice in ("y", "Y"):
-                                    pass # do nothing
-                                else:
-                                    raise sqlmapValueException
-
-                            val = ''
                     else:
                         break
 

plugins/dbms/mysql/takeover.py

@@ -10,12 +10,14 @@ See the file 'doc/COPYING' for copying permission
 import re
 
 from lib.core.agent import agent
+from lib.core.common import isTechniqueAvailable
 from lib.core.common import normalizePath
 from lib.core.common import ntToPosixSlashes
 from lib.core.common import randomStr
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import paths
+from lib.core.enums import PAYLOAD
 from lib.request import inject
 from lib.request.connect import Connect as Request
 
@@ -100,7 +102,7 @@ class Takeover(GenericTakeover):
             logger.debug("keeping existing UDF '%s' as requested" % udf)
 
     def uncPathRequest(self):
-        if not kb.stackedTest:
+        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
             query   = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
             query   = agent.suffixQuery(query)
             payload = agent.payload(newValue=query)

plugins/generic/enumeration.py

@@ -18,6 +18,7 @@ from lib.core.common import getConsoleWidth
 from lib.core.common import getFileItems
 from lib.core.common import getUnicode
 from lib.core.common import isNumPosStrValue
+from lib.core.common import isTechniqueAvailable
 from lib.core.common import parsePasswordHash
 from lib.core.common import parseSqliteTableSchema
 from lib.core.common import popValue
@@ -34,6 +35,7 @@ from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.enums import DBMS
 from lib.core.enums import EXPECTED
+from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.exception import sqlmapUnsupportedFeatureException
@@ -1758,7 +1760,7 @@ class Enumeration:
 
             return output
         else:
-            if not kb.stackedTest and not conf.direct:
+            if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
                 warnMsg  = "execution of custom SQL queries is only "
                 warnMsg += "available when stacked queries are supported"
                 logger.warn(warnMsg)

plugins/generic/filesystem.py

@@ -13,12 +13,14 @@ import os
 
 from lib.core.agent import agent
 from lib.core.common import dataToOutFile
+from lib.core.common import isTechniqueAvailable
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
+from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapUndefinedMethod
 from lib.request import inject
 
@@ -254,8 +256,8 @@ class Filesystem:
 
         self.checkDbmsOs()
 
-        if conf.direct or kb.stackedTest:
+        if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
-            if kb.stackedTest:
+            if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
                 debugMsg  = "going to read the file with stacked query SQL "
                 debugMsg += "injection technique"
                 logger.debug(debugMsg)
@@ -294,8 +296,8 @@ class Filesystem:
     def writeFile(self, wFile, dFile, fileType=None, confirm=True):
         self.checkDbmsOs()
 
-        if conf.direct or kb.stackedTest:
+        if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
-            if kb.stackedTest:
+            if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
                 debugMsg  = "going to upload the %s file with " % fileType
                 debugMsg += "stacked query SQL injection technique"
                 logger.debug(debugMsg)

plugins/generic/misc.py

@@ -10,6 +10,7 @@ See the file 'doc/COPYING' for copying permission
 import re
 
 from lib.core.common import getCompiledRegex
+from lib.core.common import isTechniqueAvailable
 from lib.core.common import normalizePath
 from lib.core.common import ntToPosixSlashes
 from lib.core.common import posixToNtSlashes
@@ -19,6 +20,7 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.enums import DBMS
+from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapNoneDataException
 from lib.core.exception import sqlmapUnsupportedFeatureException
 from lib.core.session import setRemoteTempPath
@@ -94,7 +96,7 @@ class Miscellaneous:
         Cleanup database from sqlmap create tables and functions
         """
 
-        if not kb.stackedTest and not conf.direct:
+        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
             return
 
         if kb.os == "Windows":

plugins/generic/takeover.py

@@ -9,12 +9,14 @@ See the file 'doc/COPYING' for copying permission
 
 import os
 
+from lib.core.common import isTechniqueAvailable
 from lib.core.common import readInput
 from lib.core.common import runningAsAdmin
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.enums import DBMS
+from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapMissingDependence
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.exception import sqlmapMissingPrivileges
@@ -40,9 +42,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
         Abstraction.__init__(self)
 
     def osCmd(self):
-        if kb.stackedTest or conf.direct:
+        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
             web = False
-        elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
+        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
             infoMsg = "going to use a web backdoor for command execution"
             logger.info(infoMsg)
 
@@ -61,9 +63,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
             self.cleanup()
 
     def osShell(self):
-        if kb.stackedTest or conf.direct:
+        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
             web = False
-        elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
+        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
             infoMsg = "going to use a web backdoor for command prompt"
             logger.info(infoMsg)
 
@@ -149,7 +151,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
             if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
                 self.sysUdfs.pop("sys_bineval")
 
-        if kb.stackedTest or conf.direct:
+        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
             web = False
 
             self.getRemoteTempPath()
@@ -204,7 +206,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                 self.uploadIcmpshSlave(web=web)
                 self.icmpPwn()
 
-        elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
+        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and kb.dbms == DBMS.MYSQL:
             web = True
 
             infoMsg = "going to use a web backdoor to establish the tunnel"
@@ -252,7 +254,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
             errMsg += "relay attack"
             raise sqlmapUnsupportedDBMSException(errMsg)
 
-        if not kb.stackedTest and not conf.direct:
+        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
             if kb.dbms in ( DBMS.PGSQL, DBMS.MSSQL ):
                 errMsg  = "on this back-end DBMS it is only possible to "
                 errMsg += "perform the SMB relay attack if stacked "
@@ -294,7 +296,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
         self.smb()
 
     def osBof(self):
-        if not kb.stackedTest and not conf.direct:
+        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
             return
 
         if not kb.dbms == DBMS.MSSQL or kb.dbmsVersion[0] not in ( "2000", "2005" ):
@@ -320,7 +322,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
         raise sqlmapUndefinedMethod, errMsg
 
     def __regInit(self):
-        if not kb.stackedTest and not conf.direct:
+        if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
             return
 
         self.checkDbmsOs()