From 53c0336b4802eebe1f5cd05e16c28fe5317af570 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Thu, 12 Jul 2012 00:01:57 +0100 Subject: [PATCH] added --hostname switch to retrieve DBMS server hostname - closes issue #69 --- lib/controller/action.py | 3 +++ lib/core/dump.py | 5 ++++- lib/core/optiondict.py | 1 + lib/parse/cmdline.py | 4 ++++ plugins/generic/enumeration.py | 12 ++++++++++++ sqlmap.conf | 4 ++++ xml/queries.xml | 12 +++++++++++- 7 files changed, 39 insertions(+), 2 deletions(-) diff --git a/lib/controller/action.py b/lib/controller/action.py index f385a0103..7e89d3be1 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -64,6 +64,9 @@ def action(): if conf.getCurrentDb: conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb()) + if conf.getHostname: + conf.dumper.hostname(conf.dbmsHandler.getHostname()) + if conf.isDba: conf.dumper.dba(conf.dbmsHandler.isDba()) diff --git a/lib/core/dump.py b/lib/core/dump.py index 9deec738f..1706e729e 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -74,7 +74,7 @@ class Dump: def string(self, header, data, sort=True): if isListLike(data): self.lister(header, data, sort) - elif data is not None: + elif data is not None and len(data) > 0: data = getUnicode(data) if data[-1] == '\n': @@ -125,6 +125,9 @@ class Dump: else: self.string("current database", data) + def hostname(self,data): + self.string("hostname", data) + def dba(self,data): self.string("current user is DBA", data) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 854c22336..15753a347 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -96,6 +96,7 @@ optDict = { "getBanner": ("boolean", "Banners"), "getCurrentUser": ("boolean", "Users"), "getCurrentDb": ("boolean", "Databases"), + "getHostname": "boolean", "isDba": "boolean", "getUsers": ("boolean", "Users"), "getPasswordHashes": ("boolean", "Passwords"), diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 4d5d7fc33..8037ba4ab 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -304,6 +304,10 @@ def cmdLineParser(): action="store_true", help="Retrieve DBMS current database") + enumeration.add_option("--hostname", dest="getHostname", + action="store_true", + help="Retrieve DBMS server hostname") + enumeration.add_option("--is-dba", dest="isDba", action="store_true", help="Detect if the DBMS current user is DBA") diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 311e3f338..380d94824 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -83,6 +83,7 @@ class Enumeration: kb.data.banner = None kb.data.currentUser = "" kb.data.currentDb = "" + kb.data.hostname = "" kb.data.cachedUsers = [] kb.data.cachedUsersPasswords = {} kb.data.cachedUsersPrivileges = {} @@ -150,6 +151,17 @@ class Enumeration: return kb.data.currentDb + def getHostname(self): + infoMsg = "fetching server hostname" + logger.info(infoMsg) + + query = queries[Backend.getIdentifiedDbms()].hostname.query + + if not kb.data.hostname: + kb.data.hostname = unArrayizeValue(inject.getValue(query, safeCharEncode=False)) + + return kb.data.hostname + def isDba(self, user=None): infoMsg = "testing if current user is DBA" logger.info(infoMsg) diff --git a/sqlmap.conf b/sqlmap.conf index c3d89311a..de213de16 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -327,6 +327,10 @@ getCurrentUser = False # Valid: True or False getCurrentDb = False +# Retrieve back-end database management system server hostname. +# Valid: True or False +getHostname = False + # Detect if the DBMS current user is DBA. # Valid: True or False isDba = False diff --git a/xml/queries.xml b/xml/queries.xml index 878db910e..e78c7a77c 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -29,6 +29,7 @@ + @@ -102,6 +103,7 @@ + @@ -169,6 +171,7 @@ + @@ -242,6 +245,7 @@ NOTE: in Oracle to check if the session user is DBA you can use: SELECT USERENV('ISDBA') FROM DUAL --> + @@ -321,6 +325,7 @@ + @@ -366,6 +371,7 @@ + @@ -407,6 +413,7 @@ + @@ -455,6 +462,7 @@ + @@ -509,6 +517,7 @@ + @@ -575,10 +584,11 @@ - + +