From 57648168910e6e5215f2878a6d627406bc889dbc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 3 Dec 2010 22:28:09 +0000 Subject: [PATCH] minor cosmetics --- lib/core/agent.py | 6 +++--- lib/core/common.py | 8 ++++---- lib/core/enums.py | 2 +- lib/parse/banner.py | 2 +- lib/request/inject.py | 4 ++-- lib/takeover/abstraction.py | 8 ++++---- lib/takeover/metasploit.py | 8 ++++---- lib/takeover/udf.py | 8 ++++---- lib/techniques/inband/union/use.py | 4 ++-- lib/utils/resume.py | 2 +- plugins/dbms/postgresql/enumeration.py | 2 +- plugins/dbms/postgresql/fingerprint.py | 6 +++--- plugins/generic/enumeration.py | 16 ++++++++-------- plugins/generic/filesystem.py | 2 +- plugins/generic/misc.py | 4 ++-- plugins/generic/takeover.py | 8 ++++---- 16 files changed, 45 insertions(+), 45 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index a4fdd7ff0..02e4a66e4 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -371,7 +371,7 @@ class Agent: if kb.dbms == DBMS.MYSQL: concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2) - elif kb.dbms in ( DBMS.POSTGRESQL, DBMS.ORACLE, DBMS.SQLITE ): + elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ): concatenatedQuery = "%s||%s" % (query1, query2) elif kb.dbms == DBMS.MSSQL: @@ -429,7 +429,7 @@ class Agent: elif fieldsNoSelect: concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop) - elif kb.dbms in ( DBMS.POSTGRESQL, DBMS.ORACLE, DBMS.SQLITE ): + elif kb.dbms in ( DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE ): if fieldsSelectCase: concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1) concatenatedQuery += "||'%s'" % kb.misc.stop @@ -580,7 +580,7 @@ class Agent: fromFrom = limitedQuery[fromIndex+1:] orderBy = False - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL, DBMS.SQLITE ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE ): limitStr = queries[kb.dbms].limit.query % (num, 1) limitedQuery += " %s" % limitStr diff --git a/lib/core/common.py b/lib/core/common.py index be341ce93..468f7cc11 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -735,7 +735,7 @@ def parseTargetDirect(): dbmsDict = { DBMS.MSSQL: [MSSQL_ALIASES, "python-pymssql", "http://pymssql.sourceforge.net/"], DBMS.MYSQL: [MYSQL_ALIASES, "python-mysqldb", "http://mysql-python.sourceforge.net/"], - DBMS.POSTGRESQL: [PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/"], + DBMS.PGSQL: [PGSQL_ALIASES, "python-psycopg2", "http://initd.org/psycopg/"], DBMS.ORACLE: [ORACLE_ALIASES, "python cx_Oracle", "http://cx-oracle.sourceforge.net/"], DBMS.SQLITE: [SQLITE_ALIASES, "python-pysqlite2", "http://pysqlite.googlecode.com/"], DBMS.ACCESS: [ACCESS_ALIASES, "python-pyodbc", "http://pyodbc.googlecode.com/"], @@ -768,7 +768,7 @@ def parseTargetDirect(): elif dbmsName == DBMS.MYSQL: import MySQLdb - elif dbmsName == DBMS.POSTGRESQL: + elif dbmsName == DBMS.PGSQL: import psycopg2 elif dbmsName == DBMS.ORACLE: import cx_Oracle @@ -926,13 +926,13 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True) def getDelayQuery(andCond=False): query = None - if kb.dbms in (DBMS.MYSQL, DBMS.POSTGRESQL): + if kb.dbms in (DBMS.MYSQL, DBMS.PGSQL): if not kb.data.banner: conf.dbmsHandler.getVersionFromBanner() banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None - if banVer is None or (kb.dbms == DBMS.MYSQL and banVer >= "5.0.12") or (kb.dbms == DBMS.POSTGRESQL and banVer >= "8.2"): + if banVer is None or (kb.dbms == DBMS.MYSQL and banVer >= "5.0.12") or (kb.dbms == DBMS.PGSQL and banVer >= "8.2"): query = queries[kb.dbms].timedelay.query % conf.timeSec else: query = queries[kb.dbms].timedelay.query2 % conf.timeSec diff --git a/lib/core/enums.py b/lib/core/enums.py index 442851b64..c21febf8e 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -23,7 +23,7 @@ class DBMS: MSSQL = "Microsoft SQL Server" MYSQL = "MySQL" ORACLE = "Oracle" - POSTGRESQL = "PostgreSQL" + PGSQL = "PostgreSQL" SQLITE = "SQLite" SYBASE = "Sybase" diff --git a/lib/parse/banner.py b/lib/parse/banner.py index 100e7a0a7..524882f46 100644 --- a/lib/parse/banner.py +++ b/lib/parse/banner.py @@ -100,7 +100,7 @@ def bannerParser(banner): xmlfile = paths.MYSQL_XML elif kb.dbms == DBMS.ORACLE: xmlfile = paths.ORACLE_XML - elif kb.dbms == DBMS.POSTGRESQL: + elif kb.dbms == DBMS.PGSQL: xmlfile = paths.PGSQL_XML if not xmlfile: diff --git a/lib/request/inject.py b/lib/request/inject.py index c9413de9c..e87c1e092 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -149,7 +149,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I) if limitRegExp or ( kb.dbms == DBMS.MSSQL and topLimit ): - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): limitGroupStart = queries[kb.dbms].limitgroupstart.query limitGroupStop = queries[kb.dbms].limitgroupstop.query @@ -188,7 +188,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r # From now on we need only the expression until the " LIMIT " # (or similar, depending on the back-end DBMS) word - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): stopLimit += startLimit untilLimitChar = expression.index(queries[kb.dbms].limitstring.query) expression = expression[:untilLimitChar] diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 250667844..49c7aaee5 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -38,7 +38,7 @@ class Abstraction(Web, UDF, xp_cmdshell): if self.webBackdoorUrl and not kb.stackedTest: self.webBackdoorRunCmd(cmd) - elif kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): self.udfExecCmd(cmd, silent=silent) elif kb.dbms == DBMS.MSSQL: @@ -52,7 +52,7 @@ class Abstraction(Web, UDF, xp_cmdshell): if self.webBackdoorUrl and not kb.stackedTest: return self.webBackdoorRunCmd(cmd) - elif kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): return self.udfEvalCmd(cmd, first, last) elif kb.dbms == DBMS.MSSQL: @@ -90,7 +90,7 @@ class Abstraction(Web, UDF, xp_cmdshell): logger.info(infoMsg) else: - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): infoMsg = "going to use injected sys_eval and sys_exec " infoMsg += "user-defined functions for operating system " infoMsg += "command execution" @@ -148,7 +148,7 @@ class Abstraction(Web, UDF, xp_cmdshell): warnMsg += "the session user is not a database administrator" logger.warn(warnMsg) - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): self.udfInjectSys() elif kb.dbms == DBMS.MSSQL: if mandatory: diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 6e721c422..abbe566d0 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -192,7 +192,7 @@ class Metasploit: debugMsg += "injection will be successful" logger.debug(debugMsg) - elif kb.dbms == DBMS.POSTGRESQL: + elif kb.dbms == DBMS.PGSQL: choose = True warnMsg = "by default PostgreSQL on Windows runs as " @@ -229,7 +229,7 @@ class Metasploit: break elif choice == "1": - if kb.dbms == DBMS.POSTGRESQL: + if kb.dbms == DBMS.PGSQL: logger.warn("beware that the VNC injection might not work") break @@ -554,7 +554,7 @@ class Metasploit: # This is useful for sqlmap because on PostgreSQL it is not # possible to write files bigger than 8192 bytes abusing the # lo_export() feature implemented in sqlmap. - if kb.dbms == DBMS.POSTGRESQL: + if kb.dbms == DBMS.PGSQL: self.__fileFormat = "exe-small" else: self.__fileFormat = "exe" @@ -656,7 +656,7 @@ class Metasploit: self.__forgeMsfConsoleResource() self.__forgeMsfConsoleCmd() - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile) else: self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile) diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 49de96275..47d53861a 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -101,7 +101,7 @@ class UDF: return output def udfCheckNeeded(self): - if ( not conf.rFile or ( conf.rFile and kb.dbms != DBMS.POSTGRESQL ) ) and "sys_fileread" in self.sysUdfs: + if ( not conf.rFile or ( conf.rFile and kb.dbms != DBMS.PGSQL ) ) and "sys_fileread" in self.sysUdfs: self.sysUdfs.pop("sys_fileread") if not conf.osPwn: @@ -142,7 +142,7 @@ class UDF: if kb.dbms == DBMS.MYSQL: supportTblType = "longtext" - elif kb.dbms == DBMS.POSTGRESQL: + elif kb.dbms == DBMS.PGSQL: supportTblType = "text" self.udfCreateSupportTbl(supportTblType) @@ -153,7 +153,7 @@ class UDF: self.udfInjectCore(self.sysUdfs) def udfInjectCustom(self): - if kb.dbms not in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms not in ( DBMS.MYSQL, DBMS.PGSQL ): errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms raise sqlmapUnsupportedFeatureException(errMsg) @@ -235,7 +235,7 @@ class UDF: if kb.dbms == DBMS.MYSQL: defaultType = "string" - elif kb.dbms == DBMS.POSTGRESQL: + elif kb.dbms == DBMS.PGSQL: defaultType = "text" self.udfs[udfName]["input"] = [] diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index 1c787b615..dbf722a14 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -69,7 +69,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh limitRegExp = re.search(queries[kb.dbms].limitregexp.query, expression, re.I) if limitRegExp: - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): limitGroupStart = queries[kb.dbms].limitgroupstart.query limitGroupStop = queries[kb.dbms].limitgroupstop.query @@ -103,7 +103,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh # From now on we need only the expression until the " LIMIT " # (or similar, depending on the back-end DBMS) word - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): stopLimit += startLimit untilLimitChar = expression.index(queries[kb.dbms].limitstring.query) expression = expression[:untilLimitChar] diff --git a/lib/utils/resume.py b/lib/utils/resume.py index 9be4c7875..19a363cdb 100644 --- a/lib/utils/resume.py +++ b/lib/utils/resume.py @@ -59,7 +59,7 @@ def queryOutputLength(expression, payload): if selectDistinctExpr: lengthExpr = "SELECT %s FROM (%s)" % (lengthQuery % regExpr, expression) - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): lengthExpr += " AS %s" % randomStr(lowercase=True) elif select: lengthExpr = expression.replace(regExpr, lengthQuery % regExpr, 1) diff --git a/plugins/dbms/postgresql/enumeration.py b/plugins/dbms/postgresql/enumeration.py index b9a07c495..220b9b2fe 100644 --- a/plugins/dbms/postgresql/enumeration.py +++ b/plugins/dbms/postgresql/enumeration.py @@ -12,4 +12,4 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration class Enumeration(GenericEnumeration): def __init__(self): - GenericEnumeration.__init__(self, DBMS.POSTGRESQL) + GenericEnumeration.__init__(self, DBMS.PGSQL) diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index 11c4d0db8..56d875c85 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -47,7 +47,7 @@ class Fingerprint(GenericFingerprint): value += "back-end DBMS: " if not conf.extensiveFp: - value += DBMS.POSTGRESQL + value += DBMS.PGSQL return value actVer = formatDBMSfp() @@ -74,7 +74,7 @@ class Fingerprint(GenericFingerprint): """ if (kb.dbms is not None and kb.dbms.lower() in PGSQL_ALIASES) or conf.dbms in PGSQL_ALIASES: - setDbms(DBMS.POSTGRESQL) + setDbms(DBMS.PGSQL) self.getBanner() @@ -102,7 +102,7 @@ class Fingerprint(GenericFingerprint): return False - setDbms(DBMS.POSTGRESQL) + setDbms(DBMS.PGSQL) self.getBanner() diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index d0fd24feb..95cc57c0c 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -342,7 +342,7 @@ class Enumeration: def __isAdminFromPrivileges(self, privileges): # In PostgreSQL the usesuper privilege means that the # user is DBA - dbaCondition = ( kb.dbms == DBMS.POSTGRESQL and "super" in privileges ) + dbaCondition = ( kb.dbms == DBMS.PGSQL and "super" in privileges ) # In Oracle the DBA privilege means that the # user is DBA @@ -467,7 +467,7 @@ class Enumeration: # In PostgreSQL we get 1 if the privilege is # True, 0 otherwise - if kb.dbms == DBMS.POSTGRESQL and getUnicode(privilege).isdigit(): + if kb.dbms == DBMS.PGSQL and getUnicode(privilege).isdigit(): for position, pgsqlPriv in pgsqlPrivs: if count == position and int(privilege) == 1: privileges.add(pgsqlPriv) @@ -586,7 +586,7 @@ class Enumeration: # In PostgreSQL we get 1 if the privilege is True, # 0 otherwise - if kb.dbms == DBMS.POSTGRESQL and ", " in privilege: + if kb.dbms == DBMS.PGSQL and ", " in privilege: privilege = privilege.replace(", ", ",") privs = privilege.split(",") i = 1 @@ -931,7 +931,7 @@ class Enumeration: logger.info(infoMsg) if kb.unionPosition is not None or conf.direct: - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.inband.query % (conf.tbl, conf.db) query += condQuery elif kb.dbms == DBMS.ORACLE: @@ -968,7 +968,7 @@ class Enumeration: infoMsg += " on database '%s'" % conf.db logger.info(infoMsg) - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.count % (conf.tbl, conf.db) query += condQuery elif kb.dbms == DBMS.ORACLE: @@ -995,7 +995,7 @@ class Enumeration: indexRange = getRange(count) for index in indexRange: - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.query % (conf.tbl, conf.db) query += condQuery field = None @@ -1019,7 +1019,7 @@ class Enumeration: column = inject.getValue(query, inband=False) if not onlyColNames: - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.query2 % (conf.tbl, column, conf.db) elif kb.dbms == DBMS.ORACLE: query = rootQuery.blind.query2 % (conf.tbl.upper(), column) @@ -1194,7 +1194,7 @@ class Enumeration: if column not in entries: entries[column] = [] - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.query % (column, conf.db, conf.tbl, index) elif kb.dbms == DBMS.ORACLE: diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 170ac7ce2..18615741b 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -87,7 +87,7 @@ class Filesystem: if kb.dbms == DBMS.MYSQL: lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile - elif kb.dbms == DBMS.POSTGRESQL: + elif kb.dbms == DBMS.PGSQL: lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid elif kb.dbms == DBMS.MSSQL: diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 5a43e3ce9..7b99f67ea 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -57,7 +57,7 @@ class Miscellaneous: if kb.dbms == DBMS.MYSQL: first, last = 1, 6 - elif kb.dbms == DBMS.POSTGRESQL: + elif kb.dbms == DBMS.PGSQL: first, last = 12, 6 elif kb.dbms == DBMS.MSSQL: @@ -130,7 +130,7 @@ class Miscellaneous: if not output or output in ("y", "Y"): dropStr = "DROP FUNCTION %s" % udf - if kb.dbms == DBMS.POSTGRESQL: + if kb.dbms == DBMS.PGSQL: inp = ", ".join(i for i in inpRet["input"]) dropStr += "(%s)" % inp diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index c62a120b6..394d9f2ae 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -146,7 +146,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): errMsg += "is unlikely to receive commands send from you" logger.error(errMsg) - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): self.sysUdfs.pop("sys_bineval") if kb.stackedTest or conf.direct: @@ -156,7 +156,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.initEnv(web=web) if tunnel == 1: - if kb.dbms in ( DBMS.MYSQL, DBMS.POSTGRESQL ): + if kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ): msg = "how do you want to execute the Metasploit shellcode " msg += "on the back-end database underlying operating system?" msg += "\n[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)" @@ -253,7 +253,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): raise sqlmapUnsupportedDBMSException(errMsg) if not kb.stackedTest and not conf.direct: - if kb.dbms in ( DBMS.POSTGRESQL, DBMS.MSSQL ): + if kb.dbms in ( DBMS.PGSQL, DBMS.MSSQL ): errMsg = "on this back-end DBMS it is only possible to " errMsg += "perform the SMB relay attack if stacked " errMsg += "queries are supported" @@ -274,7 +274,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): warnMsg += "not send the NTLM session hash when connecting to " warnMsg += "a SMB service" - elif kb.dbms == DBMS.POSTGRESQL: + elif kb.dbms == DBMS.PGSQL: warnMsg += "because by default PostgreSQL on Windows runs " warnMsg += "as postgres user which is a real user of the " warnMsg += "system, but not within the Administrators group"