adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)

2025-02-03 05:04:11 +03:00 · 2011-01-05 10:25:07 +00:00 · 2011-01-05 10:25:07 +00:00 · 7ae5192070
commit 7ae5192070
parent c83e9f6ca5
3 changed files with 14 additions and 5 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -61,6 +61,7 @@ from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 from lib.core.settings import SITE
 from lib.core.settings import ERROR_PARSING_REGEXES
+from lib.core.settings import NON_CONTROL_CHAR_REGEX
 from lib.core.settings import SQL_STATEMENTS
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import UNKNOWN_DBMS_VERSION
@ -1823,6 +1824,13 @@ def filterStringValue(value, regex, replace=None):

    return retVal

+def filterControlChars(value):
+    """
+    Returns string value with control
+    chars being supstituted with ' '
+    """
+    return filterStringValue(output, NON_CONTROL_CHAR_REGEX, ' ')
+
 def isDBMSVersionAtLeast(version):
    """
    Checks if the recognized DBMS version
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -52,7 +52,7 @@ DUMP_STOP_MARKER    = "__STOP__"

 PAYLOAD_DELIMITER   = "\x00"
 CHAR_INFERENCE_MARK = "%c"
-READABLE_CHAR_REGEX = r'[\ -~]'
+NON_CONTROL_CHAR_REGEX = r'[^\x00-\x1f]'

 # coefficient used for a time-based query delay checking (must be >= 7)
 TIME_STDEV_COEFF    = 10
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -14,6 +14,7 @@ import traceback
 from lib.core.agent import agent
 from lib.core.common import dataToSessionFile
 from lib.core.common import dataToStdout
+from lib.core.common import filterControlChars
 from lib.core.common import getCharset
 from lib.core.common import goGoodSamaritan
 from lib.core.common import getPartRun
@ -324,7 +325,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                            output += status if count != length else " "*len(status)

                            iolock.acquire()
-                            dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), replaceNewlineTabs(output, stdout=True)))
+                            dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), filterControlChars(output)))
                            iolock.release()

                if not kb.threadContinue:
@ -394,10 +395,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

            if partialValue:
                finalValue = partialValue
-                infoMsg = "\r[%s] [INFO] partially retrieved: %s" % (time.strftime("%X"), finalValue)
+                infoMsg = "\r[%s] [INFO] partially retrieved: %s" % (time.strftime("%X"), filterControlChars(finalValue))
        else:
            finalValue = "".join(value)
-            infoMsg = "\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), finalValue)
+            infoMsg = "\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), filterControlChars(finalValue))

        if isinstance(finalValue, basestring) and len(finalValue) > 0:
            dataToSessionFile(replaceNewlineTabs(finalValue))
@ -499,7 +500,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        dataToStdout("\n")

    if ( conf.verbose in ( 1, 2 ) and showEta ) or conf.verbose >= 3:
-        infoMsg = "retrieved: %s" % finalValue
+        infoMsg = "retrieved: %s" % filterControlChars(finalValue)
        logger.info(infoMsg)

    if not partialValue: