adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)

lib/core/common.py

@@ -61,6 +61,7 @@ from lib.core.settings import IS_WIN
 from lib.core.settings import PLATFORM
 from lib.core.settings import SITE
 from lib.core.settings import ERROR_PARSING_REGEXES
+from lib.core.settings import NON_CONTROL_CHAR_REGEX
 from lib.core.settings import SQL_STATEMENTS
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import UNKNOWN_DBMS_VERSION
@@ -1823,6 +1824,13 @@ def filterStringValue(value, regex, replace=None):
 
     return retVal
 
+def filterControlChars(value):
+    """
+    Returns string value with control
+    chars being supstituted with ' '
+    """
+    return filterStringValue(output, NON_CONTROL_CHAR_REGEX, ' ')
+
 def isDBMSVersionAtLeast(version):
     """
     Checks if the recognized DBMS version

lib/core/settings.py

@@ -52,7 +52,7 @@ DUMP_STOP_MARKER    = "__STOP__"
 
 PAYLOAD_DELIMITER   = "\x00"
 CHAR_INFERENCE_MARK = "%c"
-READABLE_CHAR_REGEX = r'[\ -~]'
+NON_CONTROL_CHAR_REGEX = r'[^\x00-\x1f]'
 
 # coefficient used for a time-based query delay checking (must be >= 7)
 TIME_STDEV_COEFF    = 10

lib/techniques/blind/inference.py

@@ -14,6 +14,7 @@ import traceback
 from lib.core.agent import agent
 from lib.core.common import dataToSessionFile
 from lib.core.common import dataToStdout
+from lib.core.common import filterControlChars
 from lib.core.common import getCharset
 from lib.core.common import goGoodSamaritan
 from lib.core.common import getPartRun
@@ -324,7 +325,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                             output += status if count != length else " "*len(status)
 
                             iolock.acquire()
-                            dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), replaceNewlineTabs(output, stdout=True)))
+                            dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), filterControlChars(output)))
                             iolock.release()
 
                 if not kb.threadContinue:
@@ -394,10 +395,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
 
             if partialValue:
                 finalValue = partialValue
-                infoMsg = "\r[%s] [INFO] partially retrieved: %s" % (time.strftime("%X"), finalValue)
+                infoMsg = "\r[%s] [INFO] partially retrieved: %s" % (time.strftime("%X"), filterControlChars(finalValue))
         else:
             finalValue = "".join(value)
-            infoMsg = "\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), finalValue)
+            infoMsg = "\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), filterControlChars(finalValue))
 
         if isinstance(finalValue, basestring) and len(finalValue) > 0:
             dataToSessionFile(replaceNewlineTabs(finalValue))
@@ -499,7 +500,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
         dataToStdout("\n")
 
     if ( conf.verbose in ( 1, 2 ) and showEta ) or conf.verbose >= 3:
-        infoMsg = "retrieved: %s" % finalValue
+        infoMsg = "retrieved: %s" % filterControlChars(finalValue)
         logger.info(infoMsg)
 
     if not partialValue: