more code updates regarding good samaritan (common output) feature

2025-01-24 08:14:24 +03:00 · 2010-05-26 09:48:20 +00:00 · 2010-05-26 09:48:20 +00:00 · 7f0db26e99
commit 7f0db26e99
parent 8ed76b3024
3 changed files with 27 additions and 10 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import codecs
 import cProfile
+import inspect
 import os
 import random
 import re
@ -1270,10 +1271,23 @@ def getGoodSamaritanParameters(part, prevValue, originalCharset):
    else:
        return None, None, originalCharset

-def getCompiledRegex(regex):
+def getCompiledRegex(regex, args=()):
    if regex in __compiledRegularExpressions:
        return __compiledRegularExpressions[regex]
    else:
-        retVal = re.compile(regex)
+        retVal = re.compile(regex, *args)
        __compiledRegularExpressions[regex] = retVal
        return retVal
+
+#dumper.dbTableValues(conf.dbmsHandler.dumpTable()) -> dumpTable
+def getPartRun():
+    commonPartsDict = { "dumpTable":"Tables", "getColumns":"Columns", "getUsers":"Users", "getBanner":"Banners" }
+    retVal = None
+    stack = [item[4][0] if isinstance(item[4], list) else '' for item in inspect.stack()]
+    reobj = getCompiledRegex('conf\.dbmsHandler\.([^(]+)\(\)')
+    for i in xrange(len(stack) - 1, 0, -1):
+        match = reobj.search(stack[i])
+        if match:
+            retVal = match.groups()[0]
+            break
+    return commonPartsDict[retVal] if retVal in commonPartsDict else retVal
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -31,6 +31,7 @@ from lib.core.common import dataToSessionFile
 from lib.core.common import dataToStdout
 from lib.core.common import getCharset
 from lib.core.common import getGoodSamaritanParameters
+from lib.core.common import getPartRun
 from lib.core.common import replaceNewlineTabs
 from lib.core.common import safeStringFormat
 from lib.core.convert import urlencode
@ -56,6 +57,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

    asciiTbl = getCharset(charsetType)

+    kb.partRun = getPartRun() if conf.useCommonPrediction else None
+
    if "LENGTH(" in expression or "LEN(" in expression:
        firstChar = 0
    elif conf.firstChar is not None and ( isinstance(conf.firstChar, int) or ( isinstance(conf.firstChar, basestring) and conf.firstChar.isdigit() ) ):
@ -376,13 +379,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                if singleValue is None:
                    val = getChar(index, predictedCharset, False) if predictedCharset else None
                else:
-                    #forgedPayload = safeStringFormat('AND (%s) = \'%s\'', (expressionUnescaped, singleValue))
-                    #result = Request.queryPage(urlencode(forgedPayload))
-                    #if result:
-                    #    finalValue = singleValue
-                    #    break
-                    pass
-
+                    query = agent.prefixQuery(" %s" % safeStringFormat('AND (%s) = \'%s\'', (expressionUnescaped, singleValue)))
+                    query = agent.postfixQuery(query)
+                    payload = agent.payload(newValue=query)
+                    result = Request.queryPage(urlencode(payload))
+                    if result:
+                        finalValue = singleValue
+                        break
                if not val:
                    val = getChar(index, otherCharset)
            else:
--- a/txt/common-outputs.txt
+++ b/txt/common-outputs.txt
@ -2,4 +2,4 @@
 users

 [Users]
-luther
+'root'@'127.0.0.1'