sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-18 04:20:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

update for Sybase and major bug fix for --passwords on MSSQL

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-25 22:11:38 +00:00
parent 9b56fbafbe
commit 8a9a57c709
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/dbms/sybase/enumeration.py
View File

@ -16,9 +16,3 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration): class Enumeration(GenericEnumeration):
def __init__(self): def __init__(self):
GenericEnumeration.__init__(self, "Sybase") GenericEnumeration.__init__(self, "Sybase")
def getPasswordHashes(self):
warnMsg = "on Sybase it is not possible to enumerate the user password hashes"
logger.warn(warnMsg)
return {}

14
plugins/generic/enumeration.py
View File

@ -167,7 +167,7 @@ class Enumeration:
for index in indexRange: for index in indexRange:
if kb.dbms == "Sybase": if kb.dbms == "Sybase":
query = rootQuery.blind.query % (','.join(map(lambda x: "'%s'" % x, kb.data.cachedUsers)) if kb.data.cachedUsers else "'%s'" % randomStr()) query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
elif condition: elif condition:
query = rootQuery.blind.query2 % index query = rootQuery.blind.query2 % index
else: else:
@ -282,7 +282,9 @@ class Enumeration:
indexRange = getRange(count, plusOne=plusOne) indexRange = getRange(count, plusOne=plusOne)
for index in indexRange: for index in indexRange:
if kb.dbms == "Microsoft SQL Server": if kb.dbms == "Sybase":
query = rootQuery.blind.query % (user, (kb.data.cachedUsersPasswords[-1] if kb.data.cachedUsersPasswords else " "))
elif kb.dbms == "Microsoft SQL Server":
if kb.dbmsVersion[0] in ( "2005", "2008" ): if kb.dbmsVersion[0] in ( "2005", "2008" ):
query = rootQuery.blind.query2 % (user, index, user) query = rootQuery.blind.query2 % (user, index, user)
else: else:
@ -664,7 +666,9 @@ class Enumeration:
indexRange = getRange(count) indexRange = getRange(count)
for index in indexRange: for index in indexRange:
if kb.dbms == "MySQL" and not kb.data.has_information_schema: if kb.dbms == "Sybase":
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
elif kb.dbms == "MySQL" and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % index query = rootQuery.blind.query2 % index
else: else:
query = rootQuery.blind.query % index query = rootQuery.blind.query % index
@ -785,7 +789,9 @@ class Enumeration:
indexRange = getRange(count, plusOne=plusOne) indexRange = getRange(count, plusOne=plusOne)
for index in indexRange: for index in indexRange:
if kb.dbms in ("SQLite", "Firebird"): if kb.dbms == "Sybase":
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
elif kb.dbms in ("SQLite", "Firebird"):
query = rootQuery.blind.query % index query = rootQuery.blind.query % index
else: else:
query = rootQuery.blind.query % (db, index) query = rootQuery.blind.query % (db, index)

10
xml/queries.xml
View File

@ -254,7 +254,7 @@
</users> </users>
<passwords> <passwords>
<inband query="SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins" query2="SELECT name, master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins" condition="name"/> <inband query="SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins" query2="SELECT name, master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins" condition="name"/>
<blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..sysxlogins WHERE name='%s')" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/> <blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM master..sysxlogins WHERE name='%s')" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
</passwords> </passwords>
<!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges --> <!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges -->
<privileges/> <privileges/>
@ -473,21 +473,21 @@
<is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/> <is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/>
<users> <users>
<inband query="SELECT name FROM master..syslogins ORDER BY 1"/> <inband query="SELECT name FROM master..syslogins ORDER BY 1"/>
<blind query="SELECT MIN(name) FROM master..syslogins WHERE name NOT IN (%s)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/> <blind query="SELECT MIN(name) FROM master..syslogins WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
</users> </users>
<passwords> <passwords>
<inband query="SELECT name, password FROM master..syslogins" condition="name"/> <inband query="SELECT name, password FROM master..syslogins" condition="name"/>
<blind query="SELECT TOP 1 password FROM master..syslogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..syslogins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/> <blind query="SELECT MIN(password) FROM master..syslogins WHERE name='%s' AND password > '%s'" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/>
</passwords> </passwords>
<privileges/> <privileges/>
<roles/> <roles/>
<dbs> <dbs>
<inband query="SELECT name FROM master..sysdatabases ORDER BY 1"/> <inband query="SELECT name FROM master..sysdatabases ORDER BY 1"/>
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/> <blind query="SELECT MIN(name) FROM master..sysdatabases WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
</dbs> </dbs>
<tables> <tables>
<inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') ORDER BY 1"/> <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') ORDER BY 1"/>
<blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE type IN ('U') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE type IN ('U'))" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/> <blind query="SELECT MIN(name) FROM %s..sysobjects WHERE type IN ('U') AND name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/>
</tables> </tables>
<columns> <columns>
<inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/> <inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>