From 9a4ae7d9e2ea8756ffd71220f3b21b6c2a250bfc Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sat, 30 Apr 2011 14:54:29 +0000 Subject: [PATCH] More code refactoring of Backend class methods used --- lib/core/agent.py | 16 +-- lib/core/common.py | 8 +- lib/core/dump.py | 4 +- lib/parse/banner.py | 10 +- lib/request/direct.py | 2 +- lib/request/inject.py | 4 +- lib/takeover/abstraction.py | 8 +- lib/takeover/metasploit.py | 10 +- lib/takeover/udf.py | 8 +- lib/techniques/error/use.py | 6 +- lib/techniques/inband/union/use.py | 4 +- lib/utils/hash.py | 4 +- plugins/generic/enumeration.py | 174 ++++++++++++++--------------- plugins/generic/filesystem.py | 6 +- plugins/generic/misc.py | 10 +- plugins/generic/takeover.py | 18 +-- 16 files changed, 146 insertions(+), 146 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index ce0c8027e..48ab6d945 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -282,14 +282,14 @@ class Agent: # SQLite version 2 does not support neither CAST() nor IFNULL(), # introduced only in SQLite version 3 - if Backend.getIdentifiedDbms() == DBMS.SQLITE: + if Backend.isDbms(DBMS.SQLITE): return field if field.startswith("(CASE"): nulledCastedField = field else: nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field - if Backend.getIdentifiedDbms() == DBMS.ACCESS: + if Backend.isDbms(DBMS.ACCESS): nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField) else: nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField @@ -401,7 +401,7 @@ class Agent: def simpleConcatQuery(self, query1, query2): concatenatedQuery = "" - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2) elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE): @@ -447,7 +447,7 @@ class Agent: else: return query - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): if fieldsExists: concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1) concatenatedQuery += ",'%s')" % kb.misc.stop @@ -540,7 +540,7 @@ class Agent: if query.startswith("TOP"): # TOP enumeration on DBMS.MSSQL is too specific and it has to go into it's own brackets # because those NULLs cause problems with ORDER BY clause - if Backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.isDbms(DBMS.MSSQL): inbandQuery += ",".join(map(lambda x: char if x != position else '(SELECT %s)' % query, range(0, count))) inbandQuery = self.suffixQuery(inbandQuery, comment, suffix) return inbandQuery @@ -633,11 +633,11 @@ class Agent: limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1) limitedQuery += " %s" % limitStr - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1) limitedQuery += " %s" % limitStr - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery: orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):] limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")] @@ -650,7 +650,7 @@ class Agent: limitedQuery = limitedQuery % fromFrom limitedQuery += "=%d" % (num + 1) - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): forgeNotIn = True if " ORDER BY " in limitedQuery: diff --git a/lib/core/common.py b/lib/core/common.py index f1eb3cc01..dc563e0c1 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -869,7 +869,7 @@ def parsePasswordHash(password): if not password or password == " ": password = "NULL" - if Backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password): + if Backend.isDbms(DBMS.MSSQL) and password != "NULL" and isHexEncodedString(password): hexPassword = password password = "%s\n" % hexPassword password += "%sheader: %s\n" % (blank, hexPassword[:6]) @@ -1194,11 +1194,11 @@ def getDelayQuery(andCond=False): banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None - if banVer is None or (Backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (Backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"): + if banVer is None or (Backend.isDbms(DBMS.MYSQL) and banVer >= "5.0.12") or (Backend.isDbms(DBMS.PGSQL) and banVer >= "8.2"): query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec else: query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): query = queries[Backend.getIdentifiedDbms()].timedelay.query else: query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec @@ -1206,7 +1206,7 @@ def getDelayQuery(andCond=False): if andCond: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ): query = query.replace("SELECT ", "") - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): query = "(%s)>0" % query return query diff --git a/lib/core/dump.py b/lib/core/dump.py index 4dc659811..cc5750468 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -104,9 +104,9 @@ class Dump: self.string("current user", data) def currentDb(self,data): - if Backend.getIdentifiedDbms() == DBMS.MAXDB: + if Backend.isDbms(DBMS.MAXDB): self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data) - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data) else: self.string("current database", data) diff --git a/lib/parse/banner.py b/lib/parse/banner.py index 3d3b5e55c..cfd083831 100644 --- a/lib/parse/banner.py +++ b/lib/parse/banner.py @@ -97,13 +97,13 @@ def bannerParser(banner): xmlfile = None - if Backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.isDbms(DBMS.MSSQL): xmlfile = paths.MSSQL_XML - elif Backend.getIdentifiedDbms() == DBMS.MYSQL: + elif Backend.isDbms(DBMS.MYSQL): xmlfile = paths.MYSQL_XML - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): xmlfile = paths.ORACLE_XML - elif Backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.isDbms(DBMS.PGSQL): xmlfile = paths.PGSQL_XML if not xmlfile: @@ -111,7 +111,7 @@ def bannerParser(banner): checkFile(xmlfile) - if Backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.isDbms(DBMS.MSSQL): handler = MSSQLBannerHandler(banner, kb.bannerFp) parseXmlFile(xmlfile, handler) diff --git a/lib/request/direct.py b/lib/request/direct.py index 16c21b99d..d808ef69d 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -27,7 +27,7 @@ def direct(query, content=True): select = True query = agent.payloadDirect(query) - if Backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query: + if Backend.isDbms(DBMS.ORACLE) and query.startswith("SELECT ") and " FROM " not in query: query = "%s FROM DUAL" % query for sqlTitle, sqlStatements in SQL_STATEMENTS.items(): diff --git a/lib/request/inject.py b/lib/request/inject.py index 8eae69d33..1e458e59c 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -141,7 +141,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression) rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I) - if rdbRegExp and Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + if rdbRegExp and Backend.isDbms(DBMS.FIREBIRD): expressionFieldsList = [expressionFields] if len(expressionFieldsList) > 1: @@ -189,7 +189,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r stopLimit = int(topLimit.group(1)) limitCond = int(stopLimit) > 1 - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): limitCond = False else: limitCond = True diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index d6992ca61..7dfe0f072 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -45,7 +45,7 @@ class Abstraction(Web, UDF, xp_cmdshell): elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): self.udfExecCmd(cmd, silent=silent) - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): self.xpCmdshellExecCmd(cmd, silent=silent) else: @@ -59,7 +59,7 @@ class Abstraction(Web, UDF, xp_cmdshell): elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): return self.udfEvalCmd(cmd, first, last) - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): return self.xpCmdshellEvalCmd(cmd, first, last) else: @@ -100,7 +100,7 @@ class Abstraction(Web, UDF, xp_cmdshell): infoMsg += "command execution" logger.info(infoMsg) - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): infoMsg = "going to use xp_cmdshell extended procedure for " infoMsg += "operating system command execution" logger.info(infoMsg) @@ -154,7 +154,7 @@ class Abstraction(Web, UDF, xp_cmdshell): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): self.udfInjectSys() - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): if mandatory: self.xpCmdshellInit() else: diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 51520d817..44c7ade8c 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -189,13 +189,13 @@ class Metasploit: if __payloadStr == "windows/vncinject": choose = False - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): debugMsg = "by default MySQL on Windows runs as SYSTEM " debugMsg += "user, it is likely that the the VNC " debugMsg += "injection will be successful" logger.debug(debugMsg) - elif Backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.isDbms(DBMS.PGSQL): choose = True warnMsg = "by default PostgreSQL on Windows runs as " @@ -203,7 +203,7 @@ class Metasploit: warnMsg += "injection will be successful" logger.warn(warnMsg) - elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): + elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): choose = True warnMsg = "it is unlikely that the VNC injection will be " @@ -232,12 +232,12 @@ class Metasploit: break elif choice == "1": - if Backend.getIdentifiedDbms() == DBMS.PGSQL: + if Backend.isDbms(DBMS.PGSQL): logger.warn("beware that the VNC injection might not work") break - elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): + elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): break elif not choice.isdigit(): diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 41d0347b3..945ce7a5a 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -144,9 +144,9 @@ class UDF: if udf in self.udfToCreate and udf not in self.createdUdf: self.udfCreateFromSharedLib(udf, inpRet) - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): supportTblType = "longtext" - elif Backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.isDbms(DBMS.PGSQL): supportTblType = "text" self.udfCreateSupportTbl(supportTblType) @@ -237,9 +237,9 @@ class UDF: else: logger.warn("you need to specify the name of the UDF") - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): defaultType = "string" - elif Backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.isDbms(DBMS.PGSQL): defaultType = "text" self.udfs[udfName]["input"] = [] diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 9fd84e1df..45e0d97d6 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -57,7 +57,7 @@ def __oneShotErrorUse(expression, field): nulledCastedField = agent.nullAndCastField(field) - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): nulledCastedField = queries[DBMS.MYSQL].substring.query % (nulledCastedField, offset, MYSQL_ERROR_CHUNK_LENGTH) # Forge the error-based SQL injection request @@ -101,7 +101,7 @@ def __oneShotErrorUse(expression, field): if isinstance(output, basestring): output = htmlunescape(output).replace("
", "\n") - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): if offset == 1: retVal = output else: @@ -243,7 +243,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): stopLimit = int(topLimit.group(1)) limitCond = int(stopLimit) > 1 - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): limitCond = False else: limitCond = True diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index 75d74da91..6b039532c 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -184,7 +184,7 @@ def unionUse(expression, unpack=True, dump=False): stopLimit = int(topLimit.group(1)) limitCond = int(stopLimit) > 1 - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): limitCond = False else: limitCond = True @@ -256,7 +256,7 @@ def unionUse(expression, unpack=True, dump=False): for num in xrange(startLimit, stopLimit): if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): field = expressionFieldsList[0] - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): field = expressionFieldsList else: field = None diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 33b7d0d4c..f7a8ab40a 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -299,9 +299,9 @@ def hashRecognition(value): if isinstance(value, basestring): for name, regex in getPublicTypeMembers(HASH): # Hashes for Oracle and old MySQL look the same hence these checks - if Backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD: + if Backend.isDbms(DBMS.ORACLE) and regex == HASH.MYSQL_OLD: continue - elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD: + elif Backend.isDbms(DBMS.MYSQL) and regex == HASH.ORACLE_OLD: continue elif regex == HASH.CRYPT_GENERIC: if any([getCompiledRegex(GENERAL_IP_ADDRESS_REGEX).match(value), value.lower() == value, value.upper() == value, value.isdigit()]): diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 9ea98b552..1a243ef7f 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -142,7 +142,7 @@ class Enumeration: infoMsg = "testing if current user is DBA" logger.info(infoMsg) - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): self.getCurrentUser() query = queries[Backend.getIdentifiedDbms()].is_dba.query % (kb.data.currentUser.split("@")[0] if kb.data.currentUser else None) elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and user is not None: @@ -164,8 +164,8 @@ class Enumeration: rootQuery = queries[Backend.getIdentifiedDbms()].users - condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) ) - condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema ) + condition = ( Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")) ) + condition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema ) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if condition: @@ -191,7 +191,7 @@ class Enumeration: errMsg = "unable to retrieve the number of database users" raise sqlmapNoneDataException, errMsg - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): plusOne = True else: plusOne = False @@ -242,7 +242,7 @@ class Enumeration: users = [] if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): + if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): query = rootQuery.inband.query2 else: query = rootQuery.inband.query @@ -253,7 +253,7 @@ class Enumeration: query += " WHERE " query += " OR ".join("%s = '%s'" % (condition, user) for user in users) - if Backend.getIdentifiedDbms() == DBMS.SYBASE: + if Backend.isDbms(DBMS.SYBASE): randStr = randomStr() getCurrentThreadData().disableStdOut = True @@ -294,7 +294,7 @@ class Enumeration: if parsedUser: users[users.index(user)] = parsedUser.groups()[0] - if Backend.getIdentifiedDbms() == DBMS.SYBASE: + if Backend.isDbms(DBMS.SYBASE): getCurrentThreadData().disableStdOut = True randStr = randomStr() @@ -323,7 +323,7 @@ class Enumeration: infoMsg += "for user '%s'" % user logger.info(infoMsg) - if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): + if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): query = rootQuery.blind.count2 % user else: query = rootQuery.blind.count % user @@ -340,14 +340,14 @@ class Enumeration: passwords = [] - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): plusOne = True else: plusOne = False indexRange = getRange(count, plusOne=plusOne) for index in indexRange: - if Backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.isDbms(DBMS.MSSQL): if Backend.isVersionWithin(("2005", "2008")): query = rootQuery.blind.query2 % (user, index, user) else: @@ -387,24 +387,24 @@ class Enumeration: def __isAdminFromPrivileges(self, privileges): # In PostgreSQL the usesuper privilege means that the # user is DBA - dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges ) + dbaCondition = ( Backend.isDbms(DBMS.PGSQL) and "super" in privileges ) # In Oracle the DBA privilege means that the # user is DBA - dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges ) + dbaCondition |= ( Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges ) # In MySQL >= 5.0 the SUPER privilege means # that the user is DBA - dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges ) + dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges ) # In MySQL < 5.0 the super_priv privilege means # that the user is DBA - dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges ) + dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges ) # In Firebird there is no specific privilege that means # that the user is DBA # TODO: confirm - dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges ) + dbaCondition |= ( Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges ) return dbaCondition @@ -438,10 +438,10 @@ class Enumeration: areAdmins = set() if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.inband.query2 condition = rootQuery.inband.condition2 - elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: + elif Backend.isDbms(DBMS.ORACLE) and query2: query = rootQuery.inband.query2 condition = rootQuery.inband.condition2 else: @@ -451,14 +451,14 @@ class Enumeration: if conf.user: query += " WHERE " - if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema: query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in users) else: query += " OR ".join("%s = '%s'" % (condition, user) for user in users) values = inject.getValue(query, blind=False) - if not values and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2: + if not values and Backend.isDbms(DBMS.ORACLE) and not query2: infoMsg = "trying with table USER_SYS_PRIVS" logger.info(infoMsg) @@ -480,18 +480,18 @@ class Enumeration: # In PostgreSQL we get 1 if the privilege is # True, 0 otherwise - if Backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit(): + if Backend.isDbms(DBMS.PGSQL) and getUnicode(privilege).isdigit(): if int(privilege) == 1: privileges.add(pgsqlPrivs[count]) # In MySQL >= 5.0 and Oracle we get the list # of privileges as string - elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ): + elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ): privileges.add(privilege) # In MySQL < 5.0 we get Y if the privilege is # True, N otherwise - elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: if privilege.upper() == "Y": privileges.add(mysqlPrivs[count]) @@ -504,7 +504,7 @@ class Enumeration: kb.data.cachedUsersPrivileges[user] = list(privileges) if not kb.data.cachedUsersPrivileges and not conf.direct: - if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema: conditionChar = " LIKE " else: conditionChar = "=" @@ -525,25 +525,25 @@ class Enumeration: if user in retrievedUsers: continue - if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema: user = "%%%s%%" % user infoMsg = "fetching number of privileges " infoMsg += "for user '%s'" % user logger.info(infoMsg) - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.blind.count2 % user - elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema: query = rootQuery.blind.count % (conditionChar, user) - elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: + elif Backend.isDbms(DBMS.ORACLE) and query2: query = rootQuery.blind.count2 % user else: query = rootQuery.blind.count % user count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) if not isNumPosStrValue(count): - if not (isinstance(count, basestring) and count.isdigit()) and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2: + if not (isinstance(count, basestring) and count.isdigit()) and Backend.isDbms(DBMS.ORACLE) and not query2: infoMsg = "trying with table USER_SYS_PRIVS" logger.info(infoMsg) @@ -559,20 +559,20 @@ class Enumeration: privileges = set() - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): plusOne = True else: plusOne = False indexRange = getRange(count, plusOne=plusOne) for index in indexRange: - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.blind.query2 % (user, index) - elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: + elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema: query = rootQuery.blind.query % (conditionChar, user, index) - elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: + elif Backend.isDbms(DBMS.ORACLE) and query2: query = rootQuery.blind.query2 % (user, index) - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.query % (index, user) else: query = rootQuery.blind.query % (user, index) @@ -580,7 +580,7 @@ class Enumeration: # In PostgreSQL we get 1 if the privilege is True, # 0 otherwise - if Backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege: + if Backend.isDbms(DBMS.PGSQL) and ", " in privilege: privilege = privilege.replace(", ", ",") privs = privilege.split(",") i = 1 @@ -595,12 +595,12 @@ class Enumeration: # In MySQL >= 5.0 and Oracle we get the list # of privileges as string - elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ): + elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ): privileges.add(privilege) # In MySQL < 5.0 we get Y if the privilege is # True, N otherwise - elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: privilege = privilege.replace(", ", ",") privs = privilege.split(",") i = 1 @@ -614,7 +614,7 @@ class Enumeration: i += 1 # In Firebird we get one letter for each privilege - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): privileges.add(firebirdPrivs[privilege.strip()]) if self.__isAdminFromPrivileges(privileges): @@ -623,7 +623,7 @@ class Enumeration: # In MySQL < 5.0 we break the cycle after the first # time we get the user's privileges otherwise we # duplicate the same query - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: break if privileges: @@ -650,13 +650,13 @@ class Enumeration: return self.getPrivileges(query2) def getDbs(self): - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: warnMsg = "information_schema not available, " warnMsg += "back-end DBMS is MySQL < 5. database " warnMsg += "names will be fetched from 'mysql' database" logger.warn(warnMsg) - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): warnMsg = "schema names are going to be used on Oracle " warnMsg += "for enumeration as the counterpart to database " warnMsg += "names on other DBMSes" @@ -671,7 +671,7 @@ class Enumeration: rootQuery = queries[Backend.getIdentifiedDbms()].dbs if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.inband.query2 else: query = rootQuery.inband.query @@ -684,7 +684,7 @@ class Enumeration: infoMsg = "fetching number of databases" logger.info(infoMsg) - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.blind.count2 else: query = rootQuery.blind.count @@ -694,16 +694,16 @@ class Enumeration: errMsg = "unable to retrieve the number of databases" logger.error(errMsg) else: - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): plusOne = True else: plusOne = False indexRange = getRange(count, plusOne=plusOne) for index in indexRange: - if Backend.getIdentifiedDbms() == DBMS.SYBASE: + if Backend.isDbms(DBMS.SYBASE): query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ") - elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.blind.query2 % index else: query = rootQuery.blind.query % index @@ -729,13 +729,13 @@ class Enumeration: self.forceDbmsEnum() if bruteForce is None: - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" logger.error(errMsg) bruteForce = True - elif Backend.getIdentifiedDbms() == DBMS.ACCESS: + elif Backend.isDbms(DBMS.ACCESS): try: tables = self.getTables(False) except sqlmapNoneDataException: @@ -815,13 +815,13 @@ class Enumeration: infoMsg = "skipping system databases: %s" % ", ".join(db for db in self.excludeDbsList) logger.info(infoMsg) - if Backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.isDbms(DBMS.MSSQL): query = safeStringFormat(query, conf.db) value = inject.getValue(query, blind=False) value = filter(lambda x: x, value) if value: - if Backend.getIdentifiedDbms() == DBMS.SQLITE: + if Backend.isDbms(DBMS.SQLITE): if isinstance(value, basestring): value = [[ DBMS.SQLITE, value ]] elif isinstance(value, (list, tuple, set)): @@ -874,7 +874,7 @@ class Enumeration: indexRange = getRange(count, plusOne=plusOne) for index in indexRange: - if Backend.getIdentifiedDbms() == DBMS.SYBASE: + if Backend.isDbms(DBMS.SYBASE): query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS): query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") @@ -934,13 +934,13 @@ class Enumeration: return self.getSchema() - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" logger.error(errMsg) bruteForce = True - elif Backend.getIdentifiedDbms() == DBMS.ACCESS: + elif Backend.isDbms(DBMS.ACCESS): errMsg = "cannot retrieve column names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) @@ -986,7 +986,7 @@ class Enumeration: infoMsg = "fetching columns " if conf.col: - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): conf.col = conf.col.upper() colList = conf.col.split(",") condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")" @@ -1002,21 +1002,21 @@ class Enumeration: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query += condQuery - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(conf.tbl)) query += condQuery.replace("[DB]", conf.db) - elif Backend.getIdentifiedDbms() == DBMS.SQLITE: + elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.inband.query % conf.tbl value = inject.getValue(query, blind=False) - if Backend.getIdentifiedDbms() == DBMS.SQLITE: + if Backend.isDbms(DBMS.SQLITE): parseSqliteTableSchema(value) elif value: table = {} @@ -1047,7 +1047,7 @@ class Enumeration: query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query += condQuery @@ -1056,11 +1056,11 @@ class Enumeration: unsafeSQLIdentificatorNaming(conf.tbl)) query += condQuery.replace("[DB]", conf.db) - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.count % (conf.tbl) query += condQuery - elif Backend.getIdentifiedDbms() == DBMS.SQLITE: + elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.blind.query % conf.tbl value = inject.getValue(query, inband=False, error=False) parseSqliteTableSchema(value) @@ -1084,7 +1084,7 @@ class Enumeration: query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery field = None - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query += condQuery field = None @@ -1095,7 +1095,7 @@ class Enumeration: unsafeSQLIdentificatorNaming(conf.tbl)) query += condQuery.replace("[DB]", conf.db) field = condition.replace("[DB]", conf.db) - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.query % (conf.tbl) query += condQuery field = None @@ -1106,18 +1106,18 @@ class Enumeration: if not onlyColNames: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl), column, unsafeSQLIdentificatorNaming(conf.db)) - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl.upper()), column) - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(conf.tbl)) - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.query2 % (conf.tbl, column) colType = inject.getValue(query, inband=False, error=False) - if Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + if Backend.isDbms(DBMS.FIREBIRD): colType = firebirdTypes[colType] if colType in firebirdTypes else colType column = safeSQLIdentificatorNaming(column) @@ -1402,7 +1402,7 @@ class Enumeration: entries = [] query = None - if all([Backend.getIdentifiedDbms() == DBMS.MYSQL, isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR), conf.groupConcat]): + if all([Backend.isDbms(DBMS.MYSQL), isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR), conf.groupConcat]): randStr, randStr2 = randomStr(), randomStr() filterFunction = "REPLACE(REPLACE(IFNULL(%s, ' '),'%s','%s'),'%s','%s')"\ % ('%s', CONCAT_VALUE_DELIMITER, randStr, CONCAT_ROW_DELIMITER, randStr2) @@ -1416,9 +1416,9 @@ class Enumeration: row = map(lambda x: x.replace(randStr, CONCAT_VALUE_DELIMITER).replace(randStr2, CONCAT_ROW_DELIMITER), row) entries.append(row) - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): query = rootQuery.inband.query % (colString, conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper()))) - elif Backend.getIdentifiedDbms() == DBMS.SQLITE: + elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.inband.query % (colString, conf.tbl) elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL): # Partial inband and error @@ -1477,13 +1477,13 @@ class Enumeration: infoMsg += "on database '%s'" % conf.db logger.info(infoMsg) - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): query = rootQuery.blind.count % (conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper()))) elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD): query = rootQuery.blind.count % conf.tbl elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL): query = rootQuery.blind.count % ("%s.%s" % (conf.db, conf.tbl)) - elif Backend.getIdentifiedDbms() == DBMS.MAXDB: + elif Backend.isDbms(DBMS.MAXDB): query = rootQuery.blind.count % ("%s" % conf.tbl) else: query = rootQuery.blind.count % (conf.db, conf.tbl) @@ -1505,11 +1505,11 @@ class Enumeration: try: if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE, DBMS.MAXDB, DBMS.MSSQL): - if Backend.getIdentifiedDbms() == DBMS.ACCESS: + if Backend.isDbms(DBMS.ACCESS): table = conf.tbl elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL): table = "%s.%s" % (conf.db, conf.tbl) - elif Backend.getIdentifiedDbms() == DBMS.MAXDB: + elif Backend.isDbms(DBMS.MAXDB): table = "%s.%s" % (conf.db, conf.tbl) retVal = self.__pivotDumpTable(table, colList, count, blind=True) @@ -1517,7 +1517,7 @@ class Enumeration: entries, lengths = retVal else: - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): plusOne = True else: plusOne = False @@ -1534,14 +1534,14 @@ class Enumeration: if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): query = rootQuery.blind.query % (column, conf.db, conf.tbl, index) - elif Backend.getIdentifiedDbms() == DBMS.ORACLE: + elif Backend.isDbms(DBMS.ORACLE): query = rootQuery.blind.query % (column, column, conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())), index) - elif Backend.getIdentifiedDbms() == DBMS.SQLITE: + elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.blind.query % (column, conf.tbl, index) - elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: + elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.query % (index, column, conf.tbl) value = inject.getValue(query, inband=False, error=False, dump=True) @@ -1585,7 +1585,7 @@ class Enumeration: return kb.data.dumpedTable def dumpAll(self): - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" raise sqlmapUnsupportedFeatureException, errMsg @@ -1700,7 +1700,7 @@ class Enumeration: rootQuery = queries[Backend.getIdentifiedDbms()].search_db dbList = conf.db.split(",") - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: dbCond = rootQuery.inband.condition2 else: dbCond = rootQuery.inband.condition @@ -1727,7 +1727,7 @@ class Enumeration: dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.inband.query2 else: query = rootQuery.inband.query @@ -1749,7 +1749,7 @@ class Enumeration: infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db) logger.info(infoMsg) - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.blind.count2 else: query = rootQuery.blind.count @@ -1769,7 +1769,7 @@ class Enumeration: indexRange = getRange(count) for index in indexRange: - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: query = rootQuery.blind.query2 else: query = rootQuery.blind.query @@ -1786,12 +1786,12 @@ class Enumeration: def searchTable(self): bruteForce = False - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" bruteForce = True - elif Backend.getIdentifiedDbms() == DBMS.ACCESS: + elif Backend.isDbms(DBMS.ACCESS): errMsg = "cannot retrieve table names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) @@ -1820,7 +1820,7 @@ class Enumeration: for tbl in tblList: tbl = safeSQLIdentificatorNaming(tbl, True) - if Backend.getIdentifiedDbms() == DBMS.ORACLE: + if Backend.isDbms(DBMS.ORACLE): tbl = tbl.upper() infoMsg = "searching table" @@ -1941,12 +1941,12 @@ class Enumeration: def searchColumn(self): bruteForce = False - if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: + if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: errMsg = "information_schema not available, " errMsg += "back-end DBMS is MySQL < 5.0" bruteForce = True - elif Backend.getIdentifiedDbms() == DBMS.ACCESS: + elif Backend.isDbms(DBMS.ACCESS): errMsg = "cannot retrieve column names, " errMsg += "back-end DBMS is Access" logger.error(errMsg) diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 198b6afa3..a8f3d5ff4 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -93,13 +93,13 @@ class Filesystem: return fileLines def __checkWrittenFile(self, wFile, dFile, fileType): - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile - elif Backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.isDbms(DBMS.PGSQL): lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): self.createSupportTbl(self.fileTblName, self.tblField, "text") # Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index 30c596f34..c8c6edc64 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -58,13 +58,13 @@ class Miscellaneous: infoMsg = "detecting back-end DBMS version from its banner" logger.info(infoMsg) - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): first, last = 1, 6 - elif Backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.isDbms(DBMS.PGSQL): first, last = 12, 6 - elif Backend.getIdentifiedDbms() == DBMS.MSSQL: + elif Backend.isDbms(DBMS.MSSQL): first, last = 29, 9 else: @@ -122,7 +122,7 @@ class Miscellaneous: if not onlyFileTbl: inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True) - if Backend.getIdentifiedDbms() == DBMS.MSSQL: + if Backend.isDbms(DBMS.MSSQL): return if udfDict is None: @@ -135,7 +135,7 @@ class Miscellaneous: if not output or output in ("y", "Y"): dropStr = "DROP FUNCTION %s" % udf - if Backend.getIdentifiedDbms() == DBMS.PGSQL: + if Backend.isDbms(DBMS.PGSQL): inp = ", ".join(i for i in inpRet["input"]) dropStr += "(%s)" % inp diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 7bbe33cbf..80326d64d 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -46,7 +46,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): def osCmd(self): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: web = False - elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL): infoMsg = "going to use a web backdoor for command execution" logger.info(infoMsg) @@ -67,7 +67,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): def osShell(self): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: web = False - elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL): infoMsg = "going to use a web backdoor for command prompt" logger.info(infoMsg) @@ -201,7 +201,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.uploadShellcodeexec() if Backend.isOs(OS.WINDOWS) and conf.privEsc: - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): debugMsg = "by default MySQL on Windows runs as SYSTEM " debugMsg += "user, no need to privilege escalate" logger.debug(debugMsg) @@ -219,7 +219,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): self.uploadIcmpshSlave(web=web) self.icmpPwn() - elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: + elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL): web = True infoMsg = "going to use a web backdoor to establish the tunnel" @@ -274,7 +274,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): errMsg += "queries are supported" raise sqlmapUnsupportedDBMSException(errMsg) - elif Backend.getIdentifiedDbms() == DBMS.MYSQL: + elif Backend.isDbms(DBMS.MYSQL): debugMsg = "since stacked queries are not supported, " debugMsg += "sqlmap is going to perform the SMB relay " debugMsg += "attack via inference blind SQL injection" @@ -283,18 +283,18 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): printWarn = True warnMsg = "it is unlikely that this attack will be successful " - if Backend.getIdentifiedDbms() == DBMS.MYSQL: + if Backend.isDbms(DBMS.MYSQL): warnMsg += "because by default MySQL on Windows runs as " warnMsg += "Local System which is not a real user, it does " warnMsg += "not send the NTLM session hash when connecting to " warnMsg += "a SMB service" - elif Backend.getIdentifiedDbms() == DBMS.PGSQL: + elif Backend.isDbms(DBMS.PGSQL): warnMsg += "because by default PostgreSQL on Windows runs " warnMsg += "as postgres user which is a real user of the " warnMsg += "system, but not within the Administrators group" - elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): + elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion() warnMsg += "runs as Network Service which is not a real user, " warnMsg += "it does not send the NTLM session hash when " @@ -312,7 +312,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: return - if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")): + if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin(("2000", "2005")): errMsg = "the back-end DBMS must be Microsoft SQL Server " errMsg += "2000 or 2005 to be able to exploit the heap-based " errMsg += "buffer overflow in the 'sp_replwritetovarbin' "