sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

More code refactoring of Backend class methods used

Browse Source
This commit is contained in:
Bernardo Damele 2011-04-30 14:54:29 +00:00
parent 2f2758b033
commit 9a4ae7d9e2
16 changed files with 146 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/core/agent.py
View File

@ -282,14 +282,14 @@ class Agent:
# SQLite version 2 does not support neither CAST() nor IFNULL(), # SQLite version 2 does not support neither CAST() nor IFNULL(),
# introduced only in SQLite version 3 # introduced only in SQLite version 3
if Backend.getIdentifiedDbms() == DBMS.SQLITE: if Backend.isDbms(DBMS.SQLITE):
return field return field
if field.startswith("(CASE"): if field.startswith("(CASE"):
nulledCastedField = field nulledCastedField = field
else: else:
nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
if Backend.getIdentifiedDbms() == DBMS.ACCESS: if Backend.isDbms(DBMS.ACCESS):
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField) nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
else: else:
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField
@ -401,7 +401,7 @@ class Agent:
def simpleConcatQuery(self, query1, query2): def simpleConcatQuery(self, query1, query2):
concatenatedQuery = "" concatenatedQuery = ""
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2) concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE): elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
@ -447,7 +447,7 @@ class Agent:
else: else:
return query return query
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
if fieldsExists: if fieldsExists:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
concatenatedQuery += ",'%s')" % kb.misc.stop concatenatedQuery += ",'%s')" % kb.misc.stop
@ -540,7 +540,7 @@ class Agent:
if query.startswith("TOP"): if query.startswith("TOP"):
# TOP enumeration on DBMS.MSSQL is too specific and it has to go into it's own brackets # TOP enumeration on DBMS.MSSQL is too specific and it has to go into it's own brackets
# because those NULLs cause problems with ORDER BY clause # because those NULLs cause problems with ORDER BY clause
if Backend.getIdentifiedDbms() == DBMS.MSSQL: if Backend.isDbms(DBMS.MSSQL):
inbandQuery += ",".join(map(lambda x: char if x != position else '(SELECT %s)' % query, range(0, count))) inbandQuery += ",".join(map(lambda x: char if x != position else '(SELECT %s)' % query, range(0, count)))
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix) inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
return inbandQuery return inbandQuery
@ -633,11 +633,11 @@ class Agent:
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1) limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
limitedQuery += " %s" % limitStr limitedQuery += " %s" % limitStr
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1) limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
limitedQuery += " %s" % limitStr limitedQuery += " %s" % limitStr
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery: if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):] orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")] limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
@ -650,7 +650,7 @@ class Agent:
limitedQuery = limitedQuery % fromFrom limitedQuery = limitedQuery % fromFrom
limitedQuery += "=%d" % (num + 1) limitedQuery += "=%d" % (num + 1)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
forgeNotIn = True forgeNotIn = True
if " ORDER BY " in limitedQuery: if " ORDER BY " in limitedQuery:

8
lib/core/common.py
View File

@ -869,7 +869,7 @@ def parsePasswordHash(password):
if not password or password == " ": if not password or password == " ":
password = "NULL" password = "NULL"
if Backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password): if Backend.isDbms(DBMS.MSSQL) and password != "NULL" and isHexEncodedString(password):
hexPassword = password hexPassword = password
password = "%s\n" % hexPassword password = "%s\n" % hexPassword
password += "%sheader: %s\n" % (blank, hexPassword[:6]) password += "%sheader: %s\n" % (blank, hexPassword[:6])
@ -1194,11 +1194,11 @@ def getDelayQuery(andCond=False):
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
if banVer is None or (Backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (Backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"): if banVer is None or (Backend.isDbms(DBMS.MYSQL) and banVer >= "5.0.12") or (Backend.isDbms(DBMS.PGSQL) and banVer >= "8.2"):
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
else: else:
query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
query = queries[Backend.getIdentifiedDbms()].timedelay.query query = queries[Backend.getIdentifiedDbms()].timedelay.query
else: else:
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
@ -1206,7 +1206,7 @@ def getDelayQuery(andCond=False):
if andCond: if andCond:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
query = query.replace("SELECT ", "") query = query.replace("SELECT ", "")
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
query = "(%s)>0" % query query = "(%s)>0" % query
return query return query

4
lib/core/dump.py
View File

@ -104,9 +104,9 @@ class Dump:
self.string("current user", data) self.string("current user", data)
def currentDb(self,data): def currentDb(self,data):
if Backend.getIdentifiedDbms() == DBMS.MAXDB: if Backend.isDbms(DBMS.MAXDB):
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data) self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data)
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data) self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data)
else: else:
self.string("current database", data) self.string("current database", data)

10
lib/parse/banner.py
View File

@ -97,13 +97,13 @@ def bannerParser(banner):
xmlfile = None xmlfile = None
if Backend.getIdentifiedDbms() == DBMS.MSSQL: if Backend.isDbms(DBMS.MSSQL):
xmlfile = paths.MSSQL_XML xmlfile = paths.MSSQL_XML
elif Backend.getIdentifiedDbms() == DBMS.MYSQL: elif Backend.isDbms(DBMS.MYSQL):
xmlfile = paths.MYSQL_XML xmlfile = paths.MYSQL_XML
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
xmlfile = paths.ORACLE_XML xmlfile = paths.ORACLE_XML
elif Backend.getIdentifiedDbms() == DBMS.PGSQL: elif Backend.isDbms(DBMS.PGSQL):
xmlfile = paths.PGSQL_XML xmlfile = paths.PGSQL_XML
if not xmlfile: if not xmlfile:
@ -111,7 +111,7 @@ def bannerParser(banner):
checkFile(xmlfile) checkFile(xmlfile)
if Backend.getIdentifiedDbms() == DBMS.MSSQL: if Backend.isDbms(DBMS.MSSQL):
handler = MSSQLBannerHandler(banner, kb.bannerFp) handler = MSSQLBannerHandler(banner, kb.bannerFp)
parseXmlFile(xmlfile, handler) parseXmlFile(xmlfile, handler)

2
lib/request/direct.py
View File

@ -27,7 +27,7 @@ def direct(query, content=True):
select = True select = True
query = agent.payloadDirect(query) query = agent.payloadDirect(query)
if Backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query: if Backend.isDbms(DBMS.ORACLE) and query.startswith("SELECT ") and " FROM " not in query:
query = "%s FROM DUAL" % query query = "%s FROM DUAL" % query
for sqlTitle, sqlStatements in SQL_STATEMENTS.items(): for sqlTitle, sqlStatements in SQL_STATEMENTS.items():

4
lib/request/inject.py
View File

@ -141,7 +141,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression) _, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I) rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
if rdbRegExp and Backend.getIdentifiedDbms() == DBMS.FIREBIRD: if rdbRegExp and Backend.isDbms(DBMS.FIREBIRD):
expressionFieldsList = [expressionFields] expressionFieldsList = [expressionFields]
if len(expressionFieldsList) > 1: if len(expressionFieldsList) > 1:
@ -189,7 +189,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
stopLimit = int(topLimit.group(1)) stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1 limitCond = int(stopLimit) > 1
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
limitCond = False limitCond = False
else: else:
limitCond = True limitCond = True

8
lib/takeover/abstraction.py
View File

@ -45,7 +45,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.udfExecCmd(cmd, silent=silent) self.udfExecCmd(cmd, silent=silent)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
self.xpCmdshellExecCmd(cmd, silent=silent) self.xpCmdshellExecCmd(cmd, silent=silent)
else: else:
@ -59,7 +59,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
return self.udfEvalCmd(cmd, first, last) return self.udfEvalCmd(cmd, first, last)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
return self.xpCmdshellEvalCmd(cmd, first, last) return self.xpCmdshellEvalCmd(cmd, first, last)
else: else:
@ -100,7 +100,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
infoMsg += "command execution" infoMsg += "command execution"
logger.info(infoMsg) logger.info(infoMsg)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
infoMsg = "going to use xp_cmdshell extended procedure for " infoMsg = "going to use xp_cmdshell extended procedure for "
infoMsg += "operating system command execution" infoMsg += "operating system command execution"
logger.info(infoMsg) logger.info(infoMsg)
@ -154,7 +154,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
self.udfInjectSys() self.udfInjectSys()
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
if mandatory: if mandatory:
self.xpCmdshellInit() self.xpCmdshellInit()
else: else:

10
lib/takeover/metasploit.py
View File

@ -189,13 +189,13 @@ class Metasploit:
if __payloadStr == "windows/vncinject": if __payloadStr == "windows/vncinject":
choose = False choose = False
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
debugMsg = "by default MySQL on Windows runs as SYSTEM " debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, it is likely that the the VNC " debugMsg += "user, it is likely that the the VNC "
debugMsg += "injection will be successful" debugMsg += "injection will be successful"
logger.debug(debugMsg) logger.debug(debugMsg)
elif Backend.getIdentifiedDbms() == DBMS.PGSQL: elif Backend.isDbms(DBMS.PGSQL):
choose = True choose = True
warnMsg = "by default PostgreSQL on Windows runs as " warnMsg = "by default PostgreSQL on Windows runs as "
@ -203,7 +203,7 @@ class Metasploit:
warnMsg += "injection will be successful" warnMsg += "injection will be successful"
logger.warn(warnMsg) logger.warn(warnMsg)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
choose = True choose = True
warnMsg = "it is unlikely that the VNC injection will be " warnMsg = "it is unlikely that the VNC injection will be "
@ -232,12 +232,12 @@ class Metasploit:
break break
elif choice == "1": elif choice == "1":
if Backend.getIdentifiedDbms() == DBMS.PGSQL: if Backend.isDbms(DBMS.PGSQL):
logger.warn("beware that the VNC injection might not work") logger.warn("beware that the VNC injection might not work")
break break
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
break break
elif not choice.isdigit(): elif not choice.isdigit():

8
lib/takeover/udf.py
View File

@ -144,9 +144,9 @@ class UDF:
if udf in self.udfToCreate and udf not in self.createdUdf: if udf in self.udfToCreate and udf not in self.createdUdf:
self.udfCreateFromSharedLib(udf, inpRet) self.udfCreateFromSharedLib(udf, inpRet)
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
supportTblType = "longtext" supportTblType = "longtext"
elif Backend.getIdentifiedDbms() == DBMS.PGSQL: elif Backend.isDbms(DBMS.PGSQL):
supportTblType = "text" supportTblType = "text"
self.udfCreateSupportTbl(supportTblType) self.udfCreateSupportTbl(supportTblType)
@ -237,9 +237,9 @@ class UDF:
else: else:
logger.warn("you need to specify the name of the UDF") logger.warn("you need to specify the name of the UDF")
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
defaultType = "string" defaultType = "string"
elif Backend.getIdentifiedDbms() == DBMS.PGSQL: elif Backend.isDbms(DBMS.PGSQL):
defaultType = "text" defaultType = "text"
self.udfs[udfName]["input"] = [] self.udfs[udfName]["input"] = []

6
lib/techniques/error/use.py
View File

@ -57,7 +57,7 @@ def __oneShotErrorUse(expression, field):
nulledCastedField = agent.nullAndCastField(field) nulledCastedField = agent.nullAndCastField(field)
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
nulledCastedField = queries[DBMS.MYSQL].substring.query % (nulledCastedField, offset, MYSQL_ERROR_CHUNK_LENGTH) nulledCastedField = queries[DBMS.MYSQL].substring.query % (nulledCastedField, offset, MYSQL_ERROR_CHUNK_LENGTH)
# Forge the error-based SQL injection request # Forge the error-based SQL injection request
@ -101,7 +101,7 @@ def __oneShotErrorUse(expression, field):
if isinstance(output, basestring): if isinstance(output, basestring):
output = htmlunescape(output).replace("<br>", "\n") output = htmlunescape(output).replace("<br>", "\n")
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
if offset == 1: if offset == 1:
retVal = output retVal = output
else: else:
@ -243,7 +243,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
stopLimit = int(topLimit.group(1)) stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1 limitCond = int(stopLimit) > 1
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
limitCond = False limitCond = False
else: else:
limitCond = True limitCond = True

4
lib/techniques/inband/union/use.py
View File

@ -184,7 +184,7 @@ def unionUse(expression, unpack=True, dump=False):
stopLimit = int(topLimit.group(1)) stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1 limitCond = int(stopLimit) > 1
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
limitCond = False limitCond = False
else: else:
limitCond = True limitCond = True
@ -256,7 +256,7 @@ def unionUse(expression, unpack=True, dump=False):
for num in xrange(startLimit, stopLimit): for num in xrange(startLimit, stopLimit):
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
field = expressionFieldsList[0] field = expressionFieldsList[0]
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
field = expressionFieldsList field = expressionFieldsList
else: else:
field = None field = None

4
lib/utils/hash.py
View File

@ -299,9 +299,9 @@ def hashRecognition(value):
if isinstance(value, basestring): if isinstance(value, basestring):
for name, regex in getPublicTypeMembers(HASH): for name, regex in getPublicTypeMembers(HASH):
# Hashes for Oracle and old MySQL look the same hence these checks # Hashes for Oracle and old MySQL look the same hence these checks
if Backend.getIdentifiedDbms() == DBMS.ORACLE and regex == HASH.MYSQL_OLD: if Backend.isDbms(DBMS.ORACLE) and regex == HASH.MYSQL_OLD:
continue continue
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD: elif Backend.isDbms(DBMS.MYSQL) and regex == HASH.ORACLE_OLD:
continue continue
elif regex == HASH.CRYPT_GENERIC: elif regex == HASH.CRYPT_GENERIC:
if any([getCompiledRegex(GENERAL_IP_ADDRESS_REGEX).match(value), value.lower() == value, value.upper() == value, value.isdigit()]): if any([getCompiledRegex(GENERAL_IP_ADDRESS_REGEX).match(value), value.lower() == value, value.upper() == value, value.isdigit()]):

174
plugins/generic/enumeration.py
View File

@ -142,7 +142,7 @@ class Enumeration:
infoMsg = "testing if current user is DBA" infoMsg = "testing if current user is DBA"
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
self.getCurrentUser() self.getCurrentUser()
query = queries[Backend.getIdentifiedDbms()].is_dba.query % (kb.data.currentUser.split("@")[0] if kb.data.currentUser else None) query = queries[Backend.getIdentifiedDbms()].is_dba.query % (kb.data.currentUser.split("@")[0] if kb.data.currentUser else None)
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and user is not None: elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and user is not None:
@ -164,8 +164,8 @@ class Enumeration:
rootQuery = queries[Backend.getIdentifiedDbms()].users rootQuery = queries[Backend.getIdentifiedDbms()].users
condition = ( Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")) ) condition = ( Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")) )
condition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema ) condition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema )
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if condition: if condition:
@ -191,7 +191,7 @@ class Enumeration:
errMsg = "unable to retrieve the number of database users" errMsg = "unable to retrieve the number of database users"
raise sqlmapNoneDataException, errMsg raise sqlmapNoneDataException, errMsg
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
plusOne = True plusOne = True
else: else:
plusOne = False plusOne = False
@ -242,7 +242,7 @@ class Enumeration:
users = [] users = []
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.inband.query2 query = rootQuery.inband.query2
else: else:
query = rootQuery.inband.query query = rootQuery.inband.query
@ -253,7 +253,7 @@ class Enumeration:
query += " WHERE " query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in users) query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
if Backend.getIdentifiedDbms() == DBMS.SYBASE: if Backend.isDbms(DBMS.SYBASE):
randStr = randomStr() randStr = randomStr()
getCurrentThreadData().disableStdOut = True getCurrentThreadData().disableStdOut = True
@ -294,7 +294,7 @@ class Enumeration:
if parsedUser: if parsedUser:
users[users.index(user)] = parsedUser.groups()[0] users[users.index(user)] = parsedUser.groups()[0]
if Backend.getIdentifiedDbms() == DBMS.SYBASE: if Backend.isDbms(DBMS.SYBASE):
getCurrentThreadData().disableStdOut = True getCurrentThreadData().disableStdOut = True
randStr = randomStr() randStr = randomStr()
@ -323,7 +323,7 @@ class Enumeration:
infoMsg += "for user '%s'" % user infoMsg += "for user '%s'" % user
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.blind.count2 % user query = rootQuery.blind.count2 % user
else: else:
query = rootQuery.blind.count % user query = rootQuery.blind.count % user
@ -340,14 +340,14 @@ class Enumeration:
passwords = [] passwords = []
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
plusOne = True plusOne = True
else: else:
plusOne = False plusOne = False
indexRange = getRange(count, plusOne=plusOne) indexRange = getRange(count, plusOne=plusOne)
for index in indexRange: for index in indexRange:
if Backend.getIdentifiedDbms() == DBMS.MSSQL: if Backend.isDbms(DBMS.MSSQL):
if Backend.isVersionWithin(("2005", "2008")): if Backend.isVersionWithin(("2005", "2008")):
query = rootQuery.blind.query2 % (user, index, user) query = rootQuery.blind.query2 % (user, index, user)
else: else:
@ -387,24 +387,24 @@ class Enumeration:
def __isAdminFromPrivileges(self, privileges): def __isAdminFromPrivileges(self, privileges):
# In PostgreSQL the usesuper privilege means that the # In PostgreSQL the usesuper privilege means that the
# user is DBA # user is DBA
dbaCondition = ( Backend.getIdentifiedDbms() == DBMS.PGSQL and "super" in privileges ) dbaCondition = ( Backend.isDbms(DBMS.PGSQL) and "super" in privileges )
# In Oracle the DBA privilege means that the # In Oracle the DBA privilege means that the
# user is DBA # user is DBA
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.ORACLE and "DBA" in privileges ) dbaCondition |= ( Backend.isDbms(DBMS.ORACLE) and "DBA" in privileges )
# In MySQL >= 5.0 the SUPER privilege means # In MySQL >= 5.0 the SUPER privilege means
# that the user is DBA # that the user is DBA
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema and "SUPER" in privileges ) dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema and "SUPER" in privileges )
# In MySQL < 5.0 the super_priv privilege means # In MySQL < 5.0 the super_priv privilege means
# that the user is DBA # that the user is DBA
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema and "super_priv" in privileges ) dbaCondition |= ( Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema and "super_priv" in privileges )
# In Firebird there is no specific privilege that means # In Firebird there is no specific privilege that means
# that the user is DBA # that the user is DBA
# TODO: confirm # TODO: confirm
dbaCondition |= ( Backend.getIdentifiedDbms() == DBMS.FIREBIRD and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges ) dbaCondition |= ( Backend.isDbms(DBMS.FIREBIRD) and "SELECT" in privileges and "INSERT" in privileges and "UPDATE" in privileges and "DELETE" in privileges and "REFERENCES" in privileges and "EXECUTE" in privileges )
return dbaCondition return dbaCondition
@ -438,10 +438,10 @@ class Enumeration:
areAdmins = set() areAdmins = set()
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
condition = rootQuery.inband.condition2 condition = rootQuery.inband.condition2
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: elif Backend.isDbms(DBMS.ORACLE) and query2:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
condition = rootQuery.inband.condition2 condition = rootQuery.inband.condition2
else: else:
@ -451,14 +451,14 @@ class Enumeration:
if conf.user: if conf.user:
query += " WHERE " query += " WHERE "
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in users) query += " OR ".join("%s LIKE '%%%s%%'" % (condition, user) for user in users)
else: else:
query += " OR ".join("%s = '%s'" % (condition, user) for user in users) query += " OR ".join("%s = '%s'" % (condition, user) for user in users)
values = inject.getValue(query, blind=False) values = inject.getValue(query, blind=False)
if not values and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2: if not values and Backend.isDbms(DBMS.ORACLE) and not query2:
infoMsg = "trying with table USER_SYS_PRIVS" infoMsg = "trying with table USER_SYS_PRIVS"
logger.info(infoMsg) logger.info(infoMsg)
@ -480,18 +480,18 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is # In PostgreSQL we get 1 if the privilege is
# True, 0 otherwise # True, 0 otherwise
if Backend.getIdentifiedDbms() == DBMS.PGSQL and getUnicode(privilege).isdigit(): if Backend.isDbms(DBMS.PGSQL) and getUnicode(privilege).isdigit():
if int(privilege) == 1: if int(privilege) == 1:
privileges.add(pgsqlPrivs[count]) privileges.add(pgsqlPrivs[count])
# In MySQL >= 5.0 and Oracle we get the list # In MySQL >= 5.0 and Oracle we get the list
# of privileges as string # of privileges as string
elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ): elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ):
privileges.add(privilege) privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is # In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise # True, N otherwise
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
if privilege.upper() == "Y": if privilege.upper() == "Y":
privileges.add(mysqlPrivs[count]) privileges.add(mysqlPrivs[count])
@ -504,7 +504,7 @@ class Enumeration:
kb.data.cachedUsersPrivileges[user] = list(privileges) kb.data.cachedUsersPrivileges[user] = list(privileges)
if not kb.data.cachedUsersPrivileges and not conf.direct: if not kb.data.cachedUsersPrivileges and not conf.direct:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
conditionChar = " LIKE " conditionChar = " LIKE "
else: else:
conditionChar = "=" conditionChar = "="
@ -525,25 +525,25 @@ class Enumeration:
if user in retrievedUsers: if user in retrievedUsers:
continue continue
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
user = "%%%s%%" % user user = "%%%s%%" % user
infoMsg = "fetching number of privileges " infoMsg = "fetching number of privileges "
infoMsg += "for user '%s'" % user infoMsg += "for user '%s'" % user
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.blind.count2 % user query = rootQuery.blind.count2 % user
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
query = rootQuery.blind.count % (conditionChar, user) query = rootQuery.blind.count % (conditionChar, user)
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: elif Backend.isDbms(DBMS.ORACLE) and query2:
query = rootQuery.blind.count2 % user query = rootQuery.blind.count2 % user
else: else:
query = rootQuery.blind.count % user query = rootQuery.blind.count % user
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2) count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=2)
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
if not (isinstance(count, basestring) and count.isdigit()) and Backend.getIdentifiedDbms() == DBMS.ORACLE and not query2: if not (isinstance(count, basestring) and count.isdigit()) and Backend.isDbms(DBMS.ORACLE) and not query2:
infoMsg = "trying with table USER_SYS_PRIVS" infoMsg = "trying with table USER_SYS_PRIVS"
logger.info(infoMsg) logger.info(infoMsg)
@ -559,20 +559,20 @@ class Enumeration:
privileges = set() privileges = set()
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
plusOne = True plusOne = True
else: else:
plusOne = False plusOne = False
indexRange = getRange(count, plusOne=plusOne) indexRange = getRange(count, plusOne=plusOne)
for index in indexRange: for index in indexRange:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % (user, index) query = rootQuery.blind.query2 % (user, index)
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema: elif Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema:
query = rootQuery.blind.query % (conditionChar, user, index) query = rootQuery.blind.query % (conditionChar, user, index)
elif Backend.getIdentifiedDbms() == DBMS.ORACLE and query2: elif Backend.isDbms(DBMS.ORACLE) and query2:
query = rootQuery.blind.query2 % (user, index) query = rootQuery.blind.query2 % (user, index)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query % (index, user) query = rootQuery.blind.query % (index, user)
else: else:
query = rootQuery.blind.query % (user, index) query = rootQuery.blind.query % (user, index)
@ -580,7 +580,7 @@ class Enumeration:
# In PostgreSQL we get 1 if the privilege is True, # In PostgreSQL we get 1 if the privilege is True,
# 0 otherwise # 0 otherwise
if Backend.getIdentifiedDbms() == DBMS.PGSQL and ", " in privilege: if Backend.isDbms(DBMS.PGSQL) and ", " in privilege:
privilege = privilege.replace(", ", ",") privilege = privilege.replace(", ", ",")
privs = privilege.split(",") privs = privilege.split(",")
i = 1 i = 1
@ -595,12 +595,12 @@ class Enumeration:
# In MySQL >= 5.0 and Oracle we get the list # In MySQL >= 5.0 and Oracle we get the list
# of privileges as string # of privileges as string
elif Backend.getIdentifiedDbms() == DBMS.ORACLE or ( Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema ): elif Backend.isDbms(DBMS.ORACLE) or ( Backend.isDbms(DBMS.MYSQL) and kb.data.has_information_schema ):
privileges.add(privilege) privileges.add(privilege)
# In MySQL < 5.0 we get Y if the privilege is # In MySQL < 5.0 we get Y if the privilege is
# True, N otherwise # True, N otherwise
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
privilege = privilege.replace(", ", ",") privilege = privilege.replace(", ", ",")
privs = privilege.split(",") privs = privilege.split(",")
i = 1 i = 1
@ -614,7 +614,7 @@ class Enumeration:
i += 1 i += 1
# In Firebird we get one letter for each privilege # In Firebird we get one letter for each privilege
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
privileges.add(firebirdPrivs[privilege.strip()]) privileges.add(firebirdPrivs[privilege.strip()])
if self.__isAdminFromPrivileges(privileges): if self.__isAdminFromPrivileges(privileges):
@ -623,7 +623,7 @@ class Enumeration:
# In MySQL < 5.0 we break the cycle after the first # In MySQL < 5.0 we break the cycle after the first
# time we get the user's privileges otherwise we # time we get the user's privileges otherwise we
# duplicate the same query # duplicate the same query
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
break break
if privileges: if privileges:
@ -650,13 +650,13 @@ class Enumeration:
return self.getPrivileges(query2) return self.getPrivileges(query2)
def getDbs(self): def getDbs(self):
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
warnMsg = "information_schema not available, " warnMsg = "information_schema not available, "
warnMsg += "back-end DBMS is MySQL < 5. database " warnMsg += "back-end DBMS is MySQL < 5. database "
warnMsg += "names will be fetched from 'mysql' database" warnMsg += "names will be fetched from 'mysql' database"
logger.warn(warnMsg) logger.warn(warnMsg)
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
warnMsg = "schema names are going to be used on Oracle " warnMsg = "schema names are going to be used on Oracle "
warnMsg += "for enumeration as the counterpart to database " warnMsg += "for enumeration as the counterpart to database "
warnMsg += "names on other DBMSes" warnMsg += "names on other DBMSes"
@ -671,7 +671,7 @@ class Enumeration:
rootQuery = queries[Backend.getIdentifiedDbms()].dbs rootQuery = queries[Backend.getIdentifiedDbms()].dbs
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
else: else:
query = rootQuery.inband.query query = rootQuery.inband.query
@ -684,7 +684,7 @@ class Enumeration:
infoMsg = "fetching number of databases" infoMsg = "fetching number of databases"
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.blind.count2 query = rootQuery.blind.count2
else: else:
query = rootQuery.blind.count query = rootQuery.blind.count
@ -694,16 +694,16 @@ class Enumeration:
errMsg = "unable to retrieve the number of databases" errMsg = "unable to retrieve the number of databases"
logger.error(errMsg) logger.error(errMsg)
else: else:
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
plusOne = True plusOne = True
else: else:
plusOne = False plusOne = False
indexRange = getRange(count, plusOne=plusOne) indexRange = getRange(count, plusOne=plusOne)
for index in indexRange: for index in indexRange:
if Backend.getIdentifiedDbms() == DBMS.SYBASE: if Backend.isDbms(DBMS.SYBASE):
query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ") query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
elif Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: elif Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.blind.query2 % index query = rootQuery.blind.query2 % index
else: else:
query = rootQuery.blind.query % index query = rootQuery.blind.query % index
@ -729,13 +729,13 @@ class Enumeration:
self.forceDbmsEnum() self.forceDbmsEnum()
if bruteForce is None: if bruteForce is None:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, " errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0" errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg) logger.error(errMsg)
bruteForce = True bruteForce = True
elif Backend.getIdentifiedDbms() == DBMS.ACCESS: elif Backend.isDbms(DBMS.ACCESS):
try: try:
tables = self.getTables(False) tables = self.getTables(False)
except sqlmapNoneDataException: except sqlmapNoneDataException:
@ -815,13 +815,13 @@ class Enumeration:
infoMsg = "skipping system databases: %s" % ", ".join(db for db in self.excludeDbsList) infoMsg = "skipping system databases: %s" % ", ".join(db for db in self.excludeDbsList)
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MSSQL: if Backend.isDbms(DBMS.MSSQL):
query = safeStringFormat(query, conf.db) query = safeStringFormat(query, conf.db)
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False)
value = filter(lambda x: x, value) value = filter(lambda x: x, value)
if value: if value:
if Backend.getIdentifiedDbms() == DBMS.SQLITE: if Backend.isDbms(DBMS.SQLITE):
if isinstance(value, basestring): if isinstance(value, basestring):
value = [[ DBMS.SQLITE, value ]] value = [[ DBMS.SQLITE, value ]]
elif isinstance(value, (list, tuple, set)): elif isinstance(value, (list, tuple, set)):
@ -874,7 +874,7 @@ class Enumeration:
indexRange = getRange(count, plusOne=plusOne) indexRange = getRange(count, plusOne=plusOne)
for index in indexRange: for index in indexRange:
if Backend.getIdentifiedDbms() == DBMS.SYBASE: if Backend.isDbms(DBMS.SYBASE):
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")) query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS): elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS):
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ") query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
@ -934,13 +934,13 @@ class Enumeration:
return self.getSchema() return self.getSchema()
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, " errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0" errMsg += "back-end DBMS is MySQL < 5.0"
logger.error(errMsg) logger.error(errMsg)
bruteForce = True bruteForce = True
elif Backend.getIdentifiedDbms() == DBMS.ACCESS: elif Backend.isDbms(DBMS.ACCESS):
errMsg = "cannot retrieve column names, " errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access" errMsg += "back-end DBMS is Access"
logger.error(errMsg) logger.error(errMsg)
@ -986,7 +986,7 @@ class Enumeration:
infoMsg = "fetching columns " infoMsg = "fetching columns "
if conf.col: if conf.col:
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
conf.col = conf.col.upper() conf.col = conf.col.upper()
colList = conf.col.split(",") colList = conf.col.split(",")
condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")" condQuery = " AND (" + " OR ".join("%s LIKE '%s'" % (condition, "%" + unsafeSQLIdentificatorNaming(col) + "%") for col in colList) + ")"
@ -1002,21 +1002,21 @@ class Enumeration:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query = rootQuery.inband.query % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
query = rootQuery.inband.query % (conf.db, conf.db, query = rootQuery.inband.query % (conf.db, conf.db,
conf.db, conf.db, conf.db, conf.db,
conf.db, conf.db, conf.db, conf.db,
conf.db, unsafeSQLIdentificatorNaming(conf.tbl)) conf.db, unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.SQLITE: elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.inband.query % conf.tbl query = rootQuery.inband.query % conf.tbl
value = inject.getValue(query, blind=False) value = inject.getValue(query, blind=False)
if Backend.getIdentifiedDbms() == DBMS.SQLITE: if Backend.isDbms(DBMS.SQLITE):
parseSqliteTableSchema(value) parseSqliteTableSchema(value)
elif value: elif value:
table = {} table = {}
@ -1047,7 +1047,7 @@ class Enumeration:
query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery query += condQuery
@ -1056,11 +1056,11 @@ class Enumeration:
unsafeSQLIdentificatorNaming(conf.tbl)) unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.count % (conf.tbl) query = rootQuery.blind.count % (conf.tbl)
query += condQuery query += condQuery
elif Backend.getIdentifiedDbms() == DBMS.SQLITE: elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.blind.query % conf.tbl query = rootQuery.blind.query % conf.tbl
value = inject.getValue(query, inband=False, error=False) value = inject.getValue(query, inband=False, error=False)
parseSqliteTableSchema(value) parseSqliteTableSchema(value)
@ -1084,7 +1084,7 @@ class Enumeration:
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(conf.tbl), unsafeSQLIdentificatorNaming(conf.db))
query += condQuery query += condQuery
field = None field = None
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(conf.tbl.upper()) query = rootQuery.blind.query % unsafeSQLIdentificatorNaming(conf.tbl.upper())
query += condQuery query += condQuery
field = None field = None
@ -1095,7 +1095,7 @@ class Enumeration:
unsafeSQLIdentificatorNaming(conf.tbl)) unsafeSQLIdentificatorNaming(conf.tbl))
query += condQuery.replace("[DB]", conf.db) query += condQuery.replace("[DB]", conf.db)
field = condition.replace("[DB]", conf.db) field = condition.replace("[DB]", conf.db)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query % (conf.tbl) query = rootQuery.blind.query % (conf.tbl)
query += condQuery query += condQuery
field = None field = None
@ -1106,18 +1106,18 @@ class Enumeration:
if not onlyColNames: if not onlyColNames:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl), column, unsafeSQLIdentificatorNaming(conf.db)) query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl), column, unsafeSQLIdentificatorNaming(conf.db))
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl.upper()), column) query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(conf.tbl.upper()), column)
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db,
conf.db, column, conf.db, conf.db, column, conf.db,
conf.db, conf.db, unsafeSQLIdentificatorNaming(conf.tbl)) conf.db, conf.db, unsafeSQLIdentificatorNaming(conf.tbl))
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query2 % (conf.tbl, column) query = rootQuery.blind.query2 % (conf.tbl, column)
colType = inject.getValue(query, inband=False, error=False) colType = inject.getValue(query, inband=False, error=False)
if Backend.getIdentifiedDbms() == DBMS.FIREBIRD: if Backend.isDbms(DBMS.FIREBIRD):
colType = firebirdTypes[colType] if colType in firebirdTypes else colType colType = firebirdTypes[colType] if colType in firebirdTypes else colType
column = safeSQLIdentificatorNaming(column) column = safeSQLIdentificatorNaming(column)
@ -1402,7 +1402,7 @@ class Enumeration:
entries = [] entries = []
query = None query = None
if all([Backend.getIdentifiedDbms() == DBMS.MYSQL, isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR), conf.groupConcat]): if all([Backend.isDbms(DBMS.MYSQL), isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR), conf.groupConcat]):
randStr, randStr2 = randomStr(), randomStr() randStr, randStr2 = randomStr(), randomStr()
filterFunction = "REPLACE(REPLACE(IFNULL(%s, ' '),'%s','%s'),'%s','%s')"\ filterFunction = "REPLACE(REPLACE(IFNULL(%s, ' '),'%s','%s'),'%s','%s')"\
% ('%s', CONCAT_VALUE_DELIMITER, randStr, CONCAT_ROW_DELIMITER, randStr2) % ('%s', CONCAT_VALUE_DELIMITER, randStr, CONCAT_ROW_DELIMITER, randStr2)
@ -1416,9 +1416,9 @@ class Enumeration:
row = map(lambda x: x.replace(randStr, CONCAT_VALUE_DELIMITER).replace(randStr2, CONCAT_ROW_DELIMITER), row) row = map(lambda x: x.replace(randStr, CONCAT_VALUE_DELIMITER).replace(randStr2, CONCAT_ROW_DELIMITER), row)
entries.append(row) entries.append(row)
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
query = rootQuery.inband.query % (colString, conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper()))) query = rootQuery.inband.query % (colString, conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())))
elif Backend.getIdentifiedDbms() == DBMS.SQLITE: elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.inband.query % (colString, conf.tbl) query = rootQuery.inband.query % (colString, conf.tbl)
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL): elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
# Partial inband and error # Partial inband and error
@ -1477,13 +1477,13 @@ class Enumeration:
infoMsg += "on database '%s'" % conf.db infoMsg += "on database '%s'" % conf.db
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.count % (conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper()))) query = rootQuery.blind.count % (conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())))
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD): elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.FIREBIRD):
query = rootQuery.blind.count % conf.tbl query = rootQuery.blind.count % conf.tbl
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL): elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
query = rootQuery.blind.count % ("%s.%s" % (conf.db, conf.tbl)) query = rootQuery.blind.count % ("%s.%s" % (conf.db, conf.tbl))
elif Backend.getIdentifiedDbms() == DBMS.MAXDB: elif Backend.isDbms(DBMS.MAXDB):
query = rootQuery.blind.count % ("%s" % conf.tbl) query = rootQuery.blind.count % ("%s" % conf.tbl)
else: else:
query = rootQuery.blind.count % (conf.db, conf.tbl) query = rootQuery.blind.count % (conf.db, conf.tbl)
@ -1505,11 +1505,11 @@ class Enumeration:
try: try:
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE, DBMS.MAXDB, DBMS.MSSQL): if Backend.getIdentifiedDbms() in (DBMS.ACCESS, DBMS.SYBASE, DBMS.MAXDB, DBMS.MSSQL):
if Backend.getIdentifiedDbms() == DBMS.ACCESS: if Backend.isDbms(DBMS.ACCESS):
table = conf.tbl table = conf.tbl
elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL): elif Backend.getIdentifiedDbms() in (DBMS.SYBASE, DBMS.MSSQL):
table = "%s.%s" % (conf.db, conf.tbl) table = "%s.%s" % (conf.db, conf.tbl)
elif Backend.getIdentifiedDbms() == DBMS.MAXDB: elif Backend.isDbms(DBMS.MAXDB):
table = "%s.%s" % (conf.db, conf.tbl) table = "%s.%s" % (conf.db, conf.tbl)
retVal = self.__pivotDumpTable(table, colList, count, blind=True) retVal = self.__pivotDumpTable(table, colList, count, blind=True)
@ -1517,7 +1517,7 @@ class Enumeration:
entries, lengths = retVal entries, lengths = retVal
else: else:
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
plusOne = True plusOne = True
else: else:
plusOne = False plusOne = False
@ -1534,14 +1534,14 @@ class Enumeration:
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ): if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
query = rootQuery.blind.query % (column, conf.db, query = rootQuery.blind.query % (column, conf.db,
conf.tbl, index) conf.tbl, index)
elif Backend.getIdentifiedDbms() == DBMS.ORACLE: elif Backend.isDbms(DBMS.ORACLE):
query = rootQuery.blind.query % (column, column, query = rootQuery.blind.query % (column, column,
conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())), conf.tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), conf.tbl.upper())),
index) index)
elif Backend.getIdentifiedDbms() == DBMS.SQLITE: elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.blind.query % (column, conf.tbl, index) query = rootQuery.blind.query % (column, conf.tbl, index)
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD: elif Backend.isDbms(DBMS.FIREBIRD):
query = rootQuery.blind.query % (index, column, conf.tbl) query = rootQuery.blind.query % (index, column, conf.tbl)
value = inject.getValue(query, inband=False, error=False, dump=True) value = inject.getValue(query, inband=False, error=False, dump=True)
@ -1585,7 +1585,7 @@ class Enumeration:
return kb.data.dumpedTable return kb.data.dumpedTable
def dumpAll(self): def dumpAll(self):
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, " errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0" errMsg += "back-end DBMS is MySQL < 5.0"
raise sqlmapUnsupportedFeatureException, errMsg raise sqlmapUnsupportedFeatureException, errMsg
@ -1700,7 +1700,7 @@ class Enumeration:
rootQuery = queries[Backend.getIdentifiedDbms()].search_db rootQuery = queries[Backend.getIdentifiedDbms()].search_db
dbList = conf.db.split(",") dbList = conf.db.split(",")
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
dbCond = rootQuery.inband.condition2 dbCond = rootQuery.inband.condition2
else: else:
dbCond = rootQuery.inband.condition dbCond = rootQuery.inband.condition
@ -1727,7 +1727,7 @@ class Enumeration:
dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db) dbQuery = dbQuery % unsafeSQLIdentificatorNaming(db)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.inband.query2 query = rootQuery.inband.query2
else: else:
query = rootQuery.inband.query query = rootQuery.inband.query
@ -1749,7 +1749,7 @@ class Enumeration:
infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db) infoMsg += " '%s'" % unsafeSQLIdentificatorNaming(db)
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.blind.count2 query = rootQuery.blind.count2
else: else:
query = rootQuery.blind.count query = rootQuery.blind.count
@ -1769,7 +1769,7 @@ class Enumeration:
indexRange = getRange(count) indexRange = getRange(count)
for index in indexRange: for index in indexRange:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
query = rootQuery.blind.query2 query = rootQuery.blind.query2
else: else:
query = rootQuery.blind.query query = rootQuery.blind.query
@ -1786,12 +1786,12 @@ class Enumeration:
def searchTable(self): def searchTable(self):
bruteForce = False bruteForce = False
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, " errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0" errMsg += "back-end DBMS is MySQL < 5.0"
bruteForce = True bruteForce = True
elif Backend.getIdentifiedDbms() == DBMS.ACCESS: elif Backend.isDbms(DBMS.ACCESS):
errMsg = "cannot retrieve table names, " errMsg = "cannot retrieve table names, "
errMsg += "back-end DBMS is Access" errMsg += "back-end DBMS is Access"
logger.error(errMsg) logger.error(errMsg)
@ -1820,7 +1820,7 @@ class Enumeration:
for tbl in tblList: for tbl in tblList:
tbl = safeSQLIdentificatorNaming(tbl, True) tbl = safeSQLIdentificatorNaming(tbl, True)
if Backend.getIdentifiedDbms() == DBMS.ORACLE: if Backend.isDbms(DBMS.ORACLE):
tbl = tbl.upper() tbl = tbl.upper()
infoMsg = "searching table" infoMsg = "searching table"
@ -1941,12 +1941,12 @@ class Enumeration:
def searchColumn(self): def searchColumn(self):
bruteForce = False bruteForce = False
if Backend.getIdentifiedDbms() == DBMS.MYSQL and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, " errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0" errMsg += "back-end DBMS is MySQL < 5.0"
bruteForce = True bruteForce = True
elif Backend.getIdentifiedDbms() == DBMS.ACCESS: elif Backend.isDbms(DBMS.ACCESS):
errMsg = "cannot retrieve column names, " errMsg = "cannot retrieve column names, "
errMsg += "back-end DBMS is Access" errMsg += "back-end DBMS is Access"
logger.error(errMsg) logger.error(errMsg)

6
plugins/generic/filesystem.py
View File

@ -93,13 +93,13 @@ class Filesystem:
return fileLines return fileLines
def __checkWrittenFile(self, wFile, dFile, fileType): def __checkWrittenFile(self, wFile, dFile, fileType):
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile lengthQuery = "SELECT LENGTH(LOAD_FILE('%s'))" % dFile
elif Backend.getIdentifiedDbms() == DBMS.PGSQL: elif Backend.isDbms(DBMS.PGSQL):
lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid lengthQuery = "SELECT LENGTH(data) FROM pg_largeobject WHERE loid=%d" % self.oid
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
self.createSupportTbl(self.fileTblName, self.tblField, "text") self.createSupportTbl(self.fileTblName, self.tblField, "text")
# Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx # Reference: http://msdn.microsoft.com/en-us/library/ms188365.aspx

10
plugins/generic/misc.py
View File

@ -58,13 +58,13 @@ class Miscellaneous:
infoMsg = "detecting back-end DBMS version from its banner" infoMsg = "detecting back-end DBMS version from its banner"
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
first, last = 1, 6 first, last = 1, 6
elif Backend.getIdentifiedDbms() == DBMS.PGSQL: elif Backend.isDbms(DBMS.PGSQL):
first, last = 12, 6 first, last = 12, 6
elif Backend.getIdentifiedDbms() == DBMS.MSSQL: elif Backend.isDbms(DBMS.MSSQL):
first, last = 29, 9 first, last = 29, 9
else: else:
@ -122,7 +122,7 @@ class Miscellaneous:
if not onlyFileTbl: if not onlyFileTbl:
inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True) inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)
if Backend.getIdentifiedDbms() == DBMS.MSSQL: if Backend.isDbms(DBMS.MSSQL):
return return
if udfDict is None: if udfDict is None:
@ -135,7 +135,7 @@ class Miscellaneous:
if not output or output in ("y", "Y"): if not output or output in ("y", "Y"):
dropStr = "DROP FUNCTION %s" % udf dropStr = "DROP FUNCTION %s" % udf
if Backend.getIdentifiedDbms() == DBMS.PGSQL: if Backend.isDbms(DBMS.PGSQL):
inp = ", ".join(i for i in inpRet["input"]) inp = ", ".join(i for i in inpRet["input"])
dropStr += "(%s)" % inp dropStr += "(%s)" % inp

18
plugins/generic/takeover.py
View File

@ -46,7 +46,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def osCmd(self): def osCmd(self):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False web = False
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
infoMsg = "going to use a web backdoor for command execution" infoMsg = "going to use a web backdoor for command execution"
logger.info(infoMsg) logger.info(infoMsg)
@ -67,7 +67,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def osShell(self): def osShell(self):
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct: if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
web = False web = False
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
infoMsg = "going to use a web backdoor for command prompt" infoMsg = "going to use a web backdoor for command prompt"
logger.info(infoMsg) logger.info(infoMsg)
@ -201,7 +201,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadShellcodeexec() self.uploadShellcodeexec()
if Backend.isOs(OS.WINDOWS) and conf.privEsc: if Backend.isOs(OS.WINDOWS) and conf.privEsc:
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
debugMsg = "by default MySQL on Windows runs as SYSTEM " debugMsg = "by default MySQL on Windows runs as SYSTEM "
debugMsg += "user, no need to privilege escalate" debugMsg += "user, no need to privilege escalate"
logger.debug(debugMsg) logger.debug(debugMsg)
@ -219,7 +219,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
self.uploadIcmpshSlave(web=web) self.uploadIcmpshSlave(web=web)
self.icmpPwn() self.icmpPwn()
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.getIdentifiedDbms() == DBMS.MYSQL: elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
web = True web = True
infoMsg = "going to use a web backdoor to establish the tunnel" infoMsg = "going to use a web backdoor to establish the tunnel"
@ -274,7 +274,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "queries are supported" errMsg += "queries are supported"
raise sqlmapUnsupportedDBMSException(errMsg) raise sqlmapUnsupportedDBMSException(errMsg)
elif Backend.getIdentifiedDbms() == DBMS.MYSQL: elif Backend.isDbms(DBMS.MYSQL):
debugMsg = "since stacked queries are not supported, " debugMsg = "since stacked queries are not supported, "
debugMsg += "sqlmap is going to perform the SMB relay " debugMsg += "sqlmap is going to perform the SMB relay "
debugMsg += "attack via inference blind SQL injection" debugMsg += "attack via inference blind SQL injection"
@ -283,18 +283,18 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
printWarn = True printWarn = True
warnMsg = "it is unlikely that this attack will be successful " warnMsg = "it is unlikely that this attack will be successful "
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.isDbms(DBMS.MYSQL):
warnMsg += "because by default MySQL on Windows runs as " warnMsg += "because by default MySQL on Windows runs as "
warnMsg += "Local System which is not a real user, it does " warnMsg += "Local System which is not a real user, it does "
warnMsg += "not send the NTLM session hash when connecting to " warnMsg += "not send the NTLM session hash when connecting to "
warnMsg += "a SMB service" warnMsg += "a SMB service"
elif Backend.getIdentifiedDbms() == DBMS.PGSQL: elif Backend.isDbms(DBMS.PGSQL):
warnMsg += "because by default PostgreSQL on Windows runs " warnMsg += "because by default PostgreSQL on Windows runs "
warnMsg += "as postgres user which is a real user of the " warnMsg += "as postgres user which is a real user of the "
warnMsg += "system, but not within the Administrators group" warnMsg += "system, but not within the Administrators group"
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")): elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion() warnMsg += "because often Microsoft SQL Server %s " % Backend.getVersion()
warnMsg += "runs as Network Service which is not a real user, " warnMsg += "runs as Network Service which is not a real user, "
warnMsg += "it does not send the NTLM session hash when " warnMsg += "it does not send the NTLM session hash when "
@ -312,7 +312,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return return
if not Backend.getIdentifiedDbms() == DBMS.MSSQL or not Backend.isVersionWithin(("2000", "2005")): if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin(("2000", "2005")):
errMsg = "the back-end DBMS must be Microsoft SQL Server " errMsg = "the back-end DBMS must be Microsoft SQL Server "
errMsg += "2000 or 2005 to be able to exploit the heap-based " errMsg += "2000 or 2005 to be able to exploit the heap-based "
errMsg += "buffer overflow in the 'sp_replwritetovarbin' " errMsg += "buffer overflow in the 'sp_replwritetovarbin' "