From b363f1c5ab53c46b5ef3e8cbb9c567a9d268bf4d Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Wed, 2 Dec 2009 22:54:39 +0000 Subject: [PATCH] Added support for NTLM authentication --- lib/core/exception.py | 31 ++++++++++++++++++------------- lib/core/option.py | 29 +++++++++++++++++++++-------- lib/parse/cmdline.py | 2 +- 3 files changed, 40 insertions(+), 22 deletions(-) diff --git a/lib/core/exception.py b/lib/core/exception.py index 756d9ca42..1b523c6b2 100644 --- a/lib/core/exception.py +++ b/lib/core/exception.py @@ -46,14 +46,26 @@ class sqlmapGenericException(Exception): pass +class sqlmapMissingDependence(Exception): + pass + + class sqlmapMissingMandatoryOptionException(Exception): pass +class sqlmapMissingPrivileges(Exception): + pass + + class sqlmapNoneDataException(Exception): pass +class sqlmapNotVulnerableException(Exception): + pass + + class sqlmapRegExprException(Exception): pass @@ -62,22 +74,14 @@ class sqlmapSyntaxException(Exception): pass -class sqlmapUndefinedMethod(Exception): - pass - - -class sqlmapMissingPrivileges(Exception): - pass - - -class sqlmapNotVulnerableException(Exception): - pass - - class sqlmapThreadException(Exception): pass +class sqlmapUndefinedMethod(Exception): + pass + + class sqlmapUnsupportedDBMSException(Exception): pass @@ -105,6 +109,7 @@ exceptionsTuple = ( sqlmapDataException, sqlmapFilePathException, sqlmapGenericException, + sqlmapMissingDependence, sqlmapMissingMandatoryOptionException, sqlmapNoneDataException, sqlmapRegExprException, @@ -116,4 +121,4 @@ exceptionsTuple = ( sqlmapUnsupportedDBMSException, sqlmapUnsupportedFeatureException, sqlmapValueException, - ) + ) \ No newline at end of file diff --git a/lib/core/option.py b/lib/core/option.py index b6eb4e966..1f6cc50cf 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -48,6 +48,7 @@ from lib.core.data import paths from lib.core.datatype import advancedDict from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapGenericException +from lib.core.exception import sqlmapMissingDependence from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapMissingPrivileges from lib.core.exception import sqlmapSyntaxException @@ -528,7 +529,7 @@ def __setHTTPProxy(): def __setHTTPAuthentication(): """ - Check and set the HTTP authentication method (Basic or Digest), + Check and set the HTTP authentication method (Basic, Digest or NTLM), username and password to perform HTTP requests with. """ @@ -538,29 +539,29 @@ def __setHTTPAuthentication(): return elif conf.aType and not conf.aCred: - errMsg = "you specified the HTTP Authentication type, but " + errMsg = "you specified the HTTP authentication type, but " errMsg += "did not provide the credentials" raise sqlmapSyntaxException, errMsg elif not conf.aType and conf.aCred: - errMsg = "you specified the HTTP Authentication credentials, " + errMsg = "you specified the HTTP authentication credentials, " errMsg += "but did not provide the type" raise sqlmapSyntaxException, errMsg - debugMsg = "setting the HTTP Authentication type and credentials" + debugMsg = "setting the HTTP authentication type and credentials" logger.debug(debugMsg) aTypeLower = conf.aType.lower() - if aTypeLower not in ( "basic", "digest" ): - errMsg = "HTTP Authentication type value must be " - errMsg += "Basic or Digest" + if aTypeLower not in ( "basic", "digest", "ntlm" ): + errMsg = "HTTP authentication type value must be " + errMsg += "Basic, Digest or NTLM" raise sqlmapSyntaxException, errMsg aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred) if not aCredRegExp: - errMsg = "HTTP Authentication credentials value must be " + errMsg = "HTTP authentication credentials value must be " errMsg += "in format username:password" raise sqlmapSyntaxException, errMsg @@ -572,9 +573,21 @@ def __setHTTPAuthentication(): if aTypeLower == "basic": authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr) + elif aTypeLower == "digest": authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr) + elif aTypeLower == "ntlm": + try: + from ntlm import HTTPNtlmAuthHandler + except ImportError, _: + errMsg = "sqlmap requires Python NTLM third-party library " + errMsg += "in order to authenticate via NTLM, " + errMsg += "http://code.google.com/p/python-ntlm/" + raise sqlmapMissingDependence, errMsg + + authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr) + def __setHTTPMethod(): """ diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index c132a3f8e..799a79a6b 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -90,7 +90,7 @@ def cmdLineParser(): request.add_option("--auth-type", dest="aType", help="HTTP Authentication type (value " - "Basic or Digest)") + "Basic, Digest or NTLM)") request.add_option("--auth-cred", dest="aCred", help="HTTP Authentication credentials (value "