sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 02:53:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added support for NTLM authentication

Browse Source
This commit is contained in:
Bernardo Damele 2009-12-02 22:54:39 +00:00
parent e28b98a366
commit b363f1c5ab
3 changed files with 40 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/core/exception.py
View File

@ -46,14 +46,26 @@ class sqlmapGenericException(Exception):
pass pass
class sqlmapMissingDependence(Exception):
pass
class sqlmapMissingMandatoryOptionException(Exception): class sqlmapMissingMandatoryOptionException(Exception):
pass pass
class sqlmapMissingPrivileges(Exception):
pass
class sqlmapNoneDataException(Exception): class sqlmapNoneDataException(Exception):
pass pass
class sqlmapNotVulnerableException(Exception):
pass
class sqlmapRegExprException(Exception): class sqlmapRegExprException(Exception):
pass pass
@ -62,22 +74,14 @@ class sqlmapSyntaxException(Exception):
pass pass
class sqlmapUndefinedMethod(Exception):
pass
class sqlmapMissingPrivileges(Exception):
pass
class sqlmapNotVulnerableException(Exception):
pass
class sqlmapThreadException(Exception): class sqlmapThreadException(Exception):
pass pass
class sqlmapUndefinedMethod(Exception):
pass
class sqlmapUnsupportedDBMSException(Exception): class sqlmapUnsupportedDBMSException(Exception):
pass pass
@ -105,6 +109,7 @@ exceptionsTuple = (
sqlmapDataException, sqlmapDataException,
sqlmapFilePathException, sqlmapFilePathException,
sqlmapGenericException, sqlmapGenericException,
sqlmapMissingDependence,
sqlmapMissingMandatoryOptionException, sqlmapMissingMandatoryOptionException,
sqlmapNoneDataException, sqlmapNoneDataException,
sqlmapRegExprException, sqlmapRegExprException,

29
lib/core/option.py
View File

@ -48,6 +48,7 @@ from lib.core.data import paths
from lib.core.datatype import advancedDict from lib.core.datatype import advancedDict
from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapGenericException from lib.core.exception import sqlmapGenericException
from lib.core.exception import sqlmapMissingDependence
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapMissingPrivileges from lib.core.exception import sqlmapMissingPrivileges
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import sqlmapSyntaxException
@ -528,7 +529,7 @@ def __setHTTPProxy():
def __setHTTPAuthentication(): def __setHTTPAuthentication():
""" """
Check and set the HTTP authentication method (Basic or Digest), Check and set the HTTP authentication method (Basic, Digest or NTLM),
username and password to perform HTTP requests with. username and password to perform HTTP requests with.
""" """
@ -538,29 +539,29 @@ def __setHTTPAuthentication():
return return
elif conf.aType and not conf.aCred: elif conf.aType and not conf.aCred:
errMsg = "you specified the HTTP Authentication type, but " errMsg = "you specified the HTTP authentication type, but "
errMsg += "did not provide the credentials" errMsg += "did not provide the credentials"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
elif not conf.aType and conf.aCred: elif not conf.aType and conf.aCred:
errMsg = "you specified the HTTP Authentication credentials, " errMsg = "you specified the HTTP authentication credentials, "
errMsg += "but did not provide the type" errMsg += "but did not provide the type"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
debugMsg = "setting the HTTP Authentication type and credentials" debugMsg = "setting the HTTP authentication type and credentials"
logger.debug(debugMsg) logger.debug(debugMsg)
aTypeLower = conf.aType.lower() aTypeLower = conf.aType.lower()
if aTypeLower not in ( "basic", "digest" ): if aTypeLower not in ( "basic", "digest", "ntlm" ):
errMsg = "HTTP Authentication type value must be " errMsg = "HTTP authentication type value must be "
errMsg += "Basic or Digest" errMsg += "Basic, Digest or NTLM"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred) aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred)
if not aCredRegExp: if not aCredRegExp:
errMsg = "HTTP Authentication credentials value must be " errMsg = "HTTP authentication credentials value must be "
errMsg += "in format username:password" errMsg += "in format username:password"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
@ -572,9 +573,21 @@ def __setHTTPAuthentication():
if aTypeLower == "basic": if aTypeLower == "basic":
authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr) authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
elif aTypeLower == "digest": elif aTypeLower == "digest":
authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr) authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
elif aTypeLower == "ntlm":
try:
from ntlm import HTTPNtlmAuthHandler
except ImportError, _:
errMsg = "sqlmap requires Python NTLM third-party library "
errMsg += "in order to authenticate via NTLM, "
errMsg += "http://code.google.com/p/python-ntlm/"
raise sqlmapMissingDependence, errMsg
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
def __setHTTPMethod(): def __setHTTPMethod():
""" """

2
lib/parse/cmdline.py
View File

@ -90,7 +90,7 @@ def cmdLineParser():
request.add_option("--auth-type", dest="aType", request.add_option("--auth-type", dest="aType",
help="HTTP Authentication type (value " help="HTTP Authentication type (value "
"Basic or Digest)") "Basic, Digest or NTLM)")
request.add_option("--auth-cred", dest="aCred", request.add_option("--auth-cred", dest="aCred",
help="HTTP Authentication credentials (value " help="HTTP Authentication credentials (value "