mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Added support for NTLM authentication
This commit is contained in:
Bernardo Damele
parent
e28b98a366
commit
b363f1c5ab
|
|
@ -46,14 +46,26 @@ class sqlmapGenericException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class sqlmapMissingDependence(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
class sqlmapMissingMandatoryOptionException(Exception):
|
class sqlmapMissingMandatoryOptionException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class sqlmapMissingPrivileges(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
class sqlmapNoneDataException(Exception):
|
class sqlmapNoneDataException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class sqlmapNotVulnerableException(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
class sqlmapRegExprException(Exception):
|
class sqlmapRegExprException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
@ -62,22 +74,14 @@ class sqlmapSyntaxException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class sqlmapUndefinedMethod(Exception):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class sqlmapMissingPrivileges(Exception):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class sqlmapNotVulnerableException(Exception):
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class sqlmapThreadException(Exception):
|
class sqlmapThreadException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class sqlmapUndefinedMethod(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
class sqlmapUnsupportedDBMSException(Exception):
|
class sqlmapUnsupportedDBMSException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
@ -105,6 +109,7 @@ exceptionsTuple = (
|
||||||
sqlmapDataException,
|
sqlmapDataException,
|
||||||
sqlmapFilePathException,
|
sqlmapFilePathException,
|
||||||
sqlmapGenericException,
|
sqlmapGenericException,
|
||||||
|
sqlmapMissingDependence,
|
||||||
sqlmapMissingMandatoryOptionException,
|
sqlmapMissingMandatoryOptionException,
|
||||||
sqlmapNoneDataException,
|
sqlmapNoneDataException,
|
||||||
sqlmapRegExprException,
|
sqlmapRegExprException,
|
||||||
|
|
@ -116,4 +121,4 @@ exceptionsTuple = (
|
||||||
sqlmapUnsupportedDBMSException,
|
sqlmapUnsupportedDBMSException,
|
||||||
sqlmapUnsupportedFeatureException,
|
sqlmapUnsupportedFeatureException,
|
||||||
sqlmapValueException,
|
sqlmapValueException,
|
||||||
)
|
)
|
||||||
|
|
@ -48,6 +48,7 @@ from lib.core.data import paths
|
||||||
from lib.core.datatype import advancedDict
|
from lib.core.datatype import advancedDict
|
||||||
from lib.core.exception import sqlmapFilePathException
|
from lib.core.exception import sqlmapFilePathException
|
||||||
from lib.core.exception import sqlmapGenericException
|
from lib.core.exception import sqlmapGenericException
|
||||||
|
from lib.core.exception import sqlmapMissingDependence
|
||||||
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
from lib.core.exception import sqlmapMissingMandatoryOptionException
|
||||||
from lib.core.exception import sqlmapMissingPrivileges
|
from lib.core.exception import sqlmapMissingPrivileges
|
||||||
from lib.core.exception import sqlmapSyntaxException
|
from lib.core.exception import sqlmapSyntaxException
|
||||||
|
|
@ -528,7 +529,7 @@ def __setHTTPProxy():
|
||||||
|
|
||||||
def __setHTTPAuthentication():
|
def __setHTTPAuthentication():
|
||||||
"""
|
"""
|
||||||
Check and set the HTTP authentication method (Basic or Digest),
|
Check and set the HTTP authentication method (Basic, Digest or NTLM),
|
||||||
username and password to perform HTTP requests with.
|
username and password to perform HTTP requests with.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
@ -538,29 +539,29 @@ def __setHTTPAuthentication():
|
||||||
return
|
return
|
||||||
|
|
||||||
elif conf.aType and not conf.aCred:
|
elif conf.aType and not conf.aCred:
|
||||||
errMsg = "you specified the HTTP Authentication type, but "
|
errMsg = "you specified the HTTP authentication type, but "
|
||||||
errMsg += "did not provide the credentials"
|
errMsg += "did not provide the credentials"
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
elif not conf.aType and conf.aCred:
|
elif not conf.aType and conf.aCred:
|
||||||
errMsg = "you specified the HTTP Authentication credentials, "
|
errMsg = "you specified the HTTP authentication credentials, "
|
||||||
errMsg += "but did not provide the type"
|
errMsg += "but did not provide the type"
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
debugMsg = "setting the HTTP Authentication type and credentials"
|
debugMsg = "setting the HTTP authentication type and credentials"
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
aTypeLower = conf.aType.lower()
|
aTypeLower = conf.aType.lower()
|
||||||
|
|
||||||
if aTypeLower not in ( "basic", "digest" ):
|
if aTypeLower not in ( "basic", "digest", "ntlm" ):
|
||||||
errMsg = "HTTP Authentication type value must be "
|
errMsg = "HTTP authentication type value must be "
|
||||||
errMsg += "Basic or Digest"
|
errMsg += "Basic, Digest or NTLM"
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred)
|
aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred)
|
||||||
|
|
||||||
if not aCredRegExp:
|
if not aCredRegExp:
|
||||||
errMsg = "HTTP Authentication credentials value must be "
|
errMsg = "HTTP authentication credentials value must be "
|
||||||
errMsg += "in format username:password"
|
errMsg += "in format username:password"
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
|
|
@ -572,9 +573,21 @@ def __setHTTPAuthentication():
|
||||||
|
|
||||||
if aTypeLower == "basic":
|
if aTypeLower == "basic":
|
||||||
authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
|
authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
|
||||||
|
|
||||||
elif aTypeLower == "digest":
|
elif aTypeLower == "digest":
|
||||||
authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
|
authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
|
||||||
|
|
||||||
|
elif aTypeLower == "ntlm":
|
||||||
|
try:
|
||||||
|
from ntlm import HTTPNtlmAuthHandler
|
||||||
|
except ImportError, _:
|
||||||
|
errMsg = "sqlmap requires Python NTLM third-party library "
|
||||||
|
errMsg += "in order to authenticate via NTLM, "
|
||||||
|
errMsg += "http://code.google.com/p/python-ntlm/"
|
||||||
|
raise sqlmapMissingDependence, errMsg
|
||||||
|
|
||||||
|
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
|
||||||
|
|
||||||
|
|
||||||
def __setHTTPMethod():
|
def __setHTTPMethod():
|
||||||
"""
|
"""
|
||||||
|
|
|
||||||
|
|
@ -90,7 +90,7 @@ def cmdLineParser():
|
||||||
|
|
||||||
request.add_option("--auth-type", dest="aType",
|
request.add_option("--auth-type", dest="aType",
|
||||||
help="HTTP Authentication type (value "
|
help="HTTP Authentication type (value "
|
||||||
"Basic or Digest)")
|
"Basic, Digest or NTLM)")
|
||||||
|
|
||||||
request.add_option("--auth-cred", dest="aCred",
|
request.add_option("--auth-cred", dest="aCred",
|
||||||
help="HTTP Authentication credentials (value "
|
help="HTTP Authentication credentials (value "
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user