Added support for NTLM authentication

2024-11-25 02:53:46 +03:00 · 2009-12-02 22:54:39 +00:00 · 2009-12-02 22:54:39 +00:00 · b363f1c5ab
commit b363f1c5ab
parent e28b98a366
3 changed files with 40 additions and 22 deletions
--- a/lib/core/exception.py
+++ b/lib/core/exception.py
@ -46,14 +46,26 @@ class sqlmapGenericException(Exception):
    pass


+class sqlmapMissingDependence(Exception):
+    pass
+
+
 class sqlmapMissingMandatoryOptionException(Exception):
    pass


+class sqlmapMissingPrivileges(Exception):
+    pass
+
+
 class sqlmapNoneDataException(Exception):
    pass


+class sqlmapNotVulnerableException(Exception):
+    pass
+
+
 class sqlmapRegExprException(Exception):
    pass

@ -62,22 +74,14 @@ class sqlmapSyntaxException(Exception):
    pass


-class sqlmapUndefinedMethod(Exception):
-    pass
-
-
-class sqlmapMissingPrivileges(Exception):
-    pass
-
-
-class sqlmapNotVulnerableException(Exception):
-    pass
-
-
 class sqlmapThreadException(Exception):
    pass


+class sqlmapUndefinedMethod(Exception):
+    pass
+
+
 class sqlmapUnsupportedDBMSException(Exception):
    pass

@ -105,6 +109,7 @@ exceptionsTuple = (
                    sqlmapDataException,
                    sqlmapFilePathException,
                    sqlmapGenericException,
+                    sqlmapMissingDependence,
                    sqlmapMissingMandatoryOptionException,
                    sqlmapNoneDataException,
                    sqlmapRegExprException,
@ -116,4 +121,4 @@ exceptionsTuple = (
                    sqlmapUnsupportedDBMSException,
                    sqlmapUnsupportedFeatureException,
                    sqlmapValueException,
-                  )
+                  )
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -48,6 +48,7 @@ from lib.core.data import paths
 from lib.core.datatype import advancedDict
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
+from lib.core.exception import sqlmapMissingDependence
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.exception import sqlmapMissingPrivileges
 from lib.core.exception import sqlmapSyntaxException
@ -528,7 +529,7 @@ def __setHTTPProxy():

 def __setHTTPAuthentication():
    """
-    Check and set the HTTP authentication method (Basic or Digest),
+    Check and set the HTTP authentication method (Basic, Digest or NTLM),
    username and password to perform HTTP requests with.
    """

@ -538,29 +539,29 @@ def __setHTTPAuthentication():
        return

    elif conf.aType and not conf.aCred:
-        errMsg  = "you specified the HTTP Authentication type, but "
+        errMsg  = "you specified the HTTP authentication type, but "
        errMsg += "did not provide the credentials"
        raise sqlmapSyntaxException, errMsg

    elif not conf.aType and conf.aCred:
-        errMsg  = "you specified the HTTP Authentication credentials, "
+        errMsg  = "you specified the HTTP authentication credentials, "
        errMsg += "but did not provide the type"
        raise sqlmapSyntaxException, errMsg

-    debugMsg = "setting the HTTP Authentication type and credentials"
+    debugMsg = "setting the HTTP authentication type and credentials"
    logger.debug(debugMsg)

    aTypeLower = conf.aType.lower()

-    if aTypeLower not in ( "basic", "digest" ):
-        errMsg  = "HTTP Authentication type value must be "
-        errMsg += "Basic or Digest"
+    if aTypeLower not in ( "basic", "digest", "ntlm" ):
+        errMsg  = "HTTP authentication type value must be "
+        errMsg += "Basic, Digest or NTLM"
        raise sqlmapSyntaxException, errMsg

    aCredRegExp = re.search("^(.*?)\:(.*?)$", conf.aCred)

    if not aCredRegExp:
-        errMsg  = "HTTP Authentication credentials value must be "
+        errMsg  = "HTTP authentication credentials value must be "
        errMsg += "in format username:password"
        raise sqlmapSyntaxException, errMsg

@ -572,9 +573,21 @@ def __setHTTPAuthentication():

    if aTypeLower == "basic":
        authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
+
    elif aTypeLower == "digest":
        authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)

+    elif aTypeLower == "ntlm":
+        try:
+            from ntlm import HTTPNtlmAuthHandler
+        except ImportError, _:
+            errMsg  = "sqlmap requires Python NTLM third-party library "
+            errMsg += "in order to authenticate via NTLM, "
+            errMsg += "http://code.google.com/p/python-ntlm/"
+            raise sqlmapMissingDependence, errMsg
+
+        authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
+

 def __setHTTPMethod():
    """
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -90,7 +90,7 @@ def cmdLineParser():

        request.add_option("--auth-type", dest="aType",
                           help="HTTP Authentication type (value "
-                                "Basic or Digest)")
+                                "Basic, Digest or NTLM)")

        request.add_option("--auth-cred", dest="aCred",
                           help="HTTP Authentication credentials (value "