sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA

Browse Source
This commit is contained in:
Bernardo Damele 2011-02-10 14:24:04 +00:00
parent a2c20acf94
commit c078de894f
3 changed files with 44 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/core/dump.py
View File

@ -125,15 +125,21 @@ class Dump:
for user in users: for user in users:
settings = userSettings[user] settings = userSettings[user]
if user in self.__areAdmins: if settings is None:
self.__write("[*] %s (administrator) [%d]:" % (user, len(settings))) stringSettings = ""
else: else:
self.__write("[*] %s [%d]:" % (user, len(settings))) stringSettings = " [%d]:" % len(settings)
settings.sort() if user in self.__areAdmins:
self.__write("[*] %s (administrator)%s" % (user, stringSettings))
else:
self.__write("[*] %s%s" % (user, stringSettings))
for setting in settings: if settings:
self.__write(" %s: %s" % (subHeader, setting)) settings.sort()
for setting in settings:
self.__write(" %s: %s" % (subHeader, setting))
print print
def dbs(self,dbs): def dbs(self,dbs):

28
plugins/dbms/mssqlserver/enumeration.py
View File

@ -29,11 +29,33 @@ class Enumeration(GenericEnumeration):
GenericEnumeration.__init__(self) GenericEnumeration.__init__(self)
def getPrivileges(self, *args): def getPrivileges(self, *args):
warnMsg = "on Microsoft SQL Server it is not possible to fetch " warnMsg = "on Microsoft SQL Server it is not possible to fetch "
warnMsg += "database users privileges" warnMsg += "database users privileges, sqlmap will check whether "
warnMsg += "or not the database users are database administrators"
logger.warn(warnMsg) logger.warn(warnMsg)
return {} users = []
areAdmins = set()
if conf.user:
users = [ conf.user ]
elif not len(kb.data.cachedUsers):
users = self.getUsers()
else:
users = kb.data.cachedUsers
for user in users:
if user is None:
continue
isDba = self.isDba(user)
if isDba is True:
areAdmins.add(user)
kb.data.cachedUsersPrivileges[user] = None
return ( kb.data.cachedUsersPrivileges, areAdmins )
def getTables(self): def getTables(self):
infoMsg = "fetching tables" infoMsg = "fetching tables"

10
plugins/generic/enumeration.py
View File

@ -126,21 +126,25 @@ class Enumeration:
return kb.data.currentDb return kb.data.currentDb
def isDba(self): def isDba(self, user=None):
infoMsg = "testing if current user is DBA" infoMsg = "testing if current user is DBA"
logger.info(infoMsg) logger.info(infoMsg)
if Backend.getIdentifiedDbms() == DBMS.MYSQL: if Backend.getIdentifiedDbms() == DBMS.MYSQL:
self.getCurrentUser() self.getCurrentUser()
query = queries[Backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0] query = queries[Backend.getIdentifiedDbms()].is_dba.query % kb.data.currentUser.split("@")[0]
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and user is not None:
query = queries[Backend.getIdentifiedDbms()].is_dba.query2 % user
else: else:
query = queries[Backend.getIdentifiedDbms()].is_dba.query query = queries[Backend.getIdentifiedDbms()].is_dba.query
query = agent.forgeCaseStatement(query) query = agent.forgeCaseStatement(query)
isDba = inject.getValue(query, unpack=False, charsetType=1)
kb.data.isDba = inject.getValue(query, unpack=False, charsetType=1) if user is None:
kb.data.isDba = isDba
return kb.data.isDba == "1" return isDba == "1"
def getUsers(self): def getUsers(self):
infoMsg = "fetching database users" infoMsg = "fetching database users"