From c0946ce2c91d667c43a1d2c26452b6c028ffbeaf Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Wed, 4 Apr 2012 12:42:58 +0000 Subject: [PATCH] Minor refactoring --- lib/request/inject.py | 15 ++------------- lib/techniques/dns/test.py | 32 ++++++++++++++++++++++++++++++++ lib/techniques/dns/use.py | 18 ++++++++++++++++++ 3 files changed, 52 insertions(+), 13 deletions(-) create mode 100644 lib/techniques/dns/test.py diff --git a/lib/request/inject.py b/lib/request/inject.py index 36fdab0cb..35c76a9f4 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -49,6 +49,7 @@ from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.request.direct import direct from lib.techniques.blind.inference import bisection +from lib.techniques.dns.test import dnsTest from lib.techniques.dns.use import dnsUse from lib.techniques.error.use import errorUse from lib.techniques.union.use import unionUse @@ -85,19 +86,7 @@ def __goDns(payload, expression): if conf.dnsDomain and kb.dnsTest is not False: if kb.dnsTest is None: - logger.info("testing for data retrieval through DNS channel") - - randInt = randomInt() - kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) - - if not kb.dnsTest: - errMsg = "data retrieval through DNS channel failed. Turning off DNS exfiltration support" - logger.error(errMsg) - - conf.dnsDomain = None - else: - infoMsg = "data retrieval through DNS channel was successful" - logger.info(infoMsg) + dnsTest(payload) if kb.dnsTest: value = dnsUse(payload, expression) diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py new file mode 100644 index 000000000..34f15438a --- /dev/null +++ b/lib/techniques/dns/test.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python + +""" +$Id$ + +Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/) +See the file 'doc/COPYING' for copying permission +""" + +from lib.core.common import Backend +from lib.core.common import randomInt +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.settings import FROM_DUMMY_TABLE +from lib.techniques.dns.use import dnsUse + + +def dnsTest(payload): + logger.info("testing for data retrieval through DNS channel") + + randInt = randomInt() + kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) + + if not kb.dnsTest: + errMsg = "data retrieval through DNS channel failed. Turning off DNS exfiltration support" + logger.error(errMsg) + + conf.dnsDomain = None + else: + infoMsg = "data retrieval through DNS channel was successful" + logger.info(infoMsg) diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 8fe74d86c..7283eb787 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -34,11 +34,29 @@ from lib.core.data import logger from lib.core.data import queries from lib.core.enums import DBMS from lib.core.enums import PAYLOAD +from lib.core.settings import FROM_DUMMY_TABLE from lib.core.settings import MAX_DNS_LABEL from lib.core.settings import PARTIAL_VALUE_MARKER from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request + +def dnsTest(payload): + logger.info("testing for data retrieval through DNS channel") + + randInt = randomInt() + kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) + + if not kb.dnsTest: + errMsg = "data retrieval through DNS channel failed. Turning off DNS exfiltration support" + logger.error(errMsg) + + conf.dnsDomain = None + else: + infoMsg = "data retrieval through DNS channel was successful" + logger.info(infoMsg) + + def dnsUse(payload, expression): """ Retrieve the output of a SQL query taking advantage of the DNS