sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-25 11:23:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

layout adjustments

Browse Source
This commit is contained in:
Bernardo Damele 2012-04-04 12:27:24 +00:00
parent 1b2cd44255
commit d106fb5184
5 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/option.py
View File

@ -77,7 +77,6 @@ from lib.core.exception import sqlmapSyntaxException
from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.exception import sqlmapUnsupportedDBMSException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import sqlmapUserQuitException
from lib.core.optiondict import optDict from lib.core.optiondict import optDict
from lib.request.dns import DNSServer
from lib.core.settings import CODECS_LIST_PAGE from lib.core.settings import CODECS_LIST_PAGE
from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import DEFAULT_PAGE_ENCODING from lib.core.settings import DEFAULT_PAGE_ENCODING
@ -116,6 +115,7 @@ from lib.core.update import update
from lib.parse.configfile import configFileParser from lib.parse.configfile import configFileParser
from lib.parse.payloads import loadPayloads from lib.parse.payloads import loadPayloads
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.request.dns import DNSServer
from lib.request.proxy import ProxyHTTPSHandler from lib.request.proxy import ProxyHTTPSHandler
from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler
from lib.request.certhandler import HTTPSCertAuthHandler from lib.request.certhandler import HTTPSCertAuthHandler
@ -1719,7 +1719,7 @@ def __setDNSServer():
if not conf.dnsDomain: if not conf.dnsDomain:
return return
infoMsg = "making DNS server instance" infoMsg = "setting up DNS server instance"
logger.info(infoMsg) logger.info(infoMsg)
isAdmin = runningAsAdmin() isAdmin = runningAsAdmin()
@ -1730,7 +1730,7 @@ def __setDNSServer():
else: else:
errMsg = "you need to run sqlmap as an administrator " errMsg = "you need to run sqlmap as an administrator "
errMsg += "if you want to perform a DNS data exfiltration attack " errMsg += "if you want to perform a DNS data exfiltration attack "
errMsg += "as it will need to listen on privileged TCP port 53 " errMsg += "as it will need to listen on privileged UDP port 53 "
errMsg += "for incoming address resolution attempts" errMsg += "for incoming address resolution attempts"
raise sqlmapMissingPrivileges, errMsg raise sqlmapMissingPrivileges, errMsg

12
lib/core/settings.py
View File

@ -194,12 +194,12 @@ REFERER_ALIASES = ( "ref", "referer", "referrer" )
HOST_ALIASES = ( "host", ) HOST_ALIASES = ( "host", )
FROM_DUMMY_TABLE = { FROM_DUMMY_TABLE = {
DBMS.ORACLE: " FROM DUAL", DBMS.ORACLE: " FROM DUAL",
DBMS.ACCESS: " FROM MSysAccessObjects", DBMS.ACCESS: " FROM MSysAccessObjects",
DBMS.FIREBIRD: " FROM RDB$DATABASE", DBMS.FIREBIRD: " FROM RDB$DATABASE",
DBMS.MAXDB: " FROM VERSIONS", DBMS.MAXDB: " FROM VERSIONS",
DBMS.DB2: " FROM SYSIBM.SYSDUMMY1" DBMS.DB2: " FROM SYSIBM.SYSDUMMY1"
} }
SQL_STATEMENTS = { SQL_STATEMENTS = {
"SQL SELECT statement": ( "SQL SELECT statement": (

4
lib/request/dns.py
View File

@ -90,14 +90,18 @@ if __name__ == "__main__":
try: try:
server = DNSServer() server = DNSServer()
server.run() server.run()
while server._running: while server._running:
while True: while True:
_ = server.pop() _ = server.pop()
if _ is None: if _ is None:
break break
else: else:
print "[i] %s" % _ print "[i] %s" % _
time.sleep(1) time.sleep(1)
except socket.error, ex: except socket.error, ex:
if 'Permission' in str(ex): if 'Permission' in str(ex):
print "[x] Please run with sudo/Administrator privileges" print "[x] Please run with sudo/Administrator privileges"

4
lib/request/inject.py
View File

@ -85,11 +85,15 @@ def __goDns(payload, expression):
if conf.dnsDomain and kb.dnsTest is not False: if conf.dnsDomain and kb.dnsTest is not False:
if kb.dnsTest is None: if kb.dnsTest is None:
logger.info("testing for data retrieval through DNS channel")
randInt = randomInt() randInt = randomInt()
kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt)
if not kb.dnsTest: if not kb.dnsTest:
errMsg = "test for data retrieval through DNS channel failed. Turning off DNS exfiltration support" errMsg = "test for data retrieval through DNS channel failed. Turning off DNS exfiltration support"
logger.error(errMsg) logger.error(errMsg)
conf.dnsDomain = None conf.dnsDomain = None
else: else:
infoMsg = "test for data retrieval through DNS channel was successful" infoMsg = "test for data retrieval through DNS channel was successful"

6
lib/techniques/dns/use.py
View File

@ -53,6 +53,7 @@ def dnsUse(payload, expression):
if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE): if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE):
output = hashDBRetrieve(expression, checkConf=True) output = hashDBRetrieve(expression, checkConf=True)
if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None: if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None:
output = None output = None
@ -79,14 +80,17 @@ def dnsUse(payload, expression):
forgedPayload = agent.payload(newValue=query) forgedPayload = agent.payload(newValue=query)
else: else:
forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3))) forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))
Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False) Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False)
_ = conf.dnsServer.pop(prefix, suffix) _ = conf.dnsServer.pop(prefix, suffix)
if _: if _:
_ = extractRegexResult("%s\.(?P<result>.+)\.%s" % (prefix, suffix), _, re.I) _ = extractRegexResult("%s\.(?P<result>.+)\.%s" % (prefix, suffix), _, re.I)
_ = decodeHexValue(_) _ = decodeHexValue(_)
output = (output or "") + _ output = (output or "") + _
offset += len(_) offset += len(_)
if len(_) < chunk_length: if len(_) < chunk_length:
break break
else: else:
@ -96,8 +100,10 @@ def dnsUse(payload, expression):
if output is not None: if output is not None:
retVal = output retVal = output
if kb.dnsTest is not None: if kb.dnsTest is not None:
dataToStdout("[%s] [INFO] %s: %s\r\n" % (time.strftime("%X"), "retrieved" if count > 0 else "resumed", safecharencode(output))) dataToStdout("[%s] [INFO] %s: %s\r\n" % (time.strftime("%X"), "retrieved" if count > 0 else "resumed", safecharencode(output)))
if count > 0: if count > 0:
hashDBWrite(expression, output) hashDBWrite(expression, output)