mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Refactoring of funcionality for finding out if stacking is available
This commit is contained in:
parent
8b4f72322a
commit
dc41484b3f
|
@ -2399,6 +2399,24 @@ def isTechniqueAvailable(technique):
|
|||
else:
|
||||
return getTechniqueData(technique) is not None
|
||||
|
||||
def isStackingAvailable():
|
||||
"""
|
||||
Returns True whether techniques using stacking are available
|
||||
"""
|
||||
|
||||
retVal = False
|
||||
|
||||
if PAYLOAD.TECHNIQUE.STACKED in kb.injection.data:
|
||||
retVal = True
|
||||
else:
|
||||
for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
|
||||
_ = getTechniqueData(technique)
|
||||
if _ and "stacked" in _["title"].lower():
|
||||
retVal = True
|
||||
break
|
||||
|
||||
return retVal
|
||||
|
||||
def isInferenceAvailable():
|
||||
"""
|
||||
Returns True whether techniques using inference technique are available
|
||||
|
|
|
@ -9,6 +9,7 @@ from extra.safe2bin.safe2bin import safechardecode
|
|||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import getSQLSnippet
|
||||
from lib.core.common import isStackingAvailable
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
|
@ -39,7 +40,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
|
|||
Xp_cmdshell.__init__(self)
|
||||
|
||||
def execCmd(self, cmd, silent=False):
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if self.webBackdoorUrl and not isStackingAvailable():
|
||||
self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
|
@ -55,7 +56,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
|
|||
def evalCmd(self, cmd, first=None, last=None):
|
||||
retVal = None
|
||||
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if self.webBackdoorUrl and not isStackingAvailable():
|
||||
retVal = self.webBackdoorRunCmd(cmd)
|
||||
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
|
@ -92,7 +93,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
|
|||
self.execCmd(cmd)
|
||||
|
||||
def shell(self):
|
||||
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if self.webBackdoorUrl and not isStackingAvailable():
|
||||
infoMsg = "calling OS shell. To quit type "
|
||||
infoMsg += "'x' or 'q' and press ENTER"
|
||||
logger.info(infoMsg)
|
||||
|
@ -146,7 +147,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
|
|||
if not conf.dbmsCred:
|
||||
return
|
||||
|
||||
if not conf.direct and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if not conf.direct and not isStackingAvailable():
|
||||
errMsg = "stacked queries is not supported hence sqlmap cannot "
|
||||
errMsg += "execute statements as another user. The execution "
|
||||
errMsg += "will continue and the DBMS credentials provided "
|
||||
|
|
|
@ -10,6 +10,7 @@ import os
|
|||
from lib.core.agent import agent
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isStackingAvailable
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
|
@ -188,7 +189,7 @@ class UDF:
|
|||
logger.error(errMsg)
|
||||
return
|
||||
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
if not isStackingAvailable() and not conf.direct:
|
||||
errMsg = "UDF injection feature requires stacked queries SQL injection"
|
||||
logger.error(errMsg)
|
||||
return
|
||||
|
|
|
@ -9,6 +9,7 @@ import re
|
|||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isStackingAvailable
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import normalizePath
|
||||
from lib.core.common import ntToPosixSlashes
|
||||
|
@ -100,7 +101,7 @@ class Takeover(GenericTakeover):
|
|||
logger.debug("keeping existing UDF '%s' as requested" % udf)
|
||||
|
||||
def uncPathRequest(self):
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if not isStackingAvailable():
|
||||
query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
|
||||
query = agent.suffixQuery(query)
|
||||
payload = agent.payload(newValue=query)
|
||||
|
|
|
@ -12,6 +12,7 @@ from lib.core.common import dataToStdout
|
|||
from lib.core.common import getPublicTypeMembers
|
||||
from lib.core.common import getSQLSnippet
|
||||
from lib.core.common import getTechniqueData
|
||||
from lib.core.common import isStackingAvailable
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.convert import utf8decode
|
||||
from lib.core.data import conf
|
||||
|
@ -41,15 +42,6 @@ class Custom:
|
|||
sqlType = sqlTitle
|
||||
break
|
||||
|
||||
stacked = isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)
|
||||
|
||||
if not stacked:
|
||||
for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
|
||||
_ = getTechniqueData(technique)
|
||||
if _ and "stacked" in _["title"].lower():
|
||||
stacked = True
|
||||
break
|
||||
|
||||
if "OPENROWSET" not in query.upper() and (not sqlType or "SELECT" in sqlType):
|
||||
infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
|
||||
logger.info(infoMsg)
|
||||
|
@ -57,7 +49,7 @@ class Custom:
|
|||
output = inject.getValue(query, fromUser=True)
|
||||
|
||||
return output
|
||||
elif not stacked and not conf.direct:
|
||||
elif not isStackingAvailable() and not conf.direct:
|
||||
warnMsg = "execution of custom SQL queries is only "
|
||||
warnMsg += "available when stacked queries are supported"
|
||||
logger.warn(warnMsg)
|
||||
|
|
|
@ -14,6 +14,7 @@ from lib.core.common import decloakToTemp
|
|||
from lib.core.common import decodeHexValue
|
||||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import isListLike
|
||||
from lib.core.common import isStackingAvailable
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.data import conf
|
||||
|
@ -189,8 +190,8 @@ class Filesystem:
|
|||
fileContent = None
|
||||
kb.fileReadMode = True
|
||||
|
||||
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if conf.direct or isStackingAvailable():
|
||||
if isStackingAvailable():
|
||||
debugMsg = "going to read the file with stacked query SQL "
|
||||
debugMsg += "injection technique"
|
||||
logger.debug(debugMsg)
|
||||
|
@ -260,8 +261,8 @@ class Filesystem:
|
|||
if localFile.endswith('_'):
|
||||
localFile = decloakToTemp(localFile)
|
||||
|
||||
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
|
||||
if conf.direct or isStackingAvailable():
|
||||
if isStackingAvailable():
|
||||
debugMsg = "going to upload the %s file with " % fileType
|
||||
debugMsg += "stacked query SQL injection technique"
|
||||
logger.debug(debugMsg)
|
||||
|
|
|
@ -10,6 +10,7 @@ import re
|
|||
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import hashDBWrite
|
||||
from lib.core.common import isStackingAvailable
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import normalizePath
|
||||
from lib.core.common import ntToPosixSlashes
|
||||
|
@ -125,7 +126,7 @@ class Miscellaneous:
|
|||
self.delRemoteFile(self.webStagerFilePath)
|
||||
self.delRemoteFile(self.webBackdoorFilePath)
|
||||
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
if not isStackingAvailable() and not conf.direct:
|
||||
return
|
||||
|
||||
if Backend.isOs(OS.WINDOWS):
|
||||
|
|
|
@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
|
|||
import os
|
||||
|
||||
from lib.core.common import Backend
|
||||
from lib.core.common import isStackingAvailable
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import runningAsAdmin
|
||||
|
@ -41,9 +42,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
Abstraction.__init__(self)
|
||||
|
||||
def osCmd(self):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
if isStackingAvailable() or conf.direct:
|
||||
web = False
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
|
||||
elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
|
||||
infoMsg = "going to use a web backdoor for command execution"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -63,9 +64,9 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.cleanup(web=web)
|
||||
|
||||
def osShell(self):
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
if isStackingAvailable() or conf.direct:
|
||||
web = False
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
|
||||
elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
|
||||
infoMsg = "going to use a web backdoor for command prompt"
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -153,7 +154,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
|
||||
self.sysUdfs.pop("sys_bineval")
|
||||
|
||||
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
|
||||
if isStackingAvailable() or conf.direct:
|
||||
web = False
|
||||
|
||||
self.getRemoteTempPath()
|
||||
|
@ -202,7 +203,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.uploadIcmpshSlave(web=web)
|
||||
self.icmpPwn()
|
||||
|
||||
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
|
||||
elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
|
||||
web = True
|
||||
|
||||
infoMsg = "going to use a web backdoor to establish the tunnel"
|
||||
|
@ -250,7 +251,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
errMsg += "relay attack"
|
||||
raise SqlmapUnsupportedDBMSException(errMsg)
|
||||
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
if not isStackingAvailable() and not conf.direct:
|
||||
if Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.MSSQL):
|
||||
errMsg = "on this back-end DBMS it is only possible to "
|
||||
errMsg += "perform the SMB relay attack if stacked "
|
||||
|
@ -292,7 +293,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
self.smb()
|
||||
|
||||
def osBof(self):
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
if not isStackingAvailable() and not conf.direct:
|
||||
return
|
||||
|
||||
if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin(("2000", "2005")):
|
||||
|
@ -328,7 +329,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
|||
raise SqlmapUndefinedMethod(errMsg)
|
||||
|
||||
def _regInit(self):
|
||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||
if not isStackingAvailable() and not conf.direct:
|
||||
return
|
||||
|
||||
self.checkDbmsOs()
|
||||
|
|
Loading…
Reference in New Issue
Block a user