Implementation for an Issue #200

This commit is contained in:
Miroslav Stampar 2012-10-09 15:19:47 +02:00
parent cd9a47835b
commit e61c4c22c9
5 changed files with 25 additions and 12 deletions

View File

@ -58,6 +58,7 @@ from lib.core.convert import utf8encode
from lib.core.decorators import cachedmethod from lib.core.decorators import cachedmethod
from lib.core.dicts import DBMS_DICT from lib.core.dicts import DBMS_DICT
from lib.core.dicts import SQL_STATEMENTS from lib.core.dicts import SQL_STATEMENTS
from lib.core.enums import ADJUST_TIME_DELAY
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
@ -1906,8 +1907,14 @@ def wasLastRequestDelayed():
lowerStdLimit = average(kb.responseTimes) + TIME_STDEV_COEFF * deviation lowerStdLimit = average(kb.responseTimes) + TIME_STDEV_COEFF * deviation
retVal = (threadData.lastQueryDuration >= lowerStdLimit) retVal = (threadData.lastQueryDuration >= lowerStdLimit)
if not kb.testMode and retVal and kb.adjustTimeDelay: if not kb.testMode and retVal:
adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit) if kb.adjustTimeDelay is None:
msg = "do you want sqlmap to try to optimize value(s) "
msg += "for DBMS delay responses (option '--time-sec')? [Y/n] "
choice = readInput(msg, default='Y')
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if choice.upper() == 'N' else ADJUST_TIME_DELAY.YES
if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit)
return retVal return retVal
else: else:

View File

@ -223,3 +223,8 @@ class WIZARD:
BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba") BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba")
SMART = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs") SMART = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs")
ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll") ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll")
class ADJUST_TIME_DELAY:
DISABLE = -1
NO = 0
YES = 1

View File

@ -59,6 +59,7 @@ from lib.core.datatype import AttribDict
from lib.core.datatype import InjectionDict from lib.core.datatype import InjectionDict
from lib.core.defaults import defaults from lib.core.defaults import defaults
from lib.core.dicts import DBMS_DICT from lib.core.dicts import DBMS_DICT
from lib.core.enums import ADJUST_TIME_DELAY
from lib.core.enums import CUSTOM_LOGGING from lib.core.enums import CUSTOM_LOGGING
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
@ -1356,16 +1357,14 @@ def __cleanupOptions():
if conf.timeSec not in kb.explicitSettings: if conf.timeSec not in kb.explicitSettings:
if conf.tor: if conf.tor:
conf.timeSec = 2 * conf.timeSec conf.timeSec = 2 * conf.timeSec
kb.adjustTimeDelay = False kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
warnMsg = "increasing default value for " warnMsg = "increasing default value for "
warnMsg += "option '--time-sec' to %d because " % conf.timeSec warnMsg += "option '--time-sec' to %d because " % conf.timeSec
warnMsg += "switch '--tor' was provided" warnMsg += "switch '--tor' was provided"
logger.warn(warnMsg) logger.warn(warnMsg)
else:
kb.adjustTimeDelay = True
else: else:
kb.adjustTimeDelay = False kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
if conf.code: if conf.code:
conf.code = int(conf.code) conf.code = int(conf.code)
@ -1446,7 +1445,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
logger.debug(debugMsg) logger.debug(debugMsg)
kb.absFilePaths = set() kb.absFilePaths = set()
kb.adjustTimeDelay = False kb.adjustTimeDelay = None
kb.alwaysRefresh = None kb.alwaysRefresh = None
kb.arch = None kb.arch = None
kb.authHeader = None kb.authHeader = None

View File

@ -40,6 +40,7 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.dicts import POST_HINT_CONTENT_TYPES from lib.core.dicts import POST_HINT_CONTENT_TYPES
from lib.core.enums import ADJUST_TIME_DELAY
from lib.core.enums import CUSTOM_LOGGING from lib.core.enums import CUSTOM_LOGGING
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
@ -704,7 +705,7 @@ class Connect:
deviation = stdev(kb.responseTimes) deviation = stdev(kb.responseTimes)
if deviation > WARN_TIME_STDEV: if deviation > WARN_TIME_STDEV:
kb.adjustTimeDelay = False kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
warnMsg = "there is considerable lagging " warnMsg = "there is considerable lagging "
warnMsg += "in connection response(s). Please use as high " warnMsg += "in connection response(s). Please use as high "

View File

@ -31,6 +31,7 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import queries from lib.core.data import queries
from lib.core.enums import ADJUST_TIME_DELAY
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
@ -289,10 +290,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '') warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
logger.warn(warnMsg) logger.warn(warnMsg)
if kb.adjustTimeDelay: if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
dbgMsg = "turning off time auto-adjustment mechanism" dbgMsg = "turning off time auto-adjustment mechanism"
logger.debug(dbgMsg) logger.debug(dbgMsg)
kb.adjustTimeDelay = False kb.adjustTimeDelay = ADJUST_TIME_DELAY.NO
return getChar(idx, originalTbl, continuousOrder, expand, shiftTable) return getChar(idx, originalTbl, continuousOrder, expand, shiftTable)
else: else:
@ -303,10 +304,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
else: else:
if timeBasedCompare: if timeBasedCompare:
kb.timeValidCharsRun += 1 kb.timeValidCharsRun += 1
if not kb.adjustTimeDelay and kb.timeValidCharsRun > VALID_TIME_CHARS_RUN_THRESHOLD: if kb.adjustTimeDelay is ADJUST_TIME_DELAY.NO and kb.timeValidCharsRun > VALID_TIME_CHARS_RUN_THRESHOLD:
dbgMsg = "turning back on time auto-adjustment mechanism" dbgMsg = "turning back on time auto-adjustment mechanism"
logger.debug(dbgMsg) logger.debug(dbgMsg)
kb.adjustTimeDelay = True kb.adjustTimeDelay = ADJUST_TIME_DELAY.YES
return decodeIntToUnicode(retVal) return decodeIntToUnicode(retVal)
else: else: