From ec9cc19951bd2044203ebeff2ad274cbf36b7a7f Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Fri, 13 Jan 2012 21:46:21 +0000 Subject: [PATCH] Minor bug fixes for -d --- plugins/dbms/maxdb/enumeration.py | 5 ++++- plugins/dbms/mssqlserver/enumeration.py | 5 ++++- plugins/dbms/mssqlserver/fingerprint.py | 6 ++++-- plugins/dbms/sybase/enumeration.py | 5 ++++- plugins/generic/enumeration.py | 7 ++++++- xml/banner/generic.xml | 7 +++++++ 6 files changed, 29 insertions(+), 6 deletions(-) diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index 07c7e3663..8fd2f4680 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -71,12 +71,15 @@ class Enumeration(GenericEnumeration): dbs[dbs.index(db)] = safeSQLIdentificatorNaming(db) infoMsg = "fetching tables for database" - infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db for db in sorted(dbs))) + infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs))) logger.info(infoMsg) rootQuery = queries[Backend.getIdentifiedDbms()].tables for db in dbs: + if not isinstance(db, basestring): + db = db[0] + randStr = randomStr() query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER') retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True) diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index d82664865..6eb637f28 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -81,13 +81,16 @@ class Enumeration(GenericEnumeration): dbs = filter(None, dbs) infoMsg = "fetching tables for database" - infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db for db in sorted(dbs))) + infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs))) logger.info(infoMsg) rootQuery = queries[Backend.getIdentifiedDbms()].tables if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct: for db in dbs: + if not isinstance(db, basestring): + db = db[0] + if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db logger.info(infoMsg) diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 444e8405c..2abfc642b 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -142,9 +142,11 @@ class Fingerprint(GenericFingerprint): inject.goStacked("INSERT INTO %s(%s) VALUES (%s)" % (self.fileTblName, self.tblField, "@@VERSION")) versions = { "2003": ("5.2", (2, 1)), + # TODO: verify this #"2003": ("6.0", (2, 1)), "2008": ("7.0", (1,)), "2000": ("5.0", (4, 3, 2, 1)), + "7": ("6.1", (1, 0)), "XP": ("5.1", (2, 1)), "NT": ("4.0", (6, 5, 4, 3, 2, 1)) } @@ -154,7 +156,7 @@ class Fingerprint(GenericFingerprint): query += "LIKE '%Windows NT " + data[0] + "%'" result = inject.goStacked(query) - if result is not None and result.isdigit(): + if result is not None and len(result) > 0 and result[0].isdigit(): Backend.setOsVersion(version) infoMsg += " %s" % Backend.getOsVersion() break @@ -180,7 +182,7 @@ class Fingerprint(GenericFingerprint): query += "LIKE '%Service Pack " + getUnicode(sp) + "%'" result = inject.goStacked(query) - if result is not None and result.isdigit(): + if result is not None and len(result) > 0 and result[0].isdigit(): Backend.setOsServicePack(sp) break diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index 07656e039..a3a74a174 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -127,7 +127,7 @@ class Enumeration(GenericEnumeration): dbs = filter(None, dbs) infoMsg = "fetching tables for database" - infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db for db in sorted(dbs))) + infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs))) logger.info(infoMsg) if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct: @@ -138,6 +138,9 @@ class Enumeration(GenericEnumeration): rootQuery = queries[Backend.getIdentifiedDbms()].tables for db in dbs: + if not isinstance(db, basestring): + db = db[0] + for blind in blinds: randStr = randomStr() query = rootQuery.inband.query % db diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 79498b3e2..547bdde06 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -866,7 +866,7 @@ class Enumeration: return tableExists(paths.COMMON_TABLES) infoMsg = "fetching tables for database" - infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db for db in sorted(dbs))) + infoMsg += "%s: %s" % ("s" if len(dbs) > 1 else "", ", ".join(db if isinstance(db, basestring) else db[0] for db in sorted(dbs))) logger.info(infoMsg) rootQuery = queries[Backend.getIdentifiedDbms()].tables @@ -897,6 +897,9 @@ class Enumeration: value = map(lambda x: (dbs[0], x), value) for db, table in filterPairValues(value): + if not isinstance(db, basestring): + db = db[0] + db = safeSQLIdentificatorNaming(db) table = safeSQLIdentificatorNaming(table, True) @@ -1027,6 +1030,8 @@ class Enumeration: if isinstance(tblList[0], (set, tuple, list)): tblList = tblList[0] + + tblList = list(tblList) else: errMsg = "unable to retrieve the tables" errMsg += "on database '%s'" % conf.db diff --git a/xml/banner/generic.xml b/xml/banner/generic.xml index 3c6eb419a..8e3b81057 100644 --- a/xml/banner/generic.xml +++ b/xml/banner/generic.xml @@ -19,7 +19,14 @@ + + + + +