From f30dea74f3148d4671b547fbb78d5bb8f061cd7f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 19 Feb 2011 18:36:26 +0000 Subject: [PATCH] more Sybase updates --- plugins/dbms/sybase/enumeration.py | 65 ++++++++++++++++++++++++++++++ plugins/generic/enumeration.py | 2 +- xml/queries.xml | 4 +- 3 files changed, 68 insertions(+), 3 deletions(-) diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index e0171ebec..4b90837c2 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -90,3 +90,68 @@ class Enumeration(GenericEnumeration): break return kb.data.cachedColumns + + def getTables(self, bruteForce=None): + self.forceDbmsEnum() + + infoMsg = "fetching tables" + if conf.db: + infoMsg += " for database '%s'" % conf.db + logger.info(infoMsg) + + rootQuery = queries[Backend.getIdentifiedDbms()].tables + + if conf.db: + if "," in conf.db: + dbs = conf.db.split(",") + else: + dbs = [conf.db] + else: + if not len(kb.data.cachedDbs): + dbs = self.getDbs() + else: + dbs = kb.data.cachedDbs + + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: + blinds = [False, True] + else: + blinds = [True] + + for db in dbs: + for blind in blinds: + randStr = randomStr() + query = rootQuery.inband.query % db + retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) + + if retVal: + for table in retVal[0].values()[0]: + if not kb.data.cachedTables.has_key(db): + kb.data.cachedTables[db] = [table] + else: + kb.data.cachedTables[db].append(table) + break + + return kb.data.cachedTables + + def getDbs(self): + infoMsg = "fetching database names" + logger.info(infoMsg) + + rootQuery = queries[Backend.getIdentifiedDbms()].dbs + + randStr = randomStr() + query = rootQuery.inband.query + + if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) or conf.direct: + blinds = [False, True] + else: + blinds = [True] + + for blind in blinds: + retVal = self.__pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) + + if retVal: + kb.data.cachedDbs = retVal[0].values()[0] + break + + return kb.data.cachedDbs diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index e039f0c92..f3fd513c0 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -816,7 +816,7 @@ class Enumeration: infoMsg = "skipping system databases '%s'" % ", ".join(db for db in self.excludeDbsList) logger.info(infoMsg) - if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + if Backend.getIdentifiedDbms() == DBMS.MSSQL: query = safeStringFormat(query, conf.db) value = inject.getValue(query, blind=False) diff --git a/xml/queries.xml b/xml/queries.xml index 254fc5c5a..52bf130b8 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -499,11 +499,11 @@ - + - +