From fd705c3dff8f1ba7821ee5c9699ce29ae4137b11 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 22 Jan 2019 01:28:24 +0100 Subject: [PATCH] Baby steps --- extra/wafdetectify/wafdetectify.py | 2 +- lib/core/settings.py | 2 +- lib/core/threads.py | 8 +++++--- lib/parse/cmdline.py | 2 +- lib/request/inject.py | 4 +++- lib/takeover/abstraction.py | 6 ++++-- lib/takeover/metasploit.py | 4 +++- lib/techniques/error/use.py | 4 +++- lib/utils/api.py | 4 +++- lib/utils/hash.py | 6 ++++-- plugins/generic/custom.py | 6 ++++-- sqlmap.py | 12 +++++++----- txt/checksum.md5 | 24 ++++++++++++------------ 13 files changed, 51 insertions(+), 33 deletions(-) diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index ba269a631..1c8135536 100755 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -126,7 +126,7 @@ def main(): if not found: print(colorize("[o] nothing found")) - print + print() exit(int(not found)) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3354c5b73..6b0d76117 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.1.61" +VERSION = "1.3.1.62" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/threads.py b/lib/core/threads.py index d27cc259c..a9e4a4c96 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + import difflib import random import threading @@ -167,7 +169,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio time.sleep(0.1) except (KeyboardInterrupt, SqlmapUserQuitException) as ex: - print + print() kb.prependFlag = False kb.threadContinue = False kb.threadException = True @@ -185,7 +187,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio raise except (SqlmapConnectionException, SqlmapValueException) as ex: - print + print() kb.threadException = True logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message)) @@ -195,7 +197,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio except: from lib.core.common import unhandledExceptionMessage - print + print() kb.threadException = True errMsg = unhandledExceptionMessage() logger.error("thread %s: %s" % (threading.currentThread().getName(), errMsg)) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 256b39ab1..3b81f98e2 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -794,7 +794,7 @@ def cmdLineParser(argv=None): command = raw_input("sqlmap-shell> ").strip() command = getUnicode(command, encoding=sys.stdin.encoding) except (KeyboardInterrupt, EOFError): - print + print() raise SqlmapShellQuitException if not command: diff --git a/lib/request/inject.py b/lib/request/inject.py index 38fe6da5b..fab1a205f 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + import re import time @@ -277,7 +279,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char raise SqlmapDataException(errMsg) except KeyboardInterrupt: - print + print() warnMsg = "user aborted during dumping phase" logger.warn(warnMsg) diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 81db1bcb5..349df3e24 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + import sys from extra.safe2bin.safe2bin import safechardecode @@ -129,11 +131,11 @@ class Abstraction(Web, UDF, XP_cmdshell): command = raw_input("os-shell> ") command = getUnicode(command, encoding=sys.stdin.encoding) except KeyboardInterrupt: - print + print() errMsg = "user aborted" logger.error(errMsg) except EOFError: - print + print() errMsg = "exit" logger.error(errMsg) break diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index d42747b54..c248a714f 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + import os import re import select @@ -483,7 +485,7 @@ class Metasploit: send_all(proc, "getuid\n") if conf.privEsc: - print + print() infoMsg = "trying to escalate privileges using Meterpreter " infoMsg += "'getsystem' command which tries different " diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index f6ded61f1..8b878bc9a 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + import re import time @@ -242,7 +244,7 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e if not suppressOutput: if kb.fileReadMode and output and output.strip(): - print + print() elif output is not None and not (threadData.resumed and kb.suppressResumeInfo) and not (emptyFields and field in emptyFields): status = "[%s] [INFO] %s: '%s'" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", output if kb.safeCharEncode else safecharencode(output)) diff --git a/lib/utils/api.py b/lib/utils/api.py index ec1dceeaa..fd8ce85df 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -6,6 +6,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + import contextlib import httplib import logging @@ -762,7 +764,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non command = raw_input("api%s> " % (" (%s)" % taskid if taskid else "")).strip() command = re.sub(r"\A(\w+)", lambda match: match.group(1).lower(), command) except (EOFError, KeyboardInterrupt): - print + print() break if command in ("data", "log", "status", "stop", "kill"): diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 2631a749a..9871fd9b0 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + try: from crypt import crypt except: # removed ImportError because of https://github.com/sqlmapproject/sqlmap/issues/3171 @@ -1061,7 +1063,7 @@ def dictionaryAttack(attack_dict): _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, 0, 1, kb.wordlists, custom_wordlist, conf.api) except KeyboardInterrupt: - print + print() processException = True warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)" logger.warn(warnMsg) @@ -1157,7 +1159,7 @@ def dictionaryAttack(attack_dict): found = found_.value except KeyboardInterrupt: - print + print() processException = True warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)" logger.warn(warnMsg) diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index dc49e5a50..929fc2f9a 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + import re import sys @@ -90,11 +92,11 @@ class Custom: query = getUnicode(query, encoding=sys.stdin.encoding) query = query.strip("; ") except KeyboardInterrupt: - print + print() errMsg = "user aborted" logger.error(errMsg) except EOFError: - print + print() errMsg = "exit" logger.error(errMsg) break diff --git a/sqlmap.py b/sqlmap.py index b13d8c12e..e21641732 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +from __future__ import print_function + try: import sys @@ -188,10 +190,10 @@ def main(): raise SystemExit except KeyboardInterrupt: - print + print() except EOFError: - print + print() errMsg = "exit" logger.error(errMsg) @@ -200,7 +202,7 @@ def main(): pass except: - print + print() errMsg = unhandledExceptionMessage() excMsg = traceback.format_exc() valid = checkIntegrity() @@ -210,13 +212,13 @@ def main(): errMsg += "You should retrieve the latest development version from official GitHub " errMsg += "repository at '%s'" % GIT_PAGE logger.critical(errMsg) - print + print() dataToStdout(excMsg) raise SystemExit elif any(_ in excMsg for _ in ("tamper/", "waf/")): logger.critical(errMsg) - print + print() dataToStdout(excMsg) raise SystemExit diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8083b8dd7..67ed787d6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ a32e12410e0f86c1d035db6daae84680 extra/shutils/duplicates.py fb6be55d21a70765e35549af2484f762 extra/sqlharvest/__init__.py 4f82e97b09cc530cb9a92472d0835cea extra/sqlharvest/sqlharvest.py fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py -e0581096d2890506878e9b424e4e1001 extra/wafdetectify/wafdetectify.py +d62ae3224aca6a9496b35583db61412a extra/wafdetectify/wafdetectify.py ec782b9cdb8d857a80b6ecf0f32db7f4 lib/controller/action.py d099724a49c5fd6b0dca8c777e82604e lib/controller/checks.py c4d559a98cfc62b401ef7e0bfab782f0 lib/controller/controller.py @@ -49,18 +49,18 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py 7d8a22c582ad201f65b73225e4456170 lib/core/replication.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py -1d9c5cc98c251357da6eb91902d75c4d lib/core/settings.py +0013f0712973543735d356560295a047 lib/core/settings.py a8a7501d1e6b21669b858a62e921d191 lib/core/shell.py 5dc606fdf0afefd4b305169c21ab2612 lib/core/subprocessng.py 072c08d834d01b33e5f39320dcf67a0d lib/core/target.py 7857b24b7865ccb4a05283faa596974d lib/core/testing.py -bf4bdec9b247a999f877a5e5d7daeb70 lib/core/threads.py +203d2082929b4ac5454605c8c7c800a9 lib/core/threads.py 2c263c8610667fdc593c50a35ab20f57 lib/core/unescaper.py ff45c74515fecc95277f7b9ad945f17c lib/core/update.py b40f4c20a38729bb4933b8221665f106 lib/core/wordlist.py fb6be55d21a70765e35549af2484f762 lib/__init__.py 4881480d0c1778053908904e04570dc3 lib/parse/banner.py -ff78461bf084b700b35c51c758685917 lib/parse/cmdline.py +f60469363c303b86255246e5a9604ba3 lib/parse/cmdline.py 06ccbccb63255c8f1c35950a4c8a6f6b lib/parse/configfile.py 9b33e52f697d6e915c7a10153562ce89 lib/parse/handler.py 43deb2400e269e602e916efaec7c0903 lib/parse/headers.py @@ -76,16 +76,16 @@ fc25d951217077fe655ed2a3a81552ae lib/request/comparison.py 2b7509ba38a667c61cefff036ec4ca6f lib/request/dns.py ceac6b3bf1f726f8ff43c6814e9d7281 lib/request/httpshandler.py fb6be55d21a70765e35549af2484f762 lib/request/__init__.py -00720f9eddf42f4fefa083fba40f69ed lib/request/inject.py +338f39808f63af8d4f4afe9e7b0665a2 lib/request/inject.py 52a067bd2fe91ea9395269a684380cbb lib/request/methodrequest.py ac482ec52227daf48f523827dd67078f lib/request/pkihandler.py 16ff6e078819fe517b1fc0ae3cbc1aa8 lib/request/rangehandler.py db4dc98d03d1865cc6266a79cd5c81b7 lib/request/redirecthandler.py 1e60edebdb3997055616d12f4a932375 lib/request/templates.py -d0059dbb1e928871747a8893b41ce268 lib/takeover/abstraction.py +eafa28e4beb2b7492dfc8036033ac824 lib/takeover/abstraction.py ac9efea51eba120b667b4b73536d7f1c lib/takeover/icmpsh.py fb6be55d21a70765e35549af2484f762 lib/takeover/__init__.py -093301eaeac3cd19374f2e389e873b18 lib/takeover/metasploit.py +838002e763b071ed6dc334cabf4fffd9 lib/takeover/metasploit.py 6b5b841d445b7b973c2e033edfb01b16 lib/takeover/registry.py ad038ac567f97a4b940b7987792d64a4 lib/takeover/udf.py 915a3fbd557fb136bd0e16c46d993be3 lib/takeover/web.py @@ -96,19 +96,19 @@ fb6be55d21a70765e35549af2484f762 lib/techniques/dns/__init__.py ea48db4c48276d7d0e71aa467c0c523f lib/techniques/dns/test.py 437786cd2f9c3237614e3cac0220b2a6 lib/techniques/dns/use.py fb6be55d21a70765e35549af2484f762 lib/techniques/error/__init__.py -c23a6f8e88242c84b54426ae7cd430a1 lib/techniques/error/use.py +2c945522ce05c2a1204d1563ae64eff2 lib/techniques/error/use.py fb6be55d21a70765e35549af2484f762 lib/techniques/__init__.py fb6be55d21a70765e35549af2484f762 lib/techniques/union/__init__.py baa3946c23749d898f473dba0f4eecff lib/techniques/union/test.py d32988e13713417286ab83a00856858e lib/techniques/union/use.py -31d0ac4f92d4ffddf9936499829484cc lib/utils/api.py +78cd3133349e9cfdcc6b3512c7d5ce36 lib/utils/api.py 544dee96e782560fe4355cbf6ee19b8c lib/utils/brute.py b27421eb57cea711050135f84be99258 lib/utils/crawler.py da4bc159e6920f1f7e45c92c39941690 lib/utils/deps.py f7c64515a3e4fcfe8266ca2be77be565 lib/utils/getch.py 0d497906b06eb82d14da676e9f9c98f5 lib/utils/har.py d11f7f208ccf3a7753ccc417b4b01901 lib/utils/hashdb.py -9d9bd2896858ce0eabbb9a4ef1f5ca0e lib/utils/hash.py +4bcee9dd3300aaad495e7f27f9fbccc0 lib/utils/hash.py 17009289bb5c0dc0cceaa483113101e1 lib/utils/htmlentities.py fb6be55d21a70765e35549af2484f762 lib/utils/__init__.py 833b05c72c9fa60b0a25b0a26f8f31fb lib/utils/pivotdumptable.py @@ -212,7 +212,7 @@ d2391dfe74f053eb5f31b0efad3fdda0 plugins/dbms/sqlite/connector.py ec3f406591fc9472f5750bd40993e72e plugins/dbms/sybase/syntax.py 369476221b3059106410de05766227e0 plugins/dbms/sybase/takeover.py 312020bc31ffb0bc6077f62e6fff6e73 plugins/generic/connector.py -54ac71c46c67c81196e2e6707e0989cf plugins/generic/custom.py +1ea0b0e7aa15b7687e1b00845e33f9ab plugins/generic/custom.py a3fd48c7094fca6692be8b1ae5e29cea plugins/generic/databases.py 9c2c830b3cf66953ecffa6cf88fc7c14 plugins/generic/entries.py f3624debb8ae6fbcfb5f1b7f1d0743d1 plugins/generic/enumeration.py @@ -234,7 +234,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 41522f8ad02ac133ca0aeaab374c36a8 sqlmapapi.py -67607879bc78f039b9c9f3be6380d253 sqlmap.py +5cf6426651800869be0d4750b07b1b74 sqlmap.py 772fb3dd15edc9d4055ab9f9dee0c203 tamper/0x2char.py 3d89a5c4c33d4d1d9303f5e3bd11f0ae tamper/apostrophemask.py 1fd0eec63970728c1e6628b2e4c21d81 tamper/apostrophenullencode.py