Commit Graph

419 Commits

Author SHA1 Message Date
Miroslav Stampar
526aacb640 code cleanup 2011-12-21 22:59:23 +00:00
Miroslav Stampar
41b60b26fc minor refactoring 2011-12-21 14:25:39 +00:00
Miroslav Stampar
0b54553a76 quick fix for AV engines 2011-12-21 10:22:03 +00:00
Miroslav Stampar
0f5d48ff20 minor update 2011-12-05 09:25:56 +00:00
Miroslav Stampar
408d12dc41 minor fix 2011-12-05 08:26:00 +00:00
Miroslav Stampar
3fb22ef80a another minor update 2011-12-05 00:03:05 +00:00
Miroslav Stampar
a462a9df43 minor update 2011-12-04 23:59:10 +00:00
Miroslav Stampar
b99c157d0f patching DNS-leakage of SocksiPy extra module 2011-12-04 23:58:22 +00:00
Miroslav Stampar
ef987c6954 adding compatibility support for using --crawl and --forms together 2011-10-29 09:32:20 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Bernardo Damele
50f4c4af52 Minor bug fix to parse also MSSQL 2008 R2 signatures 2011-07-24 23:43:01 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Bernardo Damele
6d606d417b Preparing for PostgreSQL 9.0 DLL (--os-pwn) compilation on Windows 64-bit 2011-06-28 13:41:15 +00:00
Bernardo Damele
1698630bc0 Added PostgreSQL 9.0 shared object for Linux 64-bit 2011-06-28 13:12:18 +00:00
Miroslav Stampar
7c830c2b1a removing xmlobject 2011-06-22 14:33:03 +00:00
Miroslav Stampar
2a4a284a29 crawler fix (skip binary files) 2011-06-20 22:41:38 +00:00
Miroslav Stampar
d9015ed800 fix for a bug reported by krasn@deventum.com 2011-06-20 13:25:19 +00:00
Miroslav Stampar
07e2c72943 adding Beautifulsoup (BSD) into extras; adding --crawl to options 2011-06-20 11:32:30 +00:00
Miroslav Stampar
84978f16c9 fix for a "problem" reported by Kirill Morozov (nt authority\\network service) 2011-06-11 07:54:59 +00:00
Miroslav Stampar
0d0f2863af adding one more tamper script 2011-06-09 09:38:07 +00:00
Bernardo Damele
cce3208b35 Cleanup 2011-06-08 14:15:34 +00:00
Miroslav Stampar
0486d1cdaa minor module update 2011-05-24 10:32:21 +00:00
Miroslav Stampar
25fff8c135 changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux) 2011-05-21 11:46:57 +00:00
Miroslav Stampar
48ac9911c0 more graceful fix related to the last commit 2011-05-11 09:42:35 +00:00
Miroslav Stampar
402c623119 minor fix 2011-05-11 09:40:11 +00:00
Miroslav Stampar
53065ee1fb adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected) 2011-05-11 08:55:48 +00:00
Bernardo Damele
28a4ae8eaf Minor improvement to cleanup script 2011-05-06 13:53:10 +00:00
Bernardo Damele
eea96c5b8d code cleanup 2011-05-05 08:50:18 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
6bb4dce3aa minor refactoring 2011-04-29 15:22:32 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Miroslav Stampar
41924a6ead fix for a bug reported by saccurso@skygear.com​.ar (UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 0: ordinal
not in range(128))
2011-04-21 23:17:16 +00:00
Bernardo Damele
8e2e06a7a3 layout adjustment 2011-04-21 09:25:42 +00:00
Miroslav Stampar
354a2ce249 'chardet' heuristic engine added to the project 2011-04-18 13:38:46 +00:00
Bernardo Damele
79d5804519 added propset 2011-04-15 16:28:48 +00:00
Bernardo Damele
48f916d5a4 Fixed a minor bug 2011-04-15 16:25:42 +00:00
Miroslav Stampar
c461fdca54 some refactoring 2011-04-15 13:51:06 +00:00
Miroslav Stampar
bf6ea35145 adding new tool safe2bin for decoding safe encoded values 2011-04-15 13:41:50 +00:00
Miroslav Stampar
a883316e22 i was on some heavy drugs (sys.stdout = fpOut) 2011-04-15 12:58:56 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
7c61931b96 Added notes on how to compile and get small shared libraries for UDF 2011-04-12 09:53:52 +00:00
Miroslav Stampar
305115a68b important improvement of data handling (POST data and header values) 2011-04-03 15:02:52 +00:00
Miroslav Stampar
cd7e4f5afc improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form) 2011-04-01 22:12:24 +00:00
Miroslav Stampar
d8f7c4bc4c minor update regarding support for crypt(3) 2011-03-26 21:41:37 +00:00
Miroslav Stampar
63b8156c00 some update (if header key is non-unicode comformant) 2011-02-25 09:43:04 +00:00
Miroslav Stampar
2bbbc9a41e few updates 2011-02-25 09:35:24 +00:00
Bernardo Damele
156d8cd99b Directory restyling 2011-02-08 00:15:02 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Bernardo Damele
6a71629575 Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Miroslav Stampar
4df8a03c04 using OrderedDict to store parameters in order of appearance 2011-02-04 18:07:21 +00:00
Miroslav Stampar
a8fea8e4a8 fix for a bug noticed when using --keep-alive --threads on IIS/MSSQL 2011-02-03 15:09:53 +00:00
Bernardo Damele
06bb369da5 GCC 4.3 makes Linux/MySQL shared objects smaller 2011-02-03 14:59:31 +00:00
Bernardo Damele
8cf88dd0da Ready with PgSQL/Linux/32bit shared object too now 2011-02-03 12:28:00 +00:00
Miroslav Stampar
6393495eb0 comment added 2011-01-31 11:58:35 +00:00
Miroslav Stampar
1b4d68c844 minor update 2011-01-31 11:56:20 +00:00
Miroslav Stampar
fb3513650d adding ID properties 2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8 refactoring of MSSQL XML banner parsing 2011-01-31 11:38:00 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
b1c7a17163 fix for a bug reported by malice.anon@gmail.com (UnicodeEncodeError..self.sock.sendall(str)) 2011-01-28 13:26:20 +00:00
Miroslav Stampar
bb6e36fb02 minor updates 2011-01-27 12:38:39 +00:00
Miroslav Stampar
20df2bbd10 minor fix 2011-01-25 15:44:45 +00:00
Miroslav Stampar
c7f260a8bc minor update 2011-01-25 12:54:49 +00:00
Miroslav Stampar
98e48bd682 new script 2011-01-25 12:48:50 +00:00
Miroslav Stampar
bd2e036412 minor fix 2011-01-20 22:00:16 +00:00
Bernardo Damele
1d06c64149 Indentation fix 2011-01-20 21:56:38 +00:00
Bernardo Damele
aa8a20d241 Minor bug fix for a traceback 2011-01-20 21:50:21 +00:00
Miroslav Stampar
44504746cf minor update 2011-01-15 13:43:08 +00:00
Miroslav Stampar
6942c9a001 same thing with mysql as in last commit 2011-01-05 14:41:38 +00:00
Miroslav Stampar
a136915ab6 bug fix for postgre's --os-shell (when there was an error in command executed and/or no output chars, garbled output was returned) 2011-01-05 14:36:41 +00:00
Miroslav Stampar
5c6c870db4 removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode 2011-01-02 08:43:38 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Miroslav Stampar
b26e09fc71 another minor update 2010-12-09 12:49:29 +00:00
Miroslav Stampar
f712d2477e removed duplicate entries inside common wordlists (tables & columns) and added a script which does that automatically 2010-12-09 12:41:16 +00:00
Miroslav Stampar
06395b5408 update 2010-12-09 12:03:10 +00:00
Miroslav Stampar
1f8a9fe033 foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch) 2010-11-20 13:14:13 +00:00
Miroslav Stampar
ef1809464d bug fix for that BadStatusLine (http://bugs.python.org/issue8450) 2010-11-05 11:58:20 +00:00
Miroslav Stampar
effd712ecf added new directory with shell utils needed here and there for project maintanence 2010-11-03 10:19:31 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac implemented --banner for MaxDB and some minor fixes 2010-11-02 20:51:55 +00:00
Bernardo Damele
963fcb57b6 Minor bug fix 2010-10-29 12:36:37 +00:00
Bernardo Damele
72a901347d Adjustments 2010-10-29 10:06:28 +00:00
Miroslav Stampar
53e735ea9d cosmetics 2010-10-29 10:03:44 +00:00
Miroslav Stampar
cc6efc4015 new extra added 2010-10-29 09:59:18 +00:00
Bernardo Damele
2b2634e92c As fcntl is only supported on Posix systems (no Windows) we need to check for the OS beforehand.
Added proper check for impacket library too.
2010-10-29 09:50:41 +00:00
Miroslav Stampar
1f5224f1ac update 2010-10-28 23:13:30 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471 Minor bug fixes and enhancements to ICMPsh tunnel 2010-10-27 23:01:17 +00:00
Bernardo Damele
26cf6c2136 Adjusted impacket import check 2010-10-27 21:10:56 +00:00
Bernardo Damele
1870e17e5d Written from scratch in Python the icmpsh master 2010-10-27 20:54:46 +00:00
Bernardo Damele
6075752c47 Added icmpsh from Nico Leidecker for future enhancement to --os-cmd and --os-pwn to make the user able to choose between TCP (Metasploit payloads) and ICMP (icmpsh software). 2010-10-27 14:36:45 +00:00
Miroslav Stampar
c5fb4edf3e update of THANKS 2010-10-23 09:25:34 +00:00
Miroslav Stampar
2de3081b50 minor update 2010-10-21 23:03:42 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Miroslav Stampar
73ececd903 added that "default" "Connection: keep-alive" header 2010-10-17 06:44:54 +00:00
Miroslav Stampar
5c3d21065a bug fix (reported by nightman) 2010-10-16 21:29:35 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
dc50543ea4 major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects) 2010-10-13 23:01:23 +00:00
Miroslav Stampar
6dcd05c39c minor update 2010-10-11 14:38:04 +00:00
Miroslav Stampar
8fcad29bbf new feature --forms (still unfinished) 2010-10-10 18:56:43 +00:00
Miroslav Stampar
1e9ae40397 major refactoring 2010-10-07 12:12:26 +00:00
Miroslav Stampar
4edf6ebe00 update for smoke tests 2010-08-20 21:01:51 +00:00
Miroslav Stampar
092829c189 implemented basic smoke testing mechanism 2010-07-30 12:49:25 +00:00
Miroslav Stampar
f033943815 new file added 2010-07-30 11:47:32 +00:00
Bernardo Damele
fa1357b40f Alignment of UDF source code 2010-07-01 15:44:47 +00:00
Miroslav Stampar
6f03a9ab5c update 2010-06-11 08:46:40 +00:00
Bernardo Damele
2835ad667e Minor exception adjustment 2010-06-10 21:11:14 +00:00
Miroslav Stampar
0e1bbf6375 patching and patching and patching 2010-06-10 17:05:13 +00:00
Miroslav Stampar
d56cc09fb7 fix 2010-06-10 16:23:39 +00:00
Miroslav Stampar
77691b8e16 fix for that keepalive (not only IIS issue) 2010-06-10 16:05:32 +00:00
Bernardo Damele
887adfcf10 Minor adjustments to extra/ libraries 2010-06-09 21:43:22 +00:00
Miroslav Stampar
654d707d5d fixed header 2010-06-07 09:05:09 +00:00
Miroslav Stampar
38e5e342f8 added prettyprint module with fixed toprettyxml() method 2010-06-07 09:03:03 +00:00
Miroslav Stampar
4d6d5c8447 multi-threading patch 2010-06-01 18:40:34 +00:00
Miroslav Stampar
eb94edc48c added keepalive module 2010-06-01 12:21:10 +00:00
Bernardo Damele
03fb84e29f Minor enhancement to internal --profile function 2010-05-21 15:06:05 +00:00
Miroslav Stampar
5fba470a91 added gprof2dot.py 3rd party script to extras 2010-05-21 10:12:56 +00:00
Bernardo Damele
652daa616e Minor bug fix and layout adjustments 2010-04-06 21:57:15 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
31a2fad530 Extended copyright to 2010 2010-03-04 10:47:31 +00:00
Bernardo Damele
476e389d38 Extended copyright to 2010 2010-03-04 10:41:33 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Bernardo Damele
8076984f69 Adapted Visual Studio files to compile under VS2005 and recompiled UDFs' DLLs for Windows under VS2005 to make DLLs smaller (no need for UPX anymore) 2010-03-01 00:00:40 +00:00
Miroslav Stampar
dee15ed0b0 smaller code size generation 2010-02-25 20:18:08 +00:00
Miroslav Stampar
9ba01c94d3 size optimization (<8k) 2010-02-25 20:03:29 +00:00
Bernardo Damele
8f47b1a524 Added README file 2010-02-25 14:17:32 +00:00
Miroslav Stampar
8f26f30740 revert changes 2010-02-22 14:35:08 +00:00
Miroslav Stampar
ad0def7604 fix (pretty sure :) 2010-02-22 14:13:32 +00:00
Miroslav Stampar
7e5a980f1b __asm keyword is not supported by Win64 (we'll need to find a solution for this). This keyword _M_IX86 is only defined on Win32. 2010-02-22 14:02:13 +00:00
Bernardo Damele
ccec743ba1 Minor adjustments to README files 2010-02-21 19:12:41 +00:00
Bernardo Damele
e05785fef6 Recompiled MySQL/Linux shared object, optimized for size (-Os) 2010-02-21 18:01:54 +00:00
Miroslav Stampar
60366f7168 new program for running command prompt commands 2010-02-21 08:52:54 +00:00
Bernardo Damele
af1d9f129c Recompiled and tested PostgreSQL shared object (Linux) optimized for size (gcc flag -Os). 2010-02-20 19:10:55 +00:00
Bernardo Damele
b28aeef8ff Aligned PostgreSQL shared object source code for Linux 2010-02-19 17:11:17 +00:00
Miroslav Stampar
3fea964538 fix, finally.... 2010-02-19 16:44:37 +00:00
Miroslav Stampar
6db0905137 some fixes regarding caveats part of article at http://www.postgresql.org/docs/6.3/static/c3102.htm 2010-02-14 19:37:20 +00:00
Miroslav Stampar
1d55923c9d some fixes regarding caveats part of article at http://www.postgresql.org/docs/6.3/static/c3102.htm 2010-02-14 19:36:02 +00:00
Bernardo Damele
8131f9c77c Added and fixed README files 2010-02-12 00:20:53 +00:00
Bernardo Damele
a20bbc3974 Removed carriage return (\r) from UDFs shared library source code 2010-01-28 01:16:01 +00:00
Miroslav Stampar
a0eabb6719 Id property set 2010-01-27 14:28:34 +00:00
Miroslav Stampar
8a8dc73980 more fixes 2010-01-27 14:27:11 +00:00
Miroslav Stampar
6966c235a4 removed junk file 2010-01-27 13:57:19 +00:00
Miroslav Stampar
93b7994c0c added new cloaking functionality for shell scripts 2010-01-27 13:56:26 +00:00
Bernardo Damele
49146e573a Added sys_fileread() for PostgreSQL --read-file binary 2010-01-19 13:37:04 +00:00
Bernardo Damele
1febdcac9b Added support for takeover functionalities on PgSQL 8.4 running on Linux too.
Recompilation of MySQL shared object with MySQL 5.1 development libraries on Debian 5.3.
Tweaked the UDF compilation/installation files for both MySQL and PgSQL.
2010-01-14 10:50:03 +00:00
Bernardo Damele
d4d26b59eb Merged UDF Linux and Windows development environments 2010-01-14 01:51:20 +00:00
Bernardo Damele
1100b37feb Minor adjustments to UDF source code and file system structure 2010-01-14 00:46:48 +00:00
Bernardo Damele
2915b5d7e9 Partial cleanup of UDF source code path 2010-01-13 23:18:17 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
f3e8d6db70 Fixed MySQL comment injection 2009-05-01 16:29:45 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00
Bernardo Damele
d54a51a328 Updated the HTML manual for the MySQL UDF and consequently other files. Thanks Roland! 2009-01-22 21:28:56 +00:00
Bernardo Damele
69204afe1f Updated copyright 2009-01-22 00:41:57 +00:00
Bernardo Damele
9631dc115e Added PostgreSQL UDF to execute commands on the underlying system:
* sys_eval() to return the standard output
* sys_exec() to return the exit status

Inspired by lib_mysqludf_sys 0.0.3 (https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/mysqludfsys/)
2009-01-22 00:35:17 +00:00
Bernardo Damele
ae0f1985f3 Updated also the patch file 2009-01-21 20:54:14 +00:00
Bernardo Damele
deeccf9b5e Updated tar.gz package 2009-01-21 00:53:10 +00:00
Bernardo Damele
1c5925ea2b Minor adjustments 2009-01-21 00:52:23 +00:00
Bernardo Damele
96db179ffe Minor adjustment 2009-01-19 21:26:02 +00:00
Bernardo Damele
161590e121 Added MySQL UDF to execute commands on the underlying system:
* sys_eval() to return the standard output
* sys_exec() to return the exit status

It's a patched version of http://mysqludf.org/lib_mysqludf_sys/index.php
2009-01-17 00:13:16 +00:00
Bernardo Damele
73e713c5ba Minor adjustments 2009-01-12 23:59:07 +00:00
Bernardo Damele
26cb082fc3 Added a README for dbgtool 2009-01-12 23:17:15 +00:00
Bernardo Damele
de393628d0 Added dbgtool to extras, a port in python of toolcrypt.org dbgtool. Inspired by sqlninja perl script makescr.pl. 2009-01-12 23:02:02 +00:00
Bernardo Damele
bf2a857b9a Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3. 2008-12-12 19:06:31 +00:00
Bernardo Damele
fee52bce3e Minor improvements to sqlmap msf3 auxiliary modules based on Efrain Torres' commit on msf3 trunk, http://metasploit.com/dev/trac/changeset/5787 2008-10-25 19:43:13 +00:00
Bernardo Damele
fcc16b2346 Updated site, documentation (dev and user) and packaging scripts for 0.6.1 2008-10-20 13:43:18 +00:00
Bernardo Damele
016118ce7a Some more fixes and adjustments before 0.6.1 release. 2008-10-17 15:26:43 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00