Bernardo Damele
c7c84c3089
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).
2010-11-02 15:31:51 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Bernardo Damele
65a0a8d285
Delegate urlencoding to agent.py only
2010-10-31 13:28:05 +00:00
Bernardo Damele
a0df231aa4
Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data
2010-10-29 13:09:53 +00:00
Bernardo Damele
b3b2c3864a
Minor code refactoring
2010-10-29 10:51:09 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471
Minor bug fixes and enhancements to ICMPsh tunnel
2010-10-27 23:01:17 +00:00
Bernardo Damele
a391be833b
Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work.
2010-10-27 21:02:22 +00:00
Bernardo Damele
bdb9c37a7e
Cosmetics
2010-10-25 15:17:59 +00:00
Miroslav Stampar
e6e48c5556
fix for Bug #204
2010-10-22 18:23:46 +00:00
Miroslav Stampar
1b2ec826bf
misc fixes regarding new query retrieval format
2010-10-21 23:17:06 +00:00
Bernardo Damele
e73e06069b
Minor code refactoring
2010-10-20 22:09:03 +00:00
Bernardo Damele
862cc9ac53
Minor cosmetic fixes
2010-10-20 21:58:33 +00:00
Bernardo Damele
f95098693f
Removed unused functions
2010-10-20 21:16:28 +00:00
Bernardo Damele
683184cc8f
Minor refactoring
2010-10-17 21:06:52 +00:00
Bernardo Damele
f54c134d22
Minor adjustment
2010-10-16 22:43:05 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
49915f3c33
minor update
2010-09-30 19:49:14 +00:00
Miroslav Stampar
87abec16bd
probable fix for a bug reported by Prashant Jadhav
2010-09-30 18:52:33 +00:00
Bernardo Damele
8dfe08a353
Minor bug fix to -d
2010-07-01 10:44:31 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Bernardo Damele
8be91a98cc
Minor bug fix and adjustment
2010-05-29 15:28:37 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Bernardo Damele
84778f0e6c
Minor fix, leave like this
2010-05-29 08:58:55 +00:00
Miroslav Stampar
d3e527aba3
minor update
2010-05-29 07:13:54 +00:00
Bernardo Damele
10521b68eb
Major bug fix in multipartpost and minor adjustments elsewhere
2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd
Adapted and merged in patch to support XML output (-x switch) - still in beta.
...
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Bernardo Damele
4c91b5a896
Minor fix
2010-05-10 14:18:41 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Miroslav Stampar
1bcec80e95
fix for that takeover bug Ethan Robish posted (Windows/PHP)
2010-04-22 10:31:33 +00:00
Bernardo Damele
b19de015c5
Minor bugs fixes
2010-03-31 13:52:51 +00:00
Bernardo Damele
d00e4a458a
Code cleanup
2010-03-21 00:39:44 +00:00
Miroslav Stampar
4c6c91a80b
another --reg-read fix
2010-03-12 23:12:06 +00:00
Bernardo Damele
7d8cc1a482
Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
...
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.
Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Miroslav Stampar
6b1ae62753
final fix for reading registry keys (now both parse and non-parse reads work fine)
2010-03-12 22:26:06 +00:00
Miroslav Stampar
0a2fe651ab
some fixes regarding registry reading
2010-03-12 22:09:58 +00:00
Bernardo Damele
b50a2288f4
Minor layout adjustments
2010-03-11 23:54:07 +00:00
Bernardo Damele
cc611c0010
Minor layout adjustments
2010-03-09 22:14:26 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
2f452480b3
Minor bug fix in syntax
2010-03-01 14:40:18 +00:00
Bernardo Damele
f53ef947f1
Slightly stealthier
2010-02-26 13:14:57 +00:00
Bernardo Damele
694356821d
sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious
2010-02-26 13:13:50 +00:00
Miroslav Stampar
1f2a1bb24c
removed some redundant code
2010-02-26 12:36:41 +00:00
Miroslav Stampar
e4c34ff86c
changed default web server language behaviour
2010-02-25 16:55:02 +00:00
Miroslav Stampar
0913d700a8
important update regarding default directories
2010-02-25 15:22:41 +00:00
Miroslav Stampar
4a3fa69f9d
minor adjustment
2010-02-25 15:07:54 +00:00
Bernardo Damele
0df5b5fed9
Minor bug fix and code adjustments
2010-02-25 14:06:44 +00:00
Miroslav Stampar
24d3e24db0
more updates regarding --os-shell feature
2010-02-25 12:16:49 +00:00
Miroslav Stampar
b558712a47
more feature updates
2010-02-25 11:40:49 +00:00
Miroslav Stampar
15d1fcbb7f
now runcmd exe has random name too
2010-02-25 10:47:12 +00:00
Miroslav Stampar
2cafd5697b
new changes regarding --os-shell
2010-02-25 10:33:41 +00:00
Miroslav Stampar
858cb25975
update
2010-02-24 23:40:56 +00:00
Miroslav Stampar
2a07af2294
removed pdb tracing
2010-02-20 22:36:17 +00:00
Miroslav Stampar
0debc95ad4
some fixes
2010-02-20 22:31:54 +00:00
Bernardo Damele
d1e3596382
Minor UPX adjustment
2010-02-20 19:02:55 +00:00
Miroslav Stampar
0ed5ba5559
minor update
2010-02-16 13:24:09 +00:00
Miroslav Stampar
c4951fd631
some updates regarding --os-shell option
2010-02-16 13:20:34 +00:00
Bernardo Damele
dc06b40ddc
Minor exception message fix
2010-02-11 23:07:33 +00:00
Bernardo Damele
89dc99188d
--read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
...
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Miroslav Stampar
00a23ace9a
some changes regarding web takeover
2010-02-09 14:27:41 +00:00
Bernardo Damele
5c92fad5dc
Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method
2010-02-05 23:14:16 +00:00
Miroslav Stampar
d291464cd4
code refactoring regarding path normalization
2010-02-04 14:50:54 +00:00
Miroslav Stampar
dbd52c52e4
minor fix
2010-02-04 14:39:24 +00:00
Miroslav Stampar
ec63fc4036
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
2010-02-04 14:37:00 +00:00
Miroslav Stampar
87239476af
more fixes :)
2010-02-04 10:10:41 +00:00
Miroslav Stampar
e4699f389d
some bug fixes regarding --os-shell usage against windows servers
2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
...
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
7c88e32f9d
bug fix for 404 program termination during shell upload attempt
2010-02-03 16:16:34 +00:00
Miroslav Stampar
565433097e
used normalizePath instead of os.path.normalize
2010-02-03 16:10:09 +00:00
Miroslav Stampar
87c8bdbc29
removed pdb tracing
2010-02-03 14:52:29 +00:00
Miroslav Stampar
c74b920f54
bug fix
2010-02-03 14:49:28 +00:00
Bernardo Damele
979c919dc7
Minor logging message adjustment
2010-01-29 22:58:12 +00:00
Bernardo Damele
e8b0fd90c8
Minor bug fix
2010-01-29 19:32:02 +00:00
Bernardo Damele
767c67e37a
--priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique
2010-01-29 14:57:33 +00:00
Miroslav Stampar
061794650f
minor fix
2010-01-29 10:15:05 +00:00
Miroslav Stampar
92817159dc
cloaked upx for windows (used mkstemp because of execution and file access rights problem)
2010-01-29 10:12:09 +00:00
Bernardo Damele
200518724c
By default do not use Churrasco, but still let the user choose it.
...
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
7b8316728c
Major bug fix in takeover functionalities on Microsoft SQL Server
2010-01-29 00:09:05 +00:00
Bernardo Damele
6f5d2ed171
Minor cosmetic adjustments
2010-01-28 17:07:34 +00:00
Miroslav Stampar
a2077bfc0e
quick fix
2010-01-28 16:56:00 +00:00
Miroslav Stampar
732ed48e2b
some refactoring regarding decloaking
2010-01-28 16:50:34 +00:00
Bernardo Damele
dcbbad642d
Minor self fix, switched to rc6
2010-01-28 10:27:47 +00:00
Miroslav Stampar
f6b447f6e7
fix for "NameError: global name 'webFileStreamUpload' is not defined"
2010-01-28 08:54:47 +00:00
Miroslav Stampar
921e449454
added support for cloaking Churrasco.exe file
2010-01-28 00:07:33 +00:00
Miroslav Stampar
4559ded6c1
added new line at the end of the file
2010-01-27 17:02:23 +00:00
Miroslav Stampar
f4b8ce5c72
fix for 'No such file or directory' OSError exception
2010-01-27 17:00:54 +00:00
Miroslav Stampar
d0acb1c5a3
another fix. hope it works :)
2010-01-27 16:01:50 +00:00
Miroslav Stampar
f8056f4098
quick fix regarding usage of StringIO instead of file stream
2010-01-27 15:44:35 +00:00
Miroslav Stampar
1d15c595a4
minor fix
2010-01-27 14:08:09 +00:00
Miroslav Stampar
e63428207c
modified a way to handle shell scripts
2010-01-27 13:59:25 +00:00
Bernardo Damele
6437c16156
run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149 ).
2010-01-26 01:14:44 +00:00
Bernardo Damele
f337cd6e0a
Minor speedup to check if sqlmap's UDF have already been created
2010-01-16 21:46:35 +00:00
Bernardo Damele
c4215ce8d2
Minor code refactoring
2010-01-14 20:42:45 +00:00
Bernardo Damele
1d968f51e9
More code refactoring
2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2
Minor code refactoring
2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
...
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00