Commit Graph

167 Commits

Author SHA1 Message Date
Bernardo Damele
c7c84c3089 Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL). 2010-11-02 15:31:51 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Bernardo Damele
65a0a8d285 Delegate urlencoding to agent.py only 2010-10-31 13:28:05 +00:00
Bernardo Damele
a0df231aa4 Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data 2010-10-29 13:09:53 +00:00
Bernardo Damele
b3b2c3864a Minor code refactoring 2010-10-29 10:51:09 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471 Minor bug fixes and enhancements to ICMPsh tunnel 2010-10-27 23:01:17 +00:00
Bernardo Damele
a391be833b Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work. 2010-10-27 21:02:22 +00:00
Bernardo Damele
bdb9c37a7e Cosmetics 2010-10-25 15:17:59 +00:00
Miroslav Stampar
e6e48c5556 fix for Bug #204 2010-10-22 18:23:46 +00:00
Miroslav Stampar
1b2ec826bf misc fixes regarding new query retrieval format 2010-10-21 23:17:06 +00:00
Bernardo Damele
e73e06069b Minor code refactoring 2010-10-20 22:09:03 +00:00
Bernardo Damele
862cc9ac53 Minor cosmetic fixes 2010-10-20 21:58:33 +00:00
Bernardo Damele
f95098693f Removed unused functions 2010-10-20 21:16:28 +00:00
Bernardo Damele
683184cc8f Minor refactoring 2010-10-17 21:06:52 +00:00
Bernardo Damele
f54c134d22 Minor adjustment 2010-10-16 22:43:05 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
49915f3c33 minor update 2010-09-30 19:49:14 +00:00
Miroslav Stampar
87abec16bd probable fix for a bug reported by Prashant Jadhav 2010-09-30 18:52:33 +00:00
Bernardo Damele
8dfe08a353 Minor bug fix to -d 2010-07-01 10:44:31 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Bernardo Damele
8be91a98cc Minor bug fix and adjustment 2010-05-29 15:28:37 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00
Bernardo Damele
84778f0e6c Minor fix, leave like this 2010-05-29 08:58:55 +00:00
Miroslav Stampar
d3e527aba3 minor update 2010-05-29 07:13:54 +00:00
Bernardo Damele
10521b68eb Major bug fix in multipartpost and minor adjustments elsewhere 2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Miroslav Stampar
dc83f794ea fix regarding proper string isinstance checking (including unicode) 2010-05-25 10:09:35 +00:00
Bernardo Damele
a21a7fc56d Minor code refactoring 2010-05-21 12:09:31 +00:00
Bernardo Damele
4c91b5a896 Minor fix 2010-05-10 14:18:41 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Miroslav Stampar
1bcec80e95 fix for that takeover bug Ethan Robish posted (Windows/PHP) 2010-04-22 10:31:33 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
d00e4a458a Code cleanup 2010-03-21 00:39:44 +00:00
Miroslav Stampar
4c6c91a80b another --reg-read fix 2010-03-12 23:12:06 +00:00
Bernardo Damele
7d8cc1a482 Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Miroslav Stampar
6b1ae62753 final fix for reading registry keys (now both parse and non-parse reads work fine) 2010-03-12 22:26:06 +00:00
Miroslav Stampar
0a2fe651ab some fixes regarding registry reading 2010-03-12 22:09:58 +00:00
Bernardo Damele
b50a2288f4 Minor layout adjustments 2010-03-11 23:54:07 +00:00
Bernardo Damele
cc611c0010 Minor layout adjustments 2010-03-09 22:14:26 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Bernardo Damele
2f452480b3 Minor bug fix in syntax 2010-03-01 14:40:18 +00:00
Bernardo Damele
f53ef947f1 Slightly stealthier 2010-02-26 13:14:57 +00:00
Bernardo Damele
694356821d sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 13:13:50 +00:00
Miroslav Stampar
1f2a1bb24c removed some redundant code 2010-02-26 12:36:41 +00:00
Miroslav Stampar
e4c34ff86c changed default web server language behaviour 2010-02-25 16:55:02 +00:00
Miroslav Stampar
0913d700a8 important update regarding default directories 2010-02-25 15:22:41 +00:00
Miroslav Stampar
4a3fa69f9d minor adjustment 2010-02-25 15:07:54 +00:00
Bernardo Damele
0df5b5fed9 Minor bug fix and code adjustments 2010-02-25 14:06:44 +00:00
Miroslav Stampar
24d3e24db0 more updates regarding --os-shell feature 2010-02-25 12:16:49 +00:00
Miroslav Stampar
b558712a47 more feature updates 2010-02-25 11:40:49 +00:00
Miroslav Stampar
15d1fcbb7f now runcmd exe has random name too 2010-02-25 10:47:12 +00:00
Miroslav Stampar
2cafd5697b new changes regarding --os-shell 2010-02-25 10:33:41 +00:00
Miroslav Stampar
858cb25975 update 2010-02-24 23:40:56 +00:00
Miroslav Stampar
2a07af2294 removed pdb tracing 2010-02-20 22:36:17 +00:00
Miroslav Stampar
0debc95ad4 some fixes 2010-02-20 22:31:54 +00:00
Bernardo Damele
d1e3596382 Minor UPX adjustment 2010-02-20 19:02:55 +00:00
Miroslav Stampar
0ed5ba5559 minor update 2010-02-16 13:24:09 +00:00
Miroslav Stampar
c4951fd631 some updates regarding --os-shell option 2010-02-16 13:20:34 +00:00
Bernardo Damele
dc06b40ddc Minor exception message fix 2010-02-11 23:07:33 +00:00
Bernardo Damele
89dc99188d --read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Miroslav Stampar
00a23ace9a some changes regarding web takeover 2010-02-09 14:27:41 +00:00
Bernardo Damele
5c92fad5dc Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method 2010-02-05 23:14:16 +00:00
Miroslav Stampar
d291464cd4 code refactoring regarding path normalization 2010-02-04 14:50:54 +00:00
Miroslav Stampar
dbd52c52e4 minor fix 2010-02-04 14:39:24 +00:00
Miroslav Stampar
ec63fc4036 code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 14:37:00 +00:00
Miroslav Stampar
87239476af more fixes :) 2010-02-04 10:10:41 +00:00
Miroslav Stampar
e4699f389d some bug fixes regarding --os-shell usage against windows servers 2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
7c88e32f9d bug fix for 404 program termination during shell upload attempt 2010-02-03 16:16:34 +00:00
Miroslav Stampar
565433097e used normalizePath instead of os.path.normalize 2010-02-03 16:10:09 +00:00
Miroslav Stampar
87c8bdbc29 removed pdb tracing 2010-02-03 14:52:29 +00:00
Miroslav Stampar
c74b920f54 bug fix 2010-02-03 14:49:28 +00:00
Bernardo Damele
979c919dc7 Minor logging message adjustment 2010-01-29 22:58:12 +00:00
Bernardo Damele
e8b0fd90c8 Minor bug fix 2010-01-29 19:32:02 +00:00
Bernardo Damele
767c67e37a --priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique 2010-01-29 14:57:33 +00:00
Miroslav Stampar
061794650f minor fix 2010-01-29 10:15:05 +00:00
Miroslav Stampar
92817159dc cloaked upx for windows (used mkstemp because of execution and file access rights problem) 2010-01-29 10:12:09 +00:00
Bernardo Damele
200518724c By default do not use Churrasco, but still let the user choose it.
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
7b8316728c Major bug fix in takeover functionalities on Microsoft SQL Server 2010-01-29 00:09:05 +00:00
Bernardo Damele
6f5d2ed171 Minor cosmetic adjustments 2010-01-28 17:07:34 +00:00
Miroslav Stampar
a2077bfc0e quick fix 2010-01-28 16:56:00 +00:00
Miroslav Stampar
732ed48e2b some refactoring regarding decloaking 2010-01-28 16:50:34 +00:00
Bernardo Damele
dcbbad642d Minor self fix, switched to rc6 2010-01-28 10:27:47 +00:00
Miroslav Stampar
f6b447f6e7 fix for "NameError: global name 'webFileStreamUpload' is not defined" 2010-01-28 08:54:47 +00:00
Miroslav Stampar
921e449454 added support for cloaking Churrasco.exe file 2010-01-28 00:07:33 +00:00
Miroslav Stampar
4559ded6c1 added new line at the end of the file 2010-01-27 17:02:23 +00:00
Miroslav Stampar
f4b8ce5c72 fix for 'No such file or directory' OSError exception 2010-01-27 17:00:54 +00:00
Miroslav Stampar
d0acb1c5a3 another fix. hope it works :) 2010-01-27 16:01:50 +00:00
Miroslav Stampar
f8056f4098 quick fix regarding usage of StringIO instead of file stream 2010-01-27 15:44:35 +00:00
Miroslav Stampar
1d15c595a4 minor fix 2010-01-27 14:08:09 +00:00
Miroslav Stampar
e63428207c modified a way to handle shell scripts 2010-01-27 13:59:25 +00:00
Bernardo Damele
6437c16156 run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149). 2010-01-26 01:14:44 +00:00
Bernardo Damele
f337cd6e0a Minor speedup to check if sqlmap's UDF have already been created 2010-01-16 21:46:35 +00:00
Bernardo Damele
c4215ce8d2 Minor code refactoring 2010-01-14 20:42:45 +00:00
Bernardo Damele
1d968f51e9 More code refactoring 2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2 Minor code refactoring 2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9 Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00