sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00

Author	SHA1	Message	Date
Bernardo Damele	200518724c	By default do not use Churrasco, but still let the user choose it. The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.	2010-01-29 02:27:50 +00:00
Bernardo Damele	6f5d2ed171	Minor cosmetic adjustments	2010-01-28 17:07:34 +00:00
Bernardo Damele	6437c16156	run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149 ).	2010-01-26 01:14:44 +00:00
Bernardo Damele	c4215ce8d2	Minor code refactoring	2010-01-14 20:42:45 +00:00
Bernardo Damele	070ccc30e9	Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring.	2010-01-14 14:03:16 +00:00
Bernardo Damele	ce022a3b6e	sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.	2010-01-02 02:02:12 +00:00
Bernardo Damele	e4e081cdc6	sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.	2009-12-17 22:04:01 +00:00
Bernardo Damele	e28b98a366	Minor layout adjustments	2009-12-02 22:52:17 +00:00
Bernardo Damele	4779a5fe0f	Minor layout adjustment	2009-11-16 16:39:31 +00:00
Bernardo Damele	89c43893d4	Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.	2009-09-25 23:03:45 +00:00
Bernardo Damele	4b622ed860	Minor bug fix. Adapted Metasploit wrapping functions to work with latest msf3 development version too.	2009-07-06 14:40:33 +00:00
Bernardo Damele	0fc4587f02	Added support for reflective meterpreter by default when the target OS is Windows and minor layout fix	2009-07-03 17:59:20 +00:00
Bernardo Damele	03a6739fbf	Minor layout adjustments	2009-06-11 15:34:31 +00:00
Bernardo Damele	06cc2a6d70	Minor bug fixes and code refactoring	2009-05-11 15:37:48 +00:00
Bernardo Damele	16b4530bbe	Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed). Minor common library code refactoring. Code cleanup. Set back the default User-Agent to sqlmap for comparison algorithm reasons. Updated THANKS.	2009-04-27 23:05:11 +00:00
Bernardo Damele	6f4035938b	Let the user choose also the local address in reverse OOB connection	2009-04-24 10:27:52 +00:00
Bernardo Damele	4ce74764b7	More verbose when reporting failure to create shellcode/payload stager (via Metasploit)	2009-04-23 20:39:32 +00:00
Bernardo Damele	8c0ac767f4	Updated to sqlmap 0.7 release candidate 1	2009-04-22 11:48:07 +00:00

18 Commits