Commit Graph

86 Commits

Author SHA1 Message Date
Meatballs
c5087399c1 Fix exception if init technique not available 2013-06-16 10:47:27 +01:00
Meatballs
2c98507f1e Add better error msg 2013-06-16 10:27:08 +01:00
Meatballs
caa326774c Fallback to blind 2013-06-16 10:22:20 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47 working on #392 to fix --os-cmd and --os-shell output parsing 2013-02-14 11:31:20 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
00e55828e4 Minor style update 2012-12-21 15:06:03 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
003d21e962 Minor style update (capitalization of leftover class names) 2012-12-06 13:46:24 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
06805b27f2 Bug fix (time was also meant to be disabled in case of error/inband getvalues) 2012-10-27 23:16:25 +02:00
Miroslav Stampar
a6eeebfca8 Fix for an Issue #188 2012-09-20 11:30:07 +02:00
Miroslav Stampar
ebab05cf7c Fix for an Issue #158 2012-08-21 20:20:38 +02:00
Miroslav Stampar
f8c9868cb6 Implementation for an Issue #118 2012-07-24 15:34:50 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Bernardo Damele
d3da3f5c52 refactoring for issue #51 2012-07-10 00:19:32 +01:00
Bernardo Damele
25eca9d671 finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34 2012-07-09 14:26:23 +01:00
Bernardo Damele
99c5ea54f7 cleanup for #34 2012-07-09 12:39:43 +01:00
Bernardo Damele
d08a54e375 properly display the command stdout 2012-07-09 10:52:48 +01:00
Miroslav Stampar
54e0a2d8ee --os-shell now works perfect for inference-like techniques too 2012-07-07 17:57:06 +02:00
Miroslav Stampar
58f6687194 Some refactoring (reusing xpCmdshellForgeCmd) 2012-07-07 10:51:29 +02:00
Miroslav Stampar
8620767b77 Proper fix 2012-07-07 10:38:07 +02:00
Miroslav Stampar
1c69eb5d30 Revert "major fix"
This reverts commit 3a11fc2d9e.
2012-07-07 10:26:13 +02:00
Bernardo Damele
3a11fc2d9e major fix 2012-07-06 22:55:34 +01:00
Miroslav Stampar
982fcde1c0 Fix for Issue #62 2012-07-06 12:24:55 +02:00
Bernardo Damele
fd4cfb0cc0 working on #51 2012-07-02 15:28:19 +01:00
Bernardo Damele
04d803c7fd more tweaking for issue #34, it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005) 2012-07-02 15:02:00 +01:00
Bernardo Damele
b7d2680e55 minor refactoring, issue #51 2012-07-02 12:50:26 +01:00
Bernardo Damele
add8352804 make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too 2012-07-02 02:14:03 +01:00
Bernardo Damele
6697927098 initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap 2012-07-02 02:04:19 +01:00
Bernardo Damele
18be319d13 hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run 2012-07-01 23:41:10 +01:00
Bernardo Damele
ff9e97a42c minor code refactoring 2012-07-01 23:31:45 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Bernardo Damele
1e71b24dca More info messages to prove xp_cmdshell (and temporary directory choosen) worked 2012-03-14 22:41:53 +00:00
Miroslav Stampar
34b0935cb3 refactoring "echo 1" quick test for xp_cmdshell console output 2012-03-13 10:36:49 +00:00
Miroslav Stampar
85125018a1 minor bug fix 2012-02-25 22:54:32 +00:00
Miroslav Stampar
06ab3fa134 minor update 2012-02-25 10:53:38 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Bernardo Damele
121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
8d7912ad34 minor update and refactoring 2012-02-15 14:05:50 +00:00
Miroslav Stampar
9059d30312 adding first code example for SPL snippets 2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113 bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt) 2012-02-15 11:14:01 +00:00