Commit Graph

174 Commits

Author SHA1 Message Date
Bernardo Damele
cd6ceb733e Adjustment and refactoring for takeover via web backdoor 2011-06-08 14:16:53 +00:00
Miroslav Stampar
2b12b18357 incorporating metasploit patch from oliver.kuckertz@mologie.de 2011-05-23 15:27:10 +00:00
Miroslav Stampar
868fbe370b minor beautification 2011-05-23 10:39:58 +00:00
Miroslav Stampar
4d4e3802e4 decoding of chars for --os-shell 2011-05-03 15:31:12 +00:00
Bernardo Damele
b3a0424269 More Backend class method usage refactoring 2011-04-30 15:24:15 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
98f9f3e774 Minor bug fix in local shellcodeexec for Windows path 2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Bernardo Damele
b667c50588 store/resume info on xp_cmd available in session file 2011-04-21 14:25:04 +00:00
Miroslav Stampar
e1a8d268d8 fix for UPX linux/macos 2011-04-21 10:52:34 +00:00
Miroslav Stampar
e4d3190f41 reverting back to NVARCHAR because of error technique 2011-04-20 12:59:23 +00:00
Miroslav Stampar
7993f3f12d way better for storing bulk of data (like BLOB on mysql) 2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd revert 2011-04-20 10:34:34 +00:00
Miroslav Stampar
1c1c20fb64 minor update 2011-04-20 09:34:00 +00:00
Miroslav Stampar
4b6c524d4c one more minor update regarding last commit 2011-04-20 09:26:03 +00:00
Miroslav Stampar
44926757da minor update 2011-04-20 09:23:08 +00:00
Miroslav Stampar
9a9838f1e6 cleaning a mess with UPX and virus scanners 2011-04-19 21:57:04 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Bernardo Damele
b33ac19d39 Minor fix 2011-02-07 12:36:00 +00:00
Miroslav Stampar
e023e0d233 proper fix 2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85 Minor fixes to checking/re-enabling of xp_cmdshell procedure 2011-02-07 12:17:19 +00:00
Miroslav Stampar
c0233dcd4f preventing crashes for output=[] 2011-02-07 10:24:15 +00:00
Miroslav Stampar
096efea282 added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] 2011-02-07 10:22:43 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
430fd5cd63 minor fixes 2011-01-25 16:05:06 +00:00
Bernardo Damele
47fa600c04 Minor fix and cosmetics 2011-01-24 11:12:33 +00:00
Miroslav Stampar
818c9787b2 minor update 2011-01-23 21:20:16 +00:00
Miroslav Stampar
b18397fbc7 major revisit of --os-shell methods 2011-01-23 20:47:06 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
cffa17f5a6 Major bug fix - before it raised a traceback, now works. 2011-01-18 23:02:47 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
96341f8f78 minor fix 2011-01-02 09:16:17 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
de54219571 code refactoring 2010-12-15 12:50:56 +00:00
Bernardo Damele
698f30e65e Cosmetics 2010-12-13 21:34:35 +00:00
Miroslav Stampar
435f48b8cc polite cosmetics 2010-12-10 15:28:56 +00:00
Miroslav Stampar
01cf1394a4 code refactoring 2010-12-08 14:26:40 +00:00
Bernardo Damele
da3fd17fc3 Adjustment to make it work also in OR based injection 2010-12-05 12:24:23 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
c22338ce90 Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more). 2010-11-29 11:47:58 +00:00
Miroslav Stampar
6712f4da55 some refactoring and one less request for aspx maintanance during --os-shell 2010-11-24 14:20:43 +00:00
Miroslav Stampar
9579a97039 now ASPX works too for --os-shell 2010-11-24 11:38:27 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00