Bernardo Damele
e3a3ae11cc
Proper return from error-based technique enumeration
2011-01-31 21:13:29 +00:00
Bernardo Damele
9fc0bedea8
Minor bug fixes
2011-01-30 21:01:57 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Bernardo Damele
77999fb39d
Allow in --sql-shell to always ('a') retrieve query output.
...
Minor bug fix in case with --columns it is not possible to retrieve a column datatype.
2011-01-20 21:49:06 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
47565f9459
Minor code refactoring
2011-01-17 21:13:59 +00:00
Bernardo Damele
02b333e30b
Minor improvement
2011-01-15 23:54:03 +00:00
Bernardo Damele
e4e9b11b79
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
8a67aea754
One more step to fully working UNION exploitation after merge into detection phase
2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
06230e4d92
Minor code refactoring and cosmetics
2011-01-11 21:46:21 +00:00
Miroslav Stampar
0676b38063
revert of one thing for Bernardo and minor update
2011-01-10 10:30:17 +00:00
Miroslav Stampar
8e83a26acf
minor fix
2011-01-07 17:53:17 +00:00
Bernardo Damele
cc46940159
Minor refactoring
2011-01-07 17:10:32 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Bernardo Damele
16a06117f7
Mere cosmetics
2011-01-07 16:36:32 +00:00
Miroslav Stampar
8a48baf789
update for a "problem" reported by nightman@email.de where he lost all of large dumped table because in the middle of dumping 401 was raised
2011-01-04 13:23:59 +00:00
Miroslav Stampar
b763feafd9
bug fix (TypeError: object of type 'NoneType' has no len())
2011-01-02 12:26:31 +00:00
Miroslav Stampar
f0dad2a1e4
minor bug fix (in multiple item search only last item was shown)
2011-01-02 12:23:36 +00:00
Miroslav Stampar
7b9d978cf9
minor fix (database and/or table names with - sign inside needs to be escaped by ` character or will lead to a "SQL syntax")
2011-01-02 11:01:20 +00:00
Miroslav Stampar
e28b9f26fc
minor fix
2011-01-02 08:01:01 +00:00
Miroslav Stampar
7ea3d060f6
some fixes/updates here and there
2011-01-01 12:41:51 +00:00
Miroslav Stampar
6f17e84e19
minor fix
2010-12-30 08:29:20 +00:00
Miroslav Stampar
a77b186aca
minor fix
2010-12-27 16:55:27 +00:00
Miroslav Stampar
5015f04826
minor update
2010-12-27 16:36:05 +00:00
Miroslav Stampar
9c1676bdfa
minor cosmetics
2010-12-27 14:44:00 +00:00
Miroslav Stampar
9fb0e0fc85
resume of brute forced data is now available
2010-12-27 14:17:20 +00:00
Miroslav Stampar
3d23f226ae
minor update
2010-12-27 11:47:50 +00:00
Miroslav Stampar
68462466f2
minor fix for a bug reported by shaohua pan (argument of type 'NoneType' is not iterable)
2010-12-27 11:36:36 +00:00
Miroslav Stampar
51a492e17d
pretty important commit (now dumped tables are prone to dictionary attack)
2010-12-27 10:56:28 +00:00
Miroslav Stampar
c8d5a6b980
update
2010-12-27 00:41:16 +00:00
Miroslav Stampar
89c2640d23
basic --search now works with MS Access
2010-12-26 23:50:16 +00:00
Miroslav Stampar
c4d6a367e9
this way order given in -C is preserved
2010-12-26 14:11:42 +00:00
Miroslav Stampar
c93f2a703d
minor update
2010-12-26 14:02:16 +00:00
Miroslav Stampar
e41acb6fc2
further ms access improvements
2010-12-26 02:13:56 +00:00
Miroslav Stampar
2c8115eed9
further improvement for ms access table dumping
2010-12-26 01:04:30 +00:00
Miroslav Stampar
5249762794
update
2010-12-25 16:46:33 +00:00
Miroslav Stampar
fb099615e2
minor update
2010-12-25 11:16:35 +00:00
Miroslav Stampar
6845d402fa
well, here and there, merry Christmas to all :)
2010-12-24 20:17:53 +00:00
Miroslav Stampar
706d8e0b88
development update (basic ms access dumping implemented)
2010-12-24 19:53:11 +00:00
Miroslav Stampar
7c06dbffc3
bug fix (AttributeError: 'unicode' object has no attribute 'sort')
2010-12-22 18:55:50 +00:00
Bernardo Damele
b3da473840
Minor bug fix when --dbs has only one DB name
2010-12-22 14:29:57 +00:00
Bernardo Damele
c9ab8ae60e
Bug fix to properly identify if current user is DBA (--is-dba) on MySQL
2010-12-22 14:06:01 +00:00
Miroslav Stampar
c89021f0bb
some fixes
2010-12-22 11:46:18 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4
removed some blank trailing spaces (with extra/shutils/blanks.sh)
2010-12-21 10:31:56 +00:00
Miroslav Stampar
36862e2efa
update
2010-12-18 15:57:47 +00:00
Miroslav Stampar
a067e805fa
minor update
2010-12-17 22:23:01 +00:00
Miroslav Stampar
e98d9c08e1
dumping table is now possible on Firebird too
2010-12-12 14:38:07 +00:00
Miroslav Stampar
b1babeefe5
update regarding dumping of tables with blind on Sqlite
2010-12-11 22:00:16 +00:00
Miroslav Stampar
435f48b8cc
polite cosmetics
2010-12-10 15:28:56 +00:00
Miroslav Stampar
b02bd55edc
minor refactoring
2010-12-10 13:04:36 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Miroslav Stampar
2cc167a42e
fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"
2010-12-02 18:57:43 +00:00
Bernardo Damele
c22338ce90
Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).
2010-11-29 11:47:58 +00:00
Miroslav Stampar
ba4ea32603
first working version of dictionary attack
2010-11-23 13:24:02 +00:00
Bernardo Damele
a34c1b287c
Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)
2010-11-12 11:33:11 +00:00
Miroslav Stampar
42272ca78c
minor update
2010-11-11 22:26:36 +00:00
Miroslav Stampar
be992b4471
update regarding common columns existance check
2010-11-11 17:09:31 +00:00
Miroslav Stampar
4be0631161
refactoring of brute force techniques
2010-11-09 09:42:43 +00:00
Bernardo Damele
dac7436edf
Fix inconsistence with -b --error-test
2010-11-08 15:36:07 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
c8fe2fa8d8
minor fix
2010-11-04 22:00:14 +00:00
Miroslav Stampar
d7dbf814a0
fix/update for Access
2010-11-04 21:47:21 +00:00
Miroslav Stampar
f74b69cc29
fix (AttributeError: class ICMPsh has no attribute '__init__')
2010-11-04 12:45:33 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
4b56fa4f8f
now --tables work for MaxDB
2010-11-02 22:11:45 +00:00
Miroslav Stampar
b761523f3f
now --users works for MaxDB too
2010-11-02 21:52:48 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Bernardo Damele
c7c84c3089
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).
2010-11-02 15:31:51 +00:00
Bernardo Damele
3596f81e6a
Typo
2010-11-02 15:24:02 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
9d2c81baa9
more update for ms access
2010-11-02 11:06:47 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Bernardo Damele
eab331ebd7
Minor bug fix
2010-10-31 13:46:08 +00:00
Bernardo Damele
65a0a8d285
Delegate urlencoding to agent.py only
2010-10-31 13:28:05 +00:00
Bernardo Damele
17e8abe841
Removed useless call to urlencode()
2010-10-31 12:47:22 +00:00
Miroslav Stampar
a921fe0d5d
fix for using --banner --stacked-test together
2010-10-29 15:31:24 +00:00
Bernardo Damele
a0df231aa4
Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data
2010-10-29 13:09:53 +00:00
Miroslav Stampar
d75578c81f
some update regarding common tables
2010-10-29 09:00:51 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471
Minor bug fixes and enhancements to ICMPsh tunnel
2010-10-27 23:01:17 +00:00
Bernardo Damele
26cf6c2136
Adjusted impacket import check
2010-10-27 21:10:56 +00:00
Bernardo Damele
a391be833b
Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work.
2010-10-27 21:02:22 +00:00
Miroslav Stampar
749e25a217
Implementation of --passwords for Sybase
2010-10-26 21:35:30 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Miroslav Stampar
8a9a57c709
update for Sybase and major bug fix for --passwords on MSSQL
2010-10-25 22:11:38 +00:00
Miroslav Stampar
9b56fbafbe
that Sybase is going to be pain in the ass
2010-10-25 21:43:13 +00:00
Bernardo Damele
debaf2215f
Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch
2010-10-25 15:54:45 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
32728d14b7
fix for --union-use with --error-test
2010-10-25 12:25:29 +00:00
Miroslav Stampar
f8850e3f41
update (xml fix and refactoring)
2010-10-23 07:44:34 +00:00
Miroslav Stampar
a7a53af924
update for Sybase
2010-10-23 07:37:43 +00:00
Miroslav Stampar
a8e42a4f2b
bug fix
2010-10-23 06:42:21 +00:00
Miroslav Stampar
dec4d858b3
fix for Bug #207
2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf
misc fixes regarding new query retrieval format
2010-10-21 23:17:06 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Bernardo Damele
e73e06069b
Minor code refactoring
2010-10-20 22:09:03 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Miroslav Stampar
6a8b1046d4
first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)
2010-10-19 12:02:04 +00:00
Bernardo Damele
e7c8be1d45
Minor layout adjustments
2010-10-15 15:37:15 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
8abcdae1b5
some update
2010-09-30 19:45:23 +00:00
Miroslav Stampar
cf8e92699c
changes regarding EXISTS feature
2010-09-30 12:35:45 +00:00
Miroslav Stampar
e176b36a7f
update
2010-09-24 22:09:33 +00:00
Miroslav Stampar
18db96c45f
fix for bug reported by David Guimaraes (colEntry = entry[index] - IndexError: list index out of range)
2010-09-01 09:25:21 +00:00
Miroslav Stampar
b0ba559af5
minor update
2010-08-31 14:31:17 +00:00
Miroslav Stampar
c4040ab297
fix for Feature #136
2010-08-31 14:25:37 +00:00
Bernardo Damele
7c3773a5d7
Minor bug fix to -d
2010-06-30 14:00:49 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Bernardo Damele
b798222dd7
Minor fixes
2010-05-30 14:53:13 +00:00
Bernardo Damele
1387ed0c25
This %TEMP% is a mere cause of problems (e.g. --os-cmd in MSSQL the BULK INSERT with '%TEMP%\foo' does not work), stick with C:/WINDOWS/Temp
2010-05-29 15:27:49 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Bernardo Damele
06af405efd
Adapted and merged in patch to support XML output (-x switch) - still in beta.
...
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
f24187f251
few fixes here and there
2010-05-28 12:47:03 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Miroslav Stampar
20d05cc404
way to handle re.I (ignore case) while using getCompiledRegex
2010-05-21 15:03:40 +00:00
Bernardo Damele
e0e2349529
Refactor to --search -C and minor bug fix - See #190 .
2010-05-17 16:16:49 +00:00
Bernardo Damele
c9ee11e0e4
Added support to search for tables (--search with -T). See #190 .
2010-05-16 20:46:17 +00:00
Bernardo Damele
762781e94d
Minor bug fix, %TEMP% is expanded only in xp_cmdshell (MSSQL), so disabled for MySQL/PGSQL
2010-05-13 10:40:15 +00:00
Bernardo Damele
091e0b2e05
Layout adjustment
2010-05-13 09:51:15 +00:00
Miroslav Stampar
2323d858a9
modification of temporary directory from C:/Windows/Temp to %TEMP%
2010-05-13 09:32:27 +00:00
Bernardo Damele
65a05452f7
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190 :
...
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Bernardo Damele
90d9900371
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
2010-04-30 15:48:40 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Miroslav Stampar
17554759b7
implemented feature request from Ole Rasmussen regarding table name retrieval speedup
2010-04-15 09:36:13 +00:00
Bernardo Damele
b19de015c5
Minor bugs fixes
2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
1973024ebf
added support for reusing connections
2010-03-30 13:52:47 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
eaa9dd07bc
Minor bug fix for --roles
2010-03-26 20:45:22 +00:00
Bernardo Damele
2aadc5c939
Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180 .
...
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
09768a7b62
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.
...
Todo for firebird, sqlite, access.
2010-03-22 22:57:57 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Miroslav Stampar
5f76d27779
minor typo correction
2010-03-13 10:44:24 +00:00
Bernardo Damele
7d8cc1a482
Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
...
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.
Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Miroslav Stampar
0a2fe651ab
some fixes regarding registry reading
2010-03-12 22:09:58 +00:00
Bernardo Damele
18d1d09f1c
Minor bug fix
2010-03-12 13:34:46 +00:00
Bernardo Damele
cc611c0010
Minor layout adjustments
2010-03-09 22:14:26 +00:00
Bernardo Damele
5bd8504f21
Newline adjustment
2010-03-04 14:23:52 +00:00
Miroslav Stampar
58d54b6515
added new option --flush-session
2010-03-04 13:01:18 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
694356821d
sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious
2010-02-26 13:13:50 +00:00
Bernardo Damele
8c68d25b39
Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all
2010-02-26 12:00:47 +00:00
Bernardo Damele
89dc99188d
--read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
...
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Bernardo Damele
5c92fad5dc
Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method
2010-02-05 23:14:16 +00:00