Commit Graph

2839 Commits

Author SHA1 Message Date
Miroslav Stampar
5e9620198c fix for a privately reported bug ("AttributeError: item is disabled") 2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895 better fix for the previous commit 2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f minor update to not confuse users when using -o 2011-05-02 13:24:35 +00:00
Miroslav Stampar
f8c3086d15 minor minor update 2011-05-02 12:37:54 +00:00
Miroslav Stampar
098f53d57a patch for a problem reported by m.martin2311@yahoo.com (unknown charset 'is0-8859-1') 2011-05-02 12:34:35 +00:00
Bernardo Damele
ac2550535c Proper fix for --technique=U bug 2011-05-01 23:42:41 +00:00
Miroslav Stampar
8e8886cd20 minor improvement for --sql-shell/--sql-query (when non-SELECT default is N for retrieve data output which automatically does STACKED injection) 2011-05-01 21:41:14 +00:00
Miroslav Stampar
900ee0ff93 fix for a major bug reported by k1971@live.co.uk (1..9 99..) 2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334 proper way to deal with generic cases 2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7 fix for a --technique=U 2011-05-01 07:37:22 +00:00
Bernardo Damele
ebe631ea57 doc update 2011-05-01 00:43:42 +00:00
Bernardo Damele
64bb480414 Do not raise otherwise it won't work with --schema 2011-04-30 23:20:16 +00:00
Miroslav Stampar
41fc9f9d54 fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2') 2011-04-30 22:41:54 +00:00
Bernardo Damele
d5eeb91b35 Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-04-30 22:11:36 +00:00
Bernardo Damele
b31b861d7b Major rewrote of --columns: now it accepts -D only (enumerate all tables' columns of a specific database), -D and -T (enumerate all columns of a specific database's table), -T (enumerate all columns of a current database's table), etc. 2011-04-30 22:10:27 +00:00
Bernardo Damele
284c69a686 Improved --tables for MSSQL too, like r3798 2011-04-30 22:05:02 +00:00
Bernardo Damele
aeb149db22 Proper ordering of enumeration methods, consistent with the others enumeration classes 2011-04-30 22:04:08 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
cb9b9c4204 Code refactoring and improvements to --dbs and --tables: now --tables accepts also -D CD as an alias for Current Database and as usual multiple database comma-separated are supported too 2011-04-30 15:29:19 +00:00
Bernardo Damele
b3a0424269 More Backend class method usage refactoring 2011-04-30 15:24:15 +00:00
Bernardo Damele
00f14bec5f layout adjustment 2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
2f2758b033 Long form contributor name 2011-04-30 14:51:06 +00:00
Bernardo Damele
36a9ddaacc Minor bug fixes and code restyling for --privileges and --passwords 2011-04-30 14:50:27 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf proper fix 2011-04-30 07:01:21 +00:00
Bernardo Damele
1a052245a6 duplicate code 2011-04-30 00:25:15 +00:00
Bernardo Damele
a5968fff3e Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 00:22:22 +00:00
Bernardo Damele
529595fd85 Moved method below 2011-04-29 22:37:43 +00:00
Bernardo Damele
956e75e2b5 Minor adjustment to --mobile.
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Bernardo Damele
14bf6abb7e Minor layout adjustment 2011-04-29 21:40:48 +00:00
Bernardo Damele
f449688f93 Proper resume of --schema data when calling with --columns switch, minor fixes too 2011-04-29 21:17:59 +00:00
Bernardo Damele
a23ca952e4 Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason 2011-04-29 21:09:07 +00:00
Miroslav Stampar
46f96f3c4c removing Kindle from list as it's not really a smartphone 2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9 implemented --mobile switch 2011-04-29 19:27:23 +00:00
Miroslav Stampar
b299912de4 fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost 2011-04-29 16:56:02 +00:00
Miroslav Stampar
6bb4dce3aa minor refactoring 2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8 fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer) 2011-04-29 14:40:28 +00:00
Miroslav Stampar
a6015b59df fix for a bug reported by jaccovantuijl@gmail.​com (entries = zip(*[entries[colName] for colName in colList])) 2011-04-29 14:33:47 +00:00
Bernardo Damele
9927f5a7db Let --schema work also for Sybase and MaxDB 2011-04-29 00:02:28 +00:00
Bernardo Damele
edac0b2558 Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema 2011-04-28 23:59:00 +00:00
Bernardo Damele
d3ed3268c3 minor adjustments 2011-04-28 21:17:06 +00:00
Bernardo Damele
8e63e1b70d more people to thanks 2011-04-28 21:15:15 +00:00
Bernardo Damele
3e66dae103 as we don't use UPX anymore.. 2011-04-28 20:54:21 +00:00
Bernardo Damele
441c288dd9 cosmeticados 2011-04-25 00:36:09 +00:00
Bernardo Damele
98f9f3e774 Minor bug fix in local shellcodeexec for Windows path 2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0a534dee5 Do not even prompt for ICMP tunnel if the target OS is not Windows 2011-04-23 21:57:07 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
75142b383d huge speed up (4x times faster) 2011-04-22 21:00:42 +00:00