Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a2bb0d72e8 
							
						 
					 
					
						
						
							
							fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)  
						
						
						
					 
					
						2011-04-29 14:40:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6015b59df 
							
						 
					 
					
						
						
							
							fix for a bug reported by jaccovantuijl@gmail.com (entries = zip(*[entries[colName] for colName in colList]))  
						
						
						
					 
					
						2011-04-29 14:33:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9927f5a7db 
							
						 
					 
					
						
						
							
							Let --schema work also for Sybase and MaxDB  
						
						
						
					 
					
						2011-04-29 00:02:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							edac0b2558 
							
						 
					 
					
						
						
							
							Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema  
						
						
						
					 
					
						2011-04-28 23:59:00 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d3ed3268c3 
							
						 
					 
					
						
						
							
							minor adjustments  
						
						
						
					 
					
						2011-04-28 21:17:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e63e1b70d 
							
						 
					 
					
						
						
							
							more people to thanks  
						
						
						
					 
					
						2011-04-28 21:15:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3e66dae103 
							
						 
					 
					
						
						
							
							as we don't use UPX anymore..  
						
						
						
					 
					
						2011-04-28 20:54:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							441c288dd9 
							
						 
					 
					
						
						
							
							cosmeticados  
						
						
						
					 
					
						2011-04-25 00:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							98f9f3e774 
							
						 
					 
					
						
						
							
							Minor bug fix in local shellcodeexec for Windows path  
						
						
						
					 
					
						2011-04-25 00:03:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e35f25b2cb 
							
						 
					 
					
						
						
							
							Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:  
						
						... 
						
						
						
						* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring. 
						
					 
					
						2011-04-24 23:01:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d0a534dee5 
							
						 
					 
					
						
						
							
							Do not even prompt for ICMP tunnel if the target OS is not Windows  
						
						
						
					 
					
						2011-04-23 21:57:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d0dff82ce0 
							
						 
					 
					
						
						
							
							Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch  
						
						
						
					 
					
						2011-04-23 16:25:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							75142b383d 
							
						 
					 
					
						
						
							
							huge speed up (4x times faster)  
						
						
						
					 
					
						2011-04-22 21:00:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f88aa4b165 
							
						 
					 
					
						
						
							
							implemented suppressResumeInfo mechanism (huge slowdown on large tables)  
						
						
						
					 
					
						2011-04-22 19:58:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							493b9adf8e 
							
						 
					 
					
						
						
							
							speed up of resume values (compiled regexes used)  
						
						
						
					 
					
						2011-04-22 19:27:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7b3b9e6a87 
							
						 
					 
					
						
						
							
							it seems that this was indeed not meant to be here  
						
						
						
					 
					
						2011-04-22 15:07:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							304500a2e8 
							
						 
					 
					
						
						
							
							implemented checkFalsePositives method (simple Turing like tests)  
						
						
						
					 
					
						2011-04-22 12:24:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7df954dd9f 
							
						 
					 
					
						
						
							
							paranoy  
						
						
						
					 
					
						2011-04-21 23:41:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0764c4c752 
							
						 
					 
					
						
						
							
							parenthesis were missing; banning OR NOT from payloads  
						
						
						
					 
					
						2011-04-21 23:32:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							41924a6ead 
							
						 
					 
					
						
						
							
							fix for a bug reported by saccurso@skygear.com.ar (UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 0: ordinal  
						
						... 
						
						
						
						not in range(128)) 
						
					 
					
						2011-04-21 23:17:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1d61611145 
							
						 
					 
					
						
						
							
							leftover  
						
						
						
					 
					
						2011-04-21 22:46:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f3088079c0 
							
						 
					 
					
						
						
							
							error message adjustment  
						
						
						
					 
					
						2011-04-21 22:31:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eabb5a2ba7 
							
						 
					 
					
						
						
							
							More adjustments to the error message when no sql injections are detected  
						
						
						
					 
					
						2011-04-21 22:04:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6d07dddf60 
							
						 
					 
					
						
						
							
							updated doc and minor layout adjustments  
						
						
						
					 
					
						2011-04-21 21:53:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06a00fe85e 
							
						 
					 
					
						
						
							
							For development version, print also the revision number in the banner  
						
						
						
					 
					
						2011-04-21 21:34:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							770b1523ff 
							
						 
					 
					
						
						
							
							More verbose output when no SQL injections are detected  
						
						
						
					 
					
						2011-04-21 21:31:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							edc2d75702 
							
						 
					 
					
						
						
							
							Cosmetics and major bug fix  
						
						
						
					 
					
						2011-04-21 21:15:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							870f773d70 
							
						 
					 
					
						
						
							
							In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this  
						
						
						
					 
					
						2011-04-21 20:36:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d2f102f5a1 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-04-21 20:21:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							148fb26301 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2011-04-21 17:34:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e181d5412e 
							
						 
					 
					
						
						
							
							fix for a bug reported by aboynes@gmail.com (@@datadir not available on MySQL 4)  
						
						
						
					 
					
						2011-04-21 17:33:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bd4fbb3251 
							
						 
					 
					
						
						
							
							fix for a bug reported by l0rda@l0rda.biz (TypeError: cannot concatenate 'str' and 'NoneType' objects)  
						
						
						
					 
					
						2011-04-21 14:53:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b667c50588 
							
						 
					 
					
						
						
							
							store/resume info on xp_cmd available in session file  
						
						
						
					 
					
						2011-04-21 14:25:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							930872cf3b 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2011-04-21 14:20:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a313df4d37 
							
						 
					 
					
						
						
							
							Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file  
						
						
						
					 
					
						2011-04-21 14:05:37 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fbe5ba5394 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-04-21 10:54:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e1a8d268d8 
							
						 
					 
					
						
						
							
							fix for UPX linux/macos  
						
						
						
					 
					
						2011-04-21 10:52:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d8fc2bbd8 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-04-21 10:17:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							11ecd16099 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-04-21 10:08:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9ccf720c05 
							
						 
					 
					
						
						
							
							removing funny remark  
						
						
						
					 
					
						2011-04-21 10:06:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a91e6a8440 
							
						 
					 
					
						
						
							
							layout  
						
						
						
					 
					
						2011-04-21 10:03:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cbfe743bad 
							
						 
					 
					
						
						
							
							added a comment  
						
						
						
					 
					
						2011-04-21 10:01:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c84c4d835f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-21 09:31:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e2e06a7a3 
							
						 
					 
					
						
						
							
							layout adjustment  
						
						
						
					 
					
						2011-04-21 09:25:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5052013ffa 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-20 14:48:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f909ecb369 
							
						 
					 
					
						
						
							
							bug fix for mssqlserver escape  
						
						
						
					 
					
						2011-04-20 13:41:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4d3190f41 
							
						 
					 
					
						
						
							
							reverting back to NVARCHAR because of error technique  
						
						
						
					 
					
						2011-04-20 12:59:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3607f03a9e 
							
						 
					 
					
						
						
							
							fix of a minor typo  
						
						
						
					 
					
						2011-04-20 12:42:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1286cc0913 
							
						 
					 
					
						
						
							
							now showing trimmed output in for of warning message (UNION and ERROR techniques affected)  
						
						
						
					 
					
						2011-04-20 12:41:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7993f3f12d 
							
						 
					 
					
						
						
							
							way better for storing bulk of data (like BLOB on mysql)  
						
						
						
					 
					
						2011-04-20 11:44:52 +00:00