Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4c91b5a896 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-05-10 14:18:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a1b1f960cc 
							
						 
					 
					
						
						
							
							Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function  
						
						
						
					 
					
						2010-04-23 16:34:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1bcec80e95 
							
						 
					 
					
						
						
							
							fix for that takeover bug Ethan Robish posted (Windows/PHP)  
						
						
						
					 
					
						2010-04-22 10:31:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b19de015c5 
							
						 
					 
					
						
						
							
							Minor bugs fixes  
						
						
						
					 
					
						2010-03-31 13:52:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d00e4a458a 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2010-03-21 00:39:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4c6c91a80b 
							
						 
					 
					
						
						
							
							another --reg-read fix  
						
						
						
					 
					
						2010-03-12 23:12:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d8cc1a482 
							
						 
					 
					
						
						
							
							Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:  
						
						... 
						
						
						
						1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.
Minor layout adjustments. 
						
					 
					
						2010-03-12 22:43:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6b1ae62753 
							
						 
					 
					
						
						
							
							final fix for reading registry keys (now both parse and non-parse reads work fine)  
						
						
						
					 
					
						2010-03-12 22:26:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0a2fe651ab 
							
						 
					 
					
						
						
							
							some fixes regarding registry reading  
						
						
						
					 
					
						2010-03-12 22:09:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b50a2288f4 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2010-03-11 23:54:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cc611c0010 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2010-03-09 22:14:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							156fdd96ef 
							
						 
					 
					
						
						
							
							Updated copyright  
						
						
						
					 
					
						2010-03-03 15:26:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f452480b3 
							
						 
					 
					
						
						
							
							Minor bug fix in syntax  
						
						
						
					 
					
						2010-03-01 14:40:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f53ef947f1 
							
						 
					 
					
						
						
							
							Slightly stealthier  
						
						
						
					 
					
						2010-02-26 13:14:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							694356821d 
							
						 
					 
					
						
						
							
							sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious  
						
						
						
					 
					
						2010-02-26 13:13:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1f2a1bb24c 
							
						 
					 
					
						
						
							
							removed some redundant code  
						
						
						
					 
					
						2010-02-26 12:36:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4c34ff86c 
							
						 
					 
					
						
						
							
							changed default web server language behaviour  
						
						
						
					 
					
						2010-02-25 16:55:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0913d700a8 
							
						 
					 
					
						
						
							
							important update regarding default directories  
						
						
						
					 
					
						2010-02-25 15:22:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4a3fa69f9d 
							
						 
					 
					
						
						
							
							minor adjustment  
						
						
						
					 
					
						2010-02-25 15:07:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0df5b5fed9 
							
						 
					 
					
						
						
							
							Minor bug fix and code adjustments  
						
						
						
					 
					
						2010-02-25 14:06:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							24d3e24db0 
							
						 
					 
					
						
						
							
							more updates regarding --os-shell feature  
						
						
						
					 
					
						2010-02-25 12:16:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b558712a47 
							
						 
					 
					
						
						
							
							more feature updates  
						
						
						
					 
					
						2010-02-25 11:40:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							15d1fcbb7f 
							
						 
					 
					
						
						
							
							now runcmd exe has random name too  
						
						
						
					 
					
						2010-02-25 10:47:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2cafd5697b 
							
						 
					 
					
						
						
							
							new changes regarding --os-shell  
						
						
						
					 
					
						2010-02-25 10:33:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							858cb25975 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-02-24 23:40:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2a07af2294 
							
						 
					 
					
						
						
							
							removed pdb tracing  
						
						
						
					 
					
						2010-02-20 22:36:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0debc95ad4 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2010-02-20 22:31:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d1e3596382 
							
						 
					 
					
						
						
							
							Minor UPX adjustment  
						
						
						
					 
					
						2010-02-20 19:02:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0ed5ba5559 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-02-16 13:24:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c4951fd631 
							
						 
					 
					
						
						
							
							some updates regarding --os-shell option  
						
						
						
					 
					
						2010-02-16 13:20:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							dc06b40ddc 
							
						 
					 
					
						
						
							
							Minor exception message fix  
						
						
						
					 
					
						2010-02-11 23:07:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							89dc99188d 
							
						 
					 
					
						
						
							
							--read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.  
						
						... 
						
						
						
						Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring. 
						
					 
					
						2010-02-11 22:57:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00a23ace9a 
							
						 
					 
					
						
						
							
							some changes regarding web takeover  
						
						
						
					 
					
						2010-02-09 14:27:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5c92fad5dc 
							
						 
					 
					
						
						
							
							Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method  
						
						
						
					 
					
						2010-02-05 23:14:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d291464cd4 
							
						 
					 
					
						
						
							
							code refactoring regarding path normalization  
						
						
						
					 
					
						2010-02-04 14:50:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dbd52c52e4 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-02-04 14:39:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec63fc4036 
							
						 
					 
					
						
						
							
							code refactoring - added functions posixToNtSlashes and ntToPosixSlashes  
						
						
						
					 
					
						2010-02-04 14:37:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							87239476af 
							
						 
					 
					
						
						
							
							more fixes :)  
						
						
						
					 
					
						2010-02-04 10:10:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4699f389d 
							
						 
					 
					
						
						
							
							some bug fixes regarding --os-shell usage against windows servers  
						
						
						
					 
					
						2010-02-04 09:49:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ea045eaa2f 
							
						 
					 
					
						
						
							
							fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)  
						
						... 
						
						
						
						also, fixed some issues with Windows paths 
						
					 
					
						2010-02-03 16:40:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c88e32f9d 
							
						 
					 
					
						
						
							
							bug fix for 404 program termination during shell upload attempt  
						
						
						
					 
					
						2010-02-03 16:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							565433097e 
							
						 
					 
					
						
						
							
							used normalizePath instead of os.path.normalize  
						
						
						
					 
					
						2010-02-03 16:10:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							87c8bdbc29 
							
						 
					 
					
						
						
							
							removed pdb tracing  
						
						
						
					 
					
						2010-02-03 14:52:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c74b920f54 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-02-03 14:49:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							979c919dc7 
							
						 
					 
					
						
						
							
							Minor logging message adjustment  
						
						
						
					 
					
						2010-01-29 22:58:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e8b0fd90c8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-01-29 19:32:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							767c67e37a 
							
						 
					 
					
						
						
							
							--priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique  
						
						
						
					 
					
						2010-01-29 14:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							061794650f 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-01-29 10:15:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							92817159dc 
							
						 
					 
					
						
						
							
							cloaked upx for windows (used mkstemp because of execution and file access rights problem)  
						
						
						
					 
					
						2010-01-29 10:12:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							200518724c 
							
						 
					 
					
						
						
							
							By default do not use Churrasco, but still let the user choose it.  
						
						... 
						
						
						
						The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'. 
						
					 
					
						2010-01-29 02:27:50 +00:00