Miroslav Stampar
b26e09fc71
another minor update
2010-12-09 12:49:29 +00:00
Miroslav Stampar
f712d2477e
removed duplicate entries inside common wordlists (tables & columns) and added a script which does that automatically
2010-12-09 12:41:16 +00:00
Miroslav Stampar
06395b5408
update
2010-12-09 12:03:10 +00:00
Miroslav Stampar
1f8a9fe033
foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch)
2010-11-20 13:14:13 +00:00
Miroslav Stampar
ef1809464d
bug fix for that BadStatusLine ( http://bugs.python.org/issue8450 )
2010-11-05 11:58:20 +00:00
Miroslav Stampar
effd712ecf
added new directory with shell utils needed here and there for project maintanence
2010-11-03 10:19:31 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Bernardo Damele
963fcb57b6
Minor bug fix
2010-10-29 12:36:37 +00:00
Bernardo Damele
72a901347d
Adjustments
2010-10-29 10:06:28 +00:00
Miroslav Stampar
53e735ea9d
cosmetics
2010-10-29 10:03:44 +00:00
Miroslav Stampar
cc6efc4015
new extra added
2010-10-29 09:59:18 +00:00
Bernardo Damele
2b2634e92c
As fcntl is only supported on Posix systems (no Windows) we need to check for the OS beforehand.
...
Added proper check for impacket library too.
2010-10-29 09:50:41 +00:00
Miroslav Stampar
1f5224f1ac
update
2010-10-28 23:13:30 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471
Minor bug fixes and enhancements to ICMPsh tunnel
2010-10-27 23:01:17 +00:00
Bernardo Damele
26cf6c2136
Adjusted impacket import check
2010-10-27 21:10:56 +00:00
Bernardo Damele
1870e17e5d
Written from scratch in Python the icmpsh master
2010-10-27 20:54:46 +00:00
Bernardo Damele
6075752c47
Added icmpsh from Nico Leidecker for future enhancement to --os-cmd and --os-pwn to make the user able to choose between TCP (Metasploit payloads) and ICMP (icmpsh software).
2010-10-27 14:36:45 +00:00
Miroslav Stampar
c5fb4edf3e
update of THANKS
2010-10-23 09:25:34 +00:00
Miroslav Stampar
2de3081b50
minor update
2010-10-21 23:03:42 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
73ececd903
added that "default" "Connection: keep-alive" header
2010-10-17 06:44:54 +00:00
Miroslav Stampar
5c3d21065a
bug fix (reported by nightman)
2010-10-16 21:29:35 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
dc50543ea4
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
2010-10-13 23:01:23 +00:00
Miroslav Stampar
6dcd05c39c
minor update
2010-10-11 14:38:04 +00:00
Miroslav Stampar
8fcad29bbf
new feature --forms (still unfinished)
2010-10-10 18:56:43 +00:00
Miroslav Stampar
1e9ae40397
major refactoring
2010-10-07 12:12:26 +00:00
Miroslav Stampar
4edf6ebe00
update for smoke tests
2010-08-20 21:01:51 +00:00
Miroslav Stampar
092829c189
implemented basic smoke testing mechanism
2010-07-30 12:49:25 +00:00
Miroslav Stampar
f033943815
new file added
2010-07-30 11:47:32 +00:00
Bernardo Damele
fa1357b40f
Alignment of UDF source code
2010-07-01 15:44:47 +00:00
Miroslav Stampar
6f03a9ab5c
update
2010-06-11 08:46:40 +00:00
Bernardo Damele
2835ad667e
Minor exception adjustment
2010-06-10 21:11:14 +00:00
Miroslav Stampar
0e1bbf6375
patching and patching and patching
2010-06-10 17:05:13 +00:00
Miroslav Stampar
d56cc09fb7
fix
2010-06-10 16:23:39 +00:00
Miroslav Stampar
77691b8e16
fix for that keepalive (not only IIS issue)
2010-06-10 16:05:32 +00:00
Bernardo Damele
887adfcf10
Minor adjustments to extra/ libraries
2010-06-09 21:43:22 +00:00
Miroslav Stampar
654d707d5d
fixed header
2010-06-07 09:05:09 +00:00
Miroslav Stampar
38e5e342f8
added prettyprint module with fixed toprettyxml() method
2010-06-07 09:03:03 +00:00
Miroslav Stampar
4d6d5c8447
multi-threading patch
2010-06-01 18:40:34 +00:00
Miroslav Stampar
eb94edc48c
added keepalive module
2010-06-01 12:21:10 +00:00
Bernardo Damele
03fb84e29f
Minor enhancement to internal --profile function
2010-05-21 15:06:05 +00:00
Miroslav Stampar
5fba470a91
added gprof2dot.py 3rd party script to extras
2010-05-21 10:12:56 +00:00
Bernardo Damele
652daa616e
Minor bug fix and layout adjustments
2010-04-06 21:57:15 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
31a2fad530
Extended copyright to 2010
2010-03-04 10:47:31 +00:00
Bernardo Damele
476e389d38
Extended copyright to 2010
2010-03-04 10:41:33 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
8076984f69
Adapted Visual Studio files to compile under VS2005 and recompiled UDFs' DLLs for Windows under VS2005 to make DLLs smaller (no need for UPX anymore)
2010-03-01 00:00:40 +00:00
Miroslav Stampar
dee15ed0b0
smaller code size generation
2010-02-25 20:18:08 +00:00
Miroslav Stampar
9ba01c94d3
size optimization (<8k)
2010-02-25 20:03:29 +00:00
Bernardo Damele
8f47b1a524
Added README file
2010-02-25 14:17:32 +00:00
Miroslav Stampar
8f26f30740
revert changes
2010-02-22 14:35:08 +00:00
Miroslav Stampar
ad0def7604
fix (pretty sure :)
2010-02-22 14:13:32 +00:00
Miroslav Stampar
7e5a980f1b
__asm keyword is not supported by Win64 (we'll need to find a solution for this). This keyword _M_IX86 is only defined on Win32.
2010-02-22 14:02:13 +00:00
Bernardo Damele
ccec743ba1
Minor adjustments to README files
2010-02-21 19:12:41 +00:00
Bernardo Damele
e05785fef6
Recompiled MySQL/Linux shared object, optimized for size (-Os)
2010-02-21 18:01:54 +00:00
Miroslav Stampar
60366f7168
new program for running command prompt commands
2010-02-21 08:52:54 +00:00
Bernardo Damele
af1d9f129c
Recompiled and tested PostgreSQL shared object (Linux) optimized for size (gcc flag -Os).
2010-02-20 19:10:55 +00:00
Bernardo Damele
b28aeef8ff
Aligned PostgreSQL shared object source code for Linux
2010-02-19 17:11:17 +00:00
Miroslav Stampar
3fea964538
fix, finally....
2010-02-19 16:44:37 +00:00
Miroslav Stampar
6db0905137
some fixes regarding caveats part of article at http://www.postgresql.org/docs/6.3/static/c3102.htm
2010-02-14 19:37:20 +00:00
Miroslav Stampar
1d55923c9d
some fixes regarding caveats part of article at http://www.postgresql.org/docs/6.3/static/c3102.htm
2010-02-14 19:36:02 +00:00
Bernardo Damele
8131f9c77c
Added and fixed README files
2010-02-12 00:20:53 +00:00
Bernardo Damele
a20bbc3974
Removed carriage return (\r) from UDFs shared library source code
2010-01-28 01:16:01 +00:00
Miroslav Stampar
a0eabb6719
Id property set
2010-01-27 14:28:34 +00:00
Miroslav Stampar
8a8dc73980
more fixes
2010-01-27 14:27:11 +00:00
Miroslav Stampar
6966c235a4
removed junk file
2010-01-27 13:57:19 +00:00
Miroslav Stampar
93b7994c0c
added new cloaking functionality for shell scripts
2010-01-27 13:56:26 +00:00
Bernardo Damele
49146e573a
Added sys_fileread() for PostgreSQL --read-file binary
2010-01-19 13:37:04 +00:00
Bernardo Damele
1febdcac9b
Added support for takeover functionalities on PgSQL 8.4 running on Linux too.
...
Recompilation of MySQL shared object with MySQL 5.1 development libraries on Debian 5.3.
Tweaked the UDF compilation/installation files for both MySQL and PgSQL.
2010-01-14 10:50:03 +00:00
Bernardo Damele
d4d26b59eb
Merged UDF Linux and Windows development environments
2010-01-14 01:51:20 +00:00
Bernardo Damele
1100b37feb
Minor adjustments to UDF source code and file system structure
2010-01-14 00:46:48 +00:00
Bernardo Damele
2915b5d7e9
Partial cleanup of UDF source code path
2010-01-13 23:18:17 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
f3e8d6db70
Fixed MySQL comment injection
2009-05-01 16:29:45 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
d54a51a328
Updated the HTML manual for the MySQL UDF and consequently other files. Thanks Roland!
2009-01-22 21:28:56 +00:00
Bernardo Damele
69204afe1f
Updated copyright
2009-01-22 00:41:57 +00:00
Bernardo Damele
9631dc115e
Added PostgreSQL UDF to execute commands on the underlying system:
...
* sys_eval() to return the standard output
* sys_exec() to return the exit status
Inspired by lib_mysqludf_sys 0.0.3 (https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/mysqludfsys/ )
2009-01-22 00:35:17 +00:00
Bernardo Damele
ae0f1985f3
Updated also the patch file
2009-01-21 20:54:14 +00:00
Bernardo Damele
deeccf9b5e
Updated tar.gz package
2009-01-21 00:53:10 +00:00
Bernardo Damele
1c5925ea2b
Minor adjustments
2009-01-21 00:52:23 +00:00
Bernardo Damele
96db179ffe
Minor adjustment
2009-01-19 21:26:02 +00:00
Bernardo Damele
161590e121
Added MySQL UDF to execute commands on the underlying system:
...
* sys_eval() to return the standard output
* sys_exec() to return the exit status
It's a patched version of http://mysqludf.org/lib_mysqludf_sys/index.php
2009-01-17 00:13:16 +00:00
Bernardo Damele
73e713c5ba
Minor adjustments
2009-01-12 23:59:07 +00:00
Bernardo Damele
26cb082fc3
Added a README for dbgtool
2009-01-12 23:17:15 +00:00
Bernardo Damele
de393628d0
Added dbgtool to extras, a port in python of toolcrypt.org dbgtool. Inspired by sqlninja perl script makescr.pl.
2009-01-12 23:02:02 +00:00
Bernardo Damele
bf2a857b9a
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 19:06:31 +00:00
Bernardo Damele
fee52bce3e
Minor improvements to sqlmap msf3 auxiliary modules based on Efrain Torres' commit on msf3 trunk, http://metasploit.com/dev/trac/changeset/5787
2008-10-25 19:43:13 +00:00
Bernardo Damele
fcc16b2346
Updated site, documentation (dev and user) and packaging scripts for 0.6.1
2008-10-20 13:43:18 +00:00
Bernardo Damele
016118ce7a
Some more fixes and adjustments before 0.6.1 release.
2008-10-17 15:26:43 +00:00
Bernardo Damele
8e3eb45510
After the storm, a restore..
2008-10-15 15:38:22 +00:00