Miroslav Stampar
f8c9868cb6
Implementation for an Issue #118
2012-07-24 15:34:50 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Bernardo Damele
d3da3f5c52
refactoring for issue #51
2012-07-10 00:19:32 +01:00
Bernardo Damele
25eca9d671
finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34
2012-07-09 14:26:23 +01:00
Bernardo Damele
99c5ea54f7
cleanup for #34
2012-07-09 12:39:43 +01:00
Bernardo Damele
d08a54e375
properly display the command stdout
2012-07-09 10:52:48 +01:00
Miroslav Stampar
54e0a2d8ee
--os-shell now works perfect for inference-like techniques too
2012-07-07 17:57:06 +02:00
Miroslav Stampar
58f6687194
Some refactoring (reusing xpCmdshellForgeCmd)
2012-07-07 10:51:29 +02:00
Miroslav Stampar
8620767b77
Proper fix
2012-07-07 10:38:07 +02:00
Miroslav Stampar
1c69eb5d30
Revert "major fix"
...
This reverts commit 3a11fc2d9e
.
2012-07-07 10:26:13 +02:00
Bernardo Damele
3a11fc2d9e
major fix
2012-07-06 22:55:34 +01:00
Miroslav Stampar
982fcde1c0
Fix for Issue #62
2012-07-06 12:24:55 +02:00
Bernardo Damele
fd4cfb0cc0
working on #51
2012-07-02 15:28:19 +01:00
Bernardo Damele
04d803c7fd
more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)
2012-07-02 15:02:00 +01:00
Bernardo Damele
b7d2680e55
minor refactoring, issue #51
2012-07-02 12:50:26 +01:00
Bernardo Damele
add8352804
make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too
2012-07-02 02:14:03 +01:00
Bernardo Damele
6697927098
initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap
2012-07-02 02:04:19 +01:00
Bernardo Damele
18be319d13
hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run
2012-07-01 23:41:10 +01:00
Bernardo Damele
ff9e97a42c
minor code refactoring
2012-07-01 23:31:45 +01:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Bernardo Damele
4da03d898e
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
2012-04-25 07:40:42 +00:00
Miroslav Stampar
e05109812f
minor improvements regarding data retrieval through DNS channel
2012-04-03 09:18:30 +00:00
Bernardo Damele
1e71b24dca
More info messages to prove xp_cmdshell (and temporary directory choosen) worked
2012-03-14 22:41:53 +00:00
Miroslav Stampar
34b0935cb3
refactoring "echo 1" quick test for xp_cmdshell console output
2012-03-13 10:36:49 +00:00
Miroslav Stampar
85125018a1
minor bug fix
2012-02-25 22:54:32 +00:00
Miroslav Stampar
06ab3fa134
minor update
2012-02-25 10:53:38 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
8d7912ad34
minor update and refactoring
2012-02-15 14:05:50 +00:00
Miroslav Stampar
9059d30312
adding first code example for SPL snippets
2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113
bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt)
2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e
minor update (it was working before too, but this is cleaner)
2012-02-15 10:14:29 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
b667c50588
store/resume info on xp_cmd available in session file
2011-04-21 14:25:04 +00:00
Miroslav Stampar
e4d3190f41
reverting back to NVARCHAR because of error technique
2011-04-20 12:59:23 +00:00
Miroslav Stampar
7993f3f12d
way better for storing bulk of data (like BLOB on mysql)
2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd
revert
2011-04-20 10:34:34 +00:00
Miroslav Stampar
1c1c20fb64
minor update
2011-04-20 09:34:00 +00:00
Miroslav Stampar
44926757da
minor update
2011-04-20 09:23:08 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Bernardo Damele
b33ac19d39
Minor fix
2011-02-07 12:36:00 +00:00
Miroslav Stampar
e023e0d233
proper fix
2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
2011-02-07 10:22:43 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Bernardo Damele
47fa600c04
Minor fix and cosmetics
2011-01-24 11:12:33 +00:00