Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							950dba5139 
							
						 
					 
					
						
						
							
							Minor bug fix for --start and --stop  
						
						
						
					 
					
						2010-02-02 14:17:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7faefcca88 
							
						 
					 
					
						
						
							
							Minor logging messages adjustments  
						
						
						
					 
					
						2010-01-29 23:19:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							200518724c 
							
						 
					 
					
						
						
							
							By default do not use Churrasco, but still let the user choose it.  
						
						... 
						
						
						
						The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'. 
						
					 
					
						2010-01-29 02:27:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							144dc1b8c4 
							
						 
					 
					
						
						
							
							Show proper warning message when --priv-esc is provided and underlying OS is not Windows  
						
						
						
					 
					
						2010-01-28 17:22:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							732ed48e2b 
							
						 
					 
					
						
						
							
							some refactoring regarding decloaking  
						
						
						
					 
					
						2010-01-28 16:50:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							921e449454 
							
						 
					 
					
						
						
							
							added support for cloaking Churrasco.exe file  
						
						
						
					 
					
						2010-01-28 00:07:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6437c16156 
							
						 
					 
					
						
						
							
							run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see  #149 ).  
						
						
						
					 
					
						2010-01-26 01:14:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6d697d60b2 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2010-01-15 18:00:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1d968f51e9 
							
						 
					 
					
						
						
							
							More code refactoring  
						
						
						
					 
					
						2010-01-14 15:11:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c9863bc1d2 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2010-01-14 14:33:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							070ccc30e9 
							
						 
					 
					
						
						
							
							Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.  
						
						... 
						
						
						
						Updated ChangeLog.
Major code refactoring. 
						
					 
					
						2010-01-14 14:03:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							746cbdba96 
							
						 
					 
					
						
						
							
							Added support for takeover functionalities on PgSQL 8.4 running on Windows  
						
						
						
					 
					
						2010-01-14 01:40:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b4ddfe8333 
							
						 
					 
					
						
						
							
							Minor bug fixed (variable undeclared)  
						
						
						
					 
					
						2010-01-13 21:26:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4a72ad113a 
							
						 
					 
					
						
						
							
							Enhancements to PostgreSQL active fingerprint, now it covers also PostgreSQL 8.4 and minor speedups.  
						
						
						
					 
					
						2010-01-12 11:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c7e1649655 
							
						 
					 
					
						
						
							
							Minor speedup  
						
						
						
					 
					
						2010-01-12 11:43:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3a9f685e18 
							
						 
					 
					
						
						
							
							Enhancements to MySQL active fingerprint and comment injection fingerprint, now it covers also MySQL 5.5.x and improved on MySQL 5.1.x.  
						
						
						
					 
					
						2010-01-12 11:21:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4512ef56d1 
							
						 
					 
					
						
						
							
							Minor bug fixes  
						
						
						
					 
					
						2010-01-11 13:06:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							80bd146696 
							
						 
					 
					
						
						
							
							Added support for --dump with -C also on MSSQL  
						
						
						
					 
					
						2010-01-10 19:12:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e5dc3f51c8 
							
						 
					 
					
						
						
							
							Display a better message for the moment while working on support for --dump -C on MSSQL  
						
						
						
					 
					
						2010-01-10 00:30:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6c1b31d93c 
							
						 
					 
					
						
						
							
							Adjusted --columns with -C also for Microsoft SQL Server  
						
						
						
					 
					
						2010-01-10 00:21:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ef1180c3c2 
							
						 
					 
					
						
						
							
							Ask also which table(s) to enumerate from when --dump and -C are provided (but not -T) and minor layout adjustment  
						
						
						
					 
					
						2010-01-09 21:39:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f316e722c1 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.  
						
						... 
						
						
						
						--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes. 
						
					 
					
						2010-01-09 00:05:00 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							80df1fdcf9 
							
						 
					 
					
						
						
							
							Minor bug fix with --sql-query/shell when providing a statement with DISTINCT  
						
						
						
					 
					
						2010-01-05 16:15:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bb61010a45 
							
						 
					 
					
						
						
							
							Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling.  
						
						
						
					 
					
						2010-01-04 15:02:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2eb24c6368 
							
						 
					 
					
						
						
							
							Avoid useless queries  
						
						
						
					 
					
						2010-01-04 12:35:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							236ca9b952 
							
						 
					 
					
						
						
							
							Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859).  
						
						
						
					 
					
						2010-01-04 10:47:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ce022a3b6e 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.  
						
						
						
					 
					
						2010-01-02 02:02:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e6c4154cac 
							
						 
					 
					
						
						
							
							Fixed minor bug in --reg-del  
						
						
						
					 
					
						2009-12-21 11:04:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e081cdc6 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.  
						
						
						
					 
					
						2009-12-17 22:04:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e36a6f8ed 
							
						 
					 
					
						
						
							
							Major enhancement to MSSQL MS09-004 exploit  
						
						
						
					 
					
						2009-11-17 23:33:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1bf6a7cadc 
							
						 
					 
					
						
						
							
							Adapted sqlmap to latest changes in Metasploit trunk  
						
						
						
					 
					
						2009-11-03 16:49:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							89c43893d4 
							
						 
					 
					
						
						
							
							Merged back from personal branch to trunk (svn merge -r846:940 ...)  
						
						... 
						
						
						
						Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring. 
						
					 
					
						2009-09-25 23:03:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							458d59416c 
							
						 
					 
					
						
						
							
							Minor bug fix in MSSQL version fingerprint  
						
						
						
					 
					
						2009-08-11 09:16:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17289c5ff2 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2009-07-30 12:01:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3d4bfb3263 
							
						 
					 
					
						
						
							
							More appropriate warning message, got rid of a TODO  
						
						
						
					 
					
						2009-07-24 23:20:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8096a37940 
							
						 
					 
					
						
						
							
							Major bug fix in --read-file option and minor code refactoring.  
						
						
						
					 
					
						2009-07-09 11:50:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4b622ed860 
							
						 
					 
					
						
						
							
							Minor bug fix.  
						
						... 
						
						
						
						Adapted Metasploit wrapping functions to work with latest msf3 development version too. 
						
					 
					
						2009-07-06 14:40:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ba2e009fd9 
							
						 
					 
					
						
						
							
							Now it's fixed  
						
						
						
					 
					
						2009-06-29 10:15:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bc31bd1dd9 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2009-06-29 10:13:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							03a6739fbf 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2009-06-11 15:34:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							02f6425db8 
							
						 
					 
					
						
						
							
							Work-around to avoid a TypeError traceback when reading a file content on MySQL/MSSQL  
						
						
						
					 
					
						2009-06-02 14:24:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							440a52b84d 
							
						 
					 
					
						
						
							
							Major bug fix to sql-query/sql-shell functionalities  
						
						
						
					 
					
						2009-05-20 10:19:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a727427299 
							
						 
					 
					
						
						
							
							Minor fix for Python <= 2.5.2 (os.path.normpath function)  
						
						
						
					 
					
						2009-05-06 13:37:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c5d20b8a86 
							
						 
					 
					
						
						
							
							Initial support for ASP web backdoor functionality  
						
						
						
					 
					
						2009-05-06 12:14:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f3e8d6db70 
							
						 
					 
					
						
						
							
							Fixed MySQL comment injection  
						
						
						
					 
					
						2009-05-01 16:29:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							57b8bb4c8e 
							
						 
					 
					
						
						
							
							Minor syntax adjustment for web backdoor functionality  
						
						
						
					 
					
						2009-04-28 21:51:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1d7de719b9 
							
						 
					 
					
						
						
							
							Almost done with web backdoor functionality  
						
						
						
					 
					
						2009-04-28 11:05:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							16b4530bbe 
							
						 
					 
					
						
						
							
							Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).  
						
						... 
						
						
						
						Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS. 
						
					 
					
						2009-04-27 23:05:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06e8546177 
							
						 
					 
					
						
						
							
							Finally fixed MSSQL 2000 fingerprint  
						
						
						
					 
					
						2009-04-24 10:26:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eeb34eb028 
							
						 
					 
					
						
						
							
							Again, minor fix to MSSQL 2000 fingerprint  
						
						
						
					 
					
						2009-04-23 21:13:34 +00:00