Bernardo Damele
9126c84442
Refactoring (standardized with --search -C ...)
2011-06-08 16:39:41 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Bernardo Damele
cce3208b35
Cleanup
2011-06-08 14:15:34 +00:00
Bernardo Damele
161ece5587
Rephrase
2011-06-08 11:33:45 +00:00
Miroslav Stampar
f34b395c65
fixing typo
2011-06-07 14:58:22 +00:00
Miroslav Stampar
89a7516c35
bug fix
2011-06-06 09:55:22 +00:00
Miroslav Stampar
3fa8e1db72
better language
2011-05-31 15:45:54 +00:00
Miroslav Stampar
4bb9754dfe
using --dump for msaccess with -C switch was for some reason pain in the ass (you had to do the brute forcing again and again). now -C forces the result in those cases
2011-05-30 23:34:48 +00:00
Miroslav Stampar
bf2b58ba82
minor update
2011-05-26 15:23:28 +00:00
Miroslav Stampar
79f0b3a92a
adding support for --start and --stop for __pivotDumpTable
2011-05-26 15:16:57 +00:00
Miroslav Stampar
b6fe5b12a4
adding --schema to the wizard/Basic as it looks like a cool thingy to put there
2011-05-26 14:30:05 +00:00
Miroslav Stampar
a397baa89a
fix for a bug reported by viniciusmaxdaloop@gmail.com and few related patches
2011-05-26 08:17:21 +00:00
Miroslav Stampar
1067d43f14
minor update
2011-05-23 19:16:29 +00:00
Miroslav Stampar
0ed03d474f
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
2011-05-23 11:09:44 +00:00
Miroslav Stampar
7b52bbe3fb
reverting that ignoreTimeout for --tables (because of this and that)
2011-05-22 09:59:19 +00:00
Miroslav Stampar
9b2623514a
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170
type correction and adding global flag kb.ignoreTimeout which could be useful
2011-05-22 08:24:13 +00:00
Miroslav Stampar
5a979f7667
minor bug fix for empty colList; also added "do you want to use LIKE" (LIKE is default) question when -C used
2011-05-19 17:35:33 +00:00
Miroslav Stampar
4efc284b83
adding more info for --passwords
2011-05-11 12:35:32 +00:00
Bernardo Damele
b5f090cc4f
Minor bug fix
2011-05-10 15:48:48 +00:00
Bernardo Damele
ac74557614
Minor adjustment for --dump-all
2011-05-08 10:25:40 +00:00
Bernardo Damele
356037ca22
cosmetics
2011-05-08 02:11:34 +00:00
Bernardo Damele
9955483052
Major improvement for --dump.
...
Minor improvement for --dump-all.
Minor bug fix for infinite loop
2011-05-08 02:08:18 +00:00
Bernardo Damele
d3589493d1
Temporary fix for bug reported by ultramegaman (infinite loop)
2011-05-07 23:28:59 +00:00
Bernardo Damele
aae140080e
SVN roll back, DB2 patch will be recommitted after testing:
...
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054
applying contributed patch for DB2
2011-05-06 09:30:39 +00:00
Miroslav Stampar
eceb5eca7b
fix for --file-read on MSSQL for error technique (again that unpacking was causing problems); also reverting that check for file paths as one user mentioned that network paths are also possible for usage on Windows machines (e.g. \\bla\bla)
2011-05-02 21:55:06 +00:00
Miroslav Stampar
b327a78522
minor minor update of the last commit
2011-05-02 19:24:49 +00:00
Miroslav Stampar
0bb7d715a7
more user friendliness/handiness for users which mix Linux and Windows paths where they shouldn't do that
2011-05-02 19:18:28 +00:00
Miroslav Stampar
8e8886cd20
minor improvement for --sql-shell/--sql-query (when non-SELECT default is N for retrieve data output which automatically does STACKED injection)
2011-05-01 21:41:14 +00:00
Bernardo Damele
64bb480414
Do not raise otherwise it won't work with --schema
2011-04-30 23:20:16 +00:00
Bernardo Damele
b31b861d7b
Major rewrote of --columns: now it accepts -D only (enumerate all tables' columns of a specific database), -D and -T (enumerate all columns of a specific database's table), -T (enumerate all columns of a current database's table), etc.
2011-04-30 22:10:27 +00:00
Bernardo Damele
cb9b9c4204
Code refactoring and improvements to --dbs and --tables: now --tables accepts also -D CD as an alias for Current Database and as usual multiple database comma-separated are supported too
2011-04-30 15:29:19 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
36a9ddaacc
Minor bug fixes and code restyling for --privileges and --passwords
2011-04-30 14:50:27 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
1a052245a6
duplicate code
2011-04-30 00:25:15 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Bernardo Damele
529595fd85
Moved method below
2011-04-29 22:37:43 +00:00
Bernardo Damele
14bf6abb7e
Minor layout adjustment
2011-04-29 21:40:48 +00:00
Bernardo Damele
f449688f93
Proper resume of --schema data when calling with --columns switch, minor fixes too
2011-04-29 21:17:59 +00:00
Miroslav Stampar
a6015b59df
fix for a bug reported by jaccovantuijl@gmail.com (entries = zip(*[entries[colName] for colName in colList]))
2011-04-29 14:33:47 +00:00
Bernardo Damele
edac0b2558
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
2011-04-28 23:59:00 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0a534dee5
Do not even prompt for ICMP tunnel if the target OS is not Windows
2011-04-23 21:57:07 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
bd4fbb3251
fix for a bug reported by l0rda@l0rda.biz (TypeError: cannot concatenate 'str' and 'NoneType' objects)
2011-04-21 14:53:02 +00:00
Miroslav Stampar
5052013ffa
minor update
2011-04-20 14:48:23 +00:00