Commit Graph

138 Commits

Author SHA1 Message Date
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Miroslav Stampar
41924a6ead fix for a bug reported by saccurso@skygear.com​.ar (UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 0: ordinal
not in range(128))
2011-04-21 23:17:16 +00:00
Bernardo Damele
8e2e06a7a3 layout adjustment 2011-04-21 09:25:42 +00:00
Miroslav Stampar
354a2ce249 'chardet' heuristic engine added to the project 2011-04-18 13:38:46 +00:00
Bernardo Damele
79d5804519 added propset 2011-04-15 16:28:48 +00:00
Bernardo Damele
48f916d5a4 Fixed a minor bug 2011-04-15 16:25:42 +00:00
Miroslav Stampar
c461fdca54 some refactoring 2011-04-15 13:51:06 +00:00
Miroslav Stampar
bf6ea35145 adding new tool safe2bin for decoding safe encoded values 2011-04-15 13:41:50 +00:00
Miroslav Stampar
a883316e22 i was on some heavy drugs (sys.stdout = fpOut) 2011-04-15 12:58:56 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
7c61931b96 Added notes on how to compile and get small shared libraries for UDF 2011-04-12 09:53:52 +00:00
Miroslav Stampar
305115a68b important improvement of data handling (POST data and header values) 2011-04-03 15:02:52 +00:00
Miroslav Stampar
cd7e4f5afc improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form) 2011-04-01 22:12:24 +00:00
Miroslav Stampar
d8f7c4bc4c minor update regarding support for crypt(3) 2011-03-26 21:41:37 +00:00
Miroslav Stampar
63b8156c00 some update (if header key is non-unicode comformant) 2011-02-25 09:43:04 +00:00
Miroslav Stampar
2bbbc9a41e few updates 2011-02-25 09:35:24 +00:00
Bernardo Damele
156d8cd99b Directory restyling 2011-02-08 00:15:02 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Bernardo Damele
6a71629575 Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Miroslav Stampar
4df8a03c04 using OrderedDict to store parameters in order of appearance 2011-02-04 18:07:21 +00:00
Miroslav Stampar
a8fea8e4a8 fix for a bug noticed when using --keep-alive --threads on IIS/MSSQL 2011-02-03 15:09:53 +00:00
Bernardo Damele
06bb369da5 GCC 4.3 makes Linux/MySQL shared objects smaller 2011-02-03 14:59:31 +00:00
Bernardo Damele
8cf88dd0da Ready with PgSQL/Linux/32bit shared object too now 2011-02-03 12:28:00 +00:00
Miroslav Stampar
6393495eb0 comment added 2011-01-31 11:58:35 +00:00
Miroslav Stampar
1b4d68c844 minor update 2011-01-31 11:56:20 +00:00
Miroslav Stampar
fb3513650d adding ID properties 2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8 refactoring of MSSQL XML banner parsing 2011-01-31 11:38:00 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
b1c7a17163 fix for a bug reported by malice.anon@gmail.com (UnicodeEncodeError..self.sock.sendall(str)) 2011-01-28 13:26:20 +00:00
Miroslav Stampar
bb6e36fb02 minor updates 2011-01-27 12:38:39 +00:00
Miroslav Stampar
20df2bbd10 minor fix 2011-01-25 15:44:45 +00:00
Miroslav Stampar
c7f260a8bc minor update 2011-01-25 12:54:49 +00:00
Miroslav Stampar
98e48bd682 new script 2011-01-25 12:48:50 +00:00
Miroslav Stampar
bd2e036412 minor fix 2011-01-20 22:00:16 +00:00
Bernardo Damele
1d06c64149 Indentation fix 2011-01-20 21:56:38 +00:00
Bernardo Damele
aa8a20d241 Minor bug fix for a traceback 2011-01-20 21:50:21 +00:00
Miroslav Stampar
44504746cf minor update 2011-01-15 13:43:08 +00:00
Miroslav Stampar
6942c9a001 same thing with mysql as in last commit 2011-01-05 14:41:38 +00:00
Miroslav Stampar
a136915ab6 bug fix for postgre's --os-shell (when there was an error in command executed and/or no output chars, garbled output was returned) 2011-01-05 14:36:41 +00:00
Miroslav Stampar
5c6c870db4 removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode 2011-01-02 08:43:38 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Miroslav Stampar
b26e09fc71 another minor update 2010-12-09 12:49:29 +00:00
Miroslav Stampar
f712d2477e removed duplicate entries inside common wordlists (tables & columns) and added a script which does that automatically 2010-12-09 12:41:16 +00:00
Miroslav Stampar
06395b5408 update 2010-12-09 12:03:10 +00:00
Miroslav Stampar
1f8a9fe033 foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch) 2010-11-20 13:14:13 +00:00
Miroslav Stampar
ef1809464d bug fix for that BadStatusLine (http://bugs.python.org/issue8450) 2010-11-05 11:58:20 +00:00
Miroslav Stampar
effd712ecf added new directory with shell utils needed here and there for project maintanence 2010-11-03 10:19:31 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac implemented --banner for MaxDB and some minor fixes 2010-11-02 20:51:55 +00:00
Bernardo Damele
963fcb57b6 Minor bug fix 2010-10-29 12:36:37 +00:00