Commit Graph

112 Commits

Author SHA1 Message Date
Miroslav Stampar
54e0a2d8ee --os-shell now works perfect for inference-like techniques too 2012-07-07 17:57:06 +02:00
Miroslav Stampar
58f6687194 Some refactoring (reusing xpCmdshellForgeCmd) 2012-07-07 10:51:29 +02:00
Miroslav Stampar
8620767b77 Proper fix 2012-07-07 10:38:07 +02:00
Miroslav Stampar
1c69eb5d30 Revert "major fix"
This reverts commit 3a11fc2d9e.
2012-07-07 10:26:13 +02:00
Bernardo Damele
3a11fc2d9e major fix 2012-07-06 22:55:34 +01:00
Miroslav Stampar
982fcde1c0 Fix for Issue #62 2012-07-06 12:24:55 +02:00
Bernardo Damele
fd4cfb0cc0 working on #51 2012-07-02 15:28:19 +01:00
Bernardo Damele
04d803c7fd more tweaking for issue #34, it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005) 2012-07-02 15:02:00 +01:00
Bernardo Damele
b7d2680e55 minor refactoring, issue #51 2012-07-02 12:50:26 +01:00
Bernardo Damele
add8352804 make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too 2012-07-02 02:14:03 +01:00
Bernardo Damele
6697927098 initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap 2012-07-02 02:04:19 +01:00
Bernardo Damele
18be319d13 hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run 2012-07-01 23:41:10 +01:00
Bernardo Damele
ff9e97a42c minor code refactoring 2012-07-01 23:31:45 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Bernardo Damele
1e71b24dca More info messages to prove xp_cmdshell (and temporary directory choosen) worked 2012-03-14 22:41:53 +00:00
Miroslav Stampar
34b0935cb3 refactoring "echo 1" quick test for xp_cmdshell console output 2012-03-13 10:36:49 +00:00
Miroslav Stampar
85125018a1 minor bug fix 2012-02-25 22:54:32 +00:00
Miroslav Stampar
06ab3fa134 minor update 2012-02-25 10:53:38 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Bernardo Damele
121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
8d7912ad34 minor update and refactoring 2012-02-15 14:05:50 +00:00
Miroslav Stampar
9059d30312 adding first code example for SPL snippets 2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113 bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt) 2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e minor update (it was working before too, but this is cleaner) 2012-02-15 10:14:29 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
1ae413a206 some refactoring/speedup around UNION technique 2011-12-22 10:32:21 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
b667c50588 store/resume info on xp_cmd available in session file 2011-04-21 14:25:04 +00:00
Miroslav Stampar
e4d3190f41 reverting back to NVARCHAR because of error technique 2011-04-20 12:59:23 +00:00
Miroslav Stampar
7993f3f12d way better for storing bulk of data (like BLOB on mysql) 2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd revert 2011-04-20 10:34:34 +00:00
Miroslav Stampar
1c1c20fb64 minor update 2011-04-20 09:34:00 +00:00
Miroslav Stampar
44926757da minor update 2011-04-20 09:23:08 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
b33ac19d39 Minor fix 2011-02-07 12:36:00 +00:00
Miroslav Stampar
e023e0d233 proper fix 2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85 Minor fixes to checking/re-enabling of xp_cmdshell procedure 2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282 added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] 2011-02-07 10:22:43 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Bernardo Damele
47fa600c04 Minor fix and cosmetics 2011-01-24 11:12:33 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
435f48b8cc polite cosmetics 2010-12-10 15:28:56 +00:00
Miroslav Stampar
01cf1394a4 code refactoring 2010-12-08 14:26:40 +00:00
Bernardo Damele
c7c84c3089 Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL). 2010-11-02 15:31:51 +00:00
Bernardo Damele
65a0a8d285 Delegate urlencoding to agent.py only 2010-10-31 13:28:05 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Bernardo Damele
4c91b5a896 Minor fix 2010-05-10 14:18:41 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Bernardo Damele
694356821d sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 13:13:50 +00:00
Bernardo Damele
7b8316728c Major bug fix in takeover functionalities on Microsoft SQL Server 2010-01-29 00:09:05 +00:00
Bernardo Damele
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. 2010-01-04 15:02:56 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 2009-12-17 22:04:01 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
d905e5ef9f Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server 2009-07-25 11:45:23 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00