Commit Graph

275 Commits

Author SHA1 Message Date
Bernardo Damele
e8b0fd90c8 Minor bug fix 2010-01-29 19:32:02 +00:00
Bernardo Damele
767c67e37a --priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique 2010-01-29 14:57:33 +00:00
Miroslav Stampar
061794650f minor fix 2010-01-29 10:15:05 +00:00
Miroslav Stampar
92817159dc cloaked upx for windows (used mkstemp because of execution and file access rights problem) 2010-01-29 10:12:09 +00:00
Bernardo Damele
200518724c By default do not use Churrasco, but still let the user choose it.
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
7b8316728c Major bug fix in takeover functionalities on Microsoft SQL Server 2010-01-29 00:09:05 +00:00
Bernardo Damele
6f5d2ed171 Minor cosmetic adjustments 2010-01-28 17:07:34 +00:00
Miroslav Stampar
a2077bfc0e quick fix 2010-01-28 16:56:00 +00:00
Miroslav Stampar
732ed48e2b some refactoring regarding decloaking 2010-01-28 16:50:34 +00:00
Bernardo Damele
dcbbad642d Minor self fix, switched to rc6 2010-01-28 10:27:47 +00:00
Miroslav Stampar
f6b447f6e7 fix for "NameError: global name 'webFileStreamUpload' is not defined" 2010-01-28 08:54:47 +00:00
Miroslav Stampar
645afee359 some changes 2010-01-28 00:25:36 +00:00
Miroslav Stampar
921e449454 added support for cloaking Churrasco.exe file 2010-01-28 00:07:33 +00:00
Miroslav Stampar
4559ded6c1 added new line at the end of the file 2010-01-27 17:02:23 +00:00
Miroslav Stampar
f4b8ce5c72 fix for 'No such file or directory' OSError exception 2010-01-27 17:00:54 +00:00
Miroslav Stampar
d0acb1c5a3 another fix. hope it works :) 2010-01-27 16:01:50 +00:00
Miroslav Stampar
f8056f4098 quick fix regarding usage of StringIO instead of file stream 2010-01-27 15:44:35 +00:00
Miroslav Stampar
1d15c595a4 minor fix 2010-01-27 14:08:09 +00:00
Miroslav Stampar
e63428207c modified a way to handle shell scripts 2010-01-27 13:59:25 +00:00
Bernardo Damele
6437c16156 run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149). 2010-01-26 01:14:44 +00:00
Miroslav Stampar
3197fada59 update of IDS checking method 2010-01-25 10:06:52 +00:00
Bernardo Damele
952c280083 Added svn keyword 2010-01-25 09:21:39 +00:00
Miroslav Stampar
e689c2ec99 another minor fix (svn header comment) 2010-01-25 00:29:19 +00:00
Miroslav Stampar
44a74ccee8 minor grammar fix 2010-01-25 00:26:51 +00:00
Miroslav Stampar
b183b9cbb4 contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 00:25:58 +00:00
Miroslav Stampar
a4d8234875 minor update 2010-01-24 14:23:19 +00:00
Miroslav Stampar
98205cc488 another fix for Bug #148 2010-01-23 23:29:34 +00:00
Miroslav Stampar
39652bfbf4 update regarding Unicode char logging (Bug #148) 2010-01-23 15:36:55 +00:00
Miroslav Stampar
97840535c6 fix for situations where proxy is set in environment, but the user tries to test something on localhost 2010-01-19 13:47:35 +00:00
Bernardo Damele
574880ba73 Warn user of HTTP error codes in HTTP responses 2010-01-19 10:27:54 +00:00
Bernardo Damele
5c58747740 More tweaking on --update 2010-01-18 15:20:50 +00:00
Bernardo Damele
051db588a5 Minor tweaking to --update 2010-01-18 14:59:24 +00:00
Miroslav Stampar
44adbc5776 changes regarding Feature #125 2010-01-18 14:05:23 +00:00
Bernardo Damele
2825ab5e4e Major bug fix in url-encoding 2010-01-16 21:56:40 +00:00
Bernardo Damele
c18a5cb92f Fixed a minor bug when displaying requested page in -v >= 3 2010-01-16 21:47:52 +00:00
Bernardo Damele
f337cd6e0a Minor speedup to check if sqlmap's UDF have already been created 2010-01-16 21:46:35 +00:00
Bernardo Damele
4ce3abc56d Minor adjustments 2010-01-15 17:42:46 +00:00
Miroslav Stampar
1a764e1f08 minor commit 2010-01-15 16:10:21 +00:00
Miroslav Stampar
5f171340f5 introduced safe string formatting 2010-01-15 16:06:59 +00:00
Miroslav Stampar
dcf0b2a3c1 minor update 2010-01-15 11:45:48 +00:00
Miroslav Stampar
f5c422efb4 updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before 2010-01-15 11:44:05 +00:00
Bernardo Damele
505647b00f Minor bug fix to --cookie-urlencode 2010-01-15 11:24:30 +00:00
Bernardo Damele
c4215ce8d2 Minor code refactoring 2010-01-14 20:42:45 +00:00
Miroslav Stampar
26c7b74e65 changes regarding Data (GET/POST/Cookie) encoding (Bug #129) 2010-01-14 18:05:03 +00:00
Bernardo Damele
1d968f51e9 More code refactoring 2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2 Minor code refactoring 2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9 Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
50bbb0cf8a Deprecate sqlmap update code, will use pysvn to update from latest development version from subversion repository. 2010-01-13 14:52:23 +00:00
Bernardo Damele
0ad43952bd Minor bug fix 2010-01-12 23:56:43 +00:00
Miroslav Stampar
3434a22872 HTTP header HOST is now mandatory in a HTTP request file 2010-01-12 14:07:58 +00:00
Miroslav Stampar
a193205323 minor update regarding requestFile option 2010-01-12 14:01:58 +00:00
Miroslav Stampar
8817b2884f minor update 2010-01-12 13:16:30 +00:00
Miroslav Stampar
a58b36fe07 code commit regarding Feature #119 2010-01-12 13:11:26 +00:00
Bernardo Damele
df36eb6d11 Minor bug fix in --resume functionality 2010-01-11 14:16:37 +00:00
Bernardo Damele
12f371cd65 Minor bug fix and improvement in displaying of enumerated columns in --dump -C 2010-01-09 21:37:44 +00:00
Bernardo Damele
dc04fa7f06 Minor layout adjustments 2010-01-09 21:08:47 +00:00
Miroslav Stampar
d58ba7ee6d added --scope feature regarding Feature #105 2010-01-09 20:44:50 +00:00
Bernardo Damele
f316e722c1 sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
6a62a78b0a More generic 2010-01-08 23:50:06 +00:00
Bernardo Damele
067cc07fb9 Make 'field' parameter in limitQuery() method to be option 2010-01-08 23:23:15 +00:00
Miroslav Stampar
82222fcd3a minor update of help text 2010-01-07 13:09:14 +00:00
Miroslav Stampar
d07f60578c implementation of Feature #17 2010-01-07 12:59:09 +00:00
Bernardo Damele
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT 2010-01-05 16:15:31 +00:00
Bernardo Damele
954a927cee Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 2010-01-05 11:43:16 +00:00
Miroslav Stampar
71547a3496 getDocRoot changes 2010-01-05 11:30:33 +00:00
Bernardo Damele
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. 2010-01-04 15:02:56 +00:00
Miroslav Stampar
d71e47ce56 fix regarding dirnames in Feature #110 2010-01-04 12:39:07 +00:00
Miroslav Stampar
96a033b51d found and fixed few bugs regarding my "fix" of Bug #110 2010-01-03 15:56:29 +00:00
Bernardo Damele
d5b1863dec Updated documentation and svn properties 2010-01-02 02:07:28 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
d55175a340 Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. 2010-01-02 01:35:13 +00:00
Bernardo Damele
9c620da0a5 Minor fix 2009-12-31 12:34:18 +00:00
Bernardo Damele
c1c14dabd9 Minor bug fix 2009-12-21 11:21:18 +00:00
Bernardo Damele
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 2009-12-17 22:04:01 +00:00
Bernardo Damele
b363f1c5ab Added support for NTLM authentication 2009-12-02 22:54:39 +00:00
Bernardo Damele
e28b98a366 Minor layout adjustments 2009-12-02 22:52:17 +00:00
Bernardo Damele
4779a5fe0f Minor layout adjustment 2009-11-16 16:39:31 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
19c6804ded Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks! 2009-07-29 10:44:24 +00:00
Bernardo Damele
d905e5ef9f Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server 2009-07-25 11:45:23 +00:00
Bernardo Damele
b2b2ec8a26 Preparing to release sqlmap 0.7 stable 2009-07-24 23:20:57 +00:00
Bernardo Damele
b4fd71e8b9 Minor adjustment to reflect Metasploit r6849 (http://trac.metasploit.com/changeset/6849) and minor code refactoring. 2009-07-20 14:36:33 +00:00
Bernardo Damele
cb3d2bac16 Minor improvement so that sqlmap tests also all parameters with no value (ig. par=). 2009-07-09 11:25:35 +00:00
Bernardo Damele
516fdb9356 Avoid to upload the web backdoor to unexisting empty-name directory 2009-07-09 11:11:25 +00:00
Bernardo Damele
24a3a23159 Minor bug fix to --dbms, updated user's manual 2009-07-09 11:05:24 +00:00
Bernardo Damele
4b622ed860 Minor bug fix.
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
0fc4587f02 Added support for reflective meterpreter by default when the target OS
is Windows and minor layout fix
2009-07-03 17:59:20 +00:00
Bernardo Damele
3b9303186e Fixed minor bug with --eta 2009-06-24 13:44:14 +00:00
Bernardo Damele
e5a01d500e Minor bug fix in --update option, updated also Microsoft XML versions file 2009-06-16 15:12:02 +00:00
Bernardo Damele
03a6739fbf Minor layout adjustments 2009-06-11 15:34:31 +00:00
Bernardo Damele
150abc0f1e sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring. 2009-06-11 15:01:48 +00:00
Bernardo Damele
3bca0d4b28 Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance. 2009-06-05 10:15:55 +00:00
Bernardo Damele
5ac2b0658c Fixed regular expression to parse burp log file hosts' scheme/port 2009-06-04 14:42:53 +00:00
Bernardo Damele
cfd8a83655 Minor adjustment to get also the port when parsing burp logs 2009-06-04 14:36:31 +00:00
Bernardo Damele
966f34f381 Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions 2009-06-03 15:26:18 +00:00
Bernardo Damele
c7b72abc0e Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls 2009-06-03 15:04:40 +00:00
Bernardo Damele
93ee4a01e5 HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+ 2009-05-20 14:27:25 +00:00
Bernardo Damele
81d1a767ac Minor bug fix in output manager (dumper) object 2009-05-20 13:56:23 +00:00
Bernardo Damele
8e7282f7c7 Major bug fix to properly pass HTTPS request to HTTP proxy when its provided. It works with both Python 2.4 and Python 2.5 now. It still crashes at httplib level with Python 2.6. 2009-05-20 13:51:25 +00:00
Bernardo Damele
13de8366d0 Major silent bug fix to multi-threading functionality. Thanks Nico Leidecker for reporting! 2009-05-20 09:34:13 +00:00