Miroslav Stampar
34b0935cb3
refactoring "echo 1" quick test for xp_cmdshell console output
2012-03-13 10:36:49 +00:00
Miroslav Stampar
c878dd3e5a
doing a dummy test for --os-shell in case of xp_cmdshell
2012-03-09 14:21:41 +00:00
Miroslav Stampar
8b9c5c66cc
code refactoring regarding charsetType inside inference/bisection
2012-02-29 14:36:23 +00:00
Miroslav Stampar
85125018a1
minor bug fix
2012-02-25 22:54:32 +00:00
Miroslav Stampar
06ab3fa134
minor update
2012-02-25 10:53:38 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
8d7912ad34
minor update and refactoring
2012-02-15 14:05:50 +00:00
Miroslav Stampar
9059d30312
adding first code example for SPL snippets
2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113
bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt)
2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e
minor update (it was working before too, but this is cleaner)
2012-02-15 10:14:29 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
ba5eff1de6
minor bug fix
2011-09-23 18:29:45 +00:00
Bernardo Damele
f890b29f81
Proper reference to Metasploit Framework as now it's version 4, not 3 anymore
2011-09-12 17:26:22 +00:00
Bernardo Damele
702ed73a65
Added --code switch to match in boolean-based tests against the HTTP response code
2011-08-12 16:48:11 +00:00
Bernardo Damele
a2483b3bc4
Aligned OS takeover functionalities to recent Metasploit improvements
2011-07-26 10:29:14 +00:00
Bernardo Damele
d6b52242c7
Meterpreter's sniffer extension freezes 64-bit systems
...
Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.
2011-07-20 13:50:02 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
9e453e8709
fix for a bug reported by nightman@email.de
2011-06-29 17:49:59 +00:00
Bernardo Damele
cd6ceb733e
Adjustment and refactoring for takeover via web backdoor
2011-06-08 14:16:53 +00:00
Miroslav Stampar
2b12b18357
incorporating metasploit patch from oliver.kuckertz@mologie.de
2011-05-23 15:27:10 +00:00
Miroslav Stampar
868fbe370b
minor beautification
2011-05-23 10:39:58 +00:00
Miroslav Stampar
4d4e3802e4
decoding of chars for --os-shell
2011-05-03 15:31:12 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
98f9f3e774
Minor bug fix in local shellcodeexec for Windows path
2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Bernardo Damele
b667c50588
store/resume info on xp_cmd available in session file
2011-04-21 14:25:04 +00:00
Miroslav Stampar
e1a8d268d8
fix for UPX linux/macos
2011-04-21 10:52:34 +00:00
Miroslav Stampar
e4d3190f41
reverting back to NVARCHAR because of error technique
2011-04-20 12:59:23 +00:00
Miroslav Stampar
7993f3f12d
way better for storing bulk of data (like BLOB on mysql)
2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd
revert
2011-04-20 10:34:34 +00:00
Miroslav Stampar
1c1c20fb64
minor update
2011-04-20 09:34:00 +00:00
Miroslav Stampar
4b6c524d4c
one more minor update regarding last commit
2011-04-20 09:26:03 +00:00
Miroslav Stampar
44926757da
minor update
2011-04-20 09:23:08 +00:00
Miroslav Stampar
9a9838f1e6
cleaning a mess with UPX and virus scanners
2011-04-19 21:57:04 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Bernardo Damele
3e8c204121
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
2011-02-21 16:00:56 +00:00
Bernardo Damele
b33ac19d39
Minor fix
2011-02-07 12:36:00 +00:00
Miroslav Stampar
e023e0d233
proper fix
2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
c0233dcd4f
preventing crashes for output=[]
2011-02-07 10:24:15 +00:00
Miroslav Stampar
096efea282
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
2011-02-07 10:22:43 +00:00
Miroslav Stampar
8134c2154a
adding WHERE enum for payloads
2011-02-02 13:34:09 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
430fd5cd63
minor fixes
2011-01-25 16:05:06 +00:00
Bernardo Damele
47fa600c04
Minor fix and cosmetics
2011-01-24 11:12:33 +00:00
Miroslav Stampar
818c9787b2
minor update
2011-01-23 21:20:16 +00:00
Miroslav Stampar
b18397fbc7
major revisit of --os-shell methods
2011-01-23 20:47:06 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
cffa17f5a6
Major bug fix - before it raised a traceback, now works.
2011-01-18 23:02:47 +00:00
Miroslav Stampar
1fa8f0cba7
code reviewing part 2
2011-01-15 12:53:40 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
96341f8f78
minor fix
2011-01-02 09:16:17 +00:00
Miroslav Stampar
36862e2efa
update
2010-12-18 15:57:47 +00:00
Miroslav Stampar
de54219571
code refactoring
2010-12-15 12:50:56 +00:00
Bernardo Damele
698f30e65e
Cosmetics
2010-12-13 21:34:35 +00:00
Miroslav Stampar
435f48b8cc
polite cosmetics
2010-12-10 15:28:56 +00:00
Miroslav Stampar
01cf1394a4
code refactoring
2010-12-08 14:26:40 +00:00
Bernardo Damele
da3fd17fc3
Adjustment to make it work also in OR based injection
2010-12-05 12:24:23 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
c22338ce90
Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).
2010-11-29 11:47:58 +00:00
Miroslav Stampar
6712f4da55
some refactoring and one less request for aspx maintanance during --os-shell
2010-11-24 14:20:43 +00:00
Miroslav Stampar
9579a97039
now ASPX works too for --os-shell
2010-11-24 11:38:27 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Miroslav Stampar
17f0609263
minor bug fix
2010-11-17 13:29:57 +00:00
Miroslav Stampar
2802923dbe
some improvements regarding --os-shell web server application choice
2010-11-17 11:45:52 +00:00
Miroslav Stampar
bec152609a
minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \)
2010-11-17 09:33:05 +00:00
Miroslav Stampar
e7a66371f8
update regarding os shell-ing regarding JSP and ASPX
2010-11-16 13:46:46 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
91a3a582e8
Minor bug fix to avoid crash when running sqlmap behind a proxy server
2010-11-04 12:22:04 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Bernardo Damele
c7c84c3089
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).
2010-11-02 15:31:51 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Bernardo Damele
65a0a8d285
Delegate urlencoding to agent.py only
2010-10-31 13:28:05 +00:00
Bernardo Damele
a0df231aa4
Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data
2010-10-29 13:09:53 +00:00
Bernardo Damele
b3b2c3864a
Minor code refactoring
2010-10-29 10:51:09 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471
Minor bug fixes and enhancements to ICMPsh tunnel
2010-10-27 23:01:17 +00:00
Bernardo Damele
a391be833b
Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work.
2010-10-27 21:02:22 +00:00
Bernardo Damele
bdb9c37a7e
Cosmetics
2010-10-25 15:17:59 +00:00
Miroslav Stampar
e6e48c5556
fix for Bug #204
2010-10-22 18:23:46 +00:00
Miroslav Stampar
1b2ec826bf
misc fixes regarding new query retrieval format
2010-10-21 23:17:06 +00:00
Bernardo Damele
e73e06069b
Minor code refactoring
2010-10-20 22:09:03 +00:00
Bernardo Damele
862cc9ac53
Minor cosmetic fixes
2010-10-20 21:58:33 +00:00
Bernardo Damele
f95098693f
Removed unused functions
2010-10-20 21:16:28 +00:00
Bernardo Damele
683184cc8f
Minor refactoring
2010-10-17 21:06:52 +00:00
Bernardo Damele
f54c134d22
Minor adjustment
2010-10-16 22:43:05 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
49915f3c33
minor update
2010-09-30 19:49:14 +00:00
Miroslav Stampar
87abec16bd
probable fix for a bug reported by Prashant Jadhav
2010-09-30 18:52:33 +00:00
Bernardo Damele
8dfe08a353
Minor bug fix to -d
2010-07-01 10:44:31 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Bernardo Damele
8be91a98cc
Minor bug fix and adjustment
2010-05-29 15:28:37 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Bernardo Damele
84778f0e6c
Minor fix, leave like this
2010-05-29 08:58:55 +00:00
Miroslav Stampar
d3e527aba3
minor update
2010-05-29 07:13:54 +00:00
Bernardo Damele
10521b68eb
Major bug fix in multipartpost and minor adjustments elsewhere
2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd
Adapted and merged in patch to support XML output (-x switch) - still in beta.
...
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Bernardo Damele
4c91b5a896
Minor fix
2010-05-10 14:18:41 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Miroslav Stampar
1bcec80e95
fix for that takeover bug Ethan Robish posted (Windows/PHP)
2010-04-22 10:31:33 +00:00
Bernardo Damele
b19de015c5
Minor bugs fixes
2010-03-31 13:52:51 +00:00
Bernardo Damele
d00e4a458a
Code cleanup
2010-03-21 00:39:44 +00:00
Miroslav Stampar
4c6c91a80b
another --reg-read fix
2010-03-12 23:12:06 +00:00
Bernardo Damele
7d8cc1a482
Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
...
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.
Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Miroslav Stampar
6b1ae62753
final fix for reading registry keys (now both parse and non-parse reads work fine)
2010-03-12 22:26:06 +00:00
Miroslav Stampar
0a2fe651ab
some fixes regarding registry reading
2010-03-12 22:09:58 +00:00
Bernardo Damele
b50a2288f4
Minor layout adjustments
2010-03-11 23:54:07 +00:00
Bernardo Damele
cc611c0010
Minor layout adjustments
2010-03-09 22:14:26 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
2f452480b3
Minor bug fix in syntax
2010-03-01 14:40:18 +00:00
Bernardo Damele
f53ef947f1
Slightly stealthier
2010-02-26 13:14:57 +00:00
Bernardo Damele
694356821d
sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious
2010-02-26 13:13:50 +00:00
Miroslav Stampar
1f2a1bb24c
removed some redundant code
2010-02-26 12:36:41 +00:00
Miroslav Stampar
e4c34ff86c
changed default web server language behaviour
2010-02-25 16:55:02 +00:00
Miroslav Stampar
0913d700a8
important update regarding default directories
2010-02-25 15:22:41 +00:00
Miroslav Stampar
4a3fa69f9d
minor adjustment
2010-02-25 15:07:54 +00:00
Bernardo Damele
0df5b5fed9
Minor bug fix and code adjustments
2010-02-25 14:06:44 +00:00
Miroslav Stampar
24d3e24db0
more updates regarding --os-shell feature
2010-02-25 12:16:49 +00:00
Miroslav Stampar
b558712a47
more feature updates
2010-02-25 11:40:49 +00:00
Miroslav Stampar
15d1fcbb7f
now runcmd exe has random name too
2010-02-25 10:47:12 +00:00
Miroslav Stampar
2cafd5697b
new changes regarding --os-shell
2010-02-25 10:33:41 +00:00
Miroslav Stampar
858cb25975
update
2010-02-24 23:40:56 +00:00
Miroslav Stampar
2a07af2294
removed pdb tracing
2010-02-20 22:36:17 +00:00
Miroslav Stampar
0debc95ad4
some fixes
2010-02-20 22:31:54 +00:00
Bernardo Damele
d1e3596382
Minor UPX adjustment
2010-02-20 19:02:55 +00:00
Miroslav Stampar
0ed5ba5559
minor update
2010-02-16 13:24:09 +00:00
Miroslav Stampar
c4951fd631
some updates regarding --os-shell option
2010-02-16 13:20:34 +00:00
Bernardo Damele
dc06b40ddc
Minor exception message fix
2010-02-11 23:07:33 +00:00
Bernardo Damele
89dc99188d
--read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
...
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Miroslav Stampar
00a23ace9a
some changes regarding web takeover
2010-02-09 14:27:41 +00:00
Bernardo Damele
5c92fad5dc
Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method
2010-02-05 23:14:16 +00:00
Miroslav Stampar
d291464cd4
code refactoring regarding path normalization
2010-02-04 14:50:54 +00:00
Miroslav Stampar
dbd52c52e4
minor fix
2010-02-04 14:39:24 +00:00
Miroslav Stampar
ec63fc4036
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
2010-02-04 14:37:00 +00:00
Miroslav Stampar
87239476af
more fixes :)
2010-02-04 10:10:41 +00:00
Miroslav Stampar
e4699f389d
some bug fixes regarding --os-shell usage against windows servers
2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
...
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
7c88e32f9d
bug fix for 404 program termination during shell upload attempt
2010-02-03 16:16:34 +00:00
Miroslav Stampar
565433097e
used normalizePath instead of os.path.normalize
2010-02-03 16:10:09 +00:00
Miroslav Stampar
87c8bdbc29
removed pdb tracing
2010-02-03 14:52:29 +00:00
Miroslav Stampar
c74b920f54
bug fix
2010-02-03 14:49:28 +00:00
Bernardo Damele
979c919dc7
Minor logging message adjustment
2010-01-29 22:58:12 +00:00
Bernardo Damele
e8b0fd90c8
Minor bug fix
2010-01-29 19:32:02 +00:00
Bernardo Damele
767c67e37a
--priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique
2010-01-29 14:57:33 +00:00
Miroslav Stampar
061794650f
minor fix
2010-01-29 10:15:05 +00:00
Miroslav Stampar
92817159dc
cloaked upx for windows (used mkstemp because of execution and file access rights problem)
2010-01-29 10:12:09 +00:00
Bernardo Damele
200518724c
By default do not use Churrasco, but still let the user choose it.
...
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
7b8316728c
Major bug fix in takeover functionalities on Microsoft SQL Server
2010-01-29 00:09:05 +00:00
Bernardo Damele
6f5d2ed171
Minor cosmetic adjustments
2010-01-28 17:07:34 +00:00
Miroslav Stampar
a2077bfc0e
quick fix
2010-01-28 16:56:00 +00:00
Miroslav Stampar
732ed48e2b
some refactoring regarding decloaking
2010-01-28 16:50:34 +00:00
Bernardo Damele
dcbbad642d
Minor self fix, switched to rc6
2010-01-28 10:27:47 +00:00
Miroslav Stampar
f6b447f6e7
fix for "NameError: global name 'webFileStreamUpload' is not defined"
2010-01-28 08:54:47 +00:00
Miroslav Stampar
921e449454
added support for cloaking Churrasco.exe file
2010-01-28 00:07:33 +00:00
Miroslav Stampar
4559ded6c1
added new line at the end of the file
2010-01-27 17:02:23 +00:00
Miroslav Stampar
f4b8ce5c72
fix for 'No such file or directory' OSError exception
2010-01-27 17:00:54 +00:00
Miroslav Stampar
d0acb1c5a3
another fix. hope it works :)
2010-01-27 16:01:50 +00:00
Miroslav Stampar
f8056f4098
quick fix regarding usage of StringIO instead of file stream
2010-01-27 15:44:35 +00:00
Miroslav Stampar
1d15c595a4
minor fix
2010-01-27 14:08:09 +00:00
Miroslav Stampar
e63428207c
modified a way to handle shell scripts
2010-01-27 13:59:25 +00:00
Bernardo Damele
6437c16156
run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149 ).
2010-01-26 01:14:44 +00:00
Bernardo Damele
f337cd6e0a
Minor speedup to check if sqlmap's UDF have already been created
2010-01-16 21:46:35 +00:00
Bernardo Damele
c4215ce8d2
Minor code refactoring
2010-01-14 20:42:45 +00:00
Bernardo Damele
1d968f51e9
More code refactoring
2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2
Minor code refactoring
2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
...
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
bb61010a45
Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling.
2010-01-04 15:02:56 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
e28b98a366
Minor layout adjustments
2009-12-02 22:52:17 +00:00
Bernardo Damele
4779a5fe0f
Minor layout adjustment
2009-11-16 16:39:31 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
d905e5ef9f
Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server
2009-07-25 11:45:23 +00:00
Bernardo Damele
b4fd71e8b9
Minor adjustment to reflect Metasploit r6849 ( http://trac.metasploit.com/changeset/6849 ) and minor code refactoring.
2009-07-20 14:36:33 +00:00
Bernardo Damele
4b622ed860
Minor bug fix.
...
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
0fc4587f02
Added support for reflective meterpreter by default when the target OS
...
is Windows and minor layout fix
2009-07-03 17:59:20 +00:00
Bernardo Damele
03a6739fbf
Minor layout adjustments
2009-06-11 15:34:31 +00:00
Bernardo Damele
06cc2a6d70
Minor bug fixes and code refactoring
2009-05-11 15:37:48 +00:00
Bernardo Damele
e8c115500d
Now it works also on Mac OS X
2009-04-30 10:46:50 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
6f4035938b
Let the user choose also the local address in reverse OOB connection
2009-04-24 10:27:52 +00:00
Bernardo Damele
4ce74764b7
More verbose when reporting failure to create shellcode/payload stager (via Metasploit)
2009-04-23 20:39:32 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00