Bernardo Damele
b31b861d7b
Major rewrote of --columns: now it accepts -D only (enumerate all tables' columns of a specific database), -D and -T (enumerate all columns of a specific database's table), -T (enumerate all columns of a current database's table), etc.
2011-04-30 22:10:27 +00:00
Bernardo Damele
284c69a686
Improved --tables for MSSQL too, like r3798
2011-04-30 22:05:02 +00:00
Bernardo Damele
aeb149db22
Proper ordering of enumeration methods, consistent with the others enumeration classes
2011-04-30 22:04:08 +00:00
Bernardo Damele
955dbc85e7
Minor variable rename
2011-04-30 15:29:59 +00:00
Bernardo Damele
cb9b9c4204
Code refactoring and improvements to --dbs and --tables: now --tables accepts also -D CD as an alias for Current Database and as usual multiple database comma-separated are supported too
2011-04-30 15:29:19 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
00f14bec5f
layout adjustment
2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
2f2758b033
Long form contributor name
2011-04-30 14:51:06 +00:00
Bernardo Damele
36a9ddaacc
Minor bug fixes and code restyling for --privileges and --passwords
2011-04-30 14:50:27 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf
proper fix
2011-04-30 07:01:21 +00:00
Bernardo Damele
1a052245a6
duplicate code
2011-04-30 00:25:15 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Bernardo Damele
529595fd85
Moved method below
2011-04-29 22:37:43 +00:00
Bernardo Damele
956e75e2b5
Minor adjustment to --mobile.
...
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Bernardo Damele
14bf6abb7e
Minor layout adjustment
2011-04-29 21:40:48 +00:00
Bernardo Damele
f449688f93
Proper resume of --schema data when calling with --columns switch, minor fixes too
2011-04-29 21:17:59 +00:00
Bernardo Damele
a23ca952e4
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason
2011-04-29 21:09:07 +00:00
Miroslav Stampar
46f96f3c4c
removing Kindle from list as it's not really a smartphone
2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9
implemented --mobile switch
2011-04-29 19:27:23 +00:00
Miroslav Stampar
b299912de4
fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost
2011-04-29 16:56:02 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8
fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)
2011-04-29 14:40:28 +00:00
Miroslav Stampar
a6015b59df
fix for a bug reported by jaccovantuijl@gmail.com (entries = zip(*[entries[colName] for colName in colList]))
2011-04-29 14:33:47 +00:00
Bernardo Damele
9927f5a7db
Let --schema work also for Sybase and MaxDB
2011-04-29 00:02:28 +00:00
Bernardo Damele
edac0b2558
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
2011-04-28 23:59:00 +00:00
Bernardo Damele
d3ed3268c3
minor adjustments
2011-04-28 21:17:06 +00:00
Bernardo Damele
8e63e1b70d
more people to thanks
2011-04-28 21:15:15 +00:00
Bernardo Damele
3e66dae103
as we don't use UPX anymore..
2011-04-28 20:54:21 +00:00
Bernardo Damele
441c288dd9
cosmeticados
2011-04-25 00:36:09 +00:00
Bernardo Damele
98f9f3e774
Minor bug fix in local shellcodeexec for Windows path
2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0a534dee5
Do not even prompt for ICMP tunnel if the target OS is not Windows
2011-04-23 21:57:07 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
75142b383d
huge speed up (4x times faster)
2011-04-22 21:00:42 +00:00
Miroslav Stampar
f88aa4b165
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 19:58:10 +00:00
Miroslav Stampar
493b9adf8e
speed up of resume values (compiled regexes used)
2011-04-22 19:27:41 +00:00
Miroslav Stampar
7b3b9e6a87
it seems that this was indeed not meant to be here
2011-04-22 15:07:09 +00:00
Miroslav Stampar
304500a2e8
implemented checkFalsePositives method (simple Turing like tests)
2011-04-22 12:24:16 +00:00
Bernardo Damele
7df954dd9f
paranoy
2011-04-21 23:41:25 +00:00
Miroslav Stampar
0764c4c752
parenthesis were missing; banning OR NOT from payloads
2011-04-21 23:32:53 +00:00
Miroslav Stampar
41924a6ead
fix for a bug reported by saccurso@skygear.com.ar (UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 0: ordinal
...
not in range(128))
2011-04-21 23:17:16 +00:00
Bernardo Damele
1d61611145
leftover
2011-04-21 22:46:43 +00:00
Bernardo Damele
f3088079c0
error message adjustment
2011-04-21 22:31:02 +00:00
Bernardo Damele
eabb5a2ba7
More adjustments to the error message when no sql injections are detected
2011-04-21 22:04:20 +00:00
Bernardo Damele
6d07dddf60
updated doc and minor layout adjustments
2011-04-21 21:53:35 +00:00
Bernardo Damele
06a00fe85e
For development version, print also the revision number in the banner
2011-04-21 21:34:57 +00:00
Bernardo Damele
770b1523ff
More verbose output when no SQL injections are detected
2011-04-21 21:31:16 +00:00
Bernardo Damele
edc2d75702
Cosmetics and major bug fix
2011-04-21 21:15:23 +00:00