Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ab67344448 
							
						 
					 
					
						
						
							
							Removed unused imports and variables (pyflake-ing)  
						
						
						
					 
					
						2012-12-06 11:15:05 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							775e0df04b 
							
						 
					 
					
						
						
							
							Update for an Issue  #278  
						
						
						
					 
					
						2012-12-05 10:45:17 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c7aff12c6 
							
						 
					 
					
						
						
							
							Update for an Issue  #225  
						
						
						
					 
					
						2012-10-30 01:26:19 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							726de868e2 
							
						 
					 
					
						
						
							
							Fix for an Issue  #225  
						
						
						
					 
					
						2012-10-30 00:37:43 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5358d85d37 
							
						 
					 
					
						
						
							
							Important refactoring for web-based functionality  
						
						
						
					 
					
						2012-10-29 15:09:05 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6e16e8641 
							
						 
					 
					
						
						
							
							Minor update  
						
						
						
					 
					
						2012-10-29 11:08:02 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							359e734954 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2012-10-29 10:48:49 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1b8226329 
							
						 
					 
					
						
						
							
							Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)  
						
						
						
					 
					
						2012-10-28 00:36:09 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06805b27f2 
							
						 
					 
					
						
						
							
							Bug fix (time was also meant to be disabled in case of error/inband getvalues)  
						
						
						
					 
					
						2012-10-27 23:16:25 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							54fbb22ab8 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2012-10-25 09:56:36 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f3aa09c794 
							
						 
					 
					
						
						
							
							Minor language fix  
						
						
						
					 
					
						2012-10-23 15:52:43 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6eeebfca8 
							
						 
					 
					
						
						
							
							Fix for an Issue  #188  
						
						
						
					 
					
						2012-09-20 11:30:07 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ebab05cf7c 
							
						 
					 
					
						
						
							
							Fix for an Issue  #158  
						
						
						
					 
					
						2012-08-21 20:20:38 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1669c6bdb4 
							
						 
					 
					
						
						
							
							Another update for an Issue  #28  
						
						
						
					 
					
						2012-07-27 17:05:21 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6ffc5665d0 
							
						 
					 
					
						
						
							
							Update for Issue  #28  
						
						
						
					 
					
						2012-07-27 16:29:33 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f8c9868cb6 
							
						 
					 
					
						
						
							
							Implementation for an Issue  #118  
						
						
						
					 
					
						2012-07-24 15:34:50 +02:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0a4b6431a8 
							
						 
					 
					
						
						
							
							minor bug fix - issue  #112  
						
						
						
					 
					
						2012-07-21 16:51:01 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							dba0a96c2e 
							
						 
					 
					
						
						
							
							fall-back to UNION technique if web file stager was not uploaded with LIMIT  
						
						
						
					 
					
						2012-07-20 17:11:22 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cbe8f41746 
							
						 
					 
					
						
						
							
							minor code refactoring preparing for  #96  
						
						
						
					 
					
						2012-07-20 16:20:17 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							318a01b867 
							
						 
					 
					
						
						
							
							minor typo fixes  
						
						
						
					 
					
						2012-07-17 00:25:02 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							87ecf205cb 
							
						 
					 
					
						
						
							
							More work for Issue  #66  
						
						
						
					 
					
						2012-07-14 17:01:04 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9ff9c951bc 
							
						 
					 
					
						
						
							
							Language update  
						
						
						
					 
					
						2012-07-13 14:33:16 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6677da63cd 
							
						 
					 
					
						
						
							
							Fix for an Issue  #88  
						
						
						
					 
					
						2012-07-13 14:25:39 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c5ecc8b8db 
							
						 
					 
					
						
						
							
							Closing work on Issue  #83  
						
						
						
					 
					
						2012-07-13 11:23:21 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							48f68bd076 
							
						 
					 
					
						
						
							
							First commit for Issue  #83  
						
						
						
					 
					
						2012-07-13 10:35:22 +02:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							162da75a04 
							
						 
					 
					
						
						
							
							modified homepage address  
						
						
						
					 
					
						2012-07-12 18:38:03 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0702dd70b5 
							
						 
					 
					
						
						
							
							verify also that the web backdoor has been successfully uploaded  
						
						
						
					 
					
						2012-07-11 14:08:51 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9c4a62f725 
							
						 
					 
					
						
						
							
							Some work on Issue  #68  
						
						
						
					 
					
						2012-07-11 11:58:47 +02:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d3da3f5c52 
							
						 
					 
					
						
						
							
							refactoring for issue  #51  
						
						
						
					 
					
						2012-07-10 00:19:32 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							25eca9d671 
							
						 
					 
					
						
						
							
							finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue  #34  
						
						
						
					 
					
						2012-07-09 14:26:23 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							99c5ea54f7 
							
						 
					 
					
						
						
							
							cleanup for  #34  
						
						
						
					 
					
						2012-07-09 12:39:43 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d08a54e375 
							
						 
					 
					
						
						
							
							properly display the command stdout  
						
						
						
					 
					
						2012-07-09 10:52:48 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							54e0a2d8ee 
							
						 
					 
					
						
						
							
							--os-shell now works perfect for inference-like techniques too  
						
						
						
					 
					
						2012-07-07 17:57:06 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							58f6687194 
							
						 
					 
					
						
						
							
							Some refactoring (reusing xpCmdshellForgeCmd)  
						
						
						
					 
					
						2012-07-07 10:51:29 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8620767b77 
							
						 
					 
					
						
						
							
							Proper fix  
						
						
						
					 
					
						2012-07-07 10:38:07 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1c69eb5d30 
							
						 
					 
					
						
						
							
							Revert "major fix"  
						
						... 
						
						
						
						This reverts commit 3a11fc2d9e 
						
					 
					
						2012-07-07 10:26:13 +02:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3a11fc2d9e 
							
						 
					 
					
						
						
							
							major fix  
						
						
						
					 
					
						2012-07-06 22:55:34 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e948e4d45b 
							
						 
					 
					
						
						
							
							Some more refactoring  
						
						
						
					 
					
						2012-07-06 17:18:22 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							982fcde1c0 
							
						 
					 
					
						
						
							
							Fix for Issue  #62  
						
						
						
					 
					
						2012-07-06 12:24:55 +02:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fd4cfb0cc0 
							
						 
					 
					
						
						
							
							working on  #51  
						
						
						
					 
					
						2012-07-02 15:28:19 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7335072ab8 
							
						 
					 
					
						
						
							
							leftover  
						
						
						
					 
					
						2012-07-02 15:11:21 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							04d803c7fd 
							
						 
					 
					
						
						
							
							more tweaking for issue  #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)  
						
						
						
					 
					
						2012-07-02 15:02:00 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b7d2680e55 
							
						 
					 
					
						
						
							
							minor refactoring, issue  #51  
						
						
						
					 
					
						2012-07-02 12:50:26 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							add8352804 
							
						 
					 
					
						
						
							
							make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too  
						
						
						
					 
					
						2012-07-02 02:14:03 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6697927098 
							
						 
					 
					
						
						
							
							initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap  
						
						
						
					 
					
						2012-07-02 02:04:19 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							18be319d13 
							
						 
					 
					
						
						
							
							hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run  
						
						
						
					 
					
						2012-07-01 23:41:10 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ff9e97a42c 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2012-07-01 23:31:45 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ab412da27f 
							
						 
					 
					
						
						
							
							I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes  
						
						
						
					 
					
						2012-07-01 23:25:05 +01:00 
						 
				 
			
				
					
						
							
							
								jekil 
							
						 
					 
					
						
						
						
						
							
						
						
							c39e5a85ba 
							
						 
					 
					
						
						
							
							Removed $id$ tags  
						
						
						
					 
					
						2012-06-27 20:56:43 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06be7bbb18 
							
						 
					 
					
						
						
							
							few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)  
						
						
						
					 
					
						2012-06-15 20:41:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4da03d898e 
							
						 
					 
					
						
						
							
							Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too.  Fixes   #236  
						
						
						
					 
					
						2012-04-25 07:40:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5e358b51f9 
							
						 
					 
					
						
						
							
							few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')  
						
						
						
					 
					
						2012-04-04 09:25:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e05109812f 
							
						 
					 
					
						
						
							
							minor improvements regarding data retrieval through DNS channel  
						
						
						
					 
					
						2012-04-03 09:18:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1e71b24dca 
							
						 
					 
					
						
						
							
							More info messages to prove xp_cmdshell (and temporary directory choosen) worked  
						
						
						
					 
					
						2012-03-14 22:41:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							61ad3b999a 
							
						 
					 
					
						
						
							
							fix for a crash with partial union and --hex  
						
						
						
					 
					
						2012-03-14 10:31:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34b0935cb3 
							
						 
					 
					
						
						
							
							refactoring "echo 1" quick test for xp_cmdshell console output  
						
						
						
					 
					
						2012-03-13 10:36:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c878dd3e5a 
							
						 
					 
					
						
						
							
							doing a dummy test for --os-shell in case of xp_cmdshell  
						
						
						
					 
					
						2012-03-09 14:21:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9c5c66cc 
							
						 
					 
					
						
						
							
							code refactoring regarding charsetType inside inference/bisection  
						
						
						
					 
					
						2012-02-29 14:36:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							85125018a1 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2012-02-25 22:54:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06ab3fa134 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2012-02-25 10:53:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b3bd4144f5 
							
						 
					 
					
						
						
							
							removing of unused imports together with some general code refactoring  
						
						
						
					 
					
						2012-02-22 10:40:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							121148f27f 
							
						 
					 
					
						
						
							
							There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.  
						
						... 
						
						
						
						Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones 
						
					 
					
						2012-02-17 15:54:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8d7912ad34 
							
						 
					 
					
						
						
							
							minor update and refactoring  
						
						
						
					 
					
						2012-02-15 14:05:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9059d30312 
							
						 
					 
					
						
						
							
							adding first code example for SPL snippets  
						
						
						
					 
					
						2012-02-15 13:17:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							edeb4b6113 
							
						 
					 
					
						
						
							
							bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt)  
						
						
						
					 
					
						2012-02-15 11:14:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							35fa214a1e 
							
						 
					 
					
						
						
							
							minor update (it was working before too, but this is cleaner)  
						
						
						
					 
					
						2012-02-15 10:14:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							95f89ab63a 
							
						 
					 
					
						
						
							
							updating copyright date  
						
						
						
					 
					
						2012-01-11 14:59:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ae413a206 
							
						 
					 
					
						
						
							
							some refactoring/speedup around UNION technique  
						
						
						
					 
					
						2011-12-22 10:32:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ba5eff1de6 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-09-23 18:29:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f890b29f81 
							
						 
					 
					
						
						
							
							Proper reference to Metasploit Framework as now it's version 4, not 3 anymore  
						
						
						
					 
					
						2011-09-12 17:26:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							702ed73a65 
							
						 
					 
					
						
						
							
							Added --code switch to match in boolean-based tests against the HTTP response code  
						
						
						
					 
					
						2011-08-12 16:48:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a2483b3bc4 
							
						 
					 
					
						
						
							
							Aligned OS takeover functionalities to recent Metasploit improvements  
						
						
						
					 
					
						2011-07-26 10:29:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d6b52242c7 
							
						 
					 
					
						
						
							
							Meterpreter's sniffer extension freezes 64-bit systems  
						
						... 
						
						
						
						Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine. 
						
					 
					
						2011-07-20 13:50:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aedcf8c8d7 
							
						 
					 
					
						
						
							
							Changed homepage address  
						
						
						
					 
					
						2011-07-07 20:10:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9e453e8709 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman@email.de  
						
						
						
					 
					
						2011-06-29 17:49:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cd6ceb733e 
							
						 
					 
					
						
						
							
							Adjustment and refactoring for takeover via web backdoor  
						
						
						
					 
					
						2011-06-08 14:16:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2b12b18357 
							
						 
					 
					
						
						
							
							incorporating metasploit patch from oliver.kuckertz@mologie.de  
						
						
						
					 
					
						2011-05-23 15:27:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							868fbe370b 
							
						 
					 
					
						
						
							
							minor beautification  
						
						
						
					 
					
						2011-05-23 10:39:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d4e3802e4 
							
						 
					 
					
						
						
							
							decoding of chars for --os-shell  
						
						
						
					 
					
						2011-05-03 15:31:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b3a0424269 
							
						 
					 
					
						
						
							
							More Backend class method usage refactoring  
						
						
						
					 
					
						2011-04-30 15:24:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9a4ae7d9e2 
							
						 
					 
					
						
						
							
							More code refactoring of Backend class methods used  
						
						
						
					 
					
						2011-04-30 14:54:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f56d135438 
							
						 
					 
					
						
						
							
							Minor code restyling  
						
						
						
					 
					
						2011-04-30 13:20:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							98f9f3e774 
							
						 
					 
					
						
						
							
							Minor bug fix in local shellcodeexec for Windows path  
						
						
						
					 
					
						2011-04-25 00:03:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e35f25b2cb 
							
						 
					 
					
						
						
							
							Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:  
						
						... 
						
						
						
						* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring. 
						
					 
					
						2011-04-24 23:01:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d0dff82ce0 
							
						 
					 
					
						
						
							
							Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch  
						
						
						
					 
					
						2011-04-23 16:25:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b667c50588 
							
						 
					 
					
						
						
							
							store/resume info on xp_cmd available in session file  
						
						
						
					 
					
						2011-04-21 14:25:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e1a8d268d8 
							
						 
					 
					
						
						
							
							fix for UPX linux/macos  
						
						
						
					 
					
						2011-04-21 10:52:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4d3190f41 
							
						 
					 
					
						
						
							
							reverting back to NVARCHAR because of error technique  
						
						
						
					 
					
						2011-04-20 12:59:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7993f3f12d 
							
						 
					 
					
						
						
							
							way better for storing bulk of data (like BLOB on mysql)  
						
						
						
					 
					
						2011-04-20 11:44:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							04653684cd 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-04-20 10:34:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1c1c20fb64 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-20 09:34:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4b6c524d4c 
							
						 
					 
					
						
						
							
							one more minor update regarding last commit  
						
						
						
					 
					
						2011-04-20 09:26:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							44926757da 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-20 09:23:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a9838f1e6 
							
						 
					 
					
						
						
							
							cleaning a mess with UPX and virus scanners  
						
						
						
					 
					
						2011-04-19 21:57:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0387654166 
							
						 
					 
					
						
						
							
							update of copyright string (until year)  
						
						
						
					 
					
						2011-04-15 12:33:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3e8c204121 
							
						 
					 
					
						
						
							
							Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba  
						
						
						
					 
					
						2011-02-21 16:00:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b33ac19d39 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-02-07 12:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e023e0d233 
							
						 
					 
					
						
						
							
							proper fix  
						
						
						
					 
					
						2011-02-07 12:32:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							39decebe85 
							
						 
					 
					
						
						
							
							Minor fixes to checking/re-enabling of xp_cmdshell procedure  
						
						
						
					 
					
						2011-02-07 12:17:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c0233dcd4f 
							
						 
					 
					
						
						
							
							preventing crashes for output=[]  
						
						
						
					 
					
						2011-02-07 10:24:15 +00:00