Miroslav Stampar
77e630d89e
replaced longer CHAR form of escaped MySQL strings with more compact hex form
2011-10-23 20:19:42 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
af94ac7f02
minor fix
2011-09-20 22:16:56 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
26062ec71e
minor update
2011-06-07 15:13:51 +00:00
Miroslav Stampar
126cdf9e19
minor info update
2011-05-19 23:28:27 +00:00
Miroslav Stampar
a034462c31
fixing annoying timeouts for basic DBMS check (reference: http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_timestampadd )
2011-05-19 23:03:00 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
148fb26301
quick fix
2011-04-21 17:34:26 +00:00
Miroslav Stampar
e181d5412e
fix for a bug reported by aboynes@gmail.com (@@datadir not available on MySQL 4)
2011-04-21 17:33:07 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Bernardo Damele
ea3ebafba1
Removed outdated sentence
2011-04-10 23:59:49 +00:00
Bernardo Damele
572708f184
More version adjustment
2011-04-10 23:28:24 +00:00
Bernardo Damele
6d165861c8
Minor version increase
2011-04-10 13:30:27 +00:00
Bernardo Damele
d5fb1378cc
Gone unnoticed for way too long
2011-04-08 11:15:19 +00:00
Bernardo Damele
7253362114
Minor bug fix so that --file-write on MySQL via UNION query now works again
2011-02-11 23:35:45 +00:00
Bernardo Damele
db77f8b055
Code cleanup
2011-02-06 22:33:08 +00:00
Miroslav Stampar
ecaf5729fd
revert
2011-02-06 22:14:18 +00:00
Miroslav Stampar
caaac72029
minor update regarding last commit
2011-02-06 20:15:03 +00:00
Bernardo Damele
8980227d30
Minor bug fix
2011-02-06 15:32:16 +00:00
Bernardo Damele
a37f5e05b9
Refactoring
2011-02-01 22:27:36 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
eb33612736
fix
2011-01-24 10:20:17 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
02b333e30b
Minor improvement
2011-01-15 23:54:03 +00:00
Miroslav Stampar
1fa8f0cba7
code reviewing part 2
2011-01-15 12:53:40 +00:00
Bernardo Damele
e4e9b11b79
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
5f9b6b2254
code refactoring
2011-01-02 16:51:21 +00:00
Miroslav Stampar
73e8a10527
minor fix
2011-01-02 09:12:20 +00:00
Miroslav Stampar
26b06bfcfb
update ( http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html )
2011-01-01 19:38:51 +00:00
Miroslav Stampar
076560f59f
bug fix
2010-12-31 12:58:27 +00:00
Miroslav Stampar
5db8ebbfa9
update of mysql comment versions
2010-12-31 12:42:12 +00:00
Miroslav Stampar
40e3489099
minor update
2010-12-31 12:27:57 +00:00
Miroslav Stampar
ce19b0c431
optimization of comment checking in MySQL
2010-12-31 12:21:02 +00:00
Miroslav Stampar
7f4acaf6f9
now comment injection fingerprint works with all techniques
2010-12-30 21:24:26 +00:00
Miroslav Stampar
5d25da5135
better way to handle this one
2010-12-22 00:51:20 +00:00
Miroslav Stampar
306501363c
fuck, sorry, 0 was OK (STRCMP() returns 0 if the strings are the same)
2010-12-22 00:41:38 +00:00
Miroslav Stampar
d6e6afd6f2
minor fix ("To clarify a bit: STRCMP() is case-insensitive as of MySQL 4.0." - http://bugs.mysql.com/bug.php?id=2102 )
2010-12-22 00:38:54 +00:00
Miroslav Stampar
6f2ce15478
minor refactoring
2010-12-22 00:27:21 +00:00
Miroslav Stampar
cb61401c18
bug fix ( http://dev.mysql.com/doc/refman/5.0/es/news-5-0-11.html - "Added support of where clause for queries with FROM DUAL")
2010-12-22 00:20:56 +00:00
Miroslav Stampar
f905adb7c1
way better as there is no official release version for FOUND_ROWS() (it appears somewhere in alphas/betas of 4.0.x - i've stumbled upon one site with 4.0.22 and it didn't recognized FOUND_ROWS).
2010-12-21 22:18:27 +00:00
Bernardo Damele
1a3f57e5fe
Cosmetics
2010-12-21 09:23:00 +00:00
Miroslav Stampar
518b3e094c
bug fix ( http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_found-rows )
2010-12-20 23:00:03 +00:00