Commit Graph

105 Commits

Author SHA1 Message Date
Bernardo Damele
89dc99188d --read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Bernardo Damele
f728208ff7 Minor cosmetic fix 2010-02-10 15:51:52 +00:00
Bernardo Damele
5c92fad5dc Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method 2010-02-05 23:14:16 +00:00
Miroslav Stampar
d291464cd4 code refactoring regarding path normalization 2010-02-04 14:50:54 +00:00
Miroslav Stampar
ec63fc4036 code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 14:37:00 +00:00
Bernardo Damele
950dba5139 Minor bug fix for --start and --stop 2010-02-02 14:17:39 +00:00
Bernardo Damele
7faefcca88 Minor logging messages adjustments 2010-01-29 23:19:52 +00:00
Bernardo Damele
200518724c By default do not use Churrasco, but still let the user choose it.
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
144dc1b8c4 Show proper warning message when --priv-esc is provided and underlying OS is not Windows 2010-01-28 17:22:17 +00:00
Miroslav Stampar
732ed48e2b some refactoring regarding decloaking 2010-01-28 16:50:34 +00:00
Miroslav Stampar
921e449454 added support for cloaking Churrasco.exe file 2010-01-28 00:07:33 +00:00
Bernardo Damele
6437c16156 run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149). 2010-01-26 01:14:44 +00:00
Bernardo Damele
6d697d60b2 Minor adjustment 2010-01-15 18:00:15 +00:00
Bernardo Damele
1d968f51e9 More code refactoring 2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2 Minor code refactoring 2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9 Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
746cbdba96 Added support for takeover functionalities on PgSQL 8.4 running on Windows 2010-01-14 01:40:11 +00:00
Bernardo Damele
b4ddfe8333 Minor bug fixed (variable undeclared) 2010-01-13 21:26:59 +00:00
Bernardo Damele
4a72ad113a Enhancements to PostgreSQL active fingerprint, now it covers also PostgreSQL 8.4 and minor speedups. 2010-01-12 11:44:47 +00:00
Bernardo Damele
c7e1649655 Minor speedup 2010-01-12 11:43:32 +00:00
Bernardo Damele
3a9f685e18 Enhancements to MySQL active fingerprint and comment injection fingerprint, now it covers also MySQL 5.5.x and improved on MySQL 5.1.x. 2010-01-12 11:21:28 +00:00
Bernardo Damele
4512ef56d1 Minor bug fixes 2010-01-11 13:06:16 +00:00
Bernardo Damele
80bd146696 Added support for --dump with -C also on MSSQL 2010-01-10 19:12:54 +00:00
Bernardo Damele
e5dc3f51c8 Display a better message for the moment while working on support for --dump -C on MSSQL 2010-01-10 00:30:45 +00:00
Bernardo Damele
6c1b31d93c Adjusted --columns with -C also for Microsoft SQL Server 2010-01-10 00:21:03 +00:00
Bernardo Damele
ef1180c3c2 Ask also which table(s) to enumerate from when --dump and -C are provided (but not -T) and minor layout adjustment 2010-01-09 21:39:10 +00:00
Bernardo Damele
f316e722c1 sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT 2010-01-05 16:15:31 +00:00
Bernardo Damele
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. 2010-01-04 15:02:56 +00:00
Bernardo Damele
2eb24c6368 Avoid useless queries 2010-01-04 12:35:53 +00:00
Bernardo Damele
236ca9b952 Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859). 2010-01-04 10:47:09 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
e6c4154cac Fixed minor bug in --reg-del 2009-12-21 11:04:54 +00:00
Bernardo Damele
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 2009-12-17 22:04:01 +00:00
Bernardo Damele
6e36a6f8ed Major enhancement to MSSQL MS09-004 exploit 2009-11-17 23:33:20 +00:00
Bernardo Damele
1bf6a7cadc Adapted sqlmap to latest changes in Metasploit trunk 2009-11-03 16:49:19 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
458d59416c Minor bug fix in MSSQL version fingerprint 2009-08-11 09:16:20 +00:00
Bernardo Damele
17289c5ff2 Minor bug fix 2009-07-30 12:01:23 +00:00
Bernardo Damele
3d4bfb3263 More appropriate warning message, got rid of a TODO 2009-07-24 23:20:22 +00:00
Bernardo Damele
8096a37940 Major bug fix in --read-file option and minor code refactoring. 2009-07-09 11:50:15 +00:00
Bernardo Damele
4b622ed860 Minor bug fix.
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
ba2e009fd9 Now it's fixed 2009-06-29 10:15:10 +00:00
Bernardo Damele
bc31bd1dd9 Minor bug fix 2009-06-29 10:13:39 +00:00
Bernardo Damele
03a6739fbf Minor layout adjustments 2009-06-11 15:34:31 +00:00
Bernardo Damele
02f6425db8 Work-around to avoid a TypeError traceback when reading a file content on MySQL/MSSQL 2009-06-02 14:24:48 +00:00
Bernardo Damele
440a52b84d Major bug fix to sql-query/sql-shell functionalities 2009-05-20 10:19:19 +00:00
Bernardo Damele
a727427299 Minor fix for Python <= 2.5.2 (os.path.normpath function) 2009-05-06 13:37:51 +00:00
Bernardo Damele
c5d20b8a86 Initial support for ASP web backdoor functionality 2009-05-06 12:14:38 +00:00
Bernardo Damele
f3e8d6db70 Fixed MySQL comment injection 2009-05-01 16:29:45 +00:00