Miroslav Stampar
|
e51d3a02f1
|
Update for Issue #43 (renamed --disable-cracking to --disable-hash)
|
2012-06-28 18:53:47 +02:00 |
|
Miroslav Stampar
|
c8bac658f3
|
Fix for Issue #43
|
2012-06-28 18:47:55 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
303aa10507
|
only a small update
|
2012-06-27 14:43:18 +02:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
d5e80089ff
|
minor summer cleanup
|
2012-06-14 13:44:16 +00:00 |
|
Miroslav Stampar
|
3a90105fbb
|
minor refactoring
|
2012-06-14 13:38:53 +00:00 |
|
Miroslav Stampar
|
96177393e1
|
minor update regarding --exact switch
|
2012-06-10 13:38:12 +00:00 |
|
Miroslav Stampar
|
10b0639a96
|
making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)
|
2012-06-04 09:24:46 +00:00 |
|
Miroslav Stampar
|
1e18168cc8
|
fix for one silent bug and small language update
|
2012-05-23 16:35:40 +00:00 |
|
Miroslav Stampar
|
96299d3d5d
|
minor refactoring
|
2012-05-03 22:34:18 +00:00 |
|
Miroslav Stampar
|
8013a64f8c
|
minor refactoring
|
2012-05-01 19:57:30 +00:00 |
|
Miroslav Stampar
|
c71d435d9f
|
making "id"-like columns prioritized for ORDER BY in MySQL
|
2012-05-01 19:52:02 +00:00 |
|
Miroslav Stampar
|
458a73c9b4
|
few consistency fixes
|
2012-04-29 23:09:00 +00:00 |
|
Miroslav Stampar
|
c7a606637f
|
switching few readInput defaults for brute forcing when no table/column found
|
2012-04-27 12:59:22 +00:00 |
|
Bernardo Damele
|
4da03d898e
|
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
|
2012-04-25 07:40:42 +00:00 |
|
Miroslav Stampar
|
5e358b51f9
|
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
|
2012-04-04 09:25:05 +00:00 |
|
Miroslav Stampar
|
b0787f193c
|
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
|
2012-04-03 14:34:15 +00:00 |
|
Miroslav Stampar
|
886aa22efc
|
minor update
|
2012-04-03 12:19:37 +00:00 |
|
Miroslav Stampar
|
f7a664b120
|
enablind DNS server for DNS data exfiltration
|
2012-03-31 12:08:27 +00:00 |
|
Bernardo Damele
|
0013b0970f
|
Minor layout adjustments - foundDb is misleading at that stage
|
2012-03-15 16:07:16 +00:00 |
|
Miroslav Stampar
|
8cf5d260fd
|
Application Data is not a temporary directory writable by everybody
|
2012-03-14 23:44:29 +00:00 |
|
Bernardo Damele
|
c735d846ee
|
The default temporary directory as to stay as is, do not touch this code snippet anymore please
|
2012-03-14 22:39:46 +00:00 |
|
Miroslav Stampar
|
ca0d068575
|
distinguishing NULL from BLANK
|
2012-03-14 13:52:23 +00:00 |
|
Miroslav Stampar
|
1d0c8a7f44
|
minor update
|
2012-03-12 15:19:02 +00:00 |
|
Bernardo Damele
|
48592f2515
|
minor adjustments
|
2012-03-09 18:34:18 +00:00 |
|
Bernardo Damele
|
be9b103b51
|
minor bug fix
|
2012-03-09 18:02:50 +00:00 |
|
Bernardo Damele
|
012fc21b49
|
Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
|
2012-03-09 17:47:50 +00:00 |
|
Miroslav Stampar
|
c878dd3e5a
|
doing a dummy test for --os-shell in case of xp_cmdshell
|
2012-03-09 14:21:41 +00:00 |
|
Bernardo Damele
|
7330dff255
|
Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries
|
2012-03-08 16:57:53 +00:00 |
|
Bernardo Damele
|
ae87df5670
|
leftover
|
2012-03-08 15:45:33 +00:00 |
|
Bernardo Damele
|
4bc6f3f6c9
|
Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore
|
2012-03-08 15:32:05 +00:00 |
|
Miroslav Stampar
|
68b9d48d0a
|
minor update
|
2012-03-08 15:30:23 +00:00 |
|
Miroslav Stampar
|
2ab80bfb2c
|
minor bug fix
|
2012-03-08 15:24:05 +00:00 |
|
Bernardo Damele
|
c79807f5fb
|
Minor layout adjustments
|
2012-03-08 15:11:24 +00:00 |
|
Miroslav Stampar
|
761ec7529a
|
minor appereance fix
|
2012-03-01 11:52:30 +00:00 |
|
Miroslav Stampar
|
8b9c5c66cc
|
code refactoring regarding charsetType inside inference/bisection
|
2012-02-29 14:36:23 +00:00 |
|
Miroslav Stampar
|
10dd9096f7
|
one more just in case fix for safeSQLIdentificator naming on MSSQL --tables
|
2012-02-29 14:05:53 +00:00 |
|
Miroslav Stampar
|
d06182347f
|
fixing few potential problems
|
2012-02-29 13:56:40 +00:00 |
|
Miroslav Stampar
|
74b19a0386
|
minor update
|
2012-02-25 10:43:10 +00:00 |
|
Miroslav Stampar
|
26b33154ab
|
optimal fix related to the last commit
|
2012-02-24 14:28:41 +00:00 |
|
Miroslav Stampar
|
9d6fd2e507
|
bug fix for --schema --technique=BST
|
2012-02-24 14:12:19 +00:00 |
|
Miroslav Stampar
|
f9d2971474
|
minor just in case fix
|
2012-02-23 16:37:06 +00:00 |
|
Miroslav Stampar
|
6e54cb171f
|
minor code restyling
|
2012-02-22 15:53:36 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Bernardo Damele
|
f55ad46119
|
Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently
|
2012-02-20 11:06:55 +00:00 |
|
Miroslav Stampar
|
08bf8c201f
|
few minor fixes
|
2012-02-20 10:24:55 +00:00 |
|
Miroslav Stampar
|
dcf7277a0f
|
some more refactorings
|
2012-02-16 14:42:28 +00:00 |
|
Miroslav Stampar
|
e1f86c97c4
|
minor refactoring
|
2012-02-16 09:46:41 +00:00 |
|
Miroslav Stampar
|
948cf25de4
|
more consistent
|
2012-02-09 09:53:40 +00:00 |
|
Miroslav Stampar
|
980367b7b2
|
minor update
|
2012-02-09 09:48:47 +00:00 |
|
Miroslav Stampar
|
1d4b10dbd1
|
bug fix
|
2012-02-08 13:55:50 +00:00 |
|
Miroslav Stampar
|
2662fe84f7
|
minor update
|
2012-02-08 12:02:50 +00:00 |
|
Miroslav Stampar
|
85a4ef6593
|
minor update
|
2012-02-08 12:00:03 +00:00 |
|
Miroslav Stampar
|
f7bf1fbe94
|
upgrade/fixes for direct DBMS access
|
2012-02-07 10:46:55 +00:00 |
|
Miroslav Stampar
|
e94f86a1ad
|
minor update
|
2012-02-03 15:46:28 +00:00 |
|
Miroslav Stampar
|
a48fc4efec
|
minor update
|
2012-02-03 15:32:23 +00:00 |
|
Miroslav Stampar
|
e3466fa5d8
|
minor update
|
2012-02-03 15:28:11 +00:00 |
|
Miroslav Stampar
|
2136b3447d
|
better solution
|
2012-02-03 15:22:21 +00:00 |
|
Miroslav Stampar
|
f79d01183d
|
minor update
|
2012-02-01 09:23:52 +00:00 |
|
Miroslav Stampar
|
2face9799a
|
minor fix
|
2012-02-01 09:17:38 +00:00 |
|
Miroslav Stampar
|
7d37a650d0
|
minor fix
|
2012-01-30 14:41:17 +00:00 |
|
Miroslav Stampar
|
de94bee7b5
|
minor fix
|
2012-01-20 00:11:19 +00:00 |
|
Miroslav Stampar
|
b2dad63000
|
some more refactoring
|
2012-01-13 22:00:34 +00:00 |
|
Miroslav Stampar
|
8e4b8d345f
|
refactoring
|
2012-01-13 21:55:39 +00:00 |
|
Bernardo Damele
|
ec9cc19951
|
Minor bug fixes for -d
|
2012-01-13 21:46:21 +00:00 |
|
Bernardo Damele
|
5e853cae64
|
Minor bug fix so now when the back-end DBMS operating system is Windows 2000, it sets the temporary folder automatically to C:\WINNT\Temp - the user does not need to provide it anymore with --tmp-path C:\\WINNT\\Temp
|
2012-01-13 18:08:44 +00:00 |
|
Bernardo Damele
|
0043336620
|
Minor fix and removed leftover debug message
|
2012-01-13 17:04:59 +00:00 |
|
Bernardo Damele
|
b03f91437b
|
Minor code refactoring
|
2012-01-13 16:49:52 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
ff52931140
|
some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available)
|
2012-01-07 19:30:35 +00:00 |
|
Miroslav Stampar
|
138b8039b3
|
better language
|
2012-01-07 17:35:53 +00:00 |
|
Miroslav Stampar
|
f85c5b3f4d
|
minor update
|
2012-01-06 00:23:49 +00:00 |
|
Miroslav Stampar
|
f412706fee
|
minor update for MSSQL --tables (fallback to other method)
|
2012-01-03 18:01:14 +00:00 |
|
Miroslav Stampar
|
8750532c3d
|
minor fix
|
2011-12-28 14:13:36 +00:00 |
|
Miroslav Stampar
|
526aacb640
|
code cleanup
|
2011-12-21 22:59:23 +00:00 |
|
Miroslav Stampar
|
41ccf88990
|
some more refactoring
|
2011-12-21 22:09:21 +00:00 |
|
Miroslav Stampar
|
d9d4e3ea9b
|
minor fix
|
2011-12-21 17:43:50 +00:00 |
|
Miroslav Stampar
|
41b60b26fc
|
minor refactoring
|
2011-12-21 14:25:39 +00:00 |
|
Miroslav Stampar
|
81bd9a201b
|
minor refactoring
|
2011-12-21 11:50:49 +00:00 |
|
Miroslav Stampar
|
d1bfdc6a48
|
minor fix for --start/--stop mechanism in pivot dumping mode
|
2011-12-20 13:04:57 +00:00 |
|
Miroslav Stampar
|
39b406c5c1
|
fix for --search on Oracle
|
2011-12-02 18:13:27 +00:00 |
|
Miroslav Stampar
|
96aacbf945
|
upgrade of --search mechanism (lowest common denominator is now searched for - e.g. if -D -T and -C are given then -C is searched for in -D and -T)
|
2011-12-02 13:32:30 +00:00 |
|
Miroslav Stampar
|
9697e80013
|
some more optimizations
|
2011-11-22 10:54:29 +00:00 |
|
Miroslav Stampar
|
b117c40aa5
|
major improvement of HashDB speed in multi-threaded mode
|
2011-11-22 10:09:35 +00:00 |
|
Miroslav Stampar
|
440b7efe55
|
minor optimization
|
2011-11-20 20:14:47 +00:00 |
|
Miroslav Stampar
|
bd7da45546
|
minor update
|
2011-10-28 13:07:23 +00:00 |
|
Miroslav Stampar
|
f7be0ca4e2
|
minor fix
|
2011-10-28 12:49:35 +00:00 |
|
Miroslav Stampar
|
6c0e8b0ea8
|
returning alphabetically sorted database and table names
|
2011-10-28 12:40:59 +00:00 |
|
Miroslav Stampar
|
9523da7663
|
minor optimization
|
2011-10-25 13:21:01 +00:00 |
|
Miroslav Stampar
|
23bf52e496
|
minor refactoring
|
2011-10-24 09:55:50 +00:00 |
|
Miroslav Stampar
|
25f0ec3597
|
some minor range to xrange conversion (where safe to do)
|
2011-10-21 22:34:27 +00:00 |
|
Miroslav Stampar
|
b6ccc0cc43
|
minor update
|
2011-10-18 14:35:42 +00:00 |
|
Miroslav Stampar
|
7f9f744b87
|
update regarding last commit
|
2011-10-12 12:37:05 +00:00 |
|
Miroslav Stampar
|
39e33bea99
|
important fix (LIMIT m,n should not be considered deterministic in column by column table dumping)
|
2011-10-12 12:31:47 +00:00 |
|
Miroslav Stampar
|
2d7d84e16b
|
minor fix
|
2011-09-25 19:42:24 +00:00 |
|
Miroslav Stampar
|
9a1ac96756
|
bug fix
|
2011-09-11 17:22:27 +00:00 |
|
Miroslav Stampar
|
8a174248dc
|
fix for a bug reported by blueBoy
|
2011-08-20 20:08:11 +00:00 |
|
Miroslav Stampar
|
fb6a84b10b
|
minor update (when columns are missing from information_schema too)
|
2011-08-18 07:03:53 +00:00 |
|
Miroslav Stampar
|
262996fc5b
|
bug fix
|
2011-08-16 06:14:40 +00:00 |
|
Miroslav Stampar
|
10bdd90e60
|
minor speed optimizations (as a result of profiling)
|
2011-08-12 13:40:37 +00:00 |
|
Miroslav Stampar
|
41ae9bc7ff
|
minor bug fix
|
2011-08-09 14:20:25 +00:00 |
|
Miroslav Stampar
|
9423d15fb3
|
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
|
2011-08-03 09:08:16 +00:00 |
|
Bernardo Damele
|
c15439ab7f
|
Minor improvement to --passwords output
|
2011-08-02 09:04:34 +00:00 |
|
Bernardo Damele
|
ad4584da70
|
Minor bug fix when dumping tables with UNION query technique on Access, Firebird and MaxDB
|
2011-08-01 23:44:14 +00:00 |
|
Miroslav Stampar
|
4ca81dd345
|
quick fix
|
2011-08-01 23:25:58 +00:00 |
|
Miroslav Stampar
|
e0fda9f985
|
minor fix
|
2011-08-01 10:13:25 +00:00 |
|
Miroslav Stampar
|
79b4e26e23
|
bug fix
|
2011-08-01 00:17:26 +00:00 |
|
Miroslav Stampar
|
0627bb02cb
|
minor beautification
|
2011-07-31 10:21:47 +00:00 |
|
Miroslav Stampar
|
4d923ec375
|
change in invalid logic regarding --sql-shell (retrieving output for non-query commands did nothing at all)
|
2011-07-30 21:46:59 +00:00 |
|
Miroslav Stampar
|
a6ade08c28
|
just in case commit to prevent join string iteration over 'None' values
|
2011-07-30 13:01:37 +00:00 |
|
Miroslav Stampar
|
684ddc43e6
|
minor patch
|
2011-07-28 08:53:09 +00:00 |
|
Bernardo Damele
|
37de709df2
|
leftover
|
2011-07-26 11:20:07 +00:00 |
|
Bernardo Damele
|
a2483b3bc4
|
Aligned OS takeover functionalities to recent Metasploit improvements
|
2011-07-26 10:29:14 +00:00 |
|
Miroslav Stampar
|
ec1bc0219c
|
hello big tables, this is sqlmap, sqlmap this is big tables
|
2011-07-24 09:19:33 +00:00 |
|
Bernardo Damele
|
5a1c9a42a3
|
Minor bug fix
|
2011-07-20 13:45:34 +00:00 |
|
Bernardo Damele
|
29b5115906
|
Minor bug fix
|
2011-07-20 13:28:10 +00:00 |
|
Miroslav Stampar
|
9c694ce3ec
|
bug fix (--tables --columns)
|
2011-07-12 23:27:47 +00:00 |
|
Miroslav Stampar
|
c517e97a44
|
few fixes and minor cosmetics
|
2011-07-08 06:02:31 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Miroslav Stampar
|
b8ffcf9495
|
few fixes here and there and multi-core processing for dictionary based hash attack
|
2011-07-04 19:58:41 +00:00 |
|
Bernardo Damele
|
da049110df
|
Minor revert
|
2011-07-04 15:23:05 +00:00 |
|
Miroslav Stampar
|
a1fe9d07ca
|
minor revert
|
2011-07-02 23:00:22 +00:00 |
|
Miroslav Stampar
|
34d9a91af1
|
bulk of fixes
|
2011-07-02 22:48:56 +00:00 |
|
Miroslav Stampar
|
8a36f7fc03
|
fix for a bug reported by aboynes@gmail.com (UnboundLocalError: local variable 'infoMsg' referenced before assignment)
|
2011-06-29 18:04:58 +00:00 |
|
Bernardo Damele
|
36c96ef796
|
Added DB2 support - patch provided by Sebastian Bittig
|
2011-06-25 09:44:24 +00:00 |
|
Bernardo Damele
|
ddfae39d9e
|
Minor bug fixes for --search with -C
|
2011-06-24 09:27:54 +00:00 |
|
Miroslav Stampar
|
ca6f9acf30
|
minor fix for resuming in multi threading mode
|
2011-06-18 12:23:18 +00:00 |
|
Miroslav Stampar
|
d27afaed7e
|
some fixes
|
2011-06-16 14:27:44 +00:00 |
|
Miroslav Stampar
|
0eeb48f8f5
|
some fixes
|
2011-06-16 13:41:02 +00:00 |
|
Miroslav Stampar
|
afe0579487
|
minor fixes for pivot dumping
|
2011-06-15 19:03:37 +00:00 |
|
Miroslav Stampar
|
60ecf95383
|
fix for a bug reported by seyi.akin@gmail.com
|
2011-06-14 08:40:25 +00:00 |
|
Bernardo Damele
|
9126c84442
|
Refactoring (standardized with --search -C ...)
|
2011-06-08 16:39:41 +00:00 |
|
Miroslav Stampar
|
4a9640160e
|
more concise
|
2011-06-08 14:35:23 +00:00 |
|
Miroslav Stampar
|
6b81eef65a
|
refactoring
|
2011-06-08 14:30:12 +00:00 |
|
Bernardo Damele
|
cce3208b35
|
Cleanup
|
2011-06-08 14:15:34 +00:00 |
|
Bernardo Damele
|
161ece5587
|
Rephrase
|
2011-06-08 11:33:45 +00:00 |
|
Miroslav Stampar
|
f34b395c65
|
fixing typo
|
2011-06-07 14:58:22 +00:00 |
|
Miroslav Stampar
|
89a7516c35
|
bug fix
|
2011-06-06 09:55:22 +00:00 |
|
Miroslav Stampar
|
3fa8e1db72
|
better language
|
2011-05-31 15:45:54 +00:00 |
|
Miroslav Stampar
|
4bb9754dfe
|
using --dump for msaccess with -C switch was for some reason pain in the ass (you had to do the brute forcing again and again). now -C forces the result in those cases
|
2011-05-30 23:34:48 +00:00 |
|
Miroslav Stampar
|
bf2b58ba82
|
minor update
|
2011-05-26 15:23:28 +00:00 |
|
Miroslav Stampar
|
79f0b3a92a
|
adding support for --start and --stop for __pivotDumpTable
|
2011-05-26 15:16:57 +00:00 |
|
Miroslav Stampar
|
b6fe5b12a4
|
adding --schema to the wizard/Basic as it looks like a cool thingy to put there
|
2011-05-26 14:30:05 +00:00 |
|
Miroslav Stampar
|
a397baa89a
|
fix for a bug reported by viniciusmaxdaloop@gmail.com and few related patches
|
2011-05-26 08:17:21 +00:00 |
|
Miroslav Stampar
|
1067d43f14
|
minor update
|
2011-05-23 19:16:29 +00:00 |
|
Miroslav Stampar
|
0ed03d474f
|
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
|
2011-05-23 11:09:44 +00:00 |
|
Miroslav Stampar
|
7b52bbe3fb
|
reverting that ignoreTimeout for --tables (because of this and that)
|
2011-05-22 09:59:19 +00:00 |
|
Miroslav Stampar
|
9b2623514a
|
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
|
2011-05-22 09:48:46 +00:00 |
|
Miroslav Stampar
|
2ea613b170
|
type correction and adding global flag kb.ignoreTimeout which could be useful
|
2011-05-22 08:24:13 +00:00 |
|