Miroslav Stampar
95ed6b7203
Minor patch (Issue #470 )
2013-06-24 14:37:45 +02:00
Bernardo Damele
a72096a345
slightly more appropriate definition of output variable
2013-06-19 20:25:01 +01:00
Bernardo Damele
cae108d9fc
careful at merging pull requests with TABs ( #466 )
2013-06-19 19:49:53 +01:00
Meatballs
c5087399c1
Fix exception if init technique not available
2013-06-16 10:47:27 +01:00
Meatballs
2c98507f1e
Add better error msg
2013-06-16 10:27:08 +01:00
Meatballs
caa326774c
Fallback to blind
2013-06-16 10:22:20 +01:00
Bernardo Damele
4b9d8ed673
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47
working on #392 to fix --os-cmd and --os-shell output parsing
2013-02-14 11:31:20 +00:00
Bernardo Damele
a67ef4117f
make sure to use Python 2 interpreter when default system Python is version 3
2013-02-14 11:25:04 +00:00
Miroslav Stampar
f41460f8d8
Better naming
2013-01-29 20:53:11 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Miroslav Stampar
00e55828e4
Minor style update
2012-12-21 15:06:03 +01:00
Miroslav Stampar
974407396e
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 14:14:19 +01:00
Miroslav Stampar
003d21e962
Minor style update (capitalization of leftover class names)
2012-12-06 13:46:24 +01:00
Miroslav Stampar
ab67344448
Removed unused imports and variables (pyflake-ing)
2012-12-06 11:15:05 +01:00
Miroslav Stampar
775e0df04b
Update for an Issue #278
2012-12-05 10:45:17 +01:00
Miroslav Stampar
c1b8226329
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 00:36:09 +02:00
Miroslav Stampar
06805b27f2
Bug fix (time was also meant to be disabled in case of error/inband getvalues)
2012-10-27 23:16:25 +02:00
Miroslav Stampar
a6eeebfca8
Fix for an Issue #188
2012-09-20 11:30:07 +02:00
Miroslav Stampar
ebab05cf7c
Fix for an Issue #158
2012-08-21 20:20:38 +02:00
Miroslav Stampar
f8c9868cb6
Implementation for an Issue #118
2012-07-24 15:34:50 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Bernardo Damele
d3da3f5c52
refactoring for issue #51
2012-07-10 00:19:32 +01:00
Bernardo Damele
25eca9d671
finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34
2012-07-09 14:26:23 +01:00
Bernardo Damele
99c5ea54f7
cleanup for #34
2012-07-09 12:39:43 +01:00
Bernardo Damele
d08a54e375
properly display the command stdout
2012-07-09 10:52:48 +01:00
Miroslav Stampar
54e0a2d8ee
--os-shell now works perfect for inference-like techniques too
2012-07-07 17:57:06 +02:00
Miroslav Stampar
58f6687194
Some refactoring (reusing xpCmdshellForgeCmd)
2012-07-07 10:51:29 +02:00
Miroslav Stampar
8620767b77
Proper fix
2012-07-07 10:38:07 +02:00
Miroslav Stampar
1c69eb5d30
Revert "major fix"
...
This reverts commit 3a11fc2d9e
.
2012-07-07 10:26:13 +02:00
Bernardo Damele
3a11fc2d9e
major fix
2012-07-06 22:55:34 +01:00
Miroslav Stampar
982fcde1c0
Fix for Issue #62
2012-07-06 12:24:55 +02:00
Bernardo Damele
fd4cfb0cc0
working on #51
2012-07-02 15:28:19 +01:00
Bernardo Damele
04d803c7fd
more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)
2012-07-02 15:02:00 +01:00
Bernardo Damele
b7d2680e55
minor refactoring, issue #51
2012-07-02 12:50:26 +01:00
Bernardo Damele
add8352804
make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too
2012-07-02 02:14:03 +01:00
Bernardo Damele
6697927098
initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap
2012-07-02 02:04:19 +01:00
Bernardo Damele
18be319d13
hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run
2012-07-01 23:41:10 +01:00
Bernardo Damele
ff9e97a42c
minor code refactoring
2012-07-01 23:31:45 +01:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Bernardo Damele
4da03d898e
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
2012-04-25 07:40:42 +00:00
Miroslav Stampar
e05109812f
minor improvements regarding data retrieval through DNS channel
2012-04-03 09:18:30 +00:00
Bernardo Damele
1e71b24dca
More info messages to prove xp_cmdshell (and temporary directory choosen) worked
2012-03-14 22:41:53 +00:00
Miroslav Stampar
34b0935cb3
refactoring "echo 1" quick test for xp_cmdshell console output
2012-03-13 10:36:49 +00:00
Miroslav Stampar
85125018a1
minor bug fix
2012-02-25 22:54:32 +00:00
Miroslav Stampar
06ab3fa134
minor update
2012-02-25 10:53:38 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00