Miroslav Stampar
|
48f68bd076
|
First commit for Issue #83
|
2012-07-13 10:35:22 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Bernardo Damele
|
0702dd70b5
|
verify also that the web backdoor has been successfully uploaded
|
2012-07-11 14:08:51 +01:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
61ad3b999a
|
fix for a crash with partial union and --hex
|
2012-03-14 10:31:24 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
ba5eff1de6
|
minor bug fix
|
2011-09-23 18:29:45 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Miroslav Stampar
|
9e453e8709
|
fix for a bug reported by nightman@email.de
|
2011-06-29 17:49:59 +00:00 |
|
Bernardo Damele
|
cd6ceb733e
|
Adjustment and refactoring for takeover via web backdoor
|
2011-06-08 14:16:53 +00:00 |
|
Miroslav Stampar
|
868fbe370b
|
minor beautification
|
2011-05-23 10:39:58 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Bernardo Damele
|
d0dff82ce0
|
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
|
2011-04-23 16:25:09 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Miroslav Stampar
|
430fd5cd63
|
minor fixes
|
2011-01-25 16:05:06 +00:00 |
|
Miroslav Stampar
|
818c9787b2
|
minor update
|
2011-01-23 21:20:16 +00:00 |
|
Miroslav Stampar
|
b18397fbc7
|
major revisit of --os-shell methods
|
2011-01-23 20:47:06 +00:00 |
|
Bernardo Damele
|
cffa17f5a6
|
Major bug fix - before it raised a traceback, now works.
|
2011-01-18 23:02:47 +00:00 |
|
Miroslav Stampar
|
1fa8f0cba7
|
code reviewing part 2
|
2011-01-15 12:53:40 +00:00 |
|
Miroslav Stampar
|
de54219571
|
code refactoring
|
2010-12-15 12:50:56 +00:00 |
|
Bernardo Damele
|
698f30e65e
|
Cosmetics
|
2010-12-13 21:34:35 +00:00 |
|
Bernardo Damele
|
da3fd17fc3
|
Adjustment to make it work also in OR based injection
|
2010-12-05 12:24:23 +00:00 |
|
Miroslav Stampar
|
6712f4da55
|
some refactoring and one less request for aspx maintanance during --os-shell
|
2010-11-24 14:20:43 +00:00 |
|
Miroslav Stampar
|
9579a97039
|
now ASPX works too for --os-shell
|
2010-11-24 11:38:27 +00:00 |
|
Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
17f0609263
|
minor bug fix
|
2010-11-17 13:29:57 +00:00 |
|
Miroslav Stampar
|
2802923dbe
|
some improvements regarding --os-shell web server application choice
|
2010-11-17 11:45:52 +00:00 |
|
Miroslav Stampar
|
bec152609a
|
minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \)
|
2010-11-17 09:33:05 +00:00 |
|
Miroslav Stampar
|
e7a66371f8
|
update regarding os shell-ing regarding JSP and ASPX
|
2010-11-16 13:46:46 +00:00 |
|
Miroslav Stampar
|
6adee3792a
|
removed all trailing spaces from blank lines
|
2010-11-03 10:08:27 +00:00 |
|
Bernardo Damele
|
bdb9c37a7e
|
Cosmetics
|
2010-10-25 15:17:59 +00:00 |
|
Bernardo Damele
|
f95098693f
|
Removed unused functions
|
2010-10-20 21:16:28 +00:00 |
|
Bernardo Damele
|
683184cc8f
|
Minor refactoring
|
2010-10-17 21:06:52 +00:00 |
|
Bernardo Damele
|
f54c134d22
|
Minor adjustment
|
2010-10-16 22:43:05 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
87abec16bd
|
probable fix for a bug reported by Prashant Jadhav
|
2010-09-30 18:52:33 +00:00 |
|
Bernardo Damele
|
84778f0e6c
|
Minor fix, leave like this
|
2010-05-29 08:58:55 +00:00 |
|
Miroslav Stampar
|
d3e527aba3
|
minor update
|
2010-05-29 07:13:54 +00:00 |
|
Bernardo Damele
|
10521b68eb
|
Major bug fix in multipartpost and minor adjustments elsewhere
|
2010-05-28 23:12:20 +00:00 |
|
Bernardo Damele
|
a1b1f960cc
|
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
|
2010-04-23 16:34:20 +00:00 |
|
Miroslav Stampar
|
1bcec80e95
|
fix for that takeover bug Ethan Robish posted (Windows/PHP)
|
2010-04-22 10:31:33 +00:00 |
|
Bernardo Damele
|
156fdd96ef
|
Updated copyright
|
2010-03-03 15:26:27 +00:00 |
|
Bernardo Damele
|
2f452480b3
|
Minor bug fix in syntax
|
2010-03-01 14:40:18 +00:00 |
|
Bernardo Damele
|
694356821d
|
sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious
|
2010-02-26 13:13:50 +00:00 |
|
Miroslav Stampar
|
1f2a1bb24c
|
removed some redundant code
|
2010-02-26 12:36:41 +00:00 |
|
Miroslav Stampar
|
e4c34ff86c
|
changed default web server language behaviour
|
2010-02-25 16:55:02 +00:00 |
|
Miroslav Stampar
|
0913d700a8
|
important update regarding default directories
|
2010-02-25 15:22:41 +00:00 |
|
Miroslav Stampar
|
4a3fa69f9d
|
minor adjustment
|
2010-02-25 15:07:54 +00:00 |
|
Bernardo Damele
|
0df5b5fed9
|
Minor bug fix and code adjustments
|
2010-02-25 14:06:44 +00:00 |
|
Miroslav Stampar
|
24d3e24db0
|
more updates regarding --os-shell feature
|
2010-02-25 12:16:49 +00:00 |
|
Miroslav Stampar
|
b558712a47
|
more feature updates
|
2010-02-25 11:40:49 +00:00 |
|
Miroslav Stampar
|
15d1fcbb7f
|
now runcmd exe has random name too
|
2010-02-25 10:47:12 +00:00 |
|
Miroslav Stampar
|
2cafd5697b
|
new changes regarding --os-shell
|
2010-02-25 10:33:41 +00:00 |
|
Miroslav Stampar
|
858cb25975
|
update
|
2010-02-24 23:40:56 +00:00 |
|
Miroslav Stampar
|
2a07af2294
|
removed pdb tracing
|
2010-02-20 22:36:17 +00:00 |
|
Miroslav Stampar
|
0debc95ad4
|
some fixes
|
2010-02-20 22:31:54 +00:00 |
|
Miroslav Stampar
|
0ed5ba5559
|
minor update
|
2010-02-16 13:24:09 +00:00 |
|
Miroslav Stampar
|
c4951fd631
|
some updates regarding --os-shell option
|
2010-02-16 13:20:34 +00:00 |
|
Miroslav Stampar
|
00a23ace9a
|
some changes regarding web takeover
|
2010-02-09 14:27:41 +00:00 |
|
Miroslav Stampar
|
dbd52c52e4
|
minor fix
|
2010-02-04 14:39:24 +00:00 |
|
Miroslav Stampar
|
ec63fc4036
|
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
|
2010-02-04 14:37:00 +00:00 |
|
Miroslav Stampar
|
87239476af
|
more fixes :)
|
2010-02-04 10:10:41 +00:00 |
|
Miroslav Stampar
|
e4699f389d
|
some bug fixes regarding --os-shell usage against windows servers
|
2010-02-04 09:49:31 +00:00 |
|
Miroslav Stampar
|
ea045eaa2f
|
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
also, fixed some issues with Windows paths
|
2010-02-03 16:40:12 +00:00 |
|
Miroslav Stampar
|
7c88e32f9d
|
bug fix for 404 program termination during shell upload attempt
|
2010-02-03 16:16:34 +00:00 |
|
Miroslav Stampar
|
565433097e
|
used normalizePath instead of os.path.normalize
|
2010-02-03 16:10:09 +00:00 |
|
Miroslav Stampar
|
87c8bdbc29
|
removed pdb tracing
|
2010-02-03 14:52:29 +00:00 |
|
Miroslav Stampar
|
c74b920f54
|
bug fix
|
2010-02-03 14:49:28 +00:00 |
|
Bernardo Damele
|
6f5d2ed171
|
Minor cosmetic adjustments
|
2010-01-28 17:07:34 +00:00 |
|
Miroslav Stampar
|
a2077bfc0e
|
quick fix
|
2010-01-28 16:56:00 +00:00 |
|
Miroslav Stampar
|
732ed48e2b
|
some refactoring regarding decloaking
|
2010-01-28 16:50:34 +00:00 |
|
Bernardo Damele
|
dcbbad642d
|
Minor self fix, switched to rc6
|
2010-01-28 10:27:47 +00:00 |
|
Miroslav Stampar
|
f6b447f6e7
|
fix for "NameError: global name 'webFileStreamUpload' is not defined"
|
2010-01-28 08:54:47 +00:00 |
|
Miroslav Stampar
|
921e449454
|
added support for cloaking Churrasco.exe file
|
2010-01-28 00:07:33 +00:00 |
|
Miroslav Stampar
|
4559ded6c1
|
added new line at the end of the file
|
2010-01-27 17:02:23 +00:00 |
|
Miroslav Stampar
|
f4b8ce5c72
|
fix for 'No such file or directory' OSError exception
|
2010-01-27 17:00:54 +00:00 |
|
Miroslav Stampar
|
d0acb1c5a3
|
another fix. hope it works :)
|
2010-01-27 16:01:50 +00:00 |
|
Miroslav Stampar
|
f8056f4098
|
quick fix regarding usage of StringIO instead of file stream
|
2010-01-27 15:44:35 +00:00 |
|
Miroslav Stampar
|
1d15c595a4
|
minor fix
|
2010-01-27 14:08:09 +00:00 |
|
Miroslav Stampar
|
e63428207c
|
modified a way to handle shell scripts
|
2010-01-27 13:59:25 +00:00 |
|
Bernardo Damele
|
c4215ce8d2
|
Minor code refactoring
|
2010-01-14 20:42:45 +00:00 |
|
Bernardo Damele
|
c9863bc1d2
|
Minor code refactoring
|
2010-01-14 14:33:08 +00:00 |
|
Bernardo Damele
|
070ccc30e9
|
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
Updated ChangeLog.
Major code refactoring.
|
2010-01-14 14:03:16 +00:00 |
|