Commit Graph

56 Commits

Author SHA1 Message Date
Miroslav Stampar
8cf5d260fd Application Data is not a temporary directory writable by everybody 2012-03-14 23:44:29 +00:00
Bernardo Damele
c735d846ee The default temporary directory as to stay as is, do not touch this code snippet anymore please 2012-03-14 22:39:46 +00:00
Miroslav Stampar
c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell 2012-03-09 14:21:41 +00:00
Miroslav Stampar
74b19a0386 minor update 2012-02-25 10:43:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Bernardo Damele
f55ad46119 Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently 2012-02-20 11:06:55 +00:00
Miroslav Stampar
980367b7b2 minor update 2012-02-09 09:48:47 +00:00
Miroslav Stampar
e94f86a1ad minor update 2012-02-03 15:46:28 +00:00
Miroslav Stampar
a48fc4efec minor update 2012-02-03 15:32:23 +00:00
Miroslav Stampar
e3466fa5d8 minor update 2012-02-03 15:28:11 +00:00
Miroslav Stampar
2136b3447d better solution 2012-02-03 15:22:21 +00:00
Bernardo Damele
5e853cae64 Minor bug fix so now when the back-end DBMS operating system is Windows 2000, it sets the temporary folder automatically to C:\WINNT\Temp - the user does not need to provide it anymore with --tmp-path C:\\WINNT\\Temp 2012-01-13 18:08:44 +00:00
Bernardo Damele
0043336620 Minor fix and removed leftover debug message 2012-01-13 17:04:59 +00:00
Bernardo Damele
b03f91437b Minor code refactoring 2012-01-13 16:49:52 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Bernardo Damele
da049110df Minor revert 2011-07-04 15:23:05 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
7dd5bd9d59 Minor fix for --cleanup on MSSQL 2011-04-10 13:48:29 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
c22338ce90 Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more). 2010-11-29 11:47:58 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Bernardo Damele
a0df231aa4 Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data 2010-10-29 13:09:53 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Bernardo Damele
1387ed0c25 This %TEMP% is a mere cause of problems (e.g. --os-cmd in MSSQL the BULK INSERT with '%TEMP%\foo' does not work), stick with C:/WINDOWS/Temp 2010-05-29 15:27:49 +00:00
Miroslav Stampar
20d05cc404 way to handle re.I (ignore case) while using getCompiledRegex 2010-05-21 15:03:40 +00:00
Bernardo Damele
c9ee11e0e4 Added support to search for tables (--search with -T). See #190. 2010-05-16 20:46:17 +00:00
Bernardo Damele
762781e94d Minor bug fix, %TEMP% is expanded only in xp_cmdshell (MSSQL), so disabled for MySQL/PGSQL 2010-05-13 10:40:15 +00:00
Bernardo Damele
091e0b2e05 Layout adjustment 2010-05-13 09:51:15 +00:00
Miroslav Stampar
2323d858a9 modification of temporary directory from C:/Windows/Temp to %TEMP% 2010-05-13 09:32:27 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190:
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
09768a7b62 Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.
Todo for firebird, sqlite, access.
2010-03-22 22:57:57 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Bernardo Damele
8c68d25b39 Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all 2010-02-26 12:00:47 +00:00