Miroslav Stampar
fa4c1c5251
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
Miroslav Stampar
0a8bc52910
Minor updates
2018-01-31 11:13:08 +01:00
Miroslav Stampar
8a122401aa
Update of copyright years
2018-01-02 00:48:10 +01:00
Miroslav Stampar
66d37112d1
If it works, don't touch. I touched
2017-10-31 11:38:09 +01:00
Miroslav Stampar
8c6b761044
Replacing doc/COPYING to LICENSE
2017-10-11 14:50:46 +02:00
Miroslav Stampar
415ce05a2f
Fixes #2677
2017-09-04 17:05:48 +02:00
Miroslav Stampar
2ca5ddce5f
Fixes #2534
2017-05-15 17:03:05 +02:00
Miroslav Stampar
d9a931f77a
Minor cleanup
2017-04-14 13:14:53 +02:00
Miroslav Stampar
9b3d229294
Fixes #2471
2017-04-10 19:21:22 +02:00
klensy
e4725366d3
updated mysql version numbers
2017-03-14 15:11:03 +03:00
Miroslav Stampar
ef04c99069
No more dumb usage of '--dbms'
2017-03-06 12:53:04 +01:00
Miroslav Stampar
55272f7a3b
New version preparation
2017-01-02 14:19:18 +01:00
Miroslav Stampar
c557637299
Fixes #2248
2016-10-26 08:49:27 +02:00
Miroslav Stampar
12dc53f687
Minor update
2016-09-19 13:54:06 +02:00
Miroslav Stampar
d7d565415a
Patch for MySQL fingerprinting
2016-06-03 02:31:31 +02:00
Miroslav Stampar
030df0353d
Removing ugly legacy code (e.g. showing MySQL 5.0 when it is e.g. '5.7.8')
2016-06-01 13:47:20 +02:00
Miroslav Stampar
5810c2b199
Minor patch
2016-06-01 11:30:27 +02:00
Miroslav Stampar
cc9f4b6102
Minor refactoring for MariaDB
2016-05-14 15:05:50 +02:00
Miroslav Stampar
3b74e99576
Minor update (support for MariaDB)
2016-05-11 15:47:35 +02:00
Miroslav Stampar
d0d676ccce
Update of copyright string
2016-01-06 00:06:12 +01:00
Miroslav Stampar
b269e8418f
Fixes #1608
2015-12-15 10:46:37 +01:00
Miroslav Stampar
6c083956f4
Patch related to the #1557
2015-11-23 09:48:43 +01:00
Miroslav Stampar
4335ae8330
Patching previous commit
2015-11-16 16:59:54 +01:00
Miroslav Stampar
94639d11a3
Another update related to the #1539
2015-11-16 15:33:05 +01:00
Miroslav Stampar
51444276c0
Better dealing with MySQL vs HSQLDB
2015-10-10 14:19:47 +02:00
Miroslav Stampar
fa4e867035
Bug fix for MySQL fingerprinting (excluding HSQLDB MySQL look-alike)
2015-10-09 14:17:13 +02:00
Miroslav Stampar
401905b2dd
Minor improvement to UNION file write
2015-07-26 17:02:46 +02:00
Miroslav Stampar
7b2c27fa8d
One more update for #1200 (better implementation)
2015-03-26 01:22:16 +01:00
Miroslav Stampar
ac74184422
Fixes #1200
2015-03-25 23:43:48 +01:00
Miroslav Stampar
45bdefd29b
Update of copyright
2015-01-06 15:02:16 +01:00
Miroslav Stampar
87f8753483
Fixing a problem with AV detection
2014-12-14 00:10:43 +01:00
Miroslav Stampar
954bd54689
Fix for an Issue #895
2014-11-03 08:31:50 +01:00
Miroslav Stampar
65c3dfd651
Bug fix (proper path joining)
2014-10-31 18:40:11 +01:00
Miroslav Stampar
dc2ee8bfa0
Minor update
2014-08-30 21:53:09 +02:00
Miroslav Stampar
30fb8e8a50
Patch regarding Issue #774 (SELECT is redundant in case of LOAD_FILE)
2014-08-16 14:23:07 +02:00
Miroslav Stampar
2beeb178fb
Minor patch
2014-06-12 08:56:50 +02:00
Bernardo Damele
43a4e85749
updated copyright
2014-01-13 17:24:49 +00:00
Miroslav Stampar
3bbe02a714
Bug fix (0 datetime value not liked by direct connector)
2013-08-22 12:05:59 +02:00
Miroslav Stampar
5721f6007e
Fix for an Issue #509
2013-08-18 01:24:40 +02:00
stamparm
1c47b33020
Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple)
2013-04-15 15:23:45 +02:00
stamparm
f936746423
Code restyling
2013-04-15 14:31:27 +02:00
Miroslav Stampar
db0a1e58b9
Update for an Issue #352
2013-03-11 14:58:05 +01:00
stamparm
9d81be7af5
Removing redundant piece of code
2013-02-25 14:12:57 +01:00
Bernardo Damele
4b9d8ed673
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f
make sure to use Python 2 interpreter when default system Python is version 3
2013-02-14 11:25:04 +00:00
Miroslav Stampar
dd6f50a00e
Removing unused imports
2013-02-13 11:15:24 +01:00
Miroslav Stampar
dc41484b3f
Refactoring of funcionality for finding out if stacking is available
2013-02-13 09:57:16 +01:00
Miroslav Stampar
6d802867fc
Bug fix (in some cases if random values are parsable as MMDD they will result as valid non-NULL TIMESTAMPADD value back - e.g. values 1224,0101,0212)
2013-02-11 12:02:03 +01:00
Bernardo Damele
b477c56b52
first steps to allow multiple scans on the same taskid - issue #297
2013-02-07 00:05:26 +00:00
Miroslav Stampar
7e1ff1bb8e
Same refactoring as the last commit
2013-02-04 15:26:44 +01:00
Miroslav Stampar
0cc6e68be2
Refactoring MySQL fingeprint.py (those payloads are now stored into session file too)
2013-02-04 15:12:03 +01:00
Bernardo Damele
f4028bd7d2
minor adjustment
2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb
fixes #187
2013-01-23 01:27:01 +00:00
Miroslav Stampar
b4a55a809e
Refactoring DBMS string escaping functions
2013-01-20 13:45:58 +01:00
Bernardo Damele
adf97e630f
add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL
2013-01-19 18:04:33 +00:00
Miroslav Stampar
601eb1e49a
Unescaping is renamed to escaping
2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Miroslav Stampar
e7576a3b11
Better naming
2013-01-18 11:21:23 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Miroslav Stampar
ebde4b190e
Minor update
2013-01-10 11:42:37 +01:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Bernardo Damele
8d9aa2c384
minor refactoring, added possibility to compare the remote file and downloaded file (--file-read), prepping for #223
2012-12-18 17:49:18 +00:00
Miroslav Stampar
974407396e
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 14:14:19 +01:00
Miroslav Stampar
0f191f624c
Taking some goodies from Pull request #284
2012-12-06 10:21:53 +01:00
Miroslav Stampar
ed40f18796
Minor fix
2012-11-26 14:59:44 +01:00
Miroslav Stampar
6e2fce66aa
Patch for an Issue #212
2012-10-23 15:34:59 +02:00
Miroslav Stampar
9a631331a5
Fix for an Issue #177
2012-09-08 20:22:13 +02:00
Bernardo Damele
bb8cd788e1
minor fix
2012-07-16 09:56:41 +01:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Miroslav Stampar
9c4a62f725
Some work on Issue #68
2012-07-11 11:58:47 +02:00
Bernardo Damele
fb7fe552b7
proper naming
2012-07-06 15:13:50 +01:00
Bernardo Damele
ab412da27f
I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes
2012-07-01 23:25:05 +01:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Miroslav Stampar
3f6bc1f3c2
minor fix
2012-05-24 18:05:33 +00:00
Miroslav Stampar
079e0e1434
minor bug fix
2012-05-18 08:51:50 +00:00
Bernardo Damele
072e08836f
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE
2012-04-19 14:05:45 +00:00
Miroslav Stampar
5e358b51f9
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
2012-04-04 09:25:05 +00:00
Miroslav Stampar
cce5c3c009
minor changes for version numbers
2012-03-19 11:07:03 +00:00
Miroslav Stampar
8b9c5c66cc
code refactoring regarding charsetType inside inference/bisection
2012-02-29 14:36:23 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
7bca926a0b
fixes, updates, patches
2012-02-09 10:16:58 +00:00
Miroslav Stampar
accac776fe
some fixes
2012-01-13 14:10:53 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
6f5ef23f28
minor update/patch
2012-01-01 22:55:32 +00:00
Miroslav Stampar
300abc2ba2
minor update regarding unicode unescaping
2012-01-01 22:31:09 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
77e630d89e
replaced longer CHAR form of escaped MySQL strings with more compact hex form
2011-10-23 20:19:42 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
af94ac7f02
minor fix
2011-09-20 22:16:56 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
26062ec71e
minor update
2011-06-07 15:13:51 +00:00
Miroslav Stampar
126cdf9e19
minor info update
2011-05-19 23:28:27 +00:00
Miroslav Stampar
a034462c31
fixing annoying timeouts for basic DBMS check (reference: http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_timestampadd )
2011-05-19 23:03:00 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00