Bernardo Damele
4da03d898e
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
2012-04-25 07:40:42 +00:00
Miroslav Stampar
5e358b51f9
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
2012-04-04 09:25:05 +00:00
Miroslav Stampar
e05109812f
minor improvements regarding data retrieval through DNS channel
2012-04-03 09:18:30 +00:00
Bernardo Damele
1e71b24dca
More info messages to prove xp_cmdshell (and temporary directory choosen) worked
2012-03-14 22:41:53 +00:00
Miroslav Stampar
61ad3b999a
fix for a crash with partial union and --hex
2012-03-14 10:31:24 +00:00
Miroslav Stampar
34b0935cb3
refactoring "echo 1" quick test for xp_cmdshell console output
2012-03-13 10:36:49 +00:00
Miroslav Stampar
c878dd3e5a
doing a dummy test for --os-shell in case of xp_cmdshell
2012-03-09 14:21:41 +00:00
Miroslav Stampar
8b9c5c66cc
code refactoring regarding charsetType inside inference/bisection
2012-02-29 14:36:23 +00:00
Miroslav Stampar
85125018a1
minor bug fix
2012-02-25 22:54:32 +00:00
Miroslav Stampar
06ab3fa134
minor update
2012-02-25 10:53:38 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
8d7912ad34
minor update and refactoring
2012-02-15 14:05:50 +00:00
Miroslav Stampar
9059d30312
adding first code example for SPL snippets
2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113
bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt)
2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e
minor update (it was working before too, but this is cleaner)
2012-02-15 10:14:29 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
ba5eff1de6
minor bug fix
2011-09-23 18:29:45 +00:00
Bernardo Damele
f890b29f81
Proper reference to Metasploit Framework as now it's version 4, not 3 anymore
2011-09-12 17:26:22 +00:00
Bernardo Damele
702ed73a65
Added --code switch to match in boolean-based tests against the HTTP response code
2011-08-12 16:48:11 +00:00
Bernardo Damele
a2483b3bc4
Aligned OS takeover functionalities to recent Metasploit improvements
2011-07-26 10:29:14 +00:00
Bernardo Damele
d6b52242c7
Meterpreter's sniffer extension freezes 64-bit systems
...
Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.
2011-07-20 13:50:02 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
9e453e8709
fix for a bug reported by nightman@email.de
2011-06-29 17:49:59 +00:00
Bernardo Damele
cd6ceb733e
Adjustment and refactoring for takeover via web backdoor
2011-06-08 14:16:53 +00:00
Miroslav Stampar
2b12b18357
incorporating metasploit patch from oliver.kuckertz@mologie.de
2011-05-23 15:27:10 +00:00
Miroslav Stampar
868fbe370b
minor beautification
2011-05-23 10:39:58 +00:00
Miroslav Stampar
4d4e3802e4
decoding of chars for --os-shell
2011-05-03 15:31:12 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
98f9f3e774
Minor bug fix in local shellcodeexec for Windows path
2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Bernardo Damele
b667c50588
store/resume info on xp_cmd available in session file
2011-04-21 14:25:04 +00:00
Miroslav Stampar
e1a8d268d8
fix for UPX linux/macos
2011-04-21 10:52:34 +00:00
Miroslav Stampar
e4d3190f41
reverting back to NVARCHAR because of error technique
2011-04-20 12:59:23 +00:00
Miroslav Stampar
7993f3f12d
way better for storing bulk of data (like BLOB on mysql)
2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd
revert
2011-04-20 10:34:34 +00:00
Miroslav Stampar
1c1c20fb64
minor update
2011-04-20 09:34:00 +00:00
Miroslav Stampar
4b6c524d4c
one more minor update regarding last commit
2011-04-20 09:26:03 +00:00
Miroslav Stampar
44926757da
minor update
2011-04-20 09:23:08 +00:00
Miroslav Stampar
9a9838f1e6
cleaning a mess with UPX and virus scanners
2011-04-19 21:57:04 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Bernardo Damele
3e8c204121
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
2011-02-21 16:00:56 +00:00
Bernardo Damele
b33ac19d39
Minor fix
2011-02-07 12:36:00 +00:00
Miroslav Stampar
e023e0d233
proper fix
2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
c0233dcd4f
preventing crashes for output=[]
2011-02-07 10:24:15 +00:00