Commit Graph

2875 Commits

Author SHA1 Message Date
Miroslav Stampar
92286104e3 minor just in case update 2012-05-24 21:39:10 +00:00
Miroslav Stampar
3e9c57d177 minor fix 2012-05-24 21:36:35 +00:00
Miroslav Stampar
be76928293 minor fix 2012-05-24 20:53:01 +00:00
Miroslav Stampar
1e18168cc8 fix for one silent bug and small language update 2012-05-23 16:35:40 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
2c057d5b3d minor style update 2012-05-21 22:40:52 +00:00
Miroslav Stampar
bbfa4b6d5d minor update 2012-05-14 14:38:16 +00:00
Miroslav Stampar
333f8057a5 minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces 2012-05-14 14:06:43 +00:00
Miroslav Stampar
595f69fa2c minor language update 2012-05-10 18:30:25 +00:00
Miroslav Stampar
35f400b45b minor language upgrade 2012-05-10 18:25:12 +00:00
Miroslav Stampar
80aedbe284 adding a warning about --tor switch 2012-05-10 18:17:32 +00:00
Miroslav Stampar
b81fe42d4b turning off null connection on -o when --tor used (not compatible) 2012-05-10 17:50:54 +00:00
Miroslav Stampar
efdd86ddcc minor just in case patch 2012-05-10 14:22:34 +00:00
Miroslav Stampar
6367f59b98 minor code refactoring 2012-05-10 14:15:17 +00:00
Miroslav Stampar
12d32f58f2 fix for that SOAP reported bug 2012-05-10 13:39:54 +00:00
Miroslav Stampar
1418ae9767 little refactoring of parseUnionPage together with a patch for some special case 2012-05-09 18:47:40 +00:00
Miroslav Stampar
7fb1f3fc70 minor renaming 2012-05-09 18:26:02 +00:00
Miroslav Stampar
11d9859199 making nice code 2012-05-09 18:25:04 +00:00
Miroslav Stampar
b0a8238774 minor fixes 2012-05-09 14:58:16 +00:00
Miroslav Stampar
9fa3619262 minor fix 2012-05-09 14:00:07 +00:00
Miroslav Stampar
56a3431be6 minor update for empty tables (skipping other techniques) 2012-05-09 10:34:21 +00:00
Miroslav Stampar
6177317a17 minor update 2012-05-09 10:06:23 +00:00
Miroslav Stampar
37f2709197 making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it) 2012-05-09 09:08:23 +00:00
Miroslav Stampar
fdf61015ad minor patch 2012-05-09 08:41:05 +00:00
Miroslav Stampar
e419177871 minor update 2012-05-08 17:28:19 +00:00
Miroslav Stampar
deec97dfe3 adding Frontbase to error message regexes 2012-05-08 17:02:58 +00:00
Miroslav Stampar
eccd4da00f minor fix 2012-05-08 15:03:33 +00:00
Miroslav Stampar
938d9ff23e doing all the work for the users so they wouldn't strain their little hands 2012-05-08 15:00:23 +00:00
Miroslav Stampar
524dd75ff2 that query variable hasn't been used anywhere (obsolete for some time) 2012-05-08 14:34:40 +00:00
Miroslav Stampar
6af110d631 avoiding --no-cast/--hex warning message before a DBMS is fingerprinted 2012-05-08 14:06:41 +00:00
Miroslav Stampar
64c241fe92 limiting original UNION query results to only 1 result (potentially speeding things up in some cases) 2012-05-08 13:45:53 +00:00
Miroslav Stampar
e00f4a8934 minor cosmetics 2012-05-08 10:50:04 +00:00
Miroslav Stampar
a121339395 automatically writing uncracked hashes to a file for eventual further processing 2012-05-08 10:46:05 +00:00
Miroslav Stampar
80ee687b41 minor beauty patch 2012-05-07 13:51:31 +00:00
Miroslav Stampar
96299d3d5d minor refactoring 2012-05-03 22:34:18 +00:00
Miroslav Stampar
cc28f6db6b minor update 2012-05-01 20:43:16 +00:00
Miroslav Stampar
17efeaae7f causing too much confusion among dummy users 2012-05-01 09:04:11 +00:00
Miroslav Stampar
694b14111f skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set) 2012-04-27 13:16:51 +00:00
Miroslav Stampar
6f67dc85ee adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical 2012-04-25 20:29:07 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Miroslav Stampar
cec432f94d minor update 2012-04-23 14:43:59 +00:00
Miroslav Stampar
697768c01a adding --purge-output to be one of mandatory switches 2012-04-23 14:42:24 +00:00
Miroslav Stampar
d57d5e4b2c minor update 2012-04-23 14:33:36 +00:00
Miroslav Stampar
1eecfb3dce adding new file related to the last commit 2012-04-23 14:25:16 +00:00
Miroslav Stampar
095b25e1d1 adding option '--purge' 2012-04-23 14:24:23 +00:00
Miroslav Stampar
3532d23933 automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established) 2012-04-23 13:41:36 +00:00
Miroslav Stampar
be2da77bf8 minor update 2012-04-23 10:15:04 +00:00
Miroslav Stampar
21c6b52198 minor fix 2012-04-23 10:11:00 +00:00
Miroslav Stampar
775134639d minor update 2012-04-20 20:33:15 +00:00
Miroslav Stampar
2b1b4c0742 minor fix 2012-04-18 10:01:04 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade minor renaming 2012-04-17 08:41:19 +00:00
Miroslav Stampar
601d118c68 reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types) 2012-04-15 16:59:03 +00:00
Miroslav Stampar
71b0acc16f minor fix (checking for full inband should be done with ORIGINAL - more concise) 2012-04-15 16:43:18 +00:00
Miroslav Stampar
5772c52f46 minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....) 2012-04-15 16:33:47 +00:00
Miroslav Stampar
ae8c70e895 another cosmetics 2012-04-13 15:11:44 +00:00
Miroslav Stampar
d765cdc3a3 minor cosmetics 2012-04-13 15:10:40 +00:00
Miroslav Stampar
54576ab3a6 making a random choice from candidates 2012-04-13 10:54:30 +00:00
Miroslav Stampar
bbbcc95fe5 use it only if page is stable 2012-04-13 10:19:26 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
831f79b851 minor generalization 2012-04-12 09:30:19 +00:00
Miroslav Stampar
c7422546e1 tiny update 2012-04-11 23:01:38 +00:00
Miroslav Stampar
2bad73a981 minor update 2012-04-11 21:48:44 +00:00
Miroslav Stampar
e195de2093 correcting comment on reflective removal function 2012-04-11 21:41:48 +00:00
Miroslav Stampar
b45ae10da4 minor fixes 2012-04-11 21:36:37 +00:00
Miroslav Stampar
627bfc589f some more updates in reflective removal mechanism 2012-04-11 21:26:00 +00:00
Miroslav Stampar
8b130f6497 minor improvement for reflective values (when missing first part of payload like in error reports) 2012-04-11 15:01:28 +00:00
Miroslav Stampar
01bd5d0ab2 some more updates for reflective mechanism 2012-04-11 10:41:33 +00:00
Miroslav Stampar
2e92d8636e improvement of reflective mechanism 2012-04-11 08:58:03 +00:00
Miroslav Stampar
60ca44e0cf minor adjustment 2012-04-11 08:35:09 +00:00
Miroslav Stampar
e33ea7c33a minor fix 2012-04-10 22:29:39 +00:00
Miroslav Stampar
8541222080 minor update 2012-04-10 22:26:42 +00:00
Miroslav Stampar
9c2f244d47 minor fix 2012-04-10 22:20:53 +00:00
Miroslav Stampar
a82206cec4 minor cosmetics 2012-04-10 21:57:00 +00:00
Miroslav Stampar
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate 2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9 adding support for PgSQL DNS data exfiltration 2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48 reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases) 2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5 minor refactoring 2012-04-05 12:55:26 +00:00
Miroslav Stampar
02924eb345 minor update 2012-04-04 23:47:06 +00:00
Miroslav Stampar
e0994947e2 minor update 2012-04-04 23:37:50 +00:00
Miroslav Stampar
b1dd03731a minor cosmetics 2012-04-04 23:34:08 +00:00
Miroslav Stampar
83387d92bb minor bug fix 2012-04-04 23:32:20 +00:00
Miroslav Stampar
c89a4162e2 bug fix for --dns-domain with --technique=TS 2012-04-04 18:01:39 +00:00
Miroslav Stampar
098c7c06dd added few comments 2012-04-04 13:24:58 +00:00
Miroslav Stampar
a5b69eaea4 removing unused imports 2012-04-04 13:18:14 +00:00
Bernardo Damele
52796bb4da revert 2012-04-04 13:02:50 +00:00
Miroslav Stampar
a4b95ab7dd works against MySQL/Windows 2012-04-04 12:49:45 +00:00
Bernardo Damele
a1d97e9d7b Add a space after a comment 2012-04-04 12:48:21 +00:00
Bernardo Damele
025c531d22 leftover 2012-04-04 12:44:25 +00:00
Bernardo Damele
c0946ce2c9 Minor refactoring 2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895 more cosmetics 2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
1b2cd44255 proper fix 2012-04-04 10:35:52 +00:00
Miroslav Stampar
7031ef8e00 removing default values for referer and host from higher level/risk options 2012-04-04 10:34:27 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
5851badff1 minor refactoring 2012-04-03 14:46:09 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
556b349be3 minor fix for retrieving non-printable chars in inference and non-multi threading mode 2012-04-03 14:04:07 +00:00
Miroslav Stampar
33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique 2012-04-03 13:56:11 +00:00
Miroslav Stampar
7fb190f3b1 minor fix 2012-04-03 12:35:19 +00:00