def update(): if not conf.updateAll: return rootDir = paths.SQLMAP_ROOT_PATH infoMsg = "updating sqlmap to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("git pull %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE) pollProcess(process, True) stdout, stderr = process.communicate() if not process.returncode: logger.info("%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", REVISION)) else: logger.error("update could not be completed (%s)" % repr(stderr)) if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/)" else: infoMsg = "for Linux platform it's recommended " infoMsg += "to use a standard 'git' package (e.g.: 'sudo apt-get install git')" logger.info(infoMsg)
def pack(self, srcFile, dstFile=None): self.__initialize(srcFile, dstFile) logger.debug("executing local command: %s" % self.__upxCmd) process = execute(self.__upxCmd, shell=True, stdout=PIPE, stderr=STDOUT) dataToStdout("\r[%s] [INFO] compression in progress " % time.strftime("%X")) pollProcess(process) upxStdout, upxStderr = process.communicate() if hasattr(self, '__upxTempExe'): os.remove(self.__upxTempExe.name) msg = "failed to compress the file" if "NotCompressibleException" in upxStdout: msg += " because you provided a Metasploit version above " msg += "3.3-dev revision 6681. This will not inficiate " msg += "the correct execution of sqlmap. It might " msg += "only slow down a bit the execution" logger.debug(msg) elif upxStderr: logger.warn(msg) else: return os.path.getsize(srcFile) return None
def __updateSqlmap(): rootDir = paths.SQLMAP_ROOT_PATH infoMsg = "updating sqlmap to latest development version from the " infoMsg += "subversion repository" logger.info(infoMsg) try: import pysvn debugMsg = "sqlmap will update itself using installed python-svn " debugMsg += "third-party library, http://pysvn.tigris.org/" logger.debug(debugMsg) def notify(event_dict): action = getUnicode(event_dict['action']) index = action.find('_') prefix = action[index + 1].upper() if index != -1 else action.capitalize() if action.find('_update') != -1: return if action.find('_completed') == -1: dataToStdout("%s\t%s\n" % (prefix, event_dict['path'])) else: revision = getUnicode(event_dict['revision']) index = revision.find('number ') if index != -1: revision = revision[index+7:].strip('>') logger.info('updated to the latest revision %s' % revision) client = pysvn.Client() client.callback_notify = notify client.update(rootDir) except ImportError, _: debugMsg = "sqlmap will try to update itself using 'svn' command" logger.debug(debugMsg) process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) pollProcess(process) svnStdout, svnStderr = process.communicate() if svnStderr: errMsg = svnStderr.strip() logger.error(errMsg) elif svnStdout: revision = re.search("revision\s+([\d]+)", svnStdout, re.I) if revision: logger.info('updated to the latest revision %s' % revision.group(1))
def update(): if not conf.updateAll: return success = False rootDir = paths.SQLMAP_ROOT_PATH if not os.path.exists(os.path.join(rootDir, ".git")): errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev)" logger.error(errMsg) else: infoMsg = "updating sqlmap to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode if success: import lib.core.settings _ = lib.core.settings.REVISION = getRevisionNumber() logger.info( "%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", _)) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) if not success: if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/) or just " infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" else: infoMsg = "for Linux platform it's required " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')" logger.info(infoMsg)
def createMsfShellcode(self, exitfunc, format, extra, encode): infoMsg = "creating Metasploit Framework multi-stage shellcode " logger.info(infoMsg) self._randStr = randomStr(lowercase=True) self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr) self._initVars() self._prepareIngredients(encode=encode) self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra) logger.debug("executing local command: %s" % self._payloadCmd) process = execute(self._payloadCmd, shell=True, stdout=None, stderr=PIPE) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] if Backend.isOs(OS.WINDOWS) or extra == "BufferRegister=EAX": payloadSize = re.search("size ([\d]+)", payloadStderr, re.I) else: payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I) if payloadSize: payloadSize = int(payloadSize.group(1)) if extra == "BufferRegister=EAX": payloadSize = payloadSize / 2 debugMsg = "the shellcode size is %d bytes" % payloadSize logger.debug(debugMsg) else: errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace( "\n", " ").replace("\r", "") raise SqlmapFilePathException, errMsg self._shellcodeFP = codecs.open(self._shellcodeFilePath, "rb") self.shellcodeString = self._shellcodeFP.read() self._shellcodeFP.close() os.unlink(self._shellcodeFilePath)
def update(): if not conf.updateAll: return success = False rootDir = paths.SQLMAP_ROOT_PATH if not os.path.exists(os.path.join(rootDir, ".git")): errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " errMsg += "from GitHub (e.g. git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev)" logger.error(errMsg) else: infoMsg = "updating sqlmap to the latest development version from the " infoMsg += "GitHub repository" logger.info(infoMsg) debugMsg = "sqlmap will try to update itself using 'git' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=PIPE, stderr=PIPE) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode if success: logger.info( "%s the latest revision '%s'" % ("already at" if "Already" in stdout else "updated to", REVISION) ) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) if not success: if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a GitHub for Windows client for updating " infoMsg += "purposes (http://windows.github.com/) or just " infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" else: infoMsg = "for Linux platform it's required " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')" logger.info(infoMsg)
def createMsfShellcode(self, exitfunc, format, extra, encode): infoMsg = "creating Metasploit Framework multi-stage shellcode " logger.info(infoMsg) self.__randStr = randomStr(lowercase=True) self.__shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr) self.__initVars() self.__prepareIngredients(encode=encode) self.__forgeMsfPayloadCmd(exitfunc, format, self.__shellcodeFilePath, extra) logger.debug("executing local command: %s" % self.__payloadCmd) process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] if Backend.isOs(OS.WINDOWS) or extra == "BufferRegister=EAX": payloadSize = re.search("size ([\d]+)", payloadStderr, re.I) else: payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I) if payloadSize: payloadSize = int(payloadSize.group(1)) if extra == "BufferRegister=EAX": payloadSize = payloadSize / 2 debugMsg = "the shellcode size is %d bytes" % payloadSize logger.debug(debugMsg) else: errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "") raise sqlmapFilePathException, errMsg self.__shellcodeFP = codecs.open(self.__shellcodeFilePath, "rb") self.shellcodeString = self.__shellcodeFP.read() self.__shellcodeFP.close() os.unlink(self.__shellcodeFilePath)
def createMsfShellcode(self, exitfunc, format, extra, encode): infoMsg = "creating Metasploit Framework multi-stage shellcode " logger.info(infoMsg) self._randStr = randomStr(lowercase=True) self._shellcodeFilePath = os.path.join(conf.outputPath, "tmpm%s" % self._randStr) Metasploit._initVars(self) self._prepareIngredients(encode=encode) self._forgeMsfPayloadCmd(exitfunc, format, self._shellcodeFilePath, extra) logger.debug("executing local command: %s" % self._payloadCmd) process = execute(self._payloadCmd, shell=True, stdout=None, stderr=PIPE) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] match = re.search("(Total size:|Length:|succeeded with size) ([\d]+)", payloadStderr) if match: payloadSize = int(match.group(2)) if extra == "BufferRegister=EAX": payloadSize = payloadSize / 2 debugMsg = "the shellcode size is %d bytes" % payloadSize logger.debug(debugMsg) else: errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "") raise SqlmapFilePathException(errMsg) self._shellcodeFP = open(self._shellcodeFilePath, "rb") self.shellcodeString = self._shellcodeFP.read() self._shellcodeFP.close() os.unlink(self._shellcodeFilePath)
def update(): if not conf.updateAll: return errMsg = "sqlmap is now hosted on GitHub at https://github.com/sqlmapproject/sqlmap. " errMsg += "The --update switch is currently outdated and not working. Please, " errMsg += "update sqlmap running 'git pull' for the time being" raise sqlmapUnsupportedFeatureException, errMsg rootDir = paths.SQLMAP_ROOT_PATH infoMsg = "updating sqlmap to latest development version from the " infoMsg += "subversion repository" logger.info(infoMsg) try: import pysvn debugMsg = "sqlmap will update itself using installed python-svn " debugMsg += "third-party library, http://pysvn.tigris.org/" logger.debug(debugMsg) def notify(event_dict): action = getUnicode(event_dict["action"]) index = action.find("_") prefix = action[index + 1].upper() if index != -1 else action.capitalize() if action.find("_update") != -1: return if action.find("_completed") == -1: dataToStdout("%s\t%s\n" % (prefix, event_dict["path"])) else: revision = getUnicode(event_dict["revision"], UNICODE_ENCODING) index = revision.find("number ") if index != -1: revision = revision[index + 7 :].strip(">") logger.info("updated to the latest revision %s" % revision) client = pysvn.Client() client.callback_notify = notify try: client.update(rootDir) except pysvn.ClientError, e: errMsg = "unable to update sqlmap from subversion: '%s'. " % str(e) errMsg += "You are strongly advised to checkout " errMsg += "the clean copy from repository manually " if IS_WIN: errMsg += "(e.g. Right click -> TortoiseSVN -> Checkout... and type " errMsg += '"https://svn.sqlmap.org/sqlmap/trunk/sqlmap" into field "URL of repository")' else: errMsg += '(e.g. "svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev")' logger.error(errMsg) except ImportError, _: debugMsg = "sqlmap will try to update itself using 'svn' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE) pollProcess(process) svnStdout, _ = process.communicate() if svnStdout: revision = re.search("revision\s+([\d]+)", svnStdout, re.I) if revision: logger.info("updated to the latest revision %s" % revision.group(1)) if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a TortoiseSVN GUI client for updating " infoMsg += "purposes (http://tortoisesvn.net/downloads.html)" logger.info(infoMsg)
def update(): if not conf.updateAll: return rootDir = paths.SQLMAP_ROOT_PATH infoMsg = "updating sqlmap to latest development version from the " infoMsg += "subversion repository" logger.info(infoMsg) try: import pysvn debugMsg = "sqlmap will update itself using installed python-svn " debugMsg += "third-party library, http://pysvn.tigris.org/" logger.debug(debugMsg) def notify(event_dict): action = getUnicode(event_dict['action']) index = action.find('_') prefix = action[index + 1].upper() if index != -1 else action.capitalize() if action.find('_update') != -1: return if action.find('_completed') == -1: dataToStdout("%s\t%s\n" % (prefix, event_dict['path'])) else: revision = getUnicode(event_dict['revision'], UNICODE_ENCODING) index = revision.find('number ') if index != -1: revision = revision[index + 7:].strip('>') logger.info('updated to the latest revision %s' % revision) client = pysvn.Client() client.callback_notify = notify client.update(rootDir) except ImportError, _: debugMsg = "sqlmap will try to update itself using 'svn' command" logger.debug(debugMsg) process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE, stderr=PIPE) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) pollProcess(process) svnStdout, svnStderr = process.communicate() if svnStderr: errMsg = getUnicode(svnStderr, system=True).strip() logger.error(errMsg) if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a TortoiseSVN GUI client for updating " infoMsg += "purposes (http://tortoisesvn.net/)" logger.info(infoMsg) elif svnStdout: revision = re.search("revision\s+([\d]+)", svnStdout, re.I) if revision: logger.info('updated to the latest revision %s' % revision.group(1))
def createMsfPayloadStager(self, initialize=True): if initialize: infoMsg = "" else: infoMsg = "re" infoMsg += "creating Metasploit Framework 3 payload stager" logger.info(infoMsg) self.__randStr = randomStr(lowercase=True) if kb.os == "Windows": self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s.exe" % self.__randStr) # Metasploit developers added support for the old exe format # to msfencode using '-t exe-small' (>= 3.3.3-dev), # http://www.metasploit.com/redmine/projects/framework/repository/revisions/7840 # This is useful for sqlmap because on PostgreSQL it is not # possible to write files bigger than 8192 bytes abusing the # lo_export() feature implemented in sqlmap. if Backend.getIdentifiedDbms() == DBMS.PGSQL: self.__fileFormat = "exe-small" else: self.__fileFormat = "exe" else: self.exeFilePathLocal = os.path.join(conf.outputPath, "tmpm%s" % self.__randStr) self.__fileFormat = "elf" if initialize: self.__initVars() if self.payloadStr is None: self.__prepareIngredients() self.__forgeMsfPayloadCmd("process", self.__fileFormat, self.exeFilePathLocal) logger.debug("executing local command: %s" % self.__payloadCmd) process = execute(self.__payloadCmd, shell=True, stdout=None, stderr=PIPE) dataToStdout("\r[%s] [INFO] creation in progress " % time.strftime("%X")) pollProcess(process) payloadStderr = process.communicate()[1] if kb.os == "Windows": payloadSize = re.search("size\s([\d]+)", payloadStderr, re.I) else: payloadSize = re.search("Length\:\s([\d]+)", payloadStderr, re.I) os.chmod(self.exeFilePathLocal, stat.S_IRWXU) if payloadSize: payloadSize = payloadSize.group(1) exeSize = os.path.getsize(self.exeFilePathLocal) # Only pack the payload stager if the back-end DBMS operating # system is Windows and new portable executable template is # used if self.__fileFormat == "exe": packedSize = upx.pack(self.exeFilePathLocal) else: packedSize = None debugMsg = "the encoded payload size is %s bytes, " % payloadSize if packedSize and packedSize < exeSize: debugMsg += "as a compressed portable executable its size " debugMsg += "is %d bytes, decompressed it " % packedSize debugMsg += "was %s bytes large" % exeSize else: debugMsg += "as a portable executable its size is " debugMsg += "%s bytes" % exeSize logger.debug(debugMsg) else: errMsg = "failed to create the payload stager (%s)" % payloadStderr raise sqlmapFilePathException, errMsg
def update(): if not conf.updateAll: return rootDir = paths.SQLMAP_ROOT_PATH infoMsg = "updating sqlmap to latest development version from the " infoMsg += "subversion repository" logger.info(infoMsg) try: import pysvn debugMsg = "sqlmap will update itself using installed python-svn " debugMsg += "third-party library, http://pysvn.tigris.org/" logger.debug(debugMsg) def notify(event_dict): action = getUnicode(event_dict['action']) index = action.find('_') prefix = action[index + 1].upper() if index != -1 else action.capitalize() if action.find('_update') != -1: return if action.find('_completed') == -1: dataToStdout("%s\t%s\n" % (prefix, event_dict['path'])) else: revision = getUnicode(event_dict['revision'], UNICODE_ENCODING) index = revision.find('number ') if index != -1: revision = revision[index+7:].strip('>') logger.info('updated to the latest revision %s' % revision) client = pysvn.Client() client.callback_notify = notify try: client.update(rootDir) except pysvn.ClientError, e: errMsg = "unable to update sqlmap from subversion: '%s'. " % str(e) errMsg += "You are strongly advised to checkout " errMsg += "the clean copy from repository manually " if IS_WIN: errMsg += "(e.g. Right click -> TortoiseSVN -> Checkout... and type " errMsg += "\"https://svn.sqlmap.org/sqlmap/trunk/sqlmap\" into field \"URL of repository\")" else: errMsg += "(e.g. \"svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev\")" logger.error(errMsg) except ImportError, _: debugMsg = "sqlmap will try to update itself using 'svn' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE) pollProcess(process) svnStdout, _ = process.communicate() if svnStdout: revision = re.search("revision\s+([\d]+)", svnStdout, re.I) if revision: logger.info('updated to the latest revision %s' % revision.group(1)) if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a TortoiseSVN GUI client for updating " infoMsg += "purposes (http://tortoisesvn.net/downloads.html)" logger.info(infoMsg)
def update(): if not conf.updateAll: return errMsg = "sqlmap is now hosted on GitHub at https://github.com/sqlmapproject/sqlmap. " errMsg += "The --update switch is currently outdated and not working. Please, " errMsg += "update sqlmap running 'git pull' for the time being" raise sqlmapUnsupportedFeatureException, errMsg rootDir = paths.SQLMAP_ROOT_PATH infoMsg = "updating sqlmap to latest development version from the " infoMsg += "subversion repository" logger.info(infoMsg) try: import pysvn debugMsg = "sqlmap will update itself using installed python-svn " debugMsg += "third-party library, http://pysvn.tigris.org/" logger.debug(debugMsg) def notify(event_dict): action = getUnicode(event_dict['action']) index = action.find('_') prefix = action[index + 1].upper() if index != -1 else action.capitalize() if action.find('_update') != -1: return if action.find('_completed') == -1: dataToStdout("%s\t%s\n" % (prefix, event_dict['path'])) else: revision = getUnicode(event_dict['revision'], UNICODE_ENCODING) index = revision.find('number ') if index != -1: revision = revision[index+7:].strip('>') logger.info('updated to the latest revision %s' % revision) client = pysvn.Client() client.callback_notify = notify try: client.update(rootDir) except pysvn.ClientError, e: errMsg = "unable to update sqlmap from subversion: '%s'. " % str(e) errMsg += "You are strongly advised to checkout " errMsg += "the clean copy from repository manually " if IS_WIN: errMsg += "(e.g. Right click -> TortoiseSVN -> Checkout... and type " errMsg += "\"https://svn.sqlmap.org/sqlmap/trunk/sqlmap\" into field \"URL of repository\")" else: errMsg += "(e.g. \"svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev\")" logger.error(errMsg) except ImportError, _: debugMsg = "sqlmap will try to update itself using 'svn' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE) pollProcess(process) svnStdout, _ = process.communicate() if svnStdout: revision = re.search("revision\s+([\d]+)", svnStdout, re.I) if revision: logger.info('updated to the latest revision %s' % revision.group(1)) if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a TortoiseSVN GUI client for updating " infoMsg += "purposes (http://tortoisesvn.net/downloads.html)" logger.info(infoMsg)
def update(): if not conf.updateAll: return rootDir = paths.SQLMAP_ROOT_PATH infoMsg = "updating sqlmap to latest development version from the " infoMsg += "subversion repository" logger.info(infoMsg) try: import pysvn debugMsg = "sqlmap will update itself using installed python-svn " debugMsg += "third-party library, http://pysvn.tigris.org/" logger.debug(debugMsg) def notify(event_dict): action = getUnicode(event_dict["action"]) index = action.find("_") prefix = action[index + 1].upper() if index != -1 else action.capitalize() if action.find("_update") != -1: return if action.find("_completed") == -1: dataToStdout("%s\t%s\n" % (prefix, event_dict["path"])) else: revision = getUnicode(event_dict["revision"], UNICODE_ENCODING) index = revision.find("number ") if index != -1: revision = revision[index + 7 :].strip(">") logger.info("updated to the latest revision %s" % revision) client = pysvn.Client() client.callback_notify = notify try: client.update(rootDir) except pysvn.ClientError, e: errMsg = "unable to update sqlmap from subversion: '%s'" % str(e) logger.error(errMsg) except ImportError, _: debugMsg = "sqlmap will try to update itself using 'svn' command" logger.debug(debugMsg) dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) process = execute("svn update %s" % rootDir, shell=True, stdout=PIPE) pollProcess(process) svnStdout, _ = process.communicate() if svnStdout: revision = re.search("revision\s+([\d]+)", svnStdout, re.I) if revision: logger.info("updated to the latest revision %s" % revision.group(1)) if IS_WIN: infoMsg = "for Windows platform it's recommended " infoMsg += "to use a TortoiseSVN GUI client for updating " infoMsg += "purposes (http://tortoisesvn.net/downloads.html)" logger.info(infoMsg)