Minor improvement to be able to provide CU as user value (-U) when enumerating

bdamele · bdamele · commit 78e8a83c1108 · 2008-12-05T15:32:59.000Z
users privileges or users passwords.
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -170,10 +170,15 @@ def getUsers(self):
 
     def getPasswordHashes(self):
         infoMsg = "fetching database users password hashes"
-        logger.info(infoMsg)
 
         rootQuery = queries[kb.dbms].passwords
 
+        if conf.user == "CU":
+            infoMsg += " for current user"
+            conf.user = self.getCurrentUser()
+
+        logger.info(infoMsg)
+
         if conf.unionUse:
             if kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
                 query = rootQuery["inband"]["query2"]
@@ -301,10 +306,15 @@ def __isAdminFromPrivileges(self, privileges):
 
     def getPrivileges(self):
         infoMsg = "fetching database users privileges"
-        logger.info(infoMsg)
 
         rootQuery = queries[kb.dbms].privileges
 
+        if conf.user == "CU":
+            infoMsg += " for current user"
+            conf.user = self.getCurrentUser()
+
+        logger.info(infoMsg)
+
         # Set containing the list of DBMS administrators
         areAdmins = set()
 
