more code updates regarding good samaritan (common output) feature

stamparm · stamparm · commit 7f0db26e9981 · 2010-05-26T09:48:20.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -24,6 +24,7 @@
 
 import codecs
 import cProfile
+import inspect
 import os
 import random
 import re
@@ -1270,10 +1271,23 @@ def getGoodSamaritanParameters(part, prevValue, originalCharset):
     else:
         return None, None, originalCharset
 
-def getCompiledRegex(regex):
+def getCompiledRegex(regex, args=()):
     if regex in __compiledRegularExpressions:
         return __compiledRegularExpressions[regex]
     else:
-        retVal = re.compile(regex)
+        retVal = re.compile(regex, *args)
         __compiledRegularExpressions[regex] = retVal
         return retVal
+
+#dumper.dbTableValues(conf.dbmsHandler.dumpTable()) -> dumpTable
+def getPartRun():
+    commonPartsDict = { "dumpTable":"Tables", "getColumns":"Columns", "getUsers":"Users", "getBanner":"Banners" }
+    retVal = None
+    stack = [item[4][0] if isinstance(item[4], list) else '' for item in inspect.stack()]
+    reobj = getCompiledRegex('conf\.dbmsHandler\.([^(]+)\(\)')
+    for i in xrange(len(stack) - 1, 0, -1):
+        match = reobj.search(stack[i])
+        if match:
+            retVal = match.groups()[0]
+            break
+    return commonPartsDict[retVal] if retVal in commonPartsDict else retVal
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
@@ -31,6 +31,7 @@
 from lib.core.common import dataToStdout
 from lib.core.common import getCharset
 from lib.core.common import getGoodSamaritanParameters
+from lib.core.common import getPartRun
 from lib.core.common import replaceNewlineTabs
 from lib.core.common import safeStringFormat
 from lib.core.convert import urlencode
@@ -56,6 +57,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
 
     asciiTbl = getCharset(charsetType)
 
+    kb.partRun = getPartRun() if conf.useCommonPrediction else None
+
     if "LENGTH(" in expression or "LEN(" in expression:
         firstChar = 0
     elif conf.firstChar is not None and ( isinstance(conf.firstChar, int) or ( isinstance(conf.firstChar, basestring) and conf.firstChar.isdigit() ) ):
@@ -376,13 +379,13 @@ def downloadThread():
                 if singleValue is None:
                     val = getChar(index, predictedCharset, False) if predictedCharset else None
                 else:
-                    #forgedPayload = safeStringFormat('AND (%s) = \'%s\'', (expressionUnescaped, singleValue))
-                    #result = Request.queryPage(urlencode(forgedPayload))
-                    #if result:
-                    #    finalValue = singleValue
-                    #    break
-                    pass
-
+                    query = agent.prefixQuery(" %s" % safeStringFormat('AND (%s) = \'%s\'', (expressionUnescaped, singleValue)))
+                    query = agent.postfixQuery(query)
+                    payload = agent.payload(newValue=query)
+                    result = Request.queryPage(urlencode(payload))
+                    if result:
+                        finalValue = singleValue
+                        break
                 if not val:
                     val = getChar(index, otherCharset)
             else:
diff --git a/txt/common-outputs.txt b/txt/common-outputs.txt
@@ -2,4 +2,4 @@
 users
 
 [Users]
-luther
+'root'@'127.0.0.1'

-Original file line number
+Diff line change
 users
 [Users]
 -luther
 +'root'@'127.0.0.1'