Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d106fb5

Browse files
bdamelebdamele
committed
layout adjustments
1 parent 1b2cd44 commit d106fb5

5 files changed

Lines changed: 23 additions & 9 deletions

File tree

lib/core/option.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,6 @@
7777
from lib.core.exception import sqlmapUnsupportedDBMSException
7878
from lib.core.exception import sqlmapUserQuitException
7979
from lib.core.optiondict import optDict
80-
from lib.request.dns import DNSServer
8180
from lib.core.settings import CODECS_LIST_PAGE
8281
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
8382
from lib.core.settings import DEFAULT_PAGE_ENCODING
@@ -116,6 +115,7 @@
116115
from lib.parse.configfile import configFileParser
117116
from lib.parse.payloads import loadPayloads
118117
from lib.request.connect import Connect as Request
118+
from lib.request.dns import DNSServer
119119
from lib.request.proxy import ProxyHTTPSHandler
120120
from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler
121121
from lib.request.certhandler import HTTPSCertAuthHandler
@@ -1719,7 +1719,7 @@ def __setDNSServer():
17191719
if not conf.dnsDomain:
17201720
return
17211721

1722-
infoMsg = "making DNS server instance"
1722+
infoMsg = "setting up DNS server instance"
17231723
logger.info(infoMsg)
17241724

17251725
isAdmin = runningAsAdmin()
@@ -1730,7 +1730,7 @@ def __setDNSServer():
17301730
else:
17311731
errMsg = "you need to run sqlmap as an administrator "
17321732
errMsg += "if you want to perform a DNS data exfiltration attack "
1733-
errMsg += "as it will need to listen on privileged TCP port 53 "
1733+
errMsg += "as it will need to listen on privileged UDP port 53 "
17341734
errMsg += "for incoming address resolution attempts"
17351735
raise sqlmapMissingPrivileges, errMsg
17361736

lib/core/settings.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -194,12 +194,12 @@
194194
HOST_ALIASES = ( "host", )
195195

196196
FROM_DUMMY_TABLE = {
197-
DBMS.ORACLE: " FROM DUAL",
198-
DBMS.ACCESS: " FROM MSysAccessObjects",
199-
DBMS.FIREBIRD: " FROM RDB$DATABASE",
200-
DBMS.MAXDB: " FROM VERSIONS",
201-
DBMS.DB2: " FROM SYSIBM.SYSDUMMY1"
202-
}
197+
DBMS.ORACLE: " FROM DUAL",
198+
DBMS.ACCESS: " FROM MSysAccessObjects",
199+
DBMS.FIREBIRD: " FROM RDB$DATABASE",
200+
DBMS.MAXDB: " FROM VERSIONS",
201+
DBMS.DB2: " FROM SYSIBM.SYSDUMMY1"
202+
}
203203

204204
SQL_STATEMENTS = {
205205
"SQL SELECT statement": (

lib/request/dns.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,14 +90,18 @@ def _():
9090
try:
9191
server = DNSServer()
9292
server.run()
93+
9394
while server._running:
9495
while True:
9596
_ = server.pop()
97+
9698
if _ is None:
9799
break
98100
else:
99101
print "[i] %s" % _
102+
100103
time.sleep(1)
104+
101105
except socket.error, ex:
102106
if 'Permission' in str(ex):
103107
print "[x] Please run with sudo/Administrator privileges"

lib/request/inject.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,11 +85,15 @@ def __goDns(payload, expression):
8585

8686
if conf.dnsDomain and kb.dnsTest is not False:
8787
if kb.dnsTest is None:
88+
logger.info("testing for data retrieval through DNS channel")
89+
8890
randInt = randomInt()
8991
kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt)
92+
9093
if not kb.dnsTest:
9194
errMsg = "test for data retrieval through DNS channel failed. Turning off DNS exfiltration support"
9295
logger.error(errMsg)
96+
9397
conf.dnsDomain = None
9498
else:
9599
infoMsg = "test for data retrieval through DNS channel was successful"

lib/techniques/dns/use.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ def dnsUse(payload, expression):
5353

5454
if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE):
5555
output = hashDBRetrieve(expression, checkConf=True)
56+
5657
if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None:
5758
output = None
5859

@@ -79,14 +80,17 @@ def dnsUse(payload, expression):
7980
forgedPayload = agent.payload(newValue=query)
8081
else:
8182
forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))
83+
8284
Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False)
8385

8486
_ = conf.dnsServer.pop(prefix, suffix)
87+
8588
if _:
8689
_ = extractRegexResult("%s\.(?P<result>.+)\.%s" % (prefix, suffix), _, re.I)
8790
_ = decodeHexValue(_)
8891
output = (output or "") + _
8992
offset += len(_)
93+
9094
if len(_) < chunk_length:
9195
break
9296
else:
@@ -96,8 +100,10 @@ def dnsUse(payload, expression):
96100

97101
if output is not None:
98102
retVal = output
103+
99104
if kb.dnsTest is not None:
100105
dataToStdout("[%s] [INFO] %s: %s\r\n" % (time.strftime("%X"), "retrieved" if count > 0 else "resumed", safecharencode(output)))
106+
101107
if count > 0:
102108
hashDBWrite(expression, output)
103109

0 commit comments

Comments
 (0)