Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit dc41484

Browse files
stamparmstamparm
committed
Refactoring of funcionality for finding out if stacking is available
1 parent 8b4f723 commit dc41484

8 files changed

Lines changed: 46 additions & 30 deletions

File tree

lib/core/common.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2399,6 +2399,24 @@ def isTechniqueAvailable(technique):
23992399
else:
24002400
return getTechniqueData(technique) is not None
24012401

2402+
def isStackingAvailable():
2403+
"""
2404+
Returns True whether techniques using stacking are available
2405+
"""
2406+
2407+
retVal = False
2408+
2409+
if PAYLOAD.TECHNIQUE.STACKED in kb.injection.data:
2410+
retVal = True
2411+
else:
2412+
for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
2413+
_ = getTechniqueData(technique)
2414+
if _ and "stacked" in _["title"].lower():
2415+
retVal = True
2416+
break
2417+
2418+
return retVal
2419+
24022420
def isInferenceAvailable():
24032421
"""
24042422
Returns True whether techniques using inference technique are available

lib/takeover/abstraction.py

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
from lib.core.common import dataToStdout
1010
from lib.core.common import Backend
1111
from lib.core.common import getSQLSnippet
12+
from lib.core.common import isStackingAvailable
1213
from lib.core.common import isTechniqueAvailable
1314
from lib.core.common import readInput
1415
from lib.core.data import conf
@@ -39,7 +40,7 @@ def __init__(self):
3940
Xp_cmdshell.__init__(self)
4041

4142
def execCmd(self, cmd, silent=False):
42-
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
43+
if self.webBackdoorUrl and not isStackingAvailable():
4344
self.webBackdoorRunCmd(cmd)
4445

4546
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
@@ -55,7 +56,7 @@ def execCmd(self, cmd, silent=False):
5556
def evalCmd(self, cmd, first=None, last=None):
5657
retVal = None
5758

58-
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
59+
if self.webBackdoorUrl and not isStackingAvailable():
5960
retVal = self.webBackdoorRunCmd(cmd)
6061

6162
elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
@@ -92,7 +93,7 @@ def runCmd(self, cmd):
9293
self.execCmd(cmd)
9394

9495
def shell(self):
95-
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
96+
if self.webBackdoorUrl and not isStackingAvailable():
9697
infoMsg = "calling OS shell. To quit type "
9798
infoMsg += "'x' or 'q' and press ENTER"
9899
logger.info(infoMsg)
@@ -146,7 +147,7 @@ def _initRunAs(self):
146147
if not conf.dbmsCred:
147148
return
148149

149-
if not conf.direct and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
150+
if not conf.direct and not isStackingAvailable():
150151
errMsg = "stacked queries is not supported hence sqlmap cannot "
151152
errMsg += "execute statements as another user. The execution "
152153
errMsg += "will continue and the DBMS credentials provided "

lib/takeover/udf.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
from lib.core.agent import agent
1111
from lib.core.common import dataToStdout
1212
from lib.core.common import Backend
13+
from lib.core.common import isStackingAvailable
1314
from lib.core.common import isTechniqueAvailable
1415
from lib.core.common import readInput
1516
from lib.core.data import conf
@@ -188,7 +189,7 @@ def udfInjectCustom(self):
188189
logger.error(errMsg)
189190
return
190191

191-
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
192+
if not isStackingAvailable() and not conf.direct:
192193
errMsg = "UDF injection feature requires stacked queries SQL injection"
193194
logger.error(errMsg)
194195
return

plugins/dbms/mysql/takeover.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99

1010
from lib.core.agent import agent
1111
from lib.core.common import Backend
12+
from lib.core.common import isStackingAvailable
1213
from lib.core.common import isTechniqueAvailable
1314
from lib.core.common import normalizePath
1415
from lib.core.common import ntToPosixSlashes
@@ -100,7 +101,7 @@ def udfCreateFromSharedLib(self, udf, inpRet):
100101
logger.debug("keeping existing UDF '%s' as requested" % udf)
101102

102103
def uncPathRequest(self):
103-
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
104+
if not isStackingAvailable():
104105
query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
105106
query = agent.suffixQuery(query)
106107
payload = agent.payload(newValue=query)

plugins/generic/custom.py

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
from lib.core.common import getPublicTypeMembers
1313
from lib.core.common import getSQLSnippet
1414
from lib.core.common import getTechniqueData
15+
from lib.core.common import isStackingAvailable
1516
from lib.core.common import isTechniqueAvailable
1617
from lib.core.convert import utf8decode
1718
from lib.core.data import conf
@@ -41,23 +42,14 @@ def sqlQuery(self, query):
4142
sqlType = sqlTitle
4243
break
4344

44-
stacked = isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)
45-
46-
if not stacked:
47-
for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
48-
_ = getTechniqueData(technique)
49-
if _ and "stacked" in _["title"].lower():
50-
stacked = True
51-
break
52-
5345
if "OPENROWSET" not in query.upper() and (not sqlType or "SELECT" in sqlType):
5446
infoMsg = "fetching %s query output: '%s'" % (sqlType if sqlType is not None else "SQL", query)
5547
logger.info(infoMsg)
5648

5749
output = inject.getValue(query, fromUser=True)
5850

5951
return output
60-
elif not stacked and not conf.direct:
52+
elif not isStackingAvailable() and not conf.direct:
6153
warnMsg = "execution of custom SQL queries is only "
6254
warnMsg += "available when stacked queries are supported"
6355
logger.warn(warnMsg)

plugins/generic/filesystem.py

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
from lib.core.common import decodeHexValue
1515
from lib.core.common import isNumPosStrValue
1616
from lib.core.common import isListLike
17+
from lib.core.common import isStackingAvailable
1718
from lib.core.common import isTechniqueAvailable
1819
from lib.core.common import readInput
1920
from lib.core.data import conf
@@ -189,8 +190,8 @@ def readFile(self, remoteFiles):
189190
fileContent = None
190191
kb.fileReadMode = True
191192

192-
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
193-
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
193+
if conf.direct or isStackingAvailable():
194+
if isStackingAvailable():
194195
debugMsg = "going to read the file with stacked query SQL "
195196
debugMsg += "injection technique"
196197
logger.debug(debugMsg)
@@ -260,8 +261,8 @@ def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False):
260261
if localFile.endswith('_'):
261262
localFile = decloakToTemp(localFile)
262263

263-
if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
264-
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
264+
if conf.direct or isStackingAvailable():
265+
if isStackingAvailable():
265266
debugMsg = "going to upload the %s file with " % fileType
266267
debugMsg += "stacked query SQL injection technique"
267268
logger.debug(debugMsg)

plugins/generic/misc.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010

1111
from lib.core.common import Backend
1212
from lib.core.common import hashDBWrite
13+
from lib.core.common import isStackingAvailable
1314
from lib.core.common import isTechniqueAvailable
1415
from lib.core.common import normalizePath
1516
from lib.core.common import ntToPosixSlashes
@@ -125,7 +126,7 @@ def cleanup(self, onlyFileTbl=False, udfDict=None, web=False):
125126
self.delRemoteFile(self.webStagerFilePath)
126127
self.delRemoteFile(self.webBackdoorFilePath)
127128

128-
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
129+
if not isStackingAvailable() and not conf.direct:
129130
return
130131

131132
if Backend.isOs(OS.WINDOWS):

plugins/generic/takeover.py

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import os
99

1010
from lib.core.common import Backend
11+
from lib.core.common import isStackingAvailable
1112
from lib.core.common import isTechniqueAvailable
1213
from lib.core.common import readInput
1314
from lib.core.common import runningAsAdmin
@@ -41,9 +42,9 @@ def __init__(self):
4142
Abstraction.__init__(self)
4243

4344
def osCmd(self):
44-
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
45+
if isStackingAvailable() or conf.direct:
4546
web = False
46-
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
47+
elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
4748
infoMsg = "going to use a web backdoor for command execution"
4849
logger.info(infoMsg)
4950

@@ -63,9 +64,9 @@ def osCmd(self):
6364
self.cleanup(web=web)
6465

6566
def osShell(self):
66-
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
67+
if isStackingAvailable() or conf.direct:
6768
web = False
68-
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
69+
elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
6970
infoMsg = "going to use a web backdoor for command prompt"
7071
logger.info(infoMsg)
7172

@@ -153,7 +154,7 @@ def osPwn(self):
153154
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
154155
self.sysUdfs.pop("sys_bineval")
155156

156-
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) or conf.direct:
157+
if isStackingAvailable() or conf.direct:
157158
web = False
158159

159160
self.getRemoteTempPath()
@@ -202,7 +203,7 @@ def osPwn(self):
202203
self.uploadIcmpshSlave(web=web)
203204
self.icmpPwn()
204205

205-
elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and Backend.isDbms(DBMS.MYSQL):
206+
elif not isStackingAvailable() and Backend.isDbms(DBMS.MYSQL):
206207
web = True
207208

208209
infoMsg = "going to use a web backdoor to establish the tunnel"
@@ -250,7 +251,7 @@ def osSmb(self):
250251
errMsg += "relay attack"
251252
raise SqlmapUnsupportedDBMSException(errMsg)
252253

253-
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
254+
if not isStackingAvailable() and not conf.direct:
254255
if Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.MSSQL):
255256
errMsg = "on this back-end DBMS it is only possible to "
256257
errMsg += "perform the SMB relay attack if stacked "
@@ -292,7 +293,7 @@ def osSmb(self):
292293
self.smb()
293294

294295
def osBof(self):
295-
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
296+
if not isStackingAvailable() and not conf.direct:
296297
return
297298

298299
if not Backend.isDbms(DBMS.MSSQL) or not Backend.isVersionWithin(("2000", "2005")):
@@ -328,7 +329,7 @@ def uncPathRequest(self):
328329
raise SqlmapUndefinedMethod(errMsg)
329330

330331
def _regInit(self):
331-
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
332+
if not isStackingAvailable() and not conf.direct:
332333
return
333334

334335
self.checkDbmsOs()

0 commit comments

Comments
 (0)