added missing files for Sybase

stamparm · stamparm · commit f700692c7432 · 2010-10-13T18:55:17.000Z
diff --git a/lib/controller/handler.py b/lib/controller/handler.py
@@ -51,8 +51,8 @@
 from plugins.dbms.firebird.connector import Connector as FirebirdConn
 from plugins.dbms.maxdb import MaxDBMap
 from plugins.dbms.maxdb.connector import Connector as MaxDBConn
-#from plugins.dbms.sybase import SybaseMap
-#from plugins.dbms.sybase.connector import Connector as SybaseConn
+from plugins.dbms.sybase import SybaseMap
+from plugins.dbms.sybase.connector import Connector as SybaseConn
 
 def setHandler():
     """
@@ -71,7 +71,7 @@ def setHandler():
                   ( ACCESS_ALIASES, AccessMap, AccessConn ),
                   ( FIREBIRD_ALIASES, FirebirdMap, FirebirdConn ),
                   ( MAXDB_ALIASES, MaxDBMap, MaxDBConn ),
-#                  ( SYBASE_ALIASES, SybaseMap, SybaseConn ),
+                  ( SYBASE_ALIASES, SybaseMap, SybaseConn ),
                 )
 
     for dbmsAliases, dbmsMap, dbmsConn in dbmsMap:
diff --git a/plugins/dbms/sybase/__init__.py b/plugins/dbms/sybase/__init__.py
@@ -0,0 +1,50 @@
+#!/usr/bin/env python
+
+"""
+$Id: __init__.py 1505 2010-03-23 21:26:45Z inquisb $
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+from lib.core.settings import SYBASE_SYSTEM_DBS
+from lib.core.unescaper import unescaper
+
+from plugins.dbms.sybase.enumeration import Enumeration
+from plugins.dbms.sybase.filesystem import Filesystem
+from plugins.dbms.sybase.fingerprint import Fingerprint
+from plugins.dbms.sybase.syntax import Syntax
+from plugins.dbms.sybase.takeover import Takeover
+from plugins.generic.misc import Miscellaneous
+
+class SybaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover):
+    """
+    This class defines Sybase methods
+    """
+
+    def __init__(self):
+        self.excludeDbsList = SYBASE_SYSTEM_DBS
+
+        Syntax.__init__(self)
+        Fingerprint.__init__(self)
+        Enumeration.__init__(self)
+        Filesystem.__init__(self)
+        Miscellaneous.__init__(self)
+        Takeover.__init__(self)
+
+        unescaper.setUnescape(SybaseMap.unescape)
diff --git a/plugins/dbms/sybase/connector.py b/plugins/dbms/sybase/connector.py
@@ -0,0 +1,90 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+try:
+    import _mssql
+    import pymssql
+except ImportError, _:
+    pass
+
+from lib.core.convert import utf8encode
+from lib.core.data import conf
+from lib.core.data import logger
+from lib.core.exception import sqlmapConnectionException
+
+from plugins.generic.connector import Connector as GenericConnector
+
+class Connector(GenericConnector):
+    """
+    Homepage: http://pymssql.sourceforge.net/
+    User guide: http://pymssql.sourceforge.net/examples_pymssql.php
+    API: http://pymssql.sourceforge.net/ref_pymssql.php
+    Debian package: python-pymssql
+    License: LGPL
+
+    Possible connectors: http://wiki.python.org/moin/SQL%20Server
+
+    Important note: pymssql library on your system MUST be version 1.0.2
+    to work, get it from http://sourceforge.net/projects/pymssql/files/pymssql/1.0.2/
+    """
+
+    def __init__(self):
+        GenericConnector.__init__(self)
+
+    def connect(self):
+        self.initConnection()
+
+        try:
+            self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
+        except pymssql.OperationalError, msg:
+            raise sqlmapConnectionException, msg
+
+        self.setCursor()
+        self.connected()
+
+    def fetchall(self):
+        try:
+            return self.cursor.fetchall()
+        except (pymssql.ProgrammingError, pymssql.OperationalError, _mssql.MssqlDatabaseException), msg:
+            logger.log(8, msg)
+            return None
+
+    def execute(self, query):
+        try:
+            self.cursor.execute(utf8encode(query))
+        except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
+            logger.log(8, msg)
+        except pymssql.InternalError, msg:
+            raise sqlmapConnectionException, msg
+
+    def select(self, query):
+        self.execute(query)
+        value = self.fetchall()
+
+        try:
+            self.connector.commit()
+        except pymssql.OperationalError:
+            pass
+
+        return value
diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+
+"""
+$Id: enumeration.py 1835 2010-08-31 14:25:37Z stamparm $
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+from lib.core.data import conf
+from lib.core.data import logger
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+from plugins.generic.enumeration import Enumeration as GenericEnumeration
+
+class Enumeration(GenericEnumeration):
+    def __init__(self):
+        GenericEnumeration.__init__(self, "Sybase")
+
+    def getPasswordHashes(self):
+        warnMsg = "on Sybase it is not possible to enumerate the user password hashes"
+        logger.warn(warnMsg)
+
+        return {}
diff --git a/plugins/dbms/sybase/filesystem.py b/plugins/dbms/sybase/filesystem.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+
+"""
+$Id: filesystem.py 1505 2010-03-23 21:26:45Z inquisb $
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+from lib.core.exception import sqlmapUnsupportedFeatureException
+
+from plugins.generic.filesystem import Filesystem as GenericFilesystem
+
+class Filesystem(GenericFilesystem):
+    def __init__(self):
+        GenericFilesystem.__init__(self)
+
+    def readFile(self, rFile):
+        errMsg = "on Sybase it is not possible to read files"
+        raise sqlmapUnsupportedFeatureException, errMsg
+
+    def writeFile(self, wFile, dFile, fileType=None, confirm=True):
+        errMsg = "on Sybase it is not possible to write files"
+        raise sqlmapUnsupportedFeatureException, errMsg
diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py
@@ -0,0 +1,133 @@
+#!/usr/bin/env python
+
+"""
+$Id: fingerprint.py 1961 2010-10-11 13:52:32Z stamparm $
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2010 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+from lib.core.agent import agent
+from lib.core.common import formatDBMSfp
+from lib.core.common import formatFingerprint
+from lib.core.common import getHtmlErrorFp
+from lib.core.common import randomInt
+from lib.core.data import conf
+from lib.core.data import kb
+from lib.core.data import logger
+from lib.core.session import setDbms
+from lib.core.settings import SYBASE_ALIASES
+from lib.request import inject
+from lib.request.connect import Connect as Request
+
+from plugins.generic.fingerprint import Fingerprint as GenericFingerprint
+
+class Fingerprint(GenericFingerprint):
+    def __init__(self):
+        GenericFingerprint.__init__(self)
+
+    def getFingerprint(self):
+        value  = ""
+        wsOsFp = formatFingerprint("web server", kb.headersFp)
+
+        if wsOsFp:
+            value += "%s\n" % wsOsFp
+
+        if kb.data.banner:
+            dbmsOsFp = formatFingerprint("back-end DBMS", kb.bannerFp)
+
+            if dbmsOsFp:
+                value += "%s\n" % dbmsOsFp
+
+        value += "back-end DBMS: "
+
+        if not conf.extensiveFp:
+            value += "Sybase"
+            return value
+
+        actVer = formatDBMSfp()
+        blank  = " " * 15
+        value += "active fingerprint: %s" % actVer
+
+        if kb.bannerFp:
+            banVer = kb.bannerFp["dbmsVersion"]
+            banVer = formatDBMSfp([banVer])
+            value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)
+
+        htmlErrorFp = getHtmlErrorFp()
+
+        if htmlErrorFp:
+            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)
+
+        return value
+
+    def checkDbms(self):
+        if conf.dbms in SYBASE_ALIASES and kb.dbmsVersion and kb.dbmsVersion[0].isdigit():
+            setDbms("Sybase %s" % kb.dbmsVersion[0])
+
+            self.getBanner()
+
+            if not conf.extensiveFp:
+                kb.os = "Windows"
+
+                return True
+
+        infoMsg = "testing Sybase"
+        logger.info(infoMsg)
+
+        if conf.direct:
+            result = True
+        else:
+            payload = agent.fullPayload(" AND tempdb_id()=tempdb_id()")
+            result  = Request.queryPage(payload)
+
+        if result:
+            logMsg = "confirming Sybase"
+            logger.info(logMsg)
+
+            payload = agent.fullPayload(" AND suser_id()=suser_id()")
+            result  = Request.queryPage(payload)
+
+            if not result:
+                warnMsg = "the back-end DMBS is not Sybase"
+                logger.warn(warnMsg)
+
+                return False
+
+            setDbms("Sybase")
+
+            self.getBanner()
+
+            if not conf.extensiveFp:
+                return True
+            
+            for version in range(12, 16):
+                randInt = randomInt()
+                query   = " AND @@VERSION_NUMBER/1000=%d" % version
+                payload = agent.fullPayload(query)
+                result  = Request.queryPage(payload)
+                if result:
+                    kb.dbmsVersion = ["%d" % version]
+                    break
+
+            return True
+        else:
+            warnMsg = "the back-end DMBS is not Sybase"
+            logger.warn(warnMsg)
+
+            return False
diff --git a/plugins/dbms/sybase/syntax.py b/plugins/dbms/sybase/syntax.py
diff --git a/plugins/dbms/sybase/takeover.py b/plugins/dbms/sybase/takeover.py
