Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/plugins/dbms/db2/fingerprint.py
2992 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
from lib.core.common import Backend

9
from lib.core.common import Format

10
from lib.core.compat import xrange

11
from lib.core.data import conf

12
from lib.core.data import kb

13
from lib.core.data import logger

14
from lib.core.enums import DBMS

15
from lib.core.enums import OS

16
from lib.core.session import setDbms

17
from lib.core.settings import DB2_ALIASES

18
from lib.request import inject

19
from plugins.generic.fingerprint import Fingerprint as GenericFingerprint

20


21
class Fingerprint(GenericFingerprint):

22
    def __init__(self):

23
        GenericFingerprint.__init__(self, DBMS.DB2)

24


25
    def _versionCheck(self):

26
        minor, major = None, None

27


28
        for version in reversed(xrange(5, 15)):

29
            result = inject.checkBooleanExpression("(SELECT COUNT(*) FROM sysibm.sysversions WHERE versionnumber BETWEEN %d000000 AND %d999999)>0" % (version, version))

30


31
            if result:

32
                major = version

33


34
                for version in reversed(xrange(0, 20)):

35
                    result = inject.checkBooleanExpression("(SELECT COUNT(*) FROM sysibm.sysversions WHERE versionnumber BETWEEN %d%02d0000 AND %d%02d9999)>0" % (major, version, major, version))

36
                    if result:

37
                        minor = version

38
                        version = "%s.%s" % (major, minor)

39
                        break

40


41
                break

42


43
        if major and minor:

44
            return "%s.%s" % (major, minor)

45
        else:

46
            return None

47


48
    def getFingerprint(self):

49
        value = ""

50
        wsOsFp = Format.getOs("web server", kb.headersFp)

51


52
        if wsOsFp:

53
            value += "%s\n" % wsOsFp

54


55
        if kb.data.banner:

56
            dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)

57


58
            if dbmsOsFp:

59
                value += "%s\n" % dbmsOsFp

60


61
        value += "back-end DBMS: "

62


63
        if not conf.extensiveFp:

64
            value += DBMS.DB2

65
            return value

66


67
        actVer = Format.getDbms()

68
        blank = " " * 15

69
        value += "active fingerprint: %s" % actVer

70


71
        if kb.bannerFp:

72
            banVer = kb.bannerFp.get("dbmsVersion")

73


74
            if banVer:

75
                banVer = Format.getDbms([banVer])

76
                value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer)

77


78
        htmlErrorFp = Format.getErrorParsedDBMSes()

79


80
        if htmlErrorFp:

81
            value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp)

82


83
        return value

84


85
    def checkDbms(self):

86
        if not conf.extensiveFp and Backend.isDbmsWithin(DB2_ALIASES):

87
            setDbms(DBMS.DB2)

88


89
            return True

90


91
        logMsg = "testing %s" % DBMS.DB2

92
        logger.info(logMsg)

93


94
        result = inject.checkBooleanExpression("[RANDNUM]=(SELECT [RANDNUM] FROM SYSIBM.SYSDUMMY1)")

95


96
        if result:

97
            logMsg = "confirming %s" % DBMS.DB2

98
            logger.info(logMsg)

99


100
            result = inject.checkBooleanExpression("JULIAN_DAY(CURRENT DATE) IS NOT NULL")

101


102
            if not result:

103
                warnMsg = "the back-end DBMS is not %s" % DBMS.DB2

104
                logger.warning(warnMsg)

105


106
                return False

107


108
            version = self._versionCheck()

109
            if version:

110
                Backend.setVersion(version)

111
                setDbms("%s %s" % (DBMS.DB2, Backend.getVersion()))

112
            else:

113
                setDbms(DBMS.DB2)

114


115
            return True

116
        else:

117
            warnMsg = "the back-end DBMS is not %s" % DBMS.DB2

118
            logger.warning(warnMsg)

119


120
            return False

121


122
    def checkDbmsOs(self, detailed=False):

123
        if Backend.getOs():

124
            return

125


126
        infoMsg = "fingerprinting the back-end DBMS operating system "

127
        infoMsg += "version and service pack"

128
        logger.info(infoMsg)

129


130
        query = "(SELECT LENGTH(OS_NAME) FROM SYSIBMADM.ENV_SYS_INFO WHERE OS_NAME LIKE '%WIN%')>0"

131
        result = inject.checkBooleanExpression(query)

132


133
        if not result:

134
            Backend.setOs(OS.LINUX)

135
        else:

136
            Backend.setOs(OS.WINDOWS)

137


138
        infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs()

139


140
        if result:

141
            versions = {

142
                "2003": ("5.2", (2, 1)),

143
                "2008": ("7.0", (1,)),

144
                "2000": ("5.0", (4, 3, 2, 1)),

145
                "7": ("6.1", (1, 0)),

146
                "XP": ("5.1", (2, 1)),

147
                "NT": ("4.0", (6, 5, 4, 3, 2, 1))

148
            }

149


150
            # Get back-end DBMS underlying operating system version

151
            for version, data in versions.items():

152
                query = "(SELECT LENGTH(OS_VERSION) FROM SYSIBMADM.ENV_SYS_INFO WHERE OS_VERSION = '%s')>0" % data[0]

153
                result = inject.checkBooleanExpression(query)

154


155
                if result:

156
                    Backend.setOsVersion(version)

157
                    infoMsg += " %s" % Backend.getOsVersion()

158
                    break

159


160
            if not Backend.getOsVersion():

161
                return

162


163
            # Get back-end DBMS underlying operating system service pack

164
            for sp in versions[Backend.getOsVersion()][1]:

165
                query = "(SELECT LENGTH(OS_RELEASE) FROM SYSIBMADM.ENV_SYS_INFO WHERE OS_RELEASE LIKE '%Service Pack " + str(sp) + "%')>0"

166
                result = inject.checkBooleanExpression(query)

167


168
                if result:

169
                    Backend.setOsServicePack(sp)

170
                    break

171


172
            if not Backend.getOsServicePack():

173
                Backend.setOsServicePack(0)

174
                debugMsg = "assuming the operating system has no service pack"

175
                logger.debug(debugMsg)

176


177
            if Backend.getOsVersion():

178
                infoMsg += " Service Pack %d" % Backend.getOsServicePack()

179


180
            logger.info(infoMsg)

181


182