Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/plugins/generic/misc.py
2989 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import ntpath

9
import re

10


11
from lib.core.common import Backend

12
from lib.core.common import hashDBWrite

13
from lib.core.common import isStackingAvailable

14
from lib.core.common import normalizePath

15
from lib.core.common import ntToPosixSlashes

16
from lib.core.common import posixToNtSlashes

17
from lib.core.common import readInput

18
from lib.core.common import singleTimeDebugMessage

19
from lib.core.common import unArrayizeValue

20
from lib.core.data import conf

21
from lib.core.data import kb

22
from lib.core.data import logger

23
from lib.core.data import queries

24
from lib.core.enums import DBMS

25
from lib.core.enums import HASHDB_KEYS

26
from lib.core.enums import OS

27
from lib.core.exception import SqlmapNoneDataException

28
from lib.request import inject

29


30
class Miscellaneous(object):

31
    """

32
    This class defines miscellaneous functionalities for plugins.

33
    """

34


35
    def __init__(self):

36
        pass

37


38
    def getRemoteTempPath(self):

39
        if not conf.tmpPath and Backend.isDbms(DBMS.MSSQL):

40
            debugMsg = "identifying Microsoft SQL Server error log directory "

41
            debugMsg += "that sqlmap will use to store temporary files with "

42
            debugMsg += "commands' output"

43
            logger.debug(debugMsg)

44


45
            _ = unArrayizeValue(inject.getValue("SELECT SERVERPROPERTY('ErrorLogFileName')", safeCharEncode=False))

46


47
            if _:

48
                conf.tmpPath = ntpath.dirname(_)

49


50
        if not conf.tmpPath:

51
            if Backend.isOs(OS.WINDOWS):

52
                if conf.direct:

53
                    conf.tmpPath = "%TEMP%"

54
                else:

55
                    self.checkDbmsOs(detailed=True)

56


57
                    if Backend.getOsVersion() in ("2000", "NT"):

58
                        conf.tmpPath = "C:/WINNT/Temp"

59
                    elif Backend.isOs("XP"):

60
                        conf.tmpPath = "C:/Documents and Settings/All Users/Application Data/Temp"

61
                    else:

62
                        conf.tmpPath = "C:/Windows/Temp"

63
            else:

64
                conf.tmpPath = "/tmp"

65


66
        if re.search(r"\A[\w]:[\/\\]+", conf.tmpPath, re.I):

67
            Backend.setOs(OS.WINDOWS)

68


69
        conf.tmpPath = normalizePath(conf.tmpPath)

70
        conf.tmpPath = ntToPosixSlashes(conf.tmpPath)

71


72
        singleTimeDebugMessage("going to use '%s' as temporary files directory" % conf.tmpPath)

73


74
        hashDBWrite(HASHDB_KEYS.CONF_TMP_PATH, conf.tmpPath)

75


76
        return conf.tmpPath

77


78
    def getVersionFromBanner(self):

79
        if "dbmsVersion" in kb.bannerFp:

80
            return

81


82
        infoMsg = "detecting back-end DBMS version from its banner"

83
        logger.info(infoMsg)

84


85
        query = queries[Backend.getIdentifiedDbms()].banner.query

86


87
        if conf.direct:

88
            query = "SELECT %s" % query

89


90
        kb.bannerFp["dbmsVersion"] = unArrayizeValue(inject.getValue(query)) or ""

91


92
        match = re.search(r"\d[\d.-]*", kb.bannerFp["dbmsVersion"])

93
        if match:

94
            kb.bannerFp["dbmsVersion"] = match.group(0)

95


96
    def delRemoteFile(self, filename):

97
        if not filename:

98
            return

99


100
        self.checkDbmsOs()

101


102
        if Backend.isOs(OS.WINDOWS):

103
            filename = posixToNtSlashes(filename)

104
            cmd = "del /F /Q %s" % filename

105
        else:

106
            cmd = "rm -f %s" % filename

107


108
        self.execCmd(cmd, silent=True)

109


110
    def createSupportTbl(self, tblName, tblField, tblType):

111
        inject.goStacked("DROP TABLE %s" % tblName, silent=True)

112


113
        if Backend.isDbms(DBMS.MSSQL) and tblName == self.cmdTblName:

114
            inject.goStacked("CREATE TABLE %s(id INT PRIMARY KEY IDENTITY, %s %s)" % (tblName, tblField, tblType))

115
        else:

116
            inject.goStacked("CREATE TABLE %s(%s %s)" % (tblName, tblField, tblType))

117


118
    def cleanup(self, onlyFileTbl=False, udfDict=None, web=False):

119
        """

120
        Cleanup file system and database from sqlmap create files, tables

121
        and functions

122
        """

123


124
        if web and self.webBackdoorFilePath:

125
            logger.info("cleaning up the web files uploaded")

126


127
            self.delRemoteFile(self.webStagerFilePath)

128
            self.delRemoteFile(self.webBackdoorFilePath)

129


130
        if (not isStackingAvailable() or kb.udfFail) and not conf.direct:

131
            return

132


133
        if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and kb.copyExecTest:

134
            return

135


136
        if Backend.isOs(OS.WINDOWS):

137
            libtype = "dynamic-link library"

138


139
        elif Backend.isOs(OS.LINUX):

140
            libtype = "shared object"

141


142
        else:

143
            libtype = "shared library"

144


145
        if onlyFileTbl:

146
            logger.debug("cleaning up the database management system")

147
        else:

148
            logger.info("cleaning up the database management system")

149


150
        logger.debug("removing support tables")

151
        inject.goStacked("DROP TABLE %s" % self.fileTblName, silent=True)

152
        inject.goStacked("DROP TABLE %shex" % self.fileTblName, silent=True)

153


154
        if not onlyFileTbl:

155
            inject.goStacked("DROP TABLE %s" % self.cmdTblName, silent=True)

156


157
            if Backend.isDbms(DBMS.MSSQL):

158
                udfDict = {"master..new_xp_cmdshell": {}}

159


160
            if udfDict is None:

161
                udfDict = getattr(self, "sysUdfs", {})

162


163
            for udf, inpRet in udfDict.items():

164
                message = "do you want to remove UDF '%s'? [Y/n] " % udf

165


166
                if readInput(message, default='Y', boolean=True):

167
                    dropStr = "DROP FUNCTION %s" % udf

168


169
                    if Backend.isDbms(DBMS.PGSQL):

170
                        inp = ", ".join(i for i in inpRet["input"])

171
                        dropStr += "(%s)" % inp

172


173
                    logger.debug("removing UDF '%s'" % udf)

174
                    inject.goStacked(dropStr, silent=True)

175


176
            logger.info("database management system cleanup finished")

177


178
            warnMsg = "remember that UDF %s files " % libtype

179


180
            if conf.osPwn:

181
                warnMsg += "and Metasploit related files in the temporary "

182
                warnMsg += "folder "

183


184
            warnMsg += "saved on the file system can only be deleted "

185
            warnMsg += "manually"

186
            logger.warning(warnMsg)

187


188
    def likeOrExact(self, what):

189
        message = "do you want sqlmap to consider provided %s(s):\n" % what

190
        message += "[1] as LIKE %s names (default)\n" % what

191
        message += "[2] as exact %s names" % what

192


193
        choice = readInput(message, default='1')

194


195
        if not choice or choice == '1':

196
            choice = '1'

197
            condParam = " LIKE '%%%s%%'"

198
        elif choice == '2':

199
            condParam = "='%s'"

200
        else:

201
            errMsg = "invalid value"

202
            raise SqlmapNoneDataException(errMsg)

203


204
        return choice, condParam

205


206