Skip to content

Commit 9a4ae7d

Browse files
bdamelebdamele
committed
More code refactoring of Backend class methods used
1 parent 2f2758b commit 9a4ae7d

16 files changed

Lines changed: 146 additions & 146 deletions

File tree

lib/core/agent.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -282,14 +282,14 @@ def nullAndCastField(self, field):
282282

283283
# SQLite version 2 does not support neither CAST() nor IFNULL(),
284284
# introduced only in SQLite version 3
285-
if Backend.getIdentifiedDbms() == DBMS.SQLITE:
285+
if Backend.isDbms(DBMS.SQLITE):
286286
return field
287287

288288
if field.startswith("(CASE"):
289289
nulledCastedField = field
290290
else:
291291
nulledCastedField = queries[Backend.getIdentifiedDbms()].cast.query % field
292-
if Backend.getIdentifiedDbms() == DBMS.ACCESS:
292+
if Backend.isDbms(DBMS.ACCESS):
293293
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % (nulledCastedField, nulledCastedField)
294294
else:
295295
nulledCastedField = queries[Backend.getIdentifiedDbms()].isnull.query % nulledCastedField
@@ -401,7 +401,7 @@ def getFields(self, query):
401401
def simpleConcatQuery(self, query1, query2):
402402
concatenatedQuery = ""
403403

404-
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
404+
if Backend.isDbms(DBMS.MYSQL):
405405
concatenatedQuery = "CONCAT(%s,%s)" % (query1, query2)
406406

407407
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE):
@@ -447,7 +447,7 @@ def concatQuery(self, query, unpack=True):
447447
else:
448448
return query
449449

450-
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
450+
if Backend.isDbms(DBMS.MYSQL):
451451
if fieldsExists:
452452
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
453453
concatenatedQuery += ",'%s')" % kb.misc.stop
@@ -540,7 +540,7 @@ def forgeInbandQuery(self, query, position, count, comment, prefix, suffix, char
540540
if query.startswith("TOP"):
541541
# TOP enumeration on DBMS.MSSQL is too specific and it has to go into it's own brackets
542542
# because those NULLs cause problems with ORDER BY clause
543-
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
543+
if Backend.isDbms(DBMS.MSSQL):
544544
inbandQuery += ",".join(map(lambda x: char if x != position else '(SELECT %s)' % query, range(0, count)))
545545
inbandQuery = self.suffixQuery(inbandQuery, comment, suffix)
546546
return inbandQuery
@@ -633,11 +633,11 @@ def limitQuery(self, num, query, field=None, uniqueField=None):
633633
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1)
634634
limitedQuery += " %s" % limitStr
635635

636-
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
636+
elif Backend.isDbms(DBMS.FIREBIRD):
637637
limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num+1, num+1)
638638
limitedQuery += " %s" % limitStr
639639

640-
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
640+
elif Backend.isDbms(DBMS.ORACLE):
641641
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
642642
orderBy = limitedQuery[limitedQuery.index(" ORDER BY "):]
643643
limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")]
@@ -650,7 +650,7 @@ def limitQuery(self, num, query, field=None, uniqueField=None):
650650
limitedQuery = limitedQuery % fromFrom
651651
limitedQuery += "=%d" % (num + 1)
652652

653-
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
653+
elif Backend.isDbms(DBMS.MSSQL):
654654
forgeNotIn = True
655655

656656
if " ORDER BY " in limitedQuery:

lib/core/common.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -869,7 +869,7 @@ def parsePasswordHash(password):
869869
if not password or password == " ":
870870
password = "NULL"
871871

872-
if Backend.getIdentifiedDbms() == DBMS.MSSQL and password != "NULL" and isHexEncodedString(password):
872+
if Backend.isDbms(DBMS.MSSQL) and password != "NULL" and isHexEncodedString(password):
873873
hexPassword = password
874874
password = "%s\n" % hexPassword
875875
password += "%sheader: %s\n" % (blank, hexPassword[:6])
@@ -1194,19 +1194,19 @@ def getDelayQuery(andCond=False):
11941194

11951195
banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None
11961196

1197-
if banVer is None or (Backend.getIdentifiedDbms() == DBMS.MYSQL and banVer >= "5.0.12") or (Backend.getIdentifiedDbms() == DBMS.PGSQL and banVer >= "8.2"):
1197+
if banVer is None or (Backend.isDbms(DBMS.MYSQL) and banVer >= "5.0.12") or (Backend.isDbms(DBMS.PGSQL) and banVer >= "8.2"):
11981198
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
11991199
else:
12001200
query = queries[Backend.getIdentifiedDbms()].timedelay.query2 % conf.timeSec
1201-
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
1201+
elif Backend.isDbms(DBMS.FIREBIRD):
12021202
query = queries[Backend.getIdentifiedDbms()].timedelay.query
12031203
else:
12041204
query = queries[Backend.getIdentifiedDbms()].timedelay.query % conf.timeSec
12051205

12061206
if andCond:
12071207
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.SQLITE ):
12081208
query = query.replace("SELECT ", "")
1209-
elif Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
1209+
elif Backend.isDbms(DBMS.FIREBIRD):
12101210
query = "(%s)>0" % query
12111211

12121212
return query

lib/core/dump.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -104,9 +104,9 @@ def currentUser(self,data):
104104
self.string("current user", data)
105105

106106
def currentDb(self,data):
107-
if Backend.getIdentifiedDbms() == DBMS.MAXDB:
107+
if Backend.isDbms(DBMS.MAXDB):
108108
self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data)
109-
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
109+
elif Backend.isDbms(DBMS.ORACLE):
110110
self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data)
111111
else:
112112
self.string("current database", data)

lib/parse/banner.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -97,21 +97,21 @@ def bannerParser(banner):
9797

9898
xmlfile = None
9999

100-
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
100+
if Backend.isDbms(DBMS.MSSQL):
101101
xmlfile = paths.MSSQL_XML
102-
elif Backend.getIdentifiedDbms() == DBMS.MYSQL:
102+
elif Backend.isDbms(DBMS.MYSQL):
103103
xmlfile = paths.MYSQL_XML
104-
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
104+
elif Backend.isDbms(DBMS.ORACLE):
105105
xmlfile = paths.ORACLE_XML
106-
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
106+
elif Backend.isDbms(DBMS.PGSQL):
107107
xmlfile = paths.PGSQL_XML
108108

109109
if not xmlfile:
110110
return
111111

112112
checkFile(xmlfile)
113113

114-
if Backend.getIdentifiedDbms() == DBMS.MSSQL:
114+
if Backend.isDbms(DBMS.MSSQL):
115115
handler = MSSQLBannerHandler(banner, kb.bannerFp)
116116
parseXmlFile(xmlfile, handler)
117117

lib/request/direct.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ def direct(query, content=True):
2727
select = True
2828
query = agent.payloadDirect(query)
2929

30-
if Backend.getIdentifiedDbms() == DBMS.ORACLE and query.startswith("SELECT ") and " FROM " not in query:
30+
if Backend.isDbms(DBMS.ORACLE) and query.startswith("SELECT ") and " FROM " not in query:
3131
query = "%s FROM DUAL" % query
3232

3333
for sqlTitle, sqlStatements in SQL_STATEMENTS.items():

lib/request/inject.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
141141
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
142142

143143
rdbRegExp = re.search("RDB\$GET_CONTEXT\([^)]+\)", expression, re.I)
144-
if rdbRegExp and Backend.getIdentifiedDbms() == DBMS.FIREBIRD:
144+
if rdbRegExp and Backend.isDbms(DBMS.FIREBIRD):
145145
expressionFieldsList = [expressionFields]
146146

147147
if len(expressionFieldsList) > 1:
@@ -189,7 +189,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
189189
stopLimit = int(topLimit.group(1))
190190
limitCond = int(stopLimit) > 1
191191

192-
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
192+
elif Backend.isDbms(DBMS.ORACLE):
193193
limitCond = False
194194
else:
195195
limitCond = True

lib/takeover/abstraction.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ def execCmd(self, cmd, silent=False):
4545
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
4646
self.udfExecCmd(cmd, silent=silent)
4747

48-
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
48+
elif Backend.isDbms(DBMS.MSSQL):
4949
self.xpCmdshellExecCmd(cmd, silent=silent)
5050

5151
else:
@@ -59,7 +59,7 @@ def evalCmd(self, cmd, first=None, last=None):
5959
elif Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
6060
return self.udfEvalCmd(cmd, first, last)
6161

62-
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
62+
elif Backend.isDbms(DBMS.MSSQL):
6363
return self.xpCmdshellEvalCmd(cmd, first, last)
6464

6565
else:
@@ -100,7 +100,7 @@ def shell(self):
100100
infoMsg += "command execution"
101101
logger.info(infoMsg)
102102

103-
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
103+
elif Backend.isDbms(DBMS.MSSQL):
104104
infoMsg = "going to use xp_cmdshell extended procedure for "
105105
infoMsg += "operating system command execution"
106106
logger.info(infoMsg)
@@ -154,7 +154,7 @@ def initEnv(self, mandatory=True, detailed=False, web=False):
154154

155155
if Backend.getIdentifiedDbms() in ( DBMS.MYSQL, DBMS.PGSQL ):
156156
self.udfInjectSys()
157-
elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
157+
elif Backend.isDbms(DBMS.MSSQL):
158158
if mandatory:
159159
self.xpCmdshellInit()
160160
else:

lib/takeover/metasploit.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -189,21 +189,21 @@ def __selectPayload(self):
189189
if __payloadStr == "windows/vncinject":
190190
choose = False
191191

192-
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
192+
if Backend.isDbms(DBMS.MYSQL):
193193
debugMsg = "by default MySQL on Windows runs as SYSTEM "
194194
debugMsg += "user, it is likely that the the VNC "
195195
debugMsg += "injection will be successful"
196196
logger.debug(debugMsg)
197197

198-
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
198+
elif Backend.isDbms(DBMS.PGSQL):
199199
choose = True
200200

201201
warnMsg = "by default PostgreSQL on Windows runs as "
202202
warnMsg += "postgres user, it is unlikely that the VNC "
203203
warnMsg += "injection will be successful"
204204
logger.warn(warnMsg)
205205

206-
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
206+
elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
207207
choose = True
208208

209209
warnMsg = "it is unlikely that the VNC injection will be "
@@ -232,12 +232,12 @@ def __selectPayload(self):
232232
break
233233

234234
elif choice == "1":
235-
if Backend.getIdentifiedDbms() == DBMS.PGSQL:
235+
if Backend.isDbms(DBMS.PGSQL):
236236
logger.warn("beware that the VNC injection might not work")
237237

238238
break
239239

240-
elif Backend.getIdentifiedDbms() == DBMS.MSSQL and Backend.isVersionWithin(("2005", "2008")):
240+
elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
241241
break
242242

243243
elif not choice.isdigit():

lib/takeover/udf.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -144,9 +144,9 @@ def udfInjectCore(self, udfDict):
144144
if udf in self.udfToCreate and udf not in self.createdUdf:
145145
self.udfCreateFromSharedLib(udf, inpRet)
146146

147-
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
147+
if Backend.isDbms(DBMS.MYSQL):
148148
supportTblType = "longtext"
149-
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
149+
elif Backend.isDbms(DBMS.PGSQL):
150150
supportTblType = "text"
151151

152152
self.udfCreateSupportTbl(supportTblType)
@@ -237,9 +237,9 @@ def udfInjectCustom(self):
237237
else:
238238
logger.warn("you need to specify the name of the UDF")
239239

240-
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
240+
if Backend.isDbms(DBMS.MYSQL):
241241
defaultType = "string"
242-
elif Backend.getIdentifiedDbms() == DBMS.PGSQL:
242+
elif Backend.isDbms(DBMS.PGSQL):
243243
defaultType = "text"
244244

245245
self.udfs[udfName]["input"] = []

lib/techniques/error/use.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ def __oneShotErrorUse(expression, field):
5757

5858
nulledCastedField = agent.nullAndCastField(field)
5959

60-
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
60+
if Backend.isDbms(DBMS.MYSQL):
6161
nulledCastedField = queries[DBMS.MYSQL].substring.query % (nulledCastedField, offset, MYSQL_ERROR_CHUNK_LENGTH)
6262

6363
# Forge the error-based SQL injection request
@@ -101,7 +101,7 @@ def __oneShotErrorUse(expression, field):
101101
if isinstance(output, basestring):
102102
output = htmlunescape(output).replace("<br>", "\n")
103103

104-
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
104+
if Backend.isDbms(DBMS.MYSQL):
105105
if offset == 1:
106106
retVal = output
107107
else:
@@ -243,7 +243,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
243243
stopLimit = int(topLimit.group(1))
244244
limitCond = int(stopLimit) > 1
245245

246-
elif Backend.getIdentifiedDbms() == DBMS.ORACLE:
246+
elif Backend.isDbms(DBMS.ORACLE):
247247
limitCond = False
248248
else:
249249
limitCond = True

0 commit comments

Comments
 (0)