From 4851c69b2a6f31d91e719481da8e028bd94f98fa Mon Sep 17 00:00:00 2001 From: Aridhi-Dhia-eddine Date: Mon, 8 Apr 2024 22:21:22 +0100 Subject: [PATCH 1/4] solve problem of saving result of --sql-query in CSV file --- extra/icmpsh/README.txt | 90 ++++++++++++------------- ok.py | 142 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 187 insertions(+), 45 deletions(-) create mode 100644 ok.py diff --git a/extra/icmpsh/README.txt b/extra/icmpsh/README.txt index 631f9ee377f..d09e83b8552 100644 --- a/extra/icmpsh/README.txt +++ b/extra/icmpsh/README.txt @@ -1,45 +1,45 @@ -icmpsh - simple reverse ICMP shell - -icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl. - - ---- Running the Master --- - -The master is straight forward to use. There are no extra libraries required for the C version. -The Perl master however has the following dependencies: - - * IO::Socket - * NetPacket::IP - * NetPacket::ICMP - - -When running the master, don't forget to disable ICMP replies by the OS. For example: - - sysctl -w net.ipv4.icmp_echo_ignore_all=1 - -If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive -commands send from the master. - - ---- Running the Slave --- - -The slave comes with a few command line options as outlined below: - - --t host host ip address to send ping requests to. This option is mandatory! - --r send a single test icmp request containing the string "Test1234" and then quit. - This is for testing the connection. - --d milliseconds delay between requests in milliseconds - --o milliseconds timeout of responses in milliseconds. If a response has not received in time, - the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit. - The counter is set back to 0 if a response was received. - --b num limit of blanks (unanswered icmp requests before quitting - --s bytes maximal data buffer size in bytes - - -In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer. +icmpsh - simple reverse ICMP shell + +icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl. + + +--- Running the Master --- + +The master is straight forward to use. There are no extra libraries required for the C version. +The Perl master however has the following dependencies: + + * IO::Socket + * NetPacket::IP + * NetPacket::ICMP + + +When running the master, don't forget to disable ICMP replies by the OS. For example: + + sysctl -w net.ipv4.icmp_echo_ignore_all=1 + +If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive +commands send from the master. + + +--- Running the Slave --- + +The slave comes with a few command line options as outlined below: + + +-t host host ip address to send ping requests to. This option is mandatory! + +-r send a single test icmp request containing the string "Test1234" and then quit. + This is for testing the connection. + +-d milliseconds delay between requests in milliseconds + +-o milliseconds timeout of responses in milliseconds. If a response has not received in time, + the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit. + The counter is set back to 0 if a response was received. + +-b num limit of blanks (unanswered icmp requests before quitting + +-s bytes maximal data buffer size in bytes + + +In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer. diff --git a/ok.py b/ok.py new file mode 100644 index 00000000000..16f0e53a691 --- /dev/null +++ b/ok.py @@ -0,0 +1,142 @@ +import subprocess +from datetime import datetime +import sys +import os +import csv +import re +from urllib.parse import urlparse + +#**************************************************************************************** +# this function verify if the argument given is an URL +def est_url(url): + try: + result=urlparse(url) + return all([result.scheme, result.netloc]) + except Exception as e: + return False + +# this function verify if the argument given is a request +def est_requete(req): + exp_reg= expression_reguliere = re.compile( + r'\b(SELECT|UPDATE|DELETE|INSERT INTO|CREATE|ALTER|DROP|GRANT|REVOKE)\b', + re.IGNORECASE) + return re.search(exp_reg,req) is not None + +#***************************************************************************************** + +# read the arguements +arg=sys.argv + +#***************************************************************************************** + #verify if the arguments given are correct or not + +if (('-u' in arg)and('--sql-query' in arg)): + if (est_url(arg[2])): + if (est_requete(arg[-1])): + commande_sqlmap = ['python','sqlmap.py']+arg[1:] + else: + print("verify your request") + exit() + else: + print("verify your URL") + exit() +else: + print("Verify that you input correctly -u or --sql-query") + exit() + +#***************************************************************************************** + +#***************************************************************************************** + #extract the name of columns from the request +deb="SELECT" +fin="FROM" + +#find the start point of the ""deb"" variable in the request +temp1=(arg[-1].upper()).find(deb) + +#find the start point of the ""fin"" variable in the request +temp2=(arg[-1].upper()).find(fin) + +#select the request from the arguments given bu the user in command line +temp_res=arg[-1] + +#start selection of the columns names after the ""deb"" variable +T=len(deb)-temp1+1 +temp_res=temp_res[T:temp2] + +#split the String that contains columns name +temp_res=(temp_res.strip()).split(',') + +#****************************************************************************************** + +#****************************************************************************************** + #process the request + +res=subprocess.check_output(commande_sqlmap) + +#res=subprocess.run(commande_sqlmap,capture_output=True, text=True) + +#view the result of processing the resquest +res = res.decode('utf-8') +print(res) + + +# Select actuel time +heure_actuelle = datetime.now() +heure_formattee = heure_actuelle.strftime("%H:%M:%S") + +# ""m_deb"" variable is a string that represents the start point of showing the result of the request +m_deb="["+str(heure_formattee)+"]"+" [INFO] fetching SQL SELECT statement query output:" + +# ""m_fin"" variable is a string that represents the end point point of showing the result of the request +m_fin="["+str(heure_formattee)+"]"+" [INFO] fetched data logged to text files under" + +#""debut_message"" contains the position of the ""m_deb"" variable in the result +debut_message = res.find(m_deb) + +#""fin_message"" contains the position of the ""m_fin"" variable in the result +fin_message = res.find(m_fin) + +#select a part of the result that is between ""m_deb"" variable and ""m_fin"" variable +message = res[debut_message:fin_message].strip() + + +lignes = message.splitlines() + +# ""donnees_sauvegarder"" variable is a list of dictionaries +donnees_sauvegarder = [] + +# loop on the ""lignes"" variable +for ligne in lignes: + # verify if this line contain [*] + if ligne.startswith("[*]"): + # extract data after '[*]' + v_temp=(ligne[4:].strip()).split(',') + d_temp={} + for i in range(len(temp_res)): + # add for every column from ""temp_res"" variable a value from ""v_temp"" variable + d_temp.update({temp_res[i]:v_temp[i]}) + + # add the dictionarie in the list + donnees_sauvegarder.append(d_temp) + +#***************************************************************************************************** + + # create a file named ""data_save.csv"" in same repositories with this script file + +file_csv="data_save.csv" + +if(len(donnees_sauvegarder)!=0):# if the process of the request send data + with open(file_csv,mode='w',newline='') as file_csv: + # write the header of this CSV file + writer=csv.DictWriter(file_csv,fieldnames=temp_res) + writer.writeheader() + # loop on the list of dictionaries named ""donnees_sauvegarder"" to wite its content on the CSV file + for part in donnees_sauvegarder: + writer.writerow(part) + # if the data is successfully saved in the CSV file this message show the place of the file + print("data saved in csv format under "+"'"+os.path.realpath("data_save.csv")+"'") +else: + print("data don't exist to create CSV file") + +#******************************************************************************************************** From cc7c5e79505f41d76f2eeb8e118fef5953bbde99 Mon Sep 17 00:00:00 2001 From: Aridhi-Dhia-eddine Date: Fri, 12 Apr 2024 01:54:24 +0100 Subject: [PATCH 2/4] Rework:solve problem of saving result of --sql-query in CSV file --- lib/core/dump.py | 39 ++++++++++++++++++++++++++++++++++++++- plugins/generic/custom.py | 4 +++- 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index 42f713efd9d..d2f89e165bb 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -7,6 +7,9 @@ import hashlib import os + +import csv + import re import shutil import tempfile @@ -709,7 +712,41 @@ def dbColumns(self, dbColumnsDict, colConsider, dbs): def sqlQuery(self, query, queryRes): self.string(query, queryRes, content_type=CONTENT_TYPE.SQL_QUERY) - + print ("mon output est ",queryRes) + + #code to extract columns from the request + deb="SELECT" + fin="FROM" + temp1=(query.upper()).find(deb) + #print ("mon output est ",temp1) + temp2=(query.upper()).find(fin) + #print ("mon output est ",temp2) + T=len(deb)-temp1+1 + temp_res=query[T:temp2] + temp_res=(temp_res.strip()).split(',') + print ("mon output est ",temp_res) + #****************************************** + #dictionarie for every value in queryRes + dt_save=[] + for i in range (len(queryRes)): + s=queryRes[i] + d={} + for j in range(len(temp_res)): + d.update({temp_res[j]:s[j]}) + dt_save.append(d) + print(dt_save) + #******************************************* + file_csv="data_save.csv" + if(len(queryRes)!=0): + with open(file_csv,mode='w',newline='') as file_csv: + writer=csv.DictWriter(file_csv,fieldnames=temp_res) + writer.writeheader() + for part in dt_save: + writer.writerow(part) + print("data saved in csv format under "+"'"+os.path.realpath("data_save.csv")+"'") + else: + print("data don't exist to create CSV file") + def rFile(self, fileData): self.lister("files saved to", fileData, sort=False, content_type=CONTENT_TYPE.FILE_READ) diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index dbfd589dcf8..6162c2eade5 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -78,11 +78,13 @@ def sqlQuery(self, query): inject.goStacked(query) output = NULL - + except SqlmapNoneDataException as ex: logger.warning(ex) + return output + def sqlShell(self): infoMsg = "calling %s shell. To quit type " % Backend.getIdentifiedDbms() From 372f80cfce79254cde6fe6219205dfe078176d70 Mon Sep 17 00:00:00 2001 From: Aridhi-Dhia-eddine Date: Fri, 12 Apr 2024 01:57:23 +0100 Subject: [PATCH 3/4] Rework:solve problem of saving result of --sql-query in CSV file --- lib/core/dump.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index d2f89e165bb..eaea9e26938 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -712,19 +712,18 @@ def dbColumns(self, dbColumnsDict, colConsider, dbs): def sqlQuery(self, query, queryRes): self.string(query, queryRes, content_type=CONTENT_TYPE.SQL_QUERY) - print ("mon output est ",queryRes) #code to extract columns from the request deb="SELECT" fin="FROM" temp1=(query.upper()).find(deb) - #print ("mon output est ",temp1) + temp2=(query.upper()).find(fin) - #print ("mon output est ",temp2) + T=len(deb)-temp1+1 temp_res=query[T:temp2] temp_res=(temp_res.strip()).split(',') - print ("mon output est ",temp_res) + #****************************************** #dictionarie for every value in queryRes dt_save=[] @@ -747,6 +746,7 @@ def sqlQuery(self, query, queryRes): else: print("data don't exist to create CSV file") + def rFile(self, fileData): self.lister("files saved to", fileData, sort=False, content_type=CONTENT_TYPE.FILE_READ) From cf2d76a8634553f5a6f1383288277d3414f16205 Mon Sep 17 00:00:00 2001 From: Aridhi-Dhia-eddine Date: Fri, 12 Apr 2024 01:58:11 +0100 Subject: [PATCH 4/4] Rework:solve problem of saving result of --sql-query in CSV file --- lib/core/dump.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index eaea9e26938..1a4feabb87f 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -733,7 +733,7 @@ def sqlQuery(self, query, queryRes): for j in range(len(temp_res)): d.update({temp_res[j]:s[j]}) dt_save.append(d) - print(dt_save) + #******************************************* file_csv="data_save.csv" if(len(queryRes)!=0):