STRLCPY/ghauri

updated code quality, minor updates to time/stacked based technique, fixed an issue in exception handling when during data extraction user aborts, bumped version 1.0.8
r0oth3x49 committed 2 years ago

5aed9854

1 parent 6c587217

■ ■ ■ ■ ■ ■

ghauri/__init__.py

		skipped 23 lines
24	24
25	25		"""
26	26
27		-	__version__ = "1.0.7"
	27	+	__version__ = "1.0.8"
28	28		__author__ = "Nasir Khan (r0ot h3x49)"
29	29		__license__ = "MIT"
30	30		__copyright__ = "Copyright (c) 2016-2025 Nasir Khan (r0ot h3x49)"
		skipped 2 lines

■ ■ ■ ■ ■ ■

ghauri/common/utils.py

		skipped 1660 lines
1661	1661		__temp.append(_p)
1662	1662		_r = Response(
1663	1663		dbms=backend,
1664		-	type="error-based",
	1664	+	type="stacked-queries",
1665	1665		title=title,
1666	1666		payloads=__temp,
1667	1667		vector=vector,
		skipped 70 lines

■ ■ ■ ■ ■ ■

ghauri/core/extract.py

		skipped 362 lines
363	363		position=offset,
364	364		char=ord(identified_character),
365	365		)
	366	+	if vector_type == "time_vector":
	367	+	condition = replace_with(
	368	+	string=condition, character="=", replace_with="!="
	369	+	)
366	370		expression = vector.replace("[INFERENCE]", f"{condition}").replace(
367	371		"[SLEEPTIME]", f"{timesec}"
368	372		)
		skipped 40 lines
409	413		logger.debug("character is valid.")
410	414		if vector_type == "time_vector":
411	415		response_time = attack.response_time
412		-	if response_time >= sleep_time:
	416	+	vulnerable = bool(response_time >= sleep_time)
	417	+	if not vulnerable:
413	418		logger.debug("character is valid.")
414	419		is_valid = True
415	420		break
		skipped 1074 lines
1490	1495		resumed=retval_error.resumed,
1491	1496		)
1492	1497		return _temp_error
1493		-	if other_vectors:
1494		-	logger.debug(
1495		-	"ghauri is going to use other injected vectors payloads if any."
1496		-	)
	1498	+	# if other_vectors:
	1499	+	# logger.debug(
	1500	+	# "ghauri is going to use other injected vectors payloads if any."
	1501	+	# )
1497	1502		if not list_of_chars:
1498	1503		list_of_chars = "._-1234567890aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ@+!#$%^&*()+"
1499	1504		data_extraction_payloads = DATA_EXTRACTION_PAYLOADS.get(backend)
		skipped 30 lines
1530	1535		last_row_id = retval_session.get("id")
1531	1536		if len(_v) == length:
1532	1537		_temp = PayloadResponse(
1533		-	ok=True, error="", result=_v, payload="", resumed=True
	1538	+	ok=True, error="", result=_v, payload="", resumed=is_resumed
1534	1539		)
1535	1540		return _temp
1536	1541		for vector_type, vector in conf.vectors.items():
		skipped 86 lines
1623	1628		total_length = length + 1
1624	1629		# for pos in range(1, length + 1):
1625	1630		while pos < total_length:
	1631	+	start_pos = pos
1626	1632		if attack01 and vector_type == "boolean_vector":
1627	1633		# extract characters using binary search algorithm
1628	1634		try:
		skipped 194 lines
1823	1829		try:
1824	1830		if bool_invalid_character_counter >= 3:
1825	1831		logger.debug(
1826		-	"boolean based technique(s) is not usable to data extraction switching to other if any.."
	1832	+	"it seems the current payload is filtered out by some sort of WAF/IDS."
1827	1833		)
1828	1834		break
1829	1835		if dump_type and chars:
		skipped 13 lines
1843	1849		is_char_found = True
1844	1850		is_extracted = True
1845	1851		is_done_with_vector = True
	1852	+	if chars and len(chars) > 0:
	1853	+	logger.info(f"retrieved: '{chars}'")
1846	1854		_temp = PayloadResponse(
1847	1855		ok=False,
1848	1856		error="user_ended",
		skipped 177 lines
2026	2034		try:
2027	2035		if invalid_character_detection_counter >= 3:
2028	2036		logger.debug(
2029		-	"time based technique(s) is not usable to data extraction switching to other if any.."
	2037	+	"it seems the current payload is filtered out by some sort of WAF/IDS."
2030	2038		)
2031	2039		break
2032	2040		if dump_type and chars:
		skipped 20 lines
2053	2061		error="user_ended",
2054	2062		result=chars,
2055	2063		payload=entry,
	2064	+	resumed=is_resumed,
2056	2065		)
2057	2066		break
2058	2067		if len(chars) == length:
		skipped 27 lines

■ ■ ■ ■ ■ ■

ghauri/core/tests.py

		skipped 816 lines
817	817		if delay > 0:
818	818		time.sleep(delay)
819	819		sleep_time = sleep_times.pop()
	820	+	# in case of very slow internet users we will consider timesec value for testing and it should be >= 10 otherwise with good internet we are good to consider random sleep value
	821	+	if timesec >= 10:
	822	+	sleep_time += timesec
820	823		string = payload_detected.string
821	824		expression = string.replace("[SLEEPTIME]", "%s" % (sleep_time))
822	825		decoded_expression = urldecode(expression)
		skipped 110 lines
933	936		payloads_response_delay = [stack_queries_payloads, time_based_payloads]
934	937		param_key = parameter.get("key")
935	938		param_value = parameter.get("value")
936		-	sleep_time = random.randint(5, 9)
	939	+	# in case of very slow internet users we will consider timesec value for testing and it should be >= 10 otherwise with good internet we are good to consider random sleep value
	940	+	sleep_time = timesec if timesec >= 10 else random.randint(5, 9)
937	941		injection_type = injection_type.upper()
938	942		is_injected = False
939	943		requests_counter = 1
		skipped 3 lines
943	947		terminate_on_web_firewall = False
944	948		http_firewall_code_counter = 0
945	949		error_msg = None
	950	+	_out = []
946	951		for payloads_delay in payloads_response_delay:
947	952		for entry in payloads_delay:
948	953		backend = entry.dbms
		skipped 160 lines
1109	1114		continue
1110	1115		logger.notice(message)
1111	1116		_url = attack.request_url if injection_type == "GET" else attack.url
	1117	+	payload_type = f"{entry.type}"
	1118	+	if payload_type == "time-based":
	1119	+	payload_type += " blind"
1112	1120		_temp = Response(
1113	1121		url=_url,
1114	1122		data=attack.data,
		skipped 13 lines
1128	1136		prepared_vector=f"{_payload.prefix}{entry.vector}{_payload.suffix}",
1129	1137		number_of_requests=requests_counter,
1130	1138		backend=backend,
1131		-	payload_type="time-based blind",
	1139	+	payload_type=payload_type,
1132	1140		payload_raw=_payload,
1133	1141		with_status_code=with_status_code,
1134	1142		is_different_status_code_injectable=is_different_status_code_injectable,
		skipped 1138 lines

■ ■ ■ ■ ■ ■

setup.py

		skipped 4 lines
5	5
6	6		setup(
7	7		name="ghauri",
8		-	version="1.0.7",
	8	+	version="1.0.8",
9	9		description="An advanced SQL injection detection & exploitation tool.",
10	10		classifiers=["Programming Language :: Python3"],
11	11		author="Nasir Khan",
		skipped 28 lines

updated code quality, minor updates to time/stacked based technique, fixed an issue in exception handling when during data extraction user aborts, bumped version 1.0.8