sqlsus: new ebuild, compile tested

2026-04-28 17:50:58 +02:00 · 2010-10-14 09:43:56 +00:00 · 2010-10-14 09:43:56 +00:00 · 4405ed6bf7
commit 4405ed6bf7
parent 0570485d1f
3 changed files with 277 additions and 0 deletions
--- a/net-analyzer/sqlsus/Manifest
+++ b/net-analyzer/sqlsus/Manifest
@ -0,0 +1,3 @@
+AUX sqlsus.conf 7923 RMD160 43966c08f126ff7de97a34d5b0ff5664bb438ebf SHA1 c4fbb0c6403c89cc68fb22b9657867513d92cae3 SHA256 56f6bb86afb79ef60713f0029cf8a19a88718f3a4e8f23938b31b2a6a8628bbc
+DIST sqlsus-0.5rc1.tgz 37757 RMD160 7cd82d4087816aed25aaa2eb23f7a58fc6b7e41a SHA1 842b666a97c1bc19e3c53a1909a1b77514c0d428 SHA256 06354366b758e0b60643406b435ba56dd16d796520990739df3d6d0cd1e73723
+EBUILD sqlsus-0.5_rc1.ebuild 882 RMD160 a5c11387b828d780df34ee542ab4cb3b33f80555 SHA1 ef11d0f86056190a0723356bd52f8a1a9dd95d24 SHA256 6c3ddd2c8dd3480445078f09ee4be5f965739d3ed1d36b25bbf49eb0bed232d4
--- a/net-analyzer/sqlsus/files/sqlsus.conf
+++ b/net-analyzer/sqlsus/files/sqlsus.conf
@ -0,0 +1,227 @@
+# Configuration file generated by sqlsus 0.5rc1
+package conf; # do not remove this line
+use strict;
+use warnings;
+
+#
+# Note: only the values that differ from sqlsus defaults are mandatory, so you can have a configuration file with only a few lines in it.
+#
+# All these values will be overriden by the variables you have set in sqlsus in a saved session, provided that $allow_override == 1 (which is the default, see below)
+# For example : 
+# - first run: you launch sqlsus with no cookie defined. 
+# before the second run, you configure a cookie in your configuration file
+# - second run: the cookie is still empty, because the value has been overriden by the one saved.
+# 
+# In this case, you need to change the value of the cookie inside sqlsus using "set cookie <cookie>" 
+#
+
+###############################
+########### GENERAL ###########
+
+# Start of the url used for the injection
+# In inband/union mode, it is generally a good idea to append "AND 1=0" so that the real query returns nothing.
+# Ex : our $url_start = "http://localhost/script.php?id=1'";
+our $url_start = "";
+
+# End of the url used for the injection
+# When possible, it is generally a good idea to use "#" here, so that our queries won't be polluted by the original one.
+# Ex : our $url_end = "#";
+our $url_end = "";
+
+# Use POST instead of GET
+our $post = 0; 
+
+# Use blind injection ?
+our $blind = 0;
+
+# In blind mode, string to be found in the HTML if the statement is true
+our $string_to_match = "";
+
+# Allow the values specified in the configuration file to be overriden by the ones you have set in sqlsus (in a saved session).
+our $allow_override = 1;
+
+# User agent to use for HTTP queries
+our $user_agent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)";
+
+# Display "debug" messages
+our $debug = 0;
+
+# Char (not string) to display when something is null / not found
+our $null_substitute = "~";
+
+# Hex encode strings in the query ?
+# ie: "sqlsus" will be sent as 0x73716c737573, thus escaping quotes filtering.
+our $hex_encode_strings = 1;
+
+# Maximum running processes used to retrieve data (+main process +hits counter process)
+our $processes = 10;
+
+# Amount of seconds to sleep after each server hit. (can be a float)
+# note that it does not take the query / answer time in consideration, it's just a simple sleep() after a hit.
+our $sleep_after_hit = 0;
+
+# Max chars we can inject.
+# if you are using injection via POST, you can set it to a big value, and control the behaviour of sqlsus via max_subqueries
+# you can let sqlsus find the best value by executing "autoconf max_sendable" inside sqlsus
+our $max_sendable = 8000;
+
+# Max subqueries per query
+# Note that setting a really big value here (ie: 900), as well as a high value for max_sendable (when using POST for example), may result in a potentially long computation time for the queries to be prepared.
+our $max_subqueries = 50;
+
+# Convert spaces to /**/
+our $convert_spaces = 0;
+
+# Shall we consider cookies at all ?
+our $use_cookie_jar = 1;
+
+# Cookie to use, separate name=value pairs with ;
+# This will only have an effect if $use_cookie_jar = 1
+our $cookie = "";
+
+# HTTP proxy 
+our $http_proxy = "";
+
+# Credentials
+our $cred_realm = "";
+our $cred_user = "";
+our $cred_password  = "";
+
+# What HTTP error codes shall we retry on ?
+our @http_error_codes = qw(408 500 501 502 503 504);
+
+# Maximum number of times to retry per thread/process on a HTTP error code
+our $http_error_retries = 10;
+
+# Variables to get in %target when using "start"
+our %target_keys = ( 
+	database => 'database()',
+	version => 'version()',
+	user => 'current_user'
+ );
+
+###############################
+############ DATA #############
+
+# Maximum length before the data returned in the HTML is truncated
+# Only used by "download" for the moment
+our $max_returned_length = 65530;
+
+# Where to put the data (sessions, files, database(s) dump)
+our $datapath = "/root/.sqlsus";
+
+# Where to save downloaded files (via the "download" command)
+# such files will be stored in ./$datapath/SERVERNAME/$filespath
+our $filespath = "files";
+
+# Binary mode
+# - hex encode in mysql, and hex decode in sqlsus
+# uses twice as much bandwith as in non binary mode.
+our $binary = 0;
+
+###############################
+######### INBAND MODE #########
+
+# Maximum number of columns to try in the union statement
+our $max_select_cols = 50;
+
+# Columns usable for (inband) injection using union
+# example : 
+# our @columns = qw(0 0 1 0 1);
+# 5 columns for union, 3rd and 5th can be used to see the result of the query
+# The first "1" will be used as the injection spot.
+#
+# Note that actual values will be used (0 or 1) (except the 1 replaced as the injection spot) in the UNION select query, which might not be what you want.
+# You can change the entries (but the "1" you want to use) to whatever value suits you
+# Unless this variable is set, sqlsus will auto-detect the suitable number of columns to be used for injection.
+our @columns = qw();
+
+# How to union
+our $union_select = "UNION ALL SELECT BINARY";
+
+###############################
+######### BLIND MODE ##########
+
+# Chars to brute force if no regex matched
+our $default_range = join (',', (32..126));
+
+# Regular expressions to test against each item retrieved on a blind injection
+# and the corresponding ASCII values.
+# NOTE: 
+# - the values MUST be sorted.
+# - the regexs will be tried in order.
+our @regex_rlike = (
+	# num
+	"^[0-9]+\$", join (',',(48..57)),
+	# lower alpha
+	"^[a-z_. @]+\$", join (',',(32,46,64,95,97..122)),
+	# lower hex
+	"^[a-f0-9]+\$", join (',',(48..57,97..102)),
+	# upper hex
+	"^[A-F0-9]+\$", join (',',(48..57,65..70)),
+	# upper alpha
+	"^[A-Z_. @]+\$", join (',',(32,46,64,65..90,95)),
+	# mixed alpha
+	"^[A-Za-z_. @]+\$", join (',',(32,46,64,65..90,95,97..122)),
+	# alnum
+	"^[a-z0-9._@]+\$", join (',',(46,48..57,64,95,97..122)),
+	# datetime
+	"^[0-9 [.hyphen-minus.]:]+\$", join (',',(32,45,48..57,58)),
+	# mixed alnum + stuff
+	"^[A-Za-z0-9._78/ [.hyphen-minus.][.apostrophe.][.quotation-mark.]%]+\$", join (',',(32,34,37,39,43,45,46,47,48..57,64,65..90,95,97..122))
+);
+
+# Max length above which an item won't be bruteforced
+# Set it high enough if you intend to download files
+our $blind_max_length = 4096;
+
+
+###############################
+########## TAKEOVER ###########
+
+# Document root on the web server
+our $document_root = "/var/www/";
+
+# List of (relative to document root path) directories to try to upload backdoor to
+# leave empty for auto detection by crawling the web server
+# ex : our @upload_directories = ("/upload");
+our @upload_directories = ();
+
+# Maximum depth to look at when crawling the web server for directories
+our $crawler_depth = 3;
+
+# URL of the uploader script, if already uploaded
+our $uploader = "";
+
+# What remote filename to use when uploading the tiny uploader
+our $uploader_name = ".u.php";
+
+# URL of the backdoor, if already uploaded
+our $backdoor = "";
+
+# What remote filename to use when uploading the backdoor
+our $backdoor_name = ".b.php";
+
+
+###############################
+########### BRUTE #############
+
+# Dynamic string to use for column/table names bruteforcing
+# it will be "magically" (perl speaking) incremented and prefix with $table_prefix when applicable.
+our $brute_start_string = "aaa";
+
+# String to begin the table/column name with
+# ex : our $start_string = "cms_";
+our $table_prefix = "";
+
+# For each table name, also try an uppercase version for the first char only
+our $uc_first = 1;
+
+# For each table name, also try an uppercase version
+our $uc_all = 0;
+
+# Tables dictionnary
+our @brute_tables_dict = qw(login logins user users group groups perm permissions perms admin admins administrators staff customer customers client clients config configuration member members name names password passwords);
+
+# Columns dictionnary
+our @brute_columns_dict = qw(id admin login name user username email emailaddress mail e_mail tel phone number telephone address adress street pw pwd pass password);
--- a/net-analyzer/sqlsus/sqlsus-0.5_rc1.ebuild
+++ b/net-analyzer/sqlsus/sqlsus-0.5_rc1.ebuild
@ -0,0 +1,47 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=3
+
+DESCRIPTION="MySQL injection and takeover tool"
+HOMEPAGE="http://sqlsus.sourceforge.net"
+SRC_URI="mirror://sourceforge/${PN}/${P/_/}.tgz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+# libdbd-sqlite3-perl
+
+RDEPEND="dev-lang/perl
+	dev-perl/libwww-perl
+	dev-perl/WWW-Mechanize
+	dev-perl/Term-ReadLine-Gnu"
+
+src_prepare() {
+	cd sqlsus-0.5rc1
+
+	sed -i -e 's:use lib '\''lib'\'':use lib "/usr/share/sqlsus/lib":' \
+		 sqlsus || die
+}
+
+src_compile() {
+	einfo "nothing to compile"
+	true
+}
+
+src_install() {
+	cd sqlsus-0.5rc1
+
+	insinto /etc/sqlsus
+	doins ${FILESDIR}/sqlsus.conf || die "config install failed"
+
+	dobin sqlsus || die "install failed"
+
+	dodir /usr/share/sqlsus
+	insinto /usr/share/sqlsus
+	doins -r lib || die
+
+	dodoc README CHANGELOG || die
+}