Bernardo Damele A. G.

Report generation

6

Add support to generate a report, at least in XML/XSLT format.

Implement out-of-band for data fetching

2

Recently we implemented DNS for data fetching. The objective is to implement more out-of-band techniques for data fetching: - HTTP requests (Oracle UTL_HTTP) - openrowset (to replicate dbms remotely on...

File and operating system takeover support for Oracle

8

Add support to takeover the file system when the back-end DBMS is Oracle. References: - http://delicious.com/inquis/oracle

Support to identify linked/cluster DBMS servers when possible

4

Identify linked/cluster DBMS servers when possible (e.g. MSSQL)

Improve IDS/IPS evasion support

1

- Add more tamper scripts (e.g. ability to test for addslahes bypasses using big5 or GBK characters). - Suggest tamper scripts in due course following fingerprint of technology, back-end DBMS,...

Enumerate binary/blob fields data

23

Enumerate binary fields data as in images for instance Possible references: - http://stackoverflow.com/questions/948174/how-do-i-convert-from-blob-to-text-in-mysql

Extend --live-tests to all DBMSes and switches

2

Related to issue #311

Adapt dbms modules/methods/xml queries file for usage with different versions of the dbms. For instance, kb.dbmsVersion is already used within MSSQL to determine how to re-enable the xp_cmdshell procedure. This...

Support to run a query as another DB user

4

When stacked queries is supported use OPENROWSET (MSSQL) and dblink() (PostgreSQL) to run a statement as a different user (e.g. higher privileged user for instance after a password cracking attack)....