From 01d5da18e3ffe547694c337b5a0e0d34061d908f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 17:38:47 +0100 Subject: [PATCH] Adding experimental option --crack --- lib/controller/controller.py | 4 ++++ lib/core/common.py | 16 ++++++++++------ lib/core/settings.py | 2 +- lib/parse/cmdline.py | 6 +++++- lib/utils/hash.py | 28 +++++++++++++++++++++++----- txt/checksum.md5 | 10 +++++----- 6 files changed, 48 insertions(+), 18 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 864ea91c9..cc9646079 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -71,6 +71,7 @@ from lib.core.settings import REFERER_ALIASES from lib.core.settings import USER_AGENT_ALIASES from lib.core.target import initTargetEnv from lib.core.target import setupTargetEnv +from lib.utils.hash import crackHashFile def _selectInjection(): """ @@ -268,6 +269,9 @@ def start(): check if they are dynamic and SQL injection affected """ + if conf.hashFile: + crackHashFile(conf.hashFile) + if conf.direct: initTargetEnv() setupTargetEnv() diff --git a/lib/core/common.py b/lib/core/common.py index 669288576..d0fd775b8 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4343,19 +4343,23 @@ def hashDBWrite(key, value, serialize=False): Helper function for writing session data to HashDB """ - _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) - conf.hashDB.write(_, value, serialize) + if conf.hashDB: + _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) + conf.hashDB.write(_, value, serialize) def hashDBRetrieve(key, unserialize=False, checkConf=False): """ Helper function for restoring session data from HashDB """ - _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) - retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None + retVal = None - if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): - retVal = None + if conf.hashDB: + _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) + retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None + + if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): + retVal = None return retVal diff --git a/lib/core/settings.py b/lib/core/settings.py index 70f62b8b7..ab5adcf73 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.25" +VERSION = "1.2.12.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 2c867b88e..9cc4d847c 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -668,6 +668,10 @@ def cmdLineParser(argv=None): help="Simple wizard interface for beginner users") # Hidden and/or experimental options + parser.add_option("--crack", dest="hashFile", + help=SUPPRESS_HELP) + #help="Load and crack hashes from a file") + parser.add_option("--dummy", dest="dummy", action="store_true", help=SUPPRESS_HELP) @@ -884,7 +888,7 @@ def cmdLineParser(argv=None): if args.dummy: args.url = args.url or DUMMY_URL - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)): + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers, args.hashFile)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). " errMsg += "Use -h for basic and -hh for advanced help\n" parser.error(errMsg) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index e6381d58a..39e9b2ea1 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -1078,7 +1078,8 @@ def dictionaryAttack(attack_dict): gc.enable() if retVal: - conf.hashDB.beginTransaction() + if conf.hashDB: + conf.hashDB.beginTransaction() while not retVal.empty(): user, hash_, word = item = retVal.get(block=False) @@ -1086,7 +1087,8 @@ def dictionaryAttack(attack_dict): hashDBWrite(hash_, word) results.append(item) - conf.hashDB.endTransaction() + if conf.hashDB: + conf.hashDB.endTransaction() clearConsoleLine() @@ -1171,15 +1173,17 @@ def dictionaryAttack(attack_dict): if _multiprocessing: gc.enable() - if retVal: - conf.hashDB.beginTransaction() + if retVal and conf.hashDB: + if conf.hashDB: + conf.hashDB.beginTransaction() while not retVal.empty(): user, hash_, word = item = retVal.get(block=False) hashDBWrite(hash_, word) results.append(item) - conf.hashDB.endTransaction() + if conf.hashDB: + conf.hashDB.endTransaction() clearConsoleLine() @@ -1194,3 +1198,17 @@ def dictionaryAttack(attack_dict): logger.warn(warnMsg) return results + +def crackHashFile(hashFile): + i = 0 + attack_dict = {} + + for line in getFileItems(conf.hashFile): + if ':' in line: + user, hash_ = line.split(':', 1) + attack_dict[user] = [hash_] + else: + attack_dict["%s%d" % (DUMMY_USER_PREFIX, i)] = [line] + i += 1 + + dictionaryAttack(attack_dict) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b253cf02f..f96d3655f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,12 +24,12 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py -ad968ee04e93f6f850d6b7e5ac0073c5 lib/controller/controller.py +ae444b08253e10bc4553f011d6100b28 lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e62309b22a59e60b270e62586f169441 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -a78c563bbaeebd958b25303d83dfe3f2 lib/core/common.py +ae4bf844c42f9a36ebbe8444e89f7041 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3805f9f360e47798a3e6d4da977c83eb lib/core/settings.py +758c731f879a5989288d8809a8d54567 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -60,7 +60,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -30d7cbada42154dcbb17f4ca969d812a lib/parse/cmdline.py +cfd7938668213fef65a7570997b78403 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -108,7 +108,7 @@ f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 1205648d55649accafae2cc77d647aa0 lib/utils/hashdb.py -4b50c02e803c874c1d03873fd29d63ee lib/utils/hash.py +eb2aa3fa9ebdf4cb6ac3e005f7df1e9b lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 527409077a094b63c88f3291138b1c81 lib/utils/pivotdumptable.py