Adding experimental option --crack

2024-11-22 09:36:35 +03:00 · 2018-12-17 17:38:47 +01:00 · 2018-12-17 17:38:47 +01:00 · 01d5da18e3
commit 01d5da18e3
parent b288bfdbc3
6 changed files with 48 additions and 18 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -71,6 +71,7 @@ from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
 from lib.core.target import setupTargetEnv
+from lib.utils.hash import crackHashFile

 def _selectInjection():
    """
@ -268,6 +269,9 @@ def start():
    check if they are dynamic and SQL injection affected
    """

+    if conf.hashFile:
+        crackHashFile(conf.hashFile)
+
    if conf.direct:
        initTargetEnv()
        setupTargetEnv()
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -4343,6 +4343,7 @@ def hashDBWrite(key, value, serialize=False):
    Helper function for writing session data to HashDB
    """

+    if conf.hashDB:
        _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
        conf.hashDB.write(_, value, serialize)

@ -4351,6 +4352,9 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False):
    Helper function for restoring session data from HashDB
    """

+    retVal = None
+
+    if conf.hashDB:
        _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
        retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.12.25"
+VERSION = "1.2.12.26"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -668,6 +668,10 @@ def cmdLineParser(argv=None):
                                 help="Simple wizard interface for beginner users")

        # Hidden and/or experimental options
+        parser.add_option("--crack", dest="hashFile",
+                          help=SUPPRESS_HELP)
+                          #help="Load and crack hashes from a file")
+
        parser.add_option("--dummy", dest="dummy", action="store_true",
                          help=SUPPRESS_HELP)

@ -884,7 +888,7 @@ def cmdLineParser(argv=None):
        if args.dummy:
            args.url = args.url or DUMMY_URL

-        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)):
+        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers, args.hashFile)):
            errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
            errMsg += "Use -h for basic and -hh for advanced help\n"
            parser.error(errMsg)
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@ -1078,6 +1078,7 @@ def dictionaryAttack(attack_dict):
                        gc.enable()

                    if retVal:
+                        if conf.hashDB:
                            conf.hashDB.beginTransaction()

                        while not retVal.empty():
@ -1086,6 +1087,7 @@ def dictionaryAttack(attack_dict):
                            hashDBWrite(hash_, word)
                            results.append(item)

+                        if conf.hashDB:
                            conf.hashDB.endTransaction()

            clearConsoleLine()
@ -1171,7 +1173,8 @@ def dictionaryAttack(attack_dict):
                        if _multiprocessing:
                            gc.enable()

-                        if retVal:
+                        if retVal and conf.hashDB:
+                            if conf.hashDB:
                                conf.hashDB.beginTransaction()

                            while not retVal.empty():
@ -1179,6 +1182,7 @@ def dictionaryAttack(attack_dict):
                                hashDBWrite(hash_, word)
                                results.append(item)

+                            if conf.hashDB:
                                conf.hashDB.endTransaction()

                clearConsoleLine()
@ -1194,3 +1198,17 @@ def dictionaryAttack(attack_dict):
        logger.warn(warnMsg)

    return results
+
+def crackHashFile(hashFile):
+    i = 0
+    attack_dict = {}
+
+    for line in getFileItems(conf.hashFile):
+        if ':' in line:
+            user, hash_ = line.split(':', 1)
+            attack_dict[user] = [hash_]
+        else:
+            attack_dict["%s%d" % (DUMMY_USER_PREFIX, i)] = [line]
+            i += 1
+
+    dictionaryAttack(attack_dict)
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -24,12 +24,12 @@ b3e60ea4e18a65c48515d04aab28ff68  extra/sqlharvest/sqlharvest.py
 c1bccc94522d3425a372dcd57f78418e  extra/wafdetectify/wafdetectify.py
 3459c562a6abb9b4bdcc36925f751f3e  lib/controller/action.py
 0f0feede9750be810d2b8a7ab159b7b0  lib/controller/checks.py
-ad968ee04e93f6f850d6b7e5ac0073c5  lib/controller/controller.py
+ae444b08253e10bc4553f011d6100b28  lib/controller/controller.py
 988b548f6578adf9cec17afdeee8291c  lib/controller/handler.py
 1e5532ede194ac9c083891c2f02bca93  lib/controller/__init__.py
 e62309b22a59e60b270e62586f169441  lib/core/agent.py
 c347f085bd561adfa26d3a9512e5f3b9  lib/core/bigarray.py
-a78c563bbaeebd958b25303d83dfe3f2  lib/core/common.py
+ae4bf844c42f9a36ebbe8444e89f7041  lib/core/common.py
 0d082da16c388b3445e656e0760fb582  lib/core/convert.py
 9f87391b6a3395f7f50830b391264f27  lib/core/data.py
 72016ea5c994a711a262fd64572a0fcd  lib/core/datatype.py
@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-3805f9f360e47798a3e6d4da977c83eb  lib/core/settings.py
+758c731f879a5989288d8809a8d54567  lib/core/settings.py
 a971ce157d04de96ba6e710d3d38a9a8  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 1581be48127a3a7a9fd703359b6e7567  lib/core/target.py
@ -60,7 +60,7 @@ b35636650cfe721f5cc47fb91737c061  lib/core/update.py
 e772deb63270375e685fa5a7b775c382  lib/core/wordlist.py
 1e5532ede194ac9c083891c2f02bca93  lib/__init__.py
 7620f1f4b8791e13c7184c06b5421754  lib/parse/banner.py
-30d7cbada42154dcbb17f4ca969d812a  lib/parse/cmdline.py
+cfd7938668213fef65a7570997b78403  lib/parse/cmdline.py
 fb2e2f05dde98caeac6ccf3e67192177  lib/parse/configfile.py
 3794ff139869f5ae8e81cfdbe5714f56  lib/parse/handler.py
 6bab53ea9d75bc9bb8169d3e8f3f149f  lib/parse/headers.py
@ -108,7 +108,7 @@ f9867bbfcd6d31916ca73e72e95fd881  lib/utils/deps.py
 f7af65aa47329d021e2b2cc8521b42a4  lib/utils/getch.py
 7af29f61302c8693cd6436d4b69e22d3  lib/utils/har.py
 1205648d55649accafae2cc77d647aa0  lib/utils/hashdb.py
-4b50c02e803c874c1d03873fd29d63ee  lib/utils/hash.py
+eb2aa3fa9ebdf4cb6ac3e005f7df1e9b  lib/utils/hash.py
 011d2dbf589e0faa0deca61a651239cc  lib/utils/htmlentities.py
 1e5532ede194ac9c083891c2f02bca93  lib/utils/__init__.py
 527409077a094b63c88f3291138b1c81  lib/utils/pivotdumptable.py