From 220366b6e82669ddda248c4fe838ce80651e88c6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 31 Mar 2011 16:56:26 +0000 Subject: [PATCH] minor update (ip addresses will not be confused any more for crypt_generic hashes) --- lib/core/settings.py | 3 +++ lib/utils/hash.py | 3 +++ 2 files changed, 6 insertions(+) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2d8072ae7..e6a184211 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -230,6 +230,9 @@ META_REFRESH_REGEX = r']+content="?[^">]+url=(?P # Regular expression used for parsing empty fields in tested form data EMPTY_FORM_FIELDS_REGEX = r'(?P[^=]+=(&|\Z))' +# Regular expression for general IP address matching +GENERAL_IP_ADDRESS_REGEX = r'\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z' + # Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf COMMON_PASSWORD_SUFFIXES = ["1", "123", "2", "12", "3", "13", "7", "11", "5", "22", "23", "01", "4", "07", "21", "14", "10", "06", "08", "8", "15", "69", "16", "6", "18"] diff --git a/lib/utils/hash.py b/lib/utils/hash.py index bae9335f4..46dde0fae 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -42,6 +42,7 @@ from lib.core.enums import HASH from lib.core.exception import sqlmapUserQuitException from lib.core.settings import COMMON_PASSWORD_SUFFIXES from lib.core.settings import DUMMY_USER_PREFIX +from lib.core.settings import GENERAL_IP_ADDRESS_REGEX from lib.core.settings import HASH_MOD_ITEM_DISPLAY from lib.core.settings import IS_WIN from lib.core.settings import LIST_EMAIL @@ -301,6 +302,8 @@ def hashRecognition(value): continue elif Backend.getIdentifiedDbms() == DBMS.MYSQL and regex == HASH.ORACLE_OLD: continue + elif regex == HASH.CRYPT_GENERIC and getCompiledRegex(GENERAL_IP_ADDRESS_REGEX).match(value): + continue elif getCompiledRegex(regex).match(value): retVal = regex break