From 26d0b3b23bca1259996ba7f30b8a327034148c6c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 26 Jul 2025 15:17:55 +0200 Subject: [PATCH] Implements support of old OsCommerce hashing --- data/txt/sha256sums.txt | 6 +++--- lib/core/enums.py | 1 + lib/core/settings.py | 2 +- lib/utils/hash.py | 19 +++++++++++++++++-- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt index e266e4a91..8fd3eb29c 100644 --- a/data/txt/sha256sums.txt +++ b/data/txt/sha256sums.txt @@ -175,7 +175,7 @@ ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024 lib/core/datat d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900 lib/core/defaults.py ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c lib/core/dicts.py c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd lib/core/dump.py -bc8389cf93127dd127cb607ac7726a70d12c41a214b9690c3a81c9c4cefe7219 lib/core/enums.py +8f7923e8bf58c3f9b0d39cf6d2dfef0c31fae5910059c1cc828d3eb9cd32027d lib/core/enums.py 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856 lib/core/exception.py 629c0d06d4f4d093badfc8d1de49432d058f66f3223b08dded012eaf05719de2 lib/core/gui.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/core/__init__.py @@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py -4d8d0b6d72f4ca1d9a7f128b026f34ea395a74b28257d517436744031fde30cf lib/core/settings.py +cf6b58d256247227e0d833b4c8a27229124594ac7a9e921123891276423da61e lib/core/settings.py 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py @@ -248,7 +248,7 @@ af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16 lib/utils/brut 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437 lib/utils/getch.py e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636 lib/utils/har.py 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d lib/utils/hashdb.py -acf5b98e409f1d1de8f104b994f97b7ad57768e5651898aa6754102563a25809 lib/utils/hash.py +d1b4cea5658c0936e2003f01fbf7a9e6f6d6cd8503815cb2c358ed0c0e2f147f lib/utils/hash.py ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543 lib/utils/httpd.py 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/utils/__init__.py f1d84b1b99ce64c1ccb64aaa35f5231cf094b3dac739f29f76843f23ee10b990 lib/utils/pivotdumptable.py diff --git a/lib/core/enums.py b/lib/core/enums.py index 437f6849f..e1013594e 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -192,6 +192,7 @@ class HASH(object): APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z' VBULLETIN = r'\A[0-9a-fA-F]{32}:.{30}\Z' VBULLETIN_OLD = r'\A[0-9a-fA-F]{32}:.{3}\Z' + OSCOMMERCE_OLD = r'\A[0-9a-fA-F]{32}:.{2}\Z' SSHA = r'\A\{SSHA\}[a-zA-Z0-9+/]+={0,2}\Z' SSHA256 = r'\A\{SSHA256\}[a-zA-Z0-9+/]+={0,2}\Z' SSHA512 = r'\A\{SSHA512\}[a-zA-Z0-9+/]+={0,2}\Z' diff --git a/lib/core/settings.py b/lib/core/settings.py index 93dec83c6..1438ddab5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.9.7.13" +VERSION = "1.9.7.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 9924d409c..458c17c7a 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -478,6 +478,16 @@ def vbulletin_passwd(password, salt, **kwargs): return "%s:%s" % (md5(binascii.hexlify(md5(getBytes(password)).digest()) + getBytes(salt)).hexdigest(), salt) +def oscommerce_old_passwd(password, salt, **kwargs): + """ + Reference: http://ryanuber.com/09-24-2010/os-commerce-password-hashing.html + + >>> oscommerce_old_passwd(password='testpass', salt='6b') + '16d39816e4545b3179f86f2d2d549af4:6b' + """ + + return "%s:%s" % (md5(getBytes(salt) + getBytes(password)).hexdigest(), salt) + def phpass_passwd(password, salt, count, prefix, **kwargs): """ Reference(s): @@ -570,6 +580,7 @@ __functions__ = { HASH.APACHE_SHA1: apache_sha1_passwd, HASH.VBULLETIN: vbulletin_passwd, HASH.VBULLETIN_OLD: vbulletin_passwd, + HASH.OSCOMMERCE_OLD: oscommerce_old_passwd, HASH.SSHA: ssha_passwd, HASH.SSHA256: ssha256_passwd, HASH.SSHA512: ssha512_passwd, @@ -1055,7 +1066,7 @@ def dictionaryAttack(attack_dict): item = [(user, hash_), {"salt": hash_[0:2]}] elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT): item = [(user, hash_), {"salt": hash_.split('$')[2], "magic": "$%s$" % hash_.split('$')[1]}] - elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD): + elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD, HASH.OSCOMMERCE_OLD): item = [(user, hash_), {"salt": hash_.split(':')[-1]}] elif hash_regex in (HASH.DJANGO_MD5, HASH.DJANGO_SHA1): item = [(user, hash_), {"salt": hash_.split('$')[1]}] @@ -1302,8 +1313,12 @@ def crackHashFile(hashFile): i = 0 attack_dict = {} + check = None for line in getFileItems(conf.hashFile): - if ':' in line: + if check is None and not attack_dict and ':' in line: + check = any(re.search(_, line) for _ in getPublicTypeMembers(HASH, True)) + + if ':' in line and check is False: user, hash_ = line.split(':', 1) attack_dict[user] = [hash_] else: