mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
cosmetics
This commit is contained in:
Bernardo Damele
parent
97ae7e330f
commit
27628dca42
|
|
@ -196,6 +196,7 @@ __functions__ = {
|
||||||
def attackCachedUsersPasswords():
|
def attackCachedUsersPasswords():
|
||||||
if kb.data.cachedUsersPasswords:
|
if kb.data.cachedUsersPasswords:
|
||||||
results = dictionaryAttack(kb.data.cachedUsersPasswords)
|
results = dictionaryAttack(kb.data.cachedUsersPasswords)
|
||||||
|
|
||||||
for (user, hash_, password) in results:
|
for (user, hash_, password) in results:
|
||||||
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
|
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
|
||||||
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower():
|
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower():
|
||||||
|
|
@ -219,14 +220,17 @@ def attackDumpedTable():
|
||||||
for column in columns:
|
for column in columns:
|
||||||
if column == colUser or column == '__infos__':
|
if column == colUser or column == '__infos__':
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if len(table[column]['values']) <= i:
|
if len(table[column]['values']) <= i:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
value = table[column]['values'][i]
|
value = table[column]['values'][i]
|
||||||
|
|
||||||
if hashRecognition(value):
|
if hashRecognition(value):
|
||||||
if colUser:
|
if colUser:
|
||||||
if table[colUser]['values'][i] not in attack_dict:
|
if table[colUser]['values'][i] not in attack_dict:
|
||||||
attack_dict[table[colUser]['values'][i]] = []
|
attack_dict[table[colUser]['values'][i]] = []
|
||||||
|
|
||||||
attack_dict[table[colUser]['values'][i]].append(value)
|
attack_dict[table[colUser]['values'][i]].append(value)
|
||||||
else:
|
else:
|
||||||
attack_dict['%s%d' % (DUMMY_USER_PREFIX, i)] = [value]
|
attack_dict['%s%d' % (DUMMY_USER_PREFIX, i)] = [value]
|
||||||
|
|
@ -242,6 +246,7 @@ def attackDumpedTable():
|
||||||
raise sqlmapUserQuitException
|
raise sqlmapUserQuitException
|
||||||
|
|
||||||
results = dictionaryAttack(attack_dict)
|
results = dictionaryAttack(attack_dict)
|
||||||
|
|
||||||
for (user, hash_, password) in results:
|
for (user, hash_, password) in results:
|
||||||
for i in range(count):
|
for i in range(count):
|
||||||
for column in columns:
|
for column in columns:
|
||||||
|
|
@ -251,6 +256,7 @@ def attackDumpedTable():
|
||||||
continue
|
continue
|
||||||
|
|
||||||
value = table[column]['values'][i]
|
value = table[column]['values'][i]
|
||||||
|
|
||||||
if value.lower() == hash_.lower():
|
if value.lower() == hash_.lower():
|
||||||
table[column]['values'][i] += " (%s)" % password
|
table[column]['values'][i] += " (%s)" % password
|
||||||
|
|
||||||
|
|
@ -278,8 +284,10 @@ def dictionaryAttack(attack_dict):
|
||||||
for hash_ in hashes:
|
for hash_ in hashes:
|
||||||
if not hash_:
|
if not hash_:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
hash_ = hash_.split()[0]
|
hash_ = hash_.split()[0]
|
||||||
regex = hashRecognition(hash_)
|
regex = hashRecognition(hash_)
|
||||||
|
|
||||||
if regex not in hash_regexes:
|
if regex not in hash_regexes:
|
||||||
hash_regexes.append(regex)
|
hash_regexes.append(regex)
|
||||||
infoMsg = "using hash method: '%s'" % __functions__[regex].func_name
|
infoMsg = "using hash method: '%s'" % __functions__[regex].func_name
|
||||||
|
|
@ -349,10 +357,12 @@ def dictionaryAttack(attack_dict):
|
||||||
clearConsoleLine()
|
clearConsoleLine()
|
||||||
|
|
||||||
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
|
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
|
||||||
|
|
||||||
if user and not user.startswith(DUMMY_USER_PREFIX):
|
if user and not user.startswith(DUMMY_USER_PREFIX):
|
||||||
infoMsg += " for user: '%s'\n" % user
|
infoMsg += " for user: '%s'\n" % user
|
||||||
else:
|
else:
|
||||||
infoMsg += " for hash: '%s'\n" % hash_
|
infoMsg += " for hash: '%s'\n" % hash_
|
||||||
|
|
||||||
dataToStdout(infoMsg, True)
|
dataToStdout(infoMsg, True)
|
||||||
|
|
||||||
attack_info.remove(item)
|
attack_info.remove(item)
|
||||||
|
|
@ -378,10 +388,12 @@ def dictionaryAttack(attack_dict):
|
||||||
clearConsoleLine()
|
clearConsoleLine()
|
||||||
|
|
||||||
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
|
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
|
||||||
|
|
||||||
if user and not user.startswith(DUMMY_USER_PREFIX):
|
if user and not user.startswith(DUMMY_USER_PREFIX):
|
||||||
infoMsg += " for user: '%s'\n" % user
|
infoMsg += " for user: '%s'\n" % user
|
||||||
else:
|
else:
|
||||||
infoMsg += " for hash: '%s'\n" % hash_
|
infoMsg += " for hash: '%s'\n" % hash_
|
||||||
|
|
||||||
dataToStdout(infoMsg, True)
|
dataToStdout(infoMsg, True)
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user