From 291b491c3eee6bf3ebdcc63bee677b4011dcfd9c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 2 May 2019 17:35:56 +0200
Subject: [PATCH] Minor drei update

---
 lib/core/common.py                 |  2 +-
 lib/core/convert.py                |  4 +-
 lib/core/settings.py               |  2 +-
 lib/utils/hash.py                  | 80 +++++++++++-------------------
 plugins/dbms/h2/syntax.py          |  1 -
 plugins/dbms/hsqldb/syntax.py      |  1 -
 plugins/dbms/mssqlserver/syntax.py |  1 -
 plugins/dbms/oracle/syntax.py      |  1 -
 plugins/dbms/sybase/syntax.py      |  1 -
 9 files changed, 33 insertions(+), 60 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 7a111d803..0a1f620b7 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1758,7 +1758,7 @@ def getFileType(filePath):
     """
 
     try:
-        desc = magic.from_file(filePath) or ""
+        desc = getUnicode(magic.from_file(filePath) or "")
     except:
         return "unknown"
 
diff --git a/lib/core/convert.py b/lib/core/convert.py
index 08fee210c..07a4e660c 100644
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -145,8 +145,8 @@ def utf8decode(value):
     """
     Returns UTF-8 representation of the supplied 8-bit string representation
 
-    >>> utf8decode(b'foobar')
-    u'foobar'
+    >>> utf8decode(b'foobar') == u'foobar'
+    True
     """
 
     retVal = value
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 117dc21b9..7813429bd 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.4"
+VERSION = "1.3.5.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index d39a72506..1c7c49b59 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -269,46 +269,46 @@ def sha1_generic_passwd(password, uppercase=False):
 
 def apache_sha1_passwd(password, **kwargs):
     """
-    >>> apache_sha1_passwd(password='testpass')
-    '{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
+    >>> apache_sha1_passwd(password='testpass') == '{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
+    True
     """
 
     password = getBytes(password)
 
-    return "{SHA}%s" % base64.b64encode(sha1(password).digest())
+    return "{SHA}%s" % getUnicode(base64.b64encode(sha1(password).digest()))
 
 def ssha_passwd(password, salt, **kwargs):
     """
-    >>> ssha_passwd(password='testpass', salt='salt')
-    '{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'
+    >>> ssha_passwd(password='testpass', salt='salt') == '{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'
+    True
     """
 
     password = getBytes(password)
     salt = getBytes(salt)
 
-    return "{SSHA}%s" % base64.b64encode(sha1(password + salt).digest() + salt)
+    return "{SSHA}%s" % getUnicode(base64.b64encode(sha1(password + salt).digest() + salt))
 
 def ssha256_passwd(password, salt, **kwargs):
     """
-    >>> ssha256_passwd(password='testpass', salt='salt')
-    '{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'
+    >>> ssha256_passwd(password='testpass', salt='salt') == '{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'
+    True
     """
 
     password = getBytes(password)
     salt = getBytes(salt)
 
-    return "{SSHA256}%s" % base64.b64encode(sha256(password + salt).digest() + salt)
+    return "{SSHA256}%s" % getUnicode(base64.b64encode(sha256(password + salt).digest() + salt))
 
 def ssha512_passwd(password, salt, **kwargs):
     """
-    >>> ssha512_passwd(password='testpass', salt='salt')
-    '{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='
+    >>> ssha512_passwd(password='testpass', salt='salt') == '{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='
+    True
     """
 
     password = getBytes(password)
     salt = getBytes(salt)
 
-    return "{SSHA512}%s" % base64.b64encode(sha512(password + salt).digest() + salt)
+    return "{SSHA512}%s" % getUnicode(base64.b64encode(sha512(password + salt).digest() + salt))
 
 def sha224_generic_passwd(password, uppercase=False):
     """
@@ -316,9 +316,7 @@ def sha224_generic_passwd(password, uppercase=False):
     '648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f'
     """
 
-    password = getBytes(password)
-
-    retVal = sha224(password).hexdigest()
+    retVal = sha224(getBytes(password)).hexdigest()
 
     return retVal.upper() if uppercase else retVal.lower()
 
@@ -328,9 +326,7 @@ def sha256_generic_passwd(password, uppercase=False):
     '13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
     """
 
-    password = getBytes(password)
-
-    retVal = sha256(password).hexdigest()
+    retVal = sha256(getBytes(password)).hexdigest()
 
     return retVal.upper() if uppercase else retVal.lower()
 
@@ -340,9 +336,7 @@ def sha384_generic_passwd(password, uppercase=False):
     '6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf'
     """
 
-    password = getBytes(password)
-
-    retVal = sha384(password).hexdigest()
+    retVal = sha384(getBytes(password)).hexdigest()
 
     return retVal.upper() if uppercase else retVal.lower()
 
@@ -352,9 +346,7 @@ def sha512_generic_passwd(password, uppercase=False):
     '78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44'
     """
 
-    password = getBytes(password)
-
-    retVal = sha512(password).hexdigest()
+    retVal = sha512(getBytes(password)).hexdigest()
 
     return retVal.upper() if uppercase else retVal.lower()
 
@@ -366,13 +358,10 @@ def crypt_generic_passwd(password, salt, **kwargs):
         http://php.net/manual/en/function.crypt.php
         http://carey.geek.nz/code/python-fcrypt/
 
-    >>> crypt_generic_passwd(password='rasmuslerdorf', salt='rl', uppercase=False)
-    'rl.3StKT.4T8M'
+    >>> crypt_generic_passwd(password='rasmuslerdorf', salt='rl', uppercase=False) == 'rl.3StKT.4T8M'
+    True
     """
 
-    password = getBytes(password)
-    salt = getBytes(salt)
-
     return crypt(password, salt)
 
 def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
@@ -411,15 +400,15 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
     i = len(password)
     while i:
         if i & 1:
-            ctx = ctx + chr(0)  # if ($i & 1) { $ctx->add(pack("C", 0)); }
+            ctx = ctx + b'\x00'  # if ($i & 1) { $ctx->add(pack("C", 0)); }
         else:
-            ctx = ctx + password[0]
+            ctx = ctx + password[0:1]
         i = i >> 1
 
     final = md5(ctx).digest()
 
     for i in xrange(1000):
-        ctx1 = ""
+        ctx1 = b""
 
         if i & 1:
             ctx1 = ctx1 + password
@@ -456,10 +445,7 @@ def joomla_passwd(password, salt, **kwargs):
     'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf'
     """
 
-    password = getBytes(password)
-    salt = getBytes(salt)
-
-    return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
+    return "%s:%s" % (md5(b"%s%s" % (getBytes(password), getBytes(salt))).hexdigest(), salt)
 
 def django_md5_passwd(password, salt, **kwargs):
     """
@@ -469,10 +455,7 @@ def django_md5_passwd(password, salt, **kwargs):
     'md5$salt$972141bcbcb6a0acc96e92309175b3c5'
     """
 
-    password = getBytes(password)
-    salt = getBytes(salt)
-
-    return "md5$%s$%s" % (salt, md5("%s%s" % (salt, password)).hexdigest())
+    return "md5$%s$%s" % (salt, md5(b"%s%s" % (getBytes(salt), getBytes(password))).hexdigest())
 
 def django_sha1_passwd(password, salt, **kwargs):
     """
@@ -482,10 +465,7 @@ def django_sha1_passwd(password, salt, **kwargs):
     'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2'
     """
 
-    password = getBytes(password)
-    salt = getBytes(salt)
-
-    return "sha1$%s$%s" % (salt, sha1("%s%s" % (salt, password)).hexdigest())
+    return "sha1$%s$%s" % (salt, sha1(b"%s%s" % (getBytes(salt), getBytes(password))).hexdigest())
 
 def vbulletin_passwd(password, salt, **kwargs):
     """
@@ -495,10 +475,7 @@ def vbulletin_passwd(password, salt, **kwargs):
     '85c4d8ea77ebef2236fb7e9d24ba9482:salt'
     """
 
-    password = getBytes(password)
-    salt = getBytes(salt)
-
-    return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt)
+    return "%s:%s" % (md5(b"%s%s" % (binascii.hexlify(md5(getBytes(password)).digest()), getBytes(salt))).hexdigest(), salt)
 
 def wordpress_passwd(password, salt, count, prefix, **kwargs):
     """
@@ -515,12 +492,12 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
         i = 0
 
         while i < count:
-            value = ord(input_[i])
+            value = (input_[i] if isinstance(input_[i], int) else ord(input_[i]))
             i += 1
             output = output + ITOA64[value & 0x3f]
 
             if i < count:
-                value = value | (ord(input_[i]) << 8)
+                value = value | ((input_[i] if isinstance(input_[i], int) else ord(input_[i])) << 8)
 
             output = output + ITOA64[(value >> 6) & 0x3f]
 
@@ -529,7 +506,7 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
                 break
 
             if i < count:
-                value = value | (ord(input_[i]) << 16)
+                value = value | ((input_[i] if isinstance(input_[i], int) else ord(input_[i])) << 16)
 
             output = output + ITOA64[(value >> 12) & 0x3f]
 
@@ -542,6 +519,7 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
         return output
 
     password = getBytes(password)
+    salt = getBytes(salt)
 
     cipher = md5(salt)
     cipher.update(password)
diff --git a/plugins/dbms/h2/syntax.py b/plugins/dbms/h2/syntax.py
index c0208c936..f43103946 100644
--- a/plugins/dbms/h2/syntax.py
+++ b/plugins/dbms/h2/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """
 
 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax
 
 class Syntax(GenericSyntax):
diff --git a/plugins/dbms/hsqldb/syntax.py b/plugins/dbms/hsqldb/syntax.py
index c0208c936..f43103946 100644
--- a/plugins/dbms/hsqldb/syntax.py
+++ b/plugins/dbms/hsqldb/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """
 
 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax
 
 class Syntax(GenericSyntax):
diff --git a/plugins/dbms/mssqlserver/syntax.py b/plugins/dbms/mssqlserver/syntax.py
index 847106d82..f7f94b8de 100644
--- a/plugins/dbms/mssqlserver/syntax.py
+++ b/plugins/dbms/mssqlserver/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """
 
 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax
 
 class Syntax(GenericSyntax):
diff --git a/plugins/dbms/oracle/syntax.py b/plugins/dbms/oracle/syntax.py
index 0953a85e8..57a1e39aa 100644
--- a/plugins/dbms/oracle/syntax.py
+++ b/plugins/dbms/oracle/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """
 
 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax
 
 class Syntax(GenericSyntax):
diff --git a/plugins/dbms/sybase/syntax.py b/plugins/dbms/sybase/syntax.py
index 58e8eae80..dc5f7e8d1 100644
--- a/plugins/dbms/sybase/syntax.py
+++ b/plugins/dbms/sybase/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """
 
 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax
 
 class Syntax(GenericSyntax):