sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-25 07:23:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fine tuning raw/binary/blob password hash cases

Browse Source
This commit is contained in:
Miroslav Stampar 2019-06-01 00:31:26 +02:00
parent 9a7d9a6017
commit 2f5a5e5726
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/patch.py
View File

@ -16,6 +16,7 @@ import lib.request.connect
import lib.utils.search import lib.utils.search
import lib.utils.sqlalchemy import lib.utils.sqlalchemy
import thirdparty.ansistrm.ansistrm import thirdparty.ansistrm.ansistrm
import thirdparty.chardet.universaldetector
from lib.request.templates import getPageTemplate from lib.request.templates import getPageTemplate
@ -54,6 +55,9 @@ def dirtyPatches():
_http_client.LineAndFileWrapper._readline = _http_client.LineAndFileWrapper.readline _http_client.LineAndFileWrapper._readline = _http_client.LineAndFileWrapper.readline
_http_client.LineAndFileWrapper.readline = _ _http_client.LineAndFileWrapper.readline = _
# to prevent too much "guessing" in case of binary data retrieval
thirdparty.chardet.universaldetector.MINIMUM_THRESHOLD = 0.90
def resolveCrossReferences(): def resolveCrossReferences():
""" """
Place for cross-reference resolution Place for cross-reference resolution

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.5.160" VERSION = "1.3.5.161"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

6
lib/utils/hash.py
View File

@ -637,6 +637,7 @@ def attackDumpedTable():
col_passwords = set() col_passwords = set()
attack_dict = {} attack_dict = {}
binary_fields = OrderedSet() binary_fields = OrderedSet()
replacements = {}
for column in sorted(columns, key=len, reverse=True): for column in sorted(columns, key=len, reverse=True):
if column and column.lower() in COMMON_USER_COLUMNS: if column and column.lower() in COMMON_USER_COLUMNS:
@ -668,7 +669,9 @@ def attackDumpedTable():
value = table[column]["values"][i] value = table[column]["values"][i]
if column in binary_fields and re.search(HASH_BINARY_COLUMNS_REGEX, column) is not None: if column in binary_fields and re.search(HASH_BINARY_COLUMNS_REGEX, column) is not None:
previous = value
value = encodeHex(getBytes(value), binary=False) value = encodeHex(getBytes(value), binary=False)
replacements[value] = previous
if hashRecognition(value): if hashRecognition(value):
found = True found = True
@ -703,7 +706,8 @@ def attackDumpedTable():
for (_, hash_, password) in results: for (_, hash_, password) in results:
if hash_: if hash_:
lut[hash_.lower()] = password key = hash_ if hash_ not in replacements else replacements[hash_]
lut[key.lower()] = password
debugMsg = "post-processing table dump" debugMsg = "post-processing table dump"
logger.debug(debugMsg) logger.debug(debugMsg)