sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

important update for dictionary attack

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-15 15:56:11 +00:00
parent e17ac5fdca
commit 3873d204bb
2 changed files with 78 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/settings.py
View File

@ -175,3 +175,6 @@ ERROR_PARSING_REGEXES = (
)
META_CHARSET_REGEX = r'<meta http-equiv="Content-Type" content="[^"]*?charset=(?P<result>[^"]+)" />'
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
COMMON_PASSWORD_SUFFIXES = ["", "1", "2", "123", "12", "3", "7", "07", "11", "4", "5", "!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]

122
lib/utils/hash.py
View File

@ -34,6 +34,7 @@ from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import HASH
from lib.core.exception import sqlmapUserQuitException
from lib.core.settings import COMMON_PASSWORD_SUFFIXES
from lib.core.settings import DUMMY_USER_PREFIX
def mysql_passwd(password, uppercase=True):
@ -336,6 +337,13 @@ def dictionaryAttack(attack_dict):
logger.info(infoMsg)
kb.wordlist = getFileItems(dictpath, None, False)
message = "do you want to use common password suffixes? (slow!) [y/N] "
test = readInput(message, default="N")
suffix_list = [""]
if test[0] in ("y", "Y"):
suffix_list = COMMON_PASSWORD_SUFFIXES
infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name
logger.info(infoMsg)
@ -343,79 +351,99 @@ def dictionaryAttack(attack_dict):
((user, _), _) = item
kb.wordlist.append(getUnicode(user))
length = len(kb.wordlist)
length = len(kb.wordlist) * len(suffix_list)
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
count = 0
for word in kb.wordlist:
count += 1
for suffix in suffix_list:
for word in kb.wordlist:
count += 1
try:
current = __functions__[hash_regex](password = word, uppercase = False)
if suffix:
word = word + suffix
for item in attack_info:
((user, hash_), _) = item
try:
current = __functions__[hash_regex](password = word, uppercase = False)
if hash_ == current:
results.append((user, hash_, word))
clearConsoleLine()
for item in attack_info:
((user, hash_), _) = item
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
if hash_ == current:
results.append((user, hash_, word))
clearConsoleLine()
if user and not user.startswith(DUMMY_USER_PREFIX):
infoMsg += " for user: '%s'\n" % user
else:
infoMsg += " for hash: '%s'\n" % hash_
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
dataToStdout(infoMsg, True)
if user and not user.startswith(DUMMY_USER_PREFIX):
infoMsg += " for user: '%s'\n" % user
else:
infoMsg += " for hash: '%s'\n" % hash_
attack_info.remove(item)
dataToStdout(infoMsg, True)
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
attack_info.remove(item)
except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.critical(warnMsg)
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
raise
except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.critical(warnMsg)
clearConsoleLine()
else:
for ((user, hash_), kwargs) in attack_info:
count = 0
found = False
for word in kb.wordlist:
current = __functions__[hash_regex](password = word, uppercase = False, **kwargs)
count += 1
try:
if hash_ == current:
if regex == HASH.ORACLE_OLD: #only for cosmetic purposes
word = word.upper()
results.append((user, hash_, word))
clearConsoleLine()
for suffix in suffix_list:
if found:
break
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
for word in kb.wordlist:
current = __functions__[hash_regex](password = word, uppercase = False, **kwargs)
count += 1
if user and not user.startswith(DUMMY_USER_PREFIX):
infoMsg += " for user: '%s'\n" % user
else:
infoMsg += " for hash: '%s'\n" % hash_
if suffix:
word = word + suffix
dataToStdout(infoMsg, True)
try:
if hash_ == current:
if regex == HASH.ORACLE_OLD: #only for cosmetic purposes
word = word.upper()
results.append((user, hash_, word))
clearConsoleLine()
break
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
if user and not user.startswith(DUMMY_USER_PREFIX):
infoMsg += " for user: '%s'\n" % user
else:
infoMsg += " for hash: '%s'\n" % hash_
except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.critical(warnMsg)
dataToStdout(infoMsg, True)
found = True
break
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
raise
except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.critical(warnMsg)
clearConsoleLine()