sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-11 03:03:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

important update for dictionary attack

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-15 15:56:11 +00:00
parent e17ac5fdca
commit 3873d204bb
2 changed files with 78 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/settings.py
View File

@ -175,3 +175,6 @@ ERROR_PARSING_REGEXES = (
) )
META_CHARSET_REGEX = r'<meta http-equiv="Content-Type" content="[^"]*?charset=(?P<result>[^"]+)" />' META_CHARSET_REGEX = r'<meta http-equiv="Content-Type" content="[^"]*?charset=(?P<result>[^"]+)" />'
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
COMMON_PASSWORD_SUFFIXES = ["", "1", "2", "123", "12", "3", "7", "07", "11", "4", "5", "!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]

30
lib/utils/hash.py
View File

@ -34,6 +34,7 @@ from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import HASH from lib.core.enums import HASH
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import sqlmapUserQuitException
from lib.core.settings import COMMON_PASSWORD_SUFFIXES
from lib.core.settings import DUMMY_USER_PREFIX from lib.core.settings import DUMMY_USER_PREFIX
def mysql_passwd(password, uppercase=True): def mysql_passwd(password, uppercase=True):
@ -336,6 +337,13 @@ def dictionaryAttack(attack_dict):
logger.info(infoMsg) logger.info(infoMsg)
kb.wordlist = getFileItems(dictpath, None, False) kb.wordlist = getFileItems(dictpath, None, False)
message = "do you want to use common password suffixes? (slow!) [y/N] "
test = readInput(message, default="N")
suffix_list = [""]
if test[0] in ("y", "Y"):
suffix_list = COMMON_PASSWORD_SUFFIXES
infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name
logger.info(infoMsg) logger.info(infoMsg)
@ -343,14 +351,18 @@ def dictionaryAttack(attack_dict):
((user, _), _) = item ((user, _), _) = item
kb.wordlist.append(getUnicode(user)) kb.wordlist.append(getUnicode(user))
length = len(kb.wordlist) length = len(kb.wordlist) * len(suffix_list)
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC): if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
count = 0 count = 0
for suffix in suffix_list:
for word in kb.wordlist: for word in kb.wordlist:
count += 1 count += 1
if suffix:
word = word + suffix
try: try:
current = __functions__[hash_regex](password = word, uppercase = False) current = __functions__[hash_regex](password = word, uppercase = False)
@ -376,6 +388,9 @@ def dictionaryAttack(attack_dict):
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%') status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
raise
except: except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word) warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net." warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
@ -386,10 +401,19 @@ def dictionaryAttack(attack_dict):
else: else:
for ((user, hash_), kwargs) in attack_info: for ((user, hash_), kwargs) in attack_info:
count = 0 count = 0
found = False
for suffix in suffix_list:
if found:
break
for word in kb.wordlist: for word in kb.wordlist:
current = __functions__[hash_regex](password = word, uppercase = False, **kwargs) current = __functions__[hash_regex](password = word, uppercase = False, **kwargs)
count += 1 count += 1
if suffix:
word = word + suffix
try: try:
if hash_ == current: if hash_ == current:
if regex == HASH.ORACLE_OLD: #only for cosmetic purposes if regex == HASH.ORACLE_OLD: #only for cosmetic purposes
@ -406,12 +430,16 @@ def dictionaryAttack(attack_dict):
dataToStdout(infoMsg, True) dataToStdout(infoMsg, True)
found = True
break break
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD): elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user) status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
raise
except: except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word) warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net." warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."