sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-11 03:03:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

important update for dictionary attack

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-15 15:56:11 +00:00
parent e17ac5fdca
commit 3873d204bb
2 changed files with 78 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/settings.py
View File

@ -175,3 +175,6 @@ ERROR_PARSING_REGEXES = (
) )
META_CHARSET_REGEX = r'<meta http-equiv="Content-Type" content="[^"]*?charset=(?P<result>[^"]+)" />' META_CHARSET_REGEX = r'<meta http-equiv="Content-Type" content="[^"]*?charset=(?P<result>[^"]+)" />'
# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
COMMON_PASSWORD_SUFFIXES = ["", "1", "2", "123", "12", "3", "7", "07", "11", "4", "5", "!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]

122
lib/utils/hash.py
View File

@ -34,6 +34,7 @@ from lib.core.data import logger
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import HASH from lib.core.enums import HASH
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import sqlmapUserQuitException
from lib.core.settings import COMMON_PASSWORD_SUFFIXES
from lib.core.settings import DUMMY_USER_PREFIX from lib.core.settings import DUMMY_USER_PREFIX
def mysql_passwd(password, uppercase=True): def mysql_passwd(password, uppercase=True):
@ -336,6 +337,13 @@ def dictionaryAttack(attack_dict):
logger.info(infoMsg) logger.info(infoMsg)
kb.wordlist = getFileItems(dictpath, None, False) kb.wordlist = getFileItems(dictpath, None, False)
message = "do you want to use common password suffixes? (slow!) [y/N] "
test = readInput(message, default="N")
suffix_list = [""]
if test[0] in ("y", "Y"):
suffix_list = COMMON_PASSWORD_SUFFIXES
infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name
logger.info(infoMsg) logger.info(infoMsg)
@ -343,79 +351,99 @@ def dictionaryAttack(attack_dict):
((user, _), _) = item ((user, _), _) = item
kb.wordlist.append(getUnicode(user)) kb.wordlist.append(getUnicode(user))
length = len(kb.wordlist) length = len(kb.wordlist) * len(suffix_list)
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC): if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
count = 0 count = 0
for word in kb.wordlist: for suffix in suffix_list:
count += 1 for word in kb.wordlist:
count += 1
try: if suffix:
current = __functions__[hash_regex](password = word, uppercase = False) word = word + suffix
for item in attack_info: try:
((user, hash_), _) = item current = __functions__[hash_regex](password = word, uppercase = False)
if hash_ == current: for item in attack_info:
results.append((user, hash_, word)) ((user, hash_), _) = item
clearConsoleLine()
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word) if hash_ == current:
results.append((user, hash_, word))
clearConsoleLine()
if user and not user.startswith(DUMMY_USER_PREFIX): infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
infoMsg += " for user: '%s'\n" % user
else:
infoMsg += " for hash: '%s'\n" % hash_
dataToStdout(infoMsg, True) if user and not user.startswith(DUMMY_USER_PREFIX):
infoMsg += " for user: '%s'\n" % user
else:
infoMsg += " for hash: '%s'\n" % hash_
attack_info.remove(item) dataToStdout(infoMsg, True)
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD): attack_info.remove(item)
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except: elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
warnMsg = "there was a problem while hashing entry: %s. " % repr(word) status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net." dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
logger.critical(warnMsg)
except KeyboardInterrupt:
raise
except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.critical(warnMsg)
clearConsoleLine() clearConsoleLine()
else: else:
for ((user, hash_), kwargs) in attack_info: for ((user, hash_), kwargs) in attack_info:
count = 0 count = 0
found = False
for word in kb.wordlist: for suffix in suffix_list:
current = __functions__[hash_regex](password = word, uppercase = False, **kwargs) if found:
count += 1 break
try:
if hash_ == current:
if regex == HASH.ORACLE_OLD: #only for cosmetic purposes
word = word.upper()
results.append((user, hash_, word))
clearConsoleLine()
infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word) for word in kb.wordlist:
current = __functions__[hash_regex](password = word, uppercase = False, **kwargs)
count += 1
if user and not user.startswith(DUMMY_USER_PREFIX): if suffix:
infoMsg += " for user: '%s'\n" % user word = word + suffix
else:
infoMsg += " for hash: '%s'\n" % hash_
dataToStdout(infoMsg, True) try:
if hash_ == current:
if regex == HASH.ORACLE_OLD: #only for cosmetic purposes
word = word.upper()
results.append((user, hash_, word))
clearConsoleLine()
break infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD): if user and not user.startswith(DUMMY_USER_PREFIX):
status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user) infoMsg += " for user: '%s'\n" % user
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) else:
infoMsg += " for hash: '%s'\n" % hash_
except: dataToStdout(infoMsg, True)
warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net." found = True
logger.critical(warnMsg) break
elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
raise
except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.critical(warnMsg)
clearConsoleLine() clearConsoleLine()