mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 13:14:13 +03:00
Merge branch 'master' of github.com:sqlmapproject/sqlmap
This commit is contained in:
commit
3b88932dc0
|
@ -107,6 +107,7 @@ from lib.core.settings import ML
|
|||
from lib.core.settings import NULL
|
||||
from lib.core.settings import PARAMETER_AMP_MARKER
|
||||
from lib.core.settings import PARAMETER_SEMICOLON_MARKER
|
||||
from lib.core.settings import PARTIAL_HEX_VALUE_MARKER
|
||||
from lib.core.settings import PARTIAL_VALUE_MARKER
|
||||
from lib.core.settings import PAYLOAD_DELIMITER
|
||||
from lib.core.settings import PLATFORM
|
||||
|
@ -3326,10 +3327,10 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False):
|
|||
"""
|
||||
|
||||
_ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE)
|
||||
_ = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any([conf.flushSession, conf.freshQueries])) else None
|
||||
if not kb.inferenceMode and not kb.fileReadMode and _ and PARTIAL_VALUE_MARKER in _:
|
||||
_ = None
|
||||
return _
|
||||
retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None
|
||||
if not kb.inferenceMode and not kb.fileReadMode and any(_ in (retVal or "") for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):
|
||||
retVal = None
|
||||
return retVal
|
||||
|
||||
def resetCookieJar(cookieJar):
|
||||
"""
|
||||
|
|
|
@ -142,7 +142,8 @@ def _oneShotErrorUse(expression, field=None):
|
|||
retVal = output
|
||||
break
|
||||
except:
|
||||
hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER))
|
||||
if retVal is not None:
|
||||
hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER))
|
||||
raise
|
||||
|
||||
retVal = decodeHexValue(retVal) if conf.hexConvert else retVal
|
||||
|
@ -152,7 +153,8 @@ def _oneShotErrorUse(expression, field=None):
|
|||
|
||||
retVal = _errorReplaceChars(retVal)
|
||||
|
||||
hashDBWrite(expression, retVal)
|
||||
if retVal is not None:
|
||||
hashDBWrite(expression, retVal)
|
||||
|
||||
else:
|
||||
_ = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
|
||||
|
|
|
@ -334,12 +334,17 @@ def attackCachedUsersPasswords():
|
|||
if kb.data.cachedUsersPasswords:
|
||||
results = dictionaryAttack(kb.data.cachedUsersPasswords)
|
||||
|
||||
lut = {}
|
||||
for (_, hash_, password) in results:
|
||||
for user in kb.data.cachedUsersPasswords.keys():
|
||||
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
|
||||
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\
|
||||
and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower():
|
||||
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
|
||||
lut[hash_.lower()] = password
|
||||
|
||||
for user in kb.data.cachedUsersPasswords.keys():
|
||||
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
|
||||
_ = kb.data.cachedUsersPasswords[user][i]
|
||||
if _:
|
||||
hash_ = _.split()[0].lower()
|
||||
if hash_ in lut and "clear-text password" not in _:
|
||||
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[hash_])
|
||||
|
||||
def attackDumpedTable():
|
||||
if kb.data.dumpedTable:
|
||||
|
|
Loading…
Reference in New Issue
Block a user