diff --git a/lib/core/common.py b/lib/core/common.py index 8de427906..097b7c864 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -107,6 +107,7 @@ from lib.core.settings import ML from lib.core.settings import NULL from lib.core.settings import PARAMETER_AMP_MARKER from lib.core.settings import PARAMETER_SEMICOLON_MARKER +from lib.core.settings import PARTIAL_HEX_VALUE_MARKER from lib.core.settings import PARTIAL_VALUE_MARKER from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PLATFORM @@ -3326,10 +3327,10 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False): """ _ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE) - _ = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any([conf.flushSession, conf.freshQueries])) else None - if not kb.inferenceMode and not kb.fileReadMode and _ and PARTIAL_VALUE_MARKER in _: - _ = None - return _ + retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None + if not kb.inferenceMode and not kb.fileReadMode and any(_ in (retVal or "") for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): + retVal = None + return retVal def resetCookieJar(cookieJar): """ diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 9440024da..d8afb6627 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -142,7 +142,8 @@ def _oneShotErrorUse(expression, field=None): retVal = output break except: - hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER)) + if retVal is not None: + hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER)) raise retVal = decodeHexValue(retVal) if conf.hexConvert else retVal @@ -152,7 +153,8 @@ def _oneShotErrorUse(expression, field=None): retVal = _errorReplaceChars(retVal) - hashDBWrite(expression, retVal) + if retVal is not None: + hashDBWrite(expression, retVal) else: _ = "%s(?P.*?)%s" % (kb.chars.start, kb.chars.stop) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 554cdd143..a3927235b 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -334,12 +334,17 @@ def attackCachedUsersPasswords(): if kb.data.cachedUsersPasswords: results = dictionaryAttack(kb.data.cachedUsersPasswords) + lut = {} for (_, hash_, password) in results: - for user in kb.data.cachedUsersPasswords.keys(): - for i in xrange(len(kb.data.cachedUsersPasswords[user])): - if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\ - and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower(): - kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password) + lut[hash_.lower()] = password + + for user in kb.data.cachedUsersPasswords.keys(): + for i in xrange(len(kb.data.cachedUsersPasswords[user])): + _ = kb.data.cachedUsersPasswords[user][i] + if _: + hash_ = _.split()[0].lower() + if hash_ in lut and "clear-text password" not in _: + kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[hash_]) def attackDumpedTable(): if kb.data.dumpedTable: