sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-04 11:53:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sqlmapproject/sqlmap

Browse Source
This commit is contained in:
Bernardo Damele 2013-02-04 23:31:51 +00:00
commit 3b88932dc0
3 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/core/common.py
View File

@ -107,6 +107,7 @@ from lib.core.settings import ML
from lib.core.settings import NULL from lib.core.settings import NULL
from lib.core.settings import PARAMETER_AMP_MARKER from lib.core.settings import PARAMETER_AMP_MARKER
from lib.core.settings import PARAMETER_SEMICOLON_MARKER from lib.core.settings import PARAMETER_SEMICOLON_MARKER
from lib.core.settings import PARTIAL_HEX_VALUE_MARKER
from lib.core.settings import PARTIAL_VALUE_MARKER from lib.core.settings import PARTIAL_VALUE_MARKER
from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PAYLOAD_DELIMITER
from lib.core.settings import PLATFORM from lib.core.settings import PLATFORM
@ -3326,10 +3327,10 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False):
""" """
_ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE) _ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE)
_ = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any([conf.flushSession, conf.freshQueries])) else None retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None
if not kb.inferenceMode and not kb.fileReadMode and _ and PARTIAL_VALUE_MARKER in _: if not kb.inferenceMode and not kb.fileReadMode and any(_ in (retVal or "") for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):
_ = None retVal = None
return _ return retVal
def resetCookieJar(cookieJar): def resetCookieJar(cookieJar):
""" """

2
lib/techniques/error/use.py
View File

@ -142,6 +142,7 @@ def _oneShotErrorUse(expression, field=None):
retVal = output retVal = output
break break
except: except:
if retVal is not None:
hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER)) hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER))
raise raise
@ -152,6 +153,7 @@ def _oneShotErrorUse(expression, field=None):
retVal = _errorReplaceChars(retVal) retVal = _errorReplaceChars(retVal)
if retVal is not None:
hashDBWrite(expression, retVal) hashDBWrite(expression, retVal)
else: else:

11
lib/utils/hash.py
View File

@ -334,12 +334,17 @@ def attackCachedUsersPasswords():
if kb.data.cachedUsersPasswords: if kb.data.cachedUsersPasswords:
results = dictionaryAttack(kb.data.cachedUsersPasswords) results = dictionaryAttack(kb.data.cachedUsersPasswords)
lut = {}
for (_, hash_, password) in results: for (_, hash_, password) in results:
lut[hash_.lower()] = password
for user in kb.data.cachedUsersPasswords.keys(): for user in kb.data.cachedUsersPasswords.keys():
for i in xrange(len(kb.data.cachedUsersPasswords[user])): for i in xrange(len(kb.data.cachedUsersPasswords[user])):
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\ _ = kb.data.cachedUsersPasswords[user][i]
and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower(): if _:
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password) hash_ = _.split()[0].lower()
if hash_ in lut and "clear-text password" not in _:
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[hash_])
def attackDumpedTable(): def attackDumpedTable():
if kb.data.dumpedTable: if kb.data.dumpedTable: