Merge branch 'master' of github.com:sqlmapproject/sqlmap

lib/core/common.py

@@ -107,6 +107,7 @@ from lib.core.settings import ML
 from lib.core.settings import NULL
 from lib.core.settings import PARAMETER_AMP_MARKER
 from lib.core.settings import PARAMETER_SEMICOLON_MARKER
+from lib.core.settings import PARTIAL_HEX_VALUE_MARKER
 from lib.core.settings import PARTIAL_VALUE_MARKER
 from lib.core.settings import PAYLOAD_DELIMITER
 from lib.core.settings import PLATFORM
@@ -3326,10 +3327,10 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False):
     """
 
     _ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE)
-    _ = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any([conf.flushSession, conf.freshQueries])) else None
+    retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None
-    if not kb.inferenceMode and not kb.fileReadMode and _ and PARTIAL_VALUE_MARKER in _:
+    if not kb.inferenceMode and not kb.fileReadMode and any(_ in (retVal or "") for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):
-        _ = None
+        retVal = None
-    return _
+    return retVal
 
 def resetCookieJar(cookieJar):
     """

lib/techniques/error/use.py

@@ -142,7 +142,8 @@ def _oneShotErrorUse(expression, field=None):
                     retVal = output
                     break
         except:
-            hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER))
+            if retVal is not None:
+                hashDBWrite(expression, "%s%s" % (retVal, PARTIAL_VALUE_MARKER))
             raise
 
         retVal = decodeHexValue(retVal) if conf.hexConvert else retVal
@@ -152,7 +153,8 @@ def _oneShotErrorUse(expression, field=None):
 
         retVal = _errorReplaceChars(retVal)
 
-        hashDBWrite(expression, retVal)
+        if retVal is not None:
+            hashDBWrite(expression, retVal)
 
     else:
         _ = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)

lib/utils/hash.py

@@ -334,12 +334,17 @@ def attackCachedUsersPasswords():
     if kb.data.cachedUsersPasswords:
         results = dictionaryAttack(kb.data.cachedUsersPasswords)
 
+        lut = {}
         for (_, hash_, password) in results:
-            for user in kb.data.cachedUsersPasswords.keys():
+            lut[hash_.lower()] = password
-                for i in xrange(len(kb.data.cachedUsersPasswords[user])):
+
-                    if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\
+        for user in kb.data.cachedUsersPasswords.keys():
-                    and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower():
+            for i in xrange(len(kb.data.cachedUsersPasswords[user])):
-                        kb.data.cachedUsersPasswords[user][i] += "%s    clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
+                _ = kb.data.cachedUsersPasswords[user][i]
+                if _:
+                    hash_ = _.split()[0].lower()
+                    if hash_ in lut and "clear-text password" not in _:
+                        kb.data.cachedUsersPasswords[user][i] += "%s    clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[hash_])
 
 def attackDumpedTable():
     if kb.data.dumpedTable: