sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

improvement of hash cracking routine

Browse Source
This commit is contained in:
Miroslav Stampar 2011-11-01 19:58:22 +00:00
parent 4cafc5f31b
commit 3e3f037f1e
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
lib/utils/hash.py
View File

@ -247,11 +247,12 @@ def attackCachedUsersPasswords():
if kb.data.cachedUsersPasswords: if kb.data.cachedUsersPasswords:
results = dictionaryAttack(kb.data.cachedUsersPasswords) results = dictionaryAttack(kb.data.cachedUsersPasswords)
for (user, hash_, password) in results: for (_, hash_, password) in results:
for i in xrange(len(kb.data.cachedUsersPasswords[user])): for user in kb.data.cachedUsersPasswords.keys():
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\ for i in xrange(len(kb.data.cachedUsersPasswords[user])):
and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower(): if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password) and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower():
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
def attackDumpedTable(): def attackDumpedTable():
if kb.data.dumpedTable: if kb.data.dumpedTable:
@ -304,19 +305,20 @@ def attackDumpedTable():
raise sqlmapUserQuitException raise sqlmapUserQuitException
results = dictionaryAttack(attack_dict) results = dictionaryAttack(attack_dict)
lut = dict()
for (_, hash_, password) in results: for (_, hash_, password) in results:
if not hash_: if hash_:
continue lut[hash_.lower()] = password
for i in xrange(count): for i in xrange(count):
for column in columns: for column in columns:
if not (column == colUser or column == '__infos__' or len(table[column]['values']) <= i): if not (column == colUser or column == '__infos__' or len(table[column]['values']) <= i):
value = table[column]['values'][i] value = table[column]['values'][i]
if value and value.lower() == hash_.lower(): if value and value.lower() in lut:
table[column]['values'][i] += " (%s)" % password table[column]['values'][i] += " (%s)" % lut[value.lower()]
table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i])) table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i]))
def hashRecognition(value): def hashRecognition(value):
retVal = None retVal = None
@ -459,6 +461,7 @@ def dictionaryAttack(attack_dict):
suffix_list = [""] suffix_list = [""]
hash_regexes = [] hash_regexes = []
results = [] results = []
resumes = []
processException = False processException = False
for (_, hashes) in attack_dict.items(): for (_, hashes) in attack_dict.items():
@ -499,8 +502,7 @@ def dictionaryAttack(attack_dict):
elif hash_regex in (HASH.CRYPT_GENERIC): elif hash_regex in (HASH.CRYPT_GENERIC):
item = [(user, hash_), {'salt': hash_[0:2]}] item = [(user, hash_), {'salt': hash_[0:2]}]
key = hash(repr(item)) if item and hash_ not in keys:
if item and key not in keys:
resumed = conf.hashDB.retrieve(hash_) resumed = conf.hashDB.retrieve(hash_)
if not resumed: if not resumed:
attack_info.append(item) attack_info.append(item)
@ -509,8 +511,8 @@ def dictionaryAttack(attack_dict):
if user and not user.startswith(DUMMY_USER_PREFIX): if user and not user.startswith(DUMMY_USER_PREFIX):
infoMsg += " for user '%s'" % user infoMsg += " for user '%s'" % user
logger.info(infoMsg) logger.info(infoMsg)
results.append((user, hash_, resumed)) resumes.append((user, hash_, resumed))
keys.add(key) keys.add(hash_)
if not attack_info: if not attack_info:
continue continue
@ -706,6 +708,8 @@ def dictionaryAttack(attack_dict):
clearConsoleLine() clearConsoleLine()
results.extend(resumes)
if len(hash_regexes) == 0: if len(hash_regexes) == 0:
warnMsg = "unknown hash format. " warnMsg = "unknown hash format. "
warnMsg += "Please report by e-mail to %s" % ML warnMsg += "Please report by e-mail to %s" % ML