sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-19 21:10:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Automatically detecting RAW password hashes in table dumps

Browse Source
This commit is contained in:
Miroslav Stampar 2019-05-31 11:57:32 +02:00
parent 9b6d30da0d
commit 42ef5618c3
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.5.157" VERSION = "1.3.5.158"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -639,6 +639,9 @@ SLOW_ORDER_COUNT_THRESHOLD = 10000
# Give up on hash recognition if nothing was found in first given number of rows # Give up on hash recognition if nothing was found in first given number of rows
HASH_RECOGNITION_QUIT_THRESHOLD = 10000 HASH_RECOGNITION_QUIT_THRESHOLD = 10000
# Regular expression used for automatic hex conversion and hash cracking of (RAW) binary column values
HASH_BINARY_COLUMNS_REGEX = r"(?i)pass|psw|hash"
# Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce # Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce
MAX_SINGLE_URL_REDIRECTIONS = 4 MAX_SINGLE_URL_REDIRECTIONS = 4

17
lib/utils/hash.py
View File

@ -82,9 +82,11 @@ from lib.core.settings import COMMON_PASSWORD_SUFFIXES
from lib.core.settings import COMMON_USER_COLUMNS from lib.core.settings import COMMON_USER_COLUMNS
from lib.core.settings import DEV_EMAIL_ADDRESS from lib.core.settings import DEV_EMAIL_ADDRESS
from lib.core.settings import DUMMY_USER_PREFIX from lib.core.settings import DUMMY_USER_PREFIX
from lib.core.settings import HASH_BINARY_COLUMNS_REGEX
from lib.core.settings import HASH_EMPTY_PASSWORD_MARKER from lib.core.settings import HASH_EMPTY_PASSWORD_MARKER
from lib.core.settings import HASH_MOD_ITEM_DISPLAY from lib.core.settings import HASH_MOD_ITEM_DISPLAY
from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD
from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
from lib.core.settings import ITOA64 from lib.core.settings import ITOA64
from lib.core.settings import NULL from lib.core.settings import NULL
@ -634,12 +636,24 @@ def attackDumpedTable():
col_user = '' col_user = ''
col_passwords = set() col_passwords = set()
attack_dict = {} attack_dict = {}
binary_fields = OrderedSet()
for column in sorted(columns, key=len, reverse=True): for column in sorted(columns, key=len, reverse=True):
if column and column.lower() in COMMON_USER_COLUMNS: if column and column.lower() in COMMON_USER_COLUMNS:
col_user = column col_user = column
break break
for column in columns:
if column != "__infos__":
if all(INVALID_UNICODE_CHAR_FORMAT.split('%')[0] in value for value in table[column]["values"]):
binary_fields.add(column)
if binary_fields:
_ = ','.join(binary_fields)
warnMsg = "potential binary fields detected ('%s'). You are " % _
warnMsg += "advised to rerun table dump with '--fresh-queries --binary-fields=\"%s\"'" % _
logger.warn(warnMsg)
for i in xrange(count): for i in xrange(count):
if not found and i > HASH_RECOGNITION_QUIT_THRESHOLD: if not found and i > HASH_RECOGNITION_QUIT_THRESHOLD:
break break
@ -653,6 +667,9 @@ def attackDumpedTable():
value = table[column]["values"][i] value = table[column]["values"][i]
if column in binary_fields and re.search(HASH_BINARY_COLUMNS_REGEX, column) is not None:
value = encodeHex(value, binary=False)
if hashRecognition(value): if hashRecognition(value):
found = True found = True