mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	Automatically detecting RAW password hashes in table dumps
This commit is contained in:
		
							parent
							
								
									9b6d30da0d
								
							
						
					
					
						commit
						42ef5618c3
					
				|  | @ -18,7 +18,7 @@ from lib.core.enums import OS | |||
| from thirdparty.six import unichr as _unichr | ||||
| 
 | ||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||
| VERSION = "1.3.5.157" | ||||
| VERSION = "1.3.5.158" | ||||
| TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | ||||
| TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | ||||
| VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | ||||
|  | @ -639,6 +639,9 @@ SLOW_ORDER_COUNT_THRESHOLD = 10000 | |||
| # Give up on hash recognition if nothing was found in first given number of rows | ||||
| HASH_RECOGNITION_QUIT_THRESHOLD = 10000 | ||||
| 
 | ||||
| # Regular expression used for automatic hex conversion and hash cracking of (RAW) binary column values | ||||
| HASH_BINARY_COLUMNS_REGEX = r"(?i)pass|psw|hash" | ||||
| 
 | ||||
| # Maximum number of redirections to any single URL - this is needed because of the state that cookies introduce | ||||
| MAX_SINGLE_URL_REDIRECTIONS = 4 | ||||
| 
 | ||||
|  |  | |||
|  | @ -82,9 +82,11 @@ from lib.core.settings import COMMON_PASSWORD_SUFFIXES | |||
| from lib.core.settings import COMMON_USER_COLUMNS | ||||
| from lib.core.settings import DEV_EMAIL_ADDRESS | ||||
| from lib.core.settings import DUMMY_USER_PREFIX | ||||
| from lib.core.settings import HASH_BINARY_COLUMNS_REGEX | ||||
| from lib.core.settings import HASH_EMPTY_PASSWORD_MARKER | ||||
| from lib.core.settings import HASH_MOD_ITEM_DISPLAY | ||||
| from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD | ||||
| from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT | ||||
| from lib.core.settings import IS_WIN | ||||
| from lib.core.settings import ITOA64 | ||||
| from lib.core.settings import NULL | ||||
|  | @ -634,12 +636,24 @@ def attackDumpedTable(): | |||
|         col_user = '' | ||||
|         col_passwords = set() | ||||
|         attack_dict = {} | ||||
|         binary_fields = OrderedSet() | ||||
| 
 | ||||
|         for column in sorted(columns, key=len, reverse=True): | ||||
|             if column and column.lower() in COMMON_USER_COLUMNS: | ||||
|                 col_user = column | ||||
|                 break | ||||
| 
 | ||||
|         for column in columns: | ||||
|             if column != "__infos__": | ||||
|                 if all(INVALID_UNICODE_CHAR_FORMAT.split('%')[0] in value for value in table[column]["values"]): | ||||
|                     binary_fields.add(column) | ||||
| 
 | ||||
|         if binary_fields: | ||||
|             _ = ','.join(binary_fields) | ||||
|             warnMsg = "potential binary fields detected ('%s'). You are " % _ | ||||
|             warnMsg += "advised to rerun table dump with '--fresh-queries --binary-fields=\"%s\"'" % _ | ||||
|             logger.warn(warnMsg) | ||||
| 
 | ||||
|         for i in xrange(count): | ||||
|             if not found and i > HASH_RECOGNITION_QUIT_THRESHOLD: | ||||
|                 break | ||||
|  | @ -653,6 +667,9 @@ def attackDumpedTable(): | |||
| 
 | ||||
|                 value = table[column]["values"][i] | ||||
| 
 | ||||
|                 if column in binary_fields and re.search(HASH_BINARY_COLUMNS_REGEX, column) is not None: | ||||
|                     value = encodeHex(value, binary=False) | ||||
| 
 | ||||
|                 if hashRecognition(value): | ||||
|                     found = True | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user