sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fix

Browse Source
This commit is contained in:
Bernardo Damele 2011-07-12 15:47:04 +00:00
parent 0b8c6e4c81
commit 48b7245a33
1 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
lib/utils/hash.py
View File

@ -239,10 +239,11 @@ def attackCachedUsersPasswords():
if kb.data.cachedUsersPasswords: if kb.data.cachedUsersPasswords:
results = dictionaryAttack(kb.data.cachedUsersPasswords) results = dictionaryAttack(kb.data.cachedUsersPasswords)
for (user, hash_, password) in results: for result in results:
for i in xrange(len(kb.data.cachedUsersPasswords[user])): for (user, hash_, password) in result:
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower(): for i in xrange(len(kb.data.cachedUsersPasswords[user])):
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password) if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower():
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
def attackDumpedTable(): def attackDumpedTable():
if kb.data.dumpedTable: if kb.data.dumpedTable:
@ -289,19 +290,20 @@ def attackDumpedTable():
results = dictionaryAttack(attack_dict) results = dictionaryAttack(attack_dict)
for (user, hash_, password) in results: for result in results:
for i in range(count): for (user, hash_, password) in result:
for column in columns: for i in range(count):
if column == colUser or column == '__infos__': for column in columns:
continue if column == colUser or column == '__infos__':
if len(table[column]['values']) <= i: continue
continue if len(table[column]['values']) <= i:
continue
value = table[column]['values'][i] value = table[column]['values'][i]
if all(map(lambda x: x, [value, hash_])) and value.lower() == hash_.lower(): if all(map(lambda x: x, [value, hash_])) and value.lower() == hash_.lower():
table[column]['values'][i] += " (%s)" % password table[column]['values'][i] += " (%s)" % password
table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i])) table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i]))
def hashRecognition(value): def hashRecognition(value):
retVal = None retVal = None
@ -369,7 +371,7 @@ def __bruteProcessVariantA(attack_info, hash_regex, wordlist, suffix, retVal, pr
except: except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word) warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to %s." % ML warnMsg += "Please report by e-mail to %s" % ML
logger.critical(warnMsg) logger.critical(warnMsg)
except KeyboardInterrupt: except KeyboardInterrupt:
@ -421,7 +423,7 @@ def __bruteProcessVariantB(user, hash_, kwargs, hash_regex, wordlist, suffix, re
except: except:
warnMsg = "there was a problem while hashing entry: %s. " % repr(word) warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
warnMsg += "Please report by e-mail to %s." % ML warnMsg += "Please report by e-mail to %s" % ML
logger.critical(warnMsg) logger.critical(warnMsg)
except KeyboardInterrupt: except KeyboardInterrupt:
@ -580,7 +582,8 @@ def dictionaryAttack(attack_dict):
warnMsg = "user aborted during dictionary attack phase" warnMsg = "user aborted during dictionary attack phase"
logger.warn(warnMsg) logger.warn(warnMsg)
results.extend([retVal.get() for i in xrange(retVal.qsize())] if retVal else []) if retVal:
results.append([retVal.get() for i in xrange(retVal.qsize())])
clearConsoleLine() clearConsoleLine()
@ -647,13 +650,14 @@ def dictionaryAttack(attack_dict):
warnMsg = "user aborted during dictionary attack phase" warnMsg = "user aborted during dictionary attack phase"
logger.warn(warnMsg) logger.warn(warnMsg)
results = [retVal.get() for i in xrange(retVal.qsize())] if retVal else [] if retVal:
results.append([retVal.get() for i in xrange(retVal.qsize())])
clearConsoleLine() clearConsoleLine()
if len(hash_regexes) == 0: if len(hash_regexes) == 0:
warnMsg = "unknown hash Format. " warnMsg = "unknown hash format. "
warnMsg += "Please report by e-mail to %s." % ML warnMsg += "Please report by e-mail to %s" % ML
logger.warn(warnMsg) logger.warn(warnMsg)
if len(results) == 0: if len(results) == 0: