sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-31 07:57:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-18 14:11:49 +00:00
parent 71cf0bd2a5
commit 4f73feec2f
1 changed files with 23 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
lib/utils/hash.py
View File

@ -191,9 +191,10 @@ __functions__ = {
} }
def dictionaryAttack(): def dictionaryAttack():
hash_regex = None hash_regexes = []
attack_info = [] attack_info = []
results = [] results = []
wordlist = []
for (_, hashes) in kb.data.cachedUsersPasswords.items(): for (_, hashes) in kb.data.cachedUsersPasswords.items():
for hash_ in hashes: for hash_ in hashes:
@ -211,18 +212,13 @@ def dictionaryAttack():
continue continue
elif re.match(regex, hash_): elif re.match(regex, hash_):
hash_regex = regex if regex not in hash_regexes:
infoMsg = "using hash method: '%s'" % __functions__[hash_regex].func_name hash_regexes.append(regex)
infoMsg = "using hash method: '%s'" % __functions__[regex].func_name
logger.info(infoMsg) logger.info(infoMsg)
break
if hash_regex:
break
if hash_regex: for hash_regex in hash_regexes:
break
if hash_regex:
for (user, hashes) in kb.data.cachedUsersPasswords.items(): for (user, hashes) in kb.data.cachedUsersPasswords.items():
for hash_ in hashes: for hash_ in hashes:
if not hash_: if not hash_:
@ -245,6 +241,7 @@ def dictionaryAttack():
elif hash_regex in (HASH.MSSQL, HASH.MSSQL_OLD): elif hash_regex in (HASH.MSSQL, HASH.MSSQL_OLD):
attack_info.append([(user, hash_), {'salt': hash_[6:14]}]) attack_info.append([(user, hash_), {'salt': hash_[6:14]}])
if not wordlist:
if hash_regex == HASH.ORACLE_OLD: #it's the slowest of all methods hence smaller default dict if hash_regex == HASH.ORACLE_OLD: #it's the slowest of all methods hence smaller default dict
message = "what's the dictionary's location? [%s]" % paths.ORACLE_DEFAULT_PASSWD message = "what's the dictionary's location? [%s]" % paths.ORACLE_DEFAULT_PASSWD
dictpath = readInput(message, default=paths.ORACLE_DEFAULT_PASSWD) dictpath = readInput(message, default=paths.ORACLE_DEFAULT_PASSWD)
@ -259,11 +256,11 @@ def dictionaryAttack():
logger.info(infoMsg) logger.info(infoMsg)
wordlist = getFileItems(dictpath, None, False) wordlist = getFileItems(dictpath, None, False)
infoMsg = "starting dictionary attack"
logger.info(infoMsg)
length = len(wordlist) length = len(wordlist)
infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name
logger.info(infoMsg)
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC): if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
count = 0 count = 0
@ -313,7 +310,7 @@ def dictionaryAttack():
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower(): if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower():
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password) kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
else: if len(hash_regexes) == 0:
warnMsg = "unknown hash format. " warnMsg = "unknown hash format. "
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net." warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
logger.warn(warnMsg) logger.warn(warnMsg)