sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementation of --passwords for Sybase

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-26 21:35:30 +00:00
parent 1b90c1d131
commit 749e25a217
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/generic/enumeration.py
View File

@ -23,6 +23,7 @@ from lib.core.common import pushValue
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import safeStringFormat from lib.core.common import safeStringFormat
from lib.core.common import strToHex
from lib.core.convert import urlencode from lib.core.convert import urlencode
from lib.core.convert import utf8decode from lib.core.convert import utf8decode
from lib.core.data import conf from lib.core.data import conf
@ -283,7 +284,15 @@ class Enumeration:
for index in indexRange: for index in indexRange:
if kb.dbms == "Sybase": if kb.dbms == "Sybase":
query = rootQuery.blind.query % (user, (kb.data.cachedUsersPasswords[-1] if kb.data.cachedUsersPasswords else " ")) if index > 0:
warnMsg = "unable to retrieve other password "
warnMsg += "hashes for user '%s'" % user
logger.warn(warnMsg)
break
else:
query = rootQuery.blind.query % user
pushValue(conf.verbose)
conf.verbose = 0
elif kb.dbms == "Microsoft SQL Server": elif kb.dbms == "Microsoft SQL Server":
if kb.dbmsVersion[0] in ( "2005", "2008" ): if kb.dbmsVersion[0] in ( "2005", "2008" ):
query = rootQuery.blind.query2 % (user, index, user) query = rootQuery.blind.query2 % (user, index, user)
@ -292,6 +301,11 @@ class Enumeration:
else: else:
query = rootQuery.blind.query % (user, index) query = rootQuery.blind.query % (user, index)
password = inject.getValue(query, inband=False) password = inject.getValue(query, inband=False)
if kb.dbms == "Sybase":
conf.verbose = popValue()
password = "0x%s" % strToHex(password)
infoMsg = "retrieved: %s" % password
logger.info(infoMsg)
password = parsePasswordHash(password) password = parsePasswordHash(password)
passwords.append(password) passwords.append(password)

2
xml/queries.xml
View File

@ -477,7 +477,7 @@
</users> </users>
<passwords> <passwords>
<inband query="SELECT name, password FROM master..syslogins" condition="name"/> <inband query="SELECT name, password FROM master..syslogins" condition="name"/>
<blind query="SELECT MIN(password) FROM master..syslogins WHERE name='%s' AND password > '%s'" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/> <blind query="SELECT MIN(password) FROM master..syslogins WHERE name='%s'" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/>
</passwords> </passwords>
<privileges/> <privileges/>
<roles/> <roles/>