sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-27 20:33:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Couple of patches and implementation for SHA256 (Issue #1881)

Browse Source
This commit is contained in:
Miroslav Stampar 2017-10-16 15:15:44 +02:00
parent 1f60dfc835
commit 7b0f1fd7fc
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/core/enums.py
View File

@ -121,9 +121,10 @@ class HASH:
ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z' ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z' MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z' SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z' SHA224_GENERIC = r'(?i)\A[0-9a-f]{56}\Z'
SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z' SHA256_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z' SHA384_GENERIC = r'(?i)\A[0-9a-f]{96}\Z'
SHA512_GENERIC = r'(?i)\A[0-9a-f]{128}\Z'
CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z' CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z' JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z'
WORDPRESS = r'\A\$P\$[./0-9a-zA-Z]{31}\Z' WORDPRESS = r'\A\$P\$[./0-9a-zA-Z]{31}\Z'

15
lib/utils/hash.py
View File

@ -35,6 +35,7 @@ import zipfile
from hashlib import md5 from hashlib import md5
from hashlib import sha1 from hashlib import sha1
from hashlib import sha224 from hashlib import sha224
from hashlib import sha256
from hashlib import sha384 from hashlib import sha384
from hashlib import sha512 from hashlib import sha512
from Queue import Queue from Queue import Queue
@ -272,6 +273,16 @@ def sha224_generic_passwd(password, uppercase=False):
return retVal.upper() if uppercase else retVal.lower() return retVal.upper() if uppercase else retVal.lower()
def sha256_generic_passwd(password, uppercase=False):
"""
>>> sha256_generic_passwd(password='testpass', uppercase=False)
'13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
"""
retVal = sha256(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower()
def sha384_generic_passwd(password, uppercase=False): def sha384_generic_passwd(password, uppercase=False):
""" """
>>> sha384_generic_passwd(password='testpass', uppercase=False) >>> sha384_generic_passwd(password='testpass', uppercase=False)
@ -455,6 +466,7 @@ __functions__ = {
HASH.MD5_GENERIC: md5_generic_passwd, HASH.MD5_GENERIC: md5_generic_passwd,
HASH.SHA1_GENERIC: sha1_generic_passwd, HASH.SHA1_GENERIC: sha1_generic_passwd,
HASH.SHA224_GENERIC: sha224_generic_passwd, HASH.SHA224_GENERIC: sha224_generic_passwd,
HASH.SHA256_GENERIC: sha256_generic_passwd,
HASH.SHA384_GENERIC: sha384_generic_passwd, HASH.SHA384_GENERIC: sha384_generic_passwd,
HASH.SHA512_GENERIC: sha512_generic_passwd, HASH.SHA512_GENERIC: sha512_generic_passwd,
HASH.CRYPT_GENERIC: crypt_generic_passwd, HASH.CRYPT_GENERIC: crypt_generic_passwd,
@ -911,7 +923,8 @@ def dictionaryAttack(attack_dict):
if user and not user.startswith(DUMMY_USER_PREFIX): if user and not user.startswith(DUMMY_USER_PREFIX):
custom_wordlist.append(normalizeUnicode(user)) custom_wordlist.append(normalizeUnicode(user))
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1): # Algorithms without extra arguments (e.g. salt and/or username)
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1):
for suffix in suffix_list: for suffix in suffix_list:
if not attack_info or processException: if not attack_info or processException:
break break