mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-03 11:23:11 +03:00
los cosmeticados (of hash dictionary attack)
This commit is contained in:
Miroslav Stampar
parent
c4414df594
commit
836a1c214a
|
|
@ -222,10 +222,13 @@ def dictionaryAttack():
|
||||||
|
|
||||||
if rehash in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
|
if rehash in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
|
||||||
attack_info.append([(user, hash_), {}])
|
attack_info.append([(user, hash_), {}])
|
||||||
|
|
||||||
elif rehash in (HASH.ORACLE_OLD, HASH.POSTGRES):
|
elif rehash in (HASH.ORACLE_OLD, HASH.POSTGRES):
|
||||||
attack_info.append([(user, hash_), {'username': user}])
|
attack_info.append([(user, hash_), {'username': user}])
|
||||||
|
|
||||||
elif rehash in (HASH.ORACLE):
|
elif rehash in (HASH.ORACLE):
|
||||||
attack_info.append([(user, hash_), {'salt': hash_[-20:]}])
|
attack_info.append([(user, hash_), {'salt': hash_[-20:]}])
|
||||||
|
|
||||||
elif rehash in (HASH.MSSQL, HASH.MSSQL_OLD):
|
elif rehash in (HASH.MSSQL, HASH.MSSQL_OLD):
|
||||||
attack_info.append([(user, hash_), {'salt': hash_[6:14]}])
|
attack_info.append([(user, hash_), {'salt': hash_[6:14]}])
|
||||||
|
|
||||||
|
|
@ -243,52 +246,57 @@ def dictionaryAttack():
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
wordlist = getFileItems(dictpath, None, False)
|
wordlist = getFileItems(dictpath, None, False)
|
||||||
|
|
||||||
infoMsg = "running dictionary attack"
|
infoMsg = "starting dictionary attack"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
length = len(wordlist)
|
length = len(wordlist)
|
||||||
|
|
||||||
if rehash in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
|
if rehash in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
|
||||||
count = 0
|
count = 0
|
||||||
|
|
||||||
for word in wordlist:
|
for word in wordlist:
|
||||||
count += 1
|
count += 1
|
||||||
current = __functions__[rehash](password = word, uppercase = False)
|
current = __functions__[rehash](password = word, uppercase = False)
|
||||||
|
|
||||||
for item in attack_info:
|
for item in attack_info:
|
||||||
((user, hash_), _) = item
|
((user, hash_), _) = item
|
||||||
|
|
||||||
if count % 1117 == 0 or count == length or rehash in (HASH.ORACLE_OLD):
|
if hash_ == current:
|
||||||
|
results.append((user, hash_, word))
|
||||||
|
dataToStdout("\r[%s] [INFO] found: %s%s\n" % (time.strftime("%X"), word, 40*' '), True)
|
||||||
|
attack_info.remove(item)
|
||||||
|
|
||||||
|
elif count % 1117 == 0 or count == length or rehash in (HASH.ORACLE_OLD):
|
||||||
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
|
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
|
||||||
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True)
|
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True)
|
||||||
|
|
||||||
if hash_ == current:
|
|
||||||
results.append((user, hash_, word))
|
|
||||||
#dataToStdout("\r[%s] [INFO] found: %s:%s\n" % (time.strftime("%X"), user, word), True)
|
|
||||||
attack_info.remove(item)
|
|
||||||
|
|
||||||
dataToStdout("\n", True)
|
dataToStdout("\n", True)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
|
||||||
for ((user, hash_), kwargs) in attack_info:
|
for ((user, hash_), kwargs) in attack_info:
|
||||||
count = 0
|
count = 0
|
||||||
|
|
||||||
for word in wordlist:
|
for word in wordlist:
|
||||||
current = __functions__[rehash](password = word, uppercase = False, **kwargs)
|
current = __functions__[rehash](password = word, uppercase = False, **kwargs)
|
||||||
|
|
||||||
count += 1
|
count += 1
|
||||||
if count % 1117 == 0 or count == length or rehash in (HASH.ORACLE_OLD):
|
|
||||||
|
if hash_ == current:
|
||||||
|
results.append((user, hash_, word))
|
||||||
|
dataToStdout("\r[%s] [INFO] found: %s%s" % (time.strftime("%X"), word, 40*' '), True)
|
||||||
|
break
|
||||||
|
|
||||||
|
elif count % 1117 == 0 or count == length or rehash in (HASH.ORACLE_OLD):
|
||||||
status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
|
status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
|
||||||
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True)
|
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True)
|
||||||
|
|
||||||
if hash_ == current:
|
|
||||||
results.append((user, hash_, word))
|
|
||||||
#dataToStdout("\r[%s] [INFO] found: %s:%s\n" % (time.strftime("%X"), user, word), True)
|
|
||||||
break
|
|
||||||
|
|
||||||
dataToStdout("\n", True)
|
dataToStdout("\n", True)
|
||||||
|
|
||||||
blank = " "
|
|
||||||
for (user, hash_, password) in results:
|
for (user, hash_, password) in results:
|
||||||
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
|
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
|
||||||
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower():
|
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower():
|
||||||
kb.data.cachedUsersPasswords[user][i] += "%s%spassword: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', blank, password)
|
kb.data.cachedUsersPasswords[user][i] += "%s password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
warnMsg = "unknown hash format. "
|
warnMsg = "unknown hash format. "
|
||||||
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
|
warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user