mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Couple of patches
This commit is contained in:
parent
afe497a954
commit
83d79692ac
|
@ -50,6 +50,7 @@ from lib.core.settings import UNICODE_ENCODING
|
|||
from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT
|
||||
from lib.core.settings import VERSION_STRING
|
||||
from lib.core.settings import WINDOWS_RESERVED_NAMES
|
||||
from thirdparty import six
|
||||
from thirdparty.magic import magic
|
||||
|
||||
from extra.safe2bin.safe2bin import safechardecode
|
||||
|
|
|
@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.3.3.68"
|
||||
VERSION = "1.3.3.69"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -101,6 +101,9 @@ def mysql_passwd(password, uppercase=True):
|
|||
'*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
retVal = "*%s" % sha1(sha1(password).digest()).hexdigest()
|
||||
|
||||
return retVal.upper() if uppercase else retVal.lower()
|
||||
|
@ -139,11 +142,11 @@ def postgres_passwd(password, username, uppercase=False):
|
|||
'md599e5ea7a6f7c3269995cba3927fd0093'
|
||||
"""
|
||||
|
||||
if isinstance(username, unicode):
|
||||
username = unicode.encode(username, UNICODE_ENCODING)
|
||||
if isinstance(username, six.text_type):
|
||||
username = username.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(password, unicode):
|
||||
password = unicode.encode(password, UNICODE_ENCODING)
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
retVal = "md5%s" % md5(password + username).hexdigest()
|
||||
|
||||
|
@ -228,11 +231,11 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version '
|
|||
|
||||
IV, pad = "\0" * 8, "\0"
|
||||
|
||||
if isinstance(username, unicode):
|
||||
username = unicode.encode(username, UNICODE_ENCODING)
|
||||
if isinstance(username, six.text_type):
|
||||
username = username.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(password, unicode):
|
||||
password = unicode.encode(password, UNICODE_ENCODING)
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
unistr = "".join("\0%s" % c for c in (username + password).upper())
|
||||
|
||||
|
@ -251,6 +254,9 @@ def md5_generic_passwd(password, uppercase=False):
|
|||
'179ad45c6ce2cb97cf1029e212046e81'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
retVal = md5(password).hexdigest()
|
||||
|
||||
return retVal.upper() if uppercase else retVal.lower()
|
||||
|
@ -261,6 +267,9 @@ def sha1_generic_passwd(password, uppercase=False):
|
|||
'206c80413b9a96c1312cc346b7d2517b84463edd'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
retVal = sha1(password).hexdigest()
|
||||
|
||||
return retVal.upper() if uppercase else retVal.lower()
|
||||
|
@ -271,6 +280,9 @@ def apache_sha1_passwd(password, **kwargs):
|
|||
'{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
return "{SHA}%s" % base64.b64encode(sha1(password).digest())
|
||||
|
||||
def ssha_passwd(password, salt, **kwargs):
|
||||
|
@ -279,6 +291,12 @@ def ssha_passwd(password, salt, **kwargs):
|
|||
'{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
return "{SSHA}%s" % base64.b64encode(sha1(password + salt).digest() + salt)
|
||||
|
||||
def ssha256_passwd(password, salt, **kwargs):
|
||||
|
@ -287,6 +305,12 @@ def ssha256_passwd(password, salt, **kwargs):
|
|||
'{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
return "{SSHA256}%s" % base64.b64encode(sha256(password + salt).digest() + salt)
|
||||
|
||||
def ssha512_passwd(password, salt, **kwargs):
|
||||
|
@ -295,6 +319,12 @@ def ssha512_passwd(password, salt, **kwargs):
|
|||
'{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
return "{SSHA512}%s" % base64.b64encode(sha512(password + salt).digest() + salt)
|
||||
|
||||
def sha224_generic_passwd(password, uppercase=False):
|
||||
|
@ -303,6 +333,9 @@ def sha224_generic_passwd(password, uppercase=False):
|
|||
'648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
retVal = sha224(password).hexdigest()
|
||||
|
||||
return retVal.upper() if uppercase else retVal.lower()
|
||||
|
@ -313,6 +346,9 @@ def sha256_generic_passwd(password, uppercase=False):
|
|||
'13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
retVal = sha256(password).hexdigest()
|
||||
|
||||
return retVal.upper() if uppercase else retVal.lower()
|
||||
|
@ -323,6 +359,9 @@ def sha384_generic_passwd(password, uppercase=False):
|
|||
'6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
retVal = sha384(password).hexdigest()
|
||||
|
||||
return retVal.upper() if uppercase else retVal.lower()
|
||||
|
@ -333,6 +372,9 @@ def sha512_generic_passwd(password, uppercase=False):
|
|||
'78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
retVal = sha512(password).hexdigest()
|
||||
|
||||
return retVal.upper() if uppercase else retVal.lower()
|
||||
|
@ -349,6 +391,12 @@ def crypt_generic_passwd(password, salt, **kwargs):
|
|||
'rl.3StKT.4T8M'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
return crypt(password, salt)
|
||||
|
||||
def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
|
||||
|
@ -357,7 +405,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
|
|||
http://www.sabren.net/code/python/crypt/md5crypt.py
|
||||
|
||||
>>> unix_md5_passwd(password='testpass', salt='aD9ZLmkp')
|
||||
'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61'
|
||||
u'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61'
|
||||
"""
|
||||
|
||||
def _encode64(value, count):
|
||||
|
@ -370,13 +418,13 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
|
|||
|
||||
return output
|
||||
|
||||
if isinstance(password, unicode):
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(magic, unicode):
|
||||
if isinstance(magic, six.text_type):
|
||||
magic = magic.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, unicode):
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
salt = salt[:8]
|
||||
|
@ -427,7 +475,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
|
|||
hash_ = hash_ + _encode64((int(ord(final[4])) << 16) | (int(ord(final[10])) << 8) | (int(ord(final[5]))), 4)
|
||||
hash_ = hash_ + _encode64((int(ord(final[11]))), 2)
|
||||
|
||||
return "%s%s$%s" % (magic, salt, hash_)
|
||||
return "%s%s$%s" % (magic, salt.decode(UNICODE_ENCODING), hash_.decode(UNICODE_ENCODING))
|
||||
|
||||
def joomla_passwd(password, salt, **kwargs):
|
||||
"""
|
||||
|
@ -437,6 +485,12 @@ def joomla_passwd(password, salt, **kwargs):
|
|||
'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
|
||||
|
||||
def django_md5_passwd(password, salt, **kwargs):
|
||||
|
@ -447,6 +501,12 @@ def django_md5_passwd(password, salt, **kwargs):
|
|||
'md5$salt$972141bcbcb6a0acc96e92309175b3c5'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
return "md5$%s$%s" % (salt, md5("%s%s" % (salt, password)).hexdigest())
|
||||
|
||||
def django_sha1_passwd(password, salt, **kwargs):
|
||||
|
@ -457,6 +517,12 @@ def django_sha1_passwd(password, salt, **kwargs):
|
|||
'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
return "sha1$%s$%s" % (salt, sha1("%s%s" % (salt, password)).hexdigest())
|
||||
|
||||
def vbulletin_passwd(password, salt, **kwargs):
|
||||
|
@ -467,6 +533,12 @@ def vbulletin_passwd(password, salt, **kwargs):
|
|||
'85c4d8ea77ebef2236fb7e9d24ba9482:salt'
|
||||
"""
|
||||
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
if isinstance(salt, six.text_type):
|
||||
salt = salt.encode(UNICODE_ENCODING)
|
||||
|
||||
return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt)
|
||||
|
||||
def wordpress_passwd(password, salt, count, prefix, **kwargs):
|
||||
|
@ -510,7 +582,7 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
|
|||
|
||||
return output
|
||||
|
||||
if isinstance(password, unicode):
|
||||
if isinstance(password, six.text_type):
|
||||
password = password.encode(UNICODE_ENCODING)
|
||||
|
||||
cipher = md5(salt)
|
||||
|
|
|
@ -47,6 +47,7 @@ from lib.request import inject
|
|||
from lib.techniques.union.use import unionUse
|
||||
from lib.utils.brute import columnExists
|
||||
from lib.utils.brute import tableExists
|
||||
from thirdparty import six
|
||||
|
||||
class Databases:
|
||||
"""
|
||||
|
|
Loading…
Reference in New Issue
Block a user