From 83d79692ac8b66713dd2a517fb4c202e6f5bfdba Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 28 Mar 2019 14:12:11 +0100 Subject: [PATCH] Couple of patches --- lib/core/dump.py | 1 + lib/core/settings.py | 2 +- lib/utils/hash.py | 100 ++++++++++++++++++++++++++++++----- plugins/generic/databases.py | 1 + 4 files changed, 89 insertions(+), 15 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index c43e10832..5dd9cec31 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -50,6 +50,7 @@ from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT from lib.core.settings import VERSION_STRING from lib.core.settings import WINDOWS_RESERVED_NAMES +from thirdparty import six from thirdparty.magic import magic from extra.safe2bin.safe2bin import safechardecode diff --git a/lib/core/settings.py b/lib/core/settings.py index af1c89333..de7f13428 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.3.68" +VERSION = "1.3.3.69" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index ca876edf6..ecf43664a 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -101,6 +101,9 @@ def mysql_passwd(password, uppercase=True): '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + retVal = "*%s" % sha1(sha1(password).digest()).hexdigest() return retVal.upper() if uppercase else retVal.lower() @@ -139,11 +142,11 @@ def postgres_passwd(password, username, uppercase=False): 'md599e5ea7a6f7c3269995cba3927fd0093' """ - if isinstance(username, unicode): - username = unicode.encode(username, UNICODE_ENCODING) + if isinstance(username, six.text_type): + username = username.encode(UNICODE_ENCODING) - if isinstance(password, unicode): - password = unicode.encode(password, UNICODE_ENCODING) + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) retVal = "md5%s" % md5(password + username).hexdigest() @@ -228,11 +231,11 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version ' IV, pad = "\0" * 8, "\0" - if isinstance(username, unicode): - username = unicode.encode(username, UNICODE_ENCODING) + if isinstance(username, six.text_type): + username = username.encode(UNICODE_ENCODING) - if isinstance(password, unicode): - password = unicode.encode(password, UNICODE_ENCODING) + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) unistr = "".join("\0%s" % c for c in (username + password).upper()) @@ -251,6 +254,9 @@ def md5_generic_passwd(password, uppercase=False): '179ad45c6ce2cb97cf1029e212046e81' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + retVal = md5(password).hexdigest() return retVal.upper() if uppercase else retVal.lower() @@ -261,6 +267,9 @@ def sha1_generic_passwd(password, uppercase=False): '206c80413b9a96c1312cc346b7d2517b84463edd' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + retVal = sha1(password).hexdigest() return retVal.upper() if uppercase else retVal.lower() @@ -271,6 +280,9 @@ def apache_sha1_passwd(password, **kwargs): '{SHA}IGyAQTualsExLMNGt9JRe4RGPt0=' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + return "{SHA}%s" % base64.b64encode(sha1(password).digest()) def ssha_passwd(password, salt, **kwargs): @@ -279,6 +291,12 @@ def ssha_passwd(password, salt, **kwargs): '{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + + if isinstance(salt, six.text_type): + salt = salt.encode(UNICODE_ENCODING) + return "{SSHA}%s" % base64.b64encode(sha1(password + salt).digest() + salt) def ssha256_passwd(password, salt, **kwargs): @@ -287,6 +305,12 @@ def ssha256_passwd(password, salt, **kwargs): '{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + + if isinstance(salt, six.text_type): + salt = salt.encode(UNICODE_ENCODING) + return "{SSHA256}%s" % base64.b64encode(sha256(password + salt).digest() + salt) def ssha512_passwd(password, salt, **kwargs): @@ -295,6 +319,12 @@ def ssha512_passwd(password, salt, **kwargs): '{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ=' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + + if isinstance(salt, six.text_type): + salt = salt.encode(UNICODE_ENCODING) + return "{SSHA512}%s" % base64.b64encode(sha512(password + salt).digest() + salt) def sha224_generic_passwd(password, uppercase=False): @@ -303,6 +333,9 @@ def sha224_generic_passwd(password, uppercase=False): '648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + retVal = sha224(password).hexdigest() return retVal.upper() if uppercase else retVal.lower() @@ -313,6 +346,9 @@ def sha256_generic_passwd(password, uppercase=False): '13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + retVal = sha256(password).hexdigest() return retVal.upper() if uppercase else retVal.lower() @@ -323,6 +359,9 @@ def sha384_generic_passwd(password, uppercase=False): '6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + retVal = sha384(password).hexdigest() return retVal.upper() if uppercase else retVal.lower() @@ -333,6 +372,9 @@ def sha512_generic_passwd(password, uppercase=False): '78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + retVal = sha512(password).hexdigest() return retVal.upper() if uppercase else retVal.lower() @@ -349,6 +391,12 @@ def crypt_generic_passwd(password, salt, **kwargs): 'rl.3StKT.4T8M' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + + if isinstance(salt, six.text_type): + salt = salt.encode(UNICODE_ENCODING) + return crypt(password, salt) def unix_md5_passwd(password, salt, magic="$1$", **kwargs): @@ -357,7 +405,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs): http://www.sabren.net/code/python/crypt/md5crypt.py >>> unix_md5_passwd(password='testpass', salt='aD9ZLmkp') - '$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61' + u'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61' """ def _encode64(value, count): @@ -370,13 +418,13 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs): return output - if isinstance(password, unicode): + if isinstance(password, six.text_type): password = password.encode(UNICODE_ENCODING) - if isinstance(magic, unicode): + if isinstance(magic, six.text_type): magic = magic.encode(UNICODE_ENCODING) - if isinstance(salt, unicode): + if isinstance(salt, six.text_type): salt = salt.encode(UNICODE_ENCODING) salt = salt[:8] @@ -427,7 +475,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs): hash_ = hash_ + _encode64((int(ord(final[4])) << 16) | (int(ord(final[10])) << 8) | (int(ord(final[5]))), 4) hash_ = hash_ + _encode64((int(ord(final[11]))), 2) - return "%s%s$%s" % (magic, salt, hash_) + return "%s%s$%s" % (magic, salt.decode(UNICODE_ENCODING), hash_.decode(UNICODE_ENCODING)) def joomla_passwd(password, salt, **kwargs): """ @@ -437,6 +485,12 @@ def joomla_passwd(password, salt, **kwargs): 'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + + if isinstance(salt, six.text_type): + salt = salt.encode(UNICODE_ENCODING) + return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt) def django_md5_passwd(password, salt, **kwargs): @@ -447,6 +501,12 @@ def django_md5_passwd(password, salt, **kwargs): 'md5$salt$972141bcbcb6a0acc96e92309175b3c5' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + + if isinstance(salt, six.text_type): + salt = salt.encode(UNICODE_ENCODING) + return "md5$%s$%s" % (salt, md5("%s%s" % (salt, password)).hexdigest()) def django_sha1_passwd(password, salt, **kwargs): @@ -457,6 +517,12 @@ def django_sha1_passwd(password, salt, **kwargs): 'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + + if isinstance(salt, six.text_type): + salt = salt.encode(UNICODE_ENCODING) + return "sha1$%s$%s" % (salt, sha1("%s%s" % (salt, password)).hexdigest()) def vbulletin_passwd(password, salt, **kwargs): @@ -467,6 +533,12 @@ def vbulletin_passwd(password, salt, **kwargs): '85c4d8ea77ebef2236fb7e9d24ba9482:salt' """ + if isinstance(password, six.text_type): + password = password.encode(UNICODE_ENCODING) + + if isinstance(salt, six.text_type): + salt = salt.encode(UNICODE_ENCODING) + return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt) def wordpress_passwd(password, salt, count, prefix, **kwargs): @@ -510,7 +582,7 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs): return output - if isinstance(password, unicode): + if isinstance(password, six.text_type): password = password.encode(UNICODE_ENCODING) cipher = md5(salt) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index ac855c3c5..76f125c1f 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -47,6 +47,7 @@ from lib.request import inject from lib.techniques.union.use import unionUse from lib.utils.brute import columnExists from lib.utils.brute import tableExists +from thirdparty import six class Databases: """