sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Couple of patches

Browse Source
This commit is contained in:
Miroslav Stampar 2019-03-28 14:12:11 +01:00
parent afe497a954
commit 83d79692ac
4 changed files with 89 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/dump.py
View File

@ -50,6 +50,7 @@ from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT
from lib.core.settings import VERSION_STRING from lib.core.settings import VERSION_STRING
from lib.core.settings import WINDOWS_RESERVED_NAMES from lib.core.settings import WINDOWS_RESERVED_NAMES
from thirdparty import six
from thirdparty.magic import magic from thirdparty.magic import magic
from extra.safe2bin.safe2bin import safechardecode from extra.safe2bin.safe2bin import safechardecode

2
lib/core/settings.py
View File

@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.3.68" VERSION = "1.3.3.69"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

100
lib/utils/hash.py
View File

@ -101,6 +101,9 @@ def mysql_passwd(password, uppercase=True):
'*00E247AC5F9AF26AE0194B41E1E769DEE1429A29' '*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = "*%s" % sha1(sha1(password).digest()).hexdigest() retVal = "*%s" % sha1(sha1(password).digest()).hexdigest()
return retVal.upper() if uppercase else retVal.lower() return retVal.upper() if uppercase else retVal.lower()
@ -139,11 +142,11 @@ def postgres_passwd(password, username, uppercase=False):
'md599e5ea7a6f7c3269995cba3927fd0093' 'md599e5ea7a6f7c3269995cba3927fd0093'
""" """
if isinstance(username, unicode): if isinstance(username, six.text_type):
username = unicode.encode(username, UNICODE_ENCODING) username = username.encode(UNICODE_ENCODING)
if isinstance(password, unicode): if isinstance(password, six.text_type):
password = unicode.encode(password, UNICODE_ENCODING) password = password.encode(UNICODE_ENCODING)
retVal = "md5%s" % md5(password + username).hexdigest() retVal = "md5%s" % md5(password + username).hexdigest()
@ -228,11 +231,11 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version '
IV, pad = "\0" * 8, "\0" IV, pad = "\0" * 8, "\0"
if isinstance(username, unicode): if isinstance(username, six.text_type):
username = unicode.encode(username, UNICODE_ENCODING) username = username.encode(UNICODE_ENCODING)
if isinstance(password, unicode): if isinstance(password, six.text_type):
password = unicode.encode(password, UNICODE_ENCODING) password = password.encode(UNICODE_ENCODING)
unistr = "".join("\0%s" % c for c in (username + password).upper()) unistr = "".join("\0%s" % c for c in (username + password).upper())
@ -251,6 +254,9 @@ def md5_generic_passwd(password, uppercase=False):
'179ad45c6ce2cb97cf1029e212046e81' '179ad45c6ce2cb97cf1029e212046e81'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = md5(password).hexdigest() retVal = md5(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower() return retVal.upper() if uppercase else retVal.lower()
@ -261,6 +267,9 @@ def sha1_generic_passwd(password, uppercase=False):
'206c80413b9a96c1312cc346b7d2517b84463edd' '206c80413b9a96c1312cc346b7d2517b84463edd'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha1(password).hexdigest() retVal = sha1(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower() return retVal.upper() if uppercase else retVal.lower()
@ -271,6 +280,9 @@ def apache_sha1_passwd(password, **kwargs):
'{SHA}IGyAQTualsExLMNGt9JRe4RGPt0=' '{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
return "{SHA}%s" % base64.b64encode(sha1(password).digest()) return "{SHA}%s" % base64.b64encode(sha1(password).digest())
def ssha_passwd(password, salt, **kwargs): def ssha_passwd(password, salt, **kwargs):
@ -279,6 +291,12 @@ def ssha_passwd(password, salt, **kwargs):
'{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0' '{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "{SSHA}%s" % base64.b64encode(sha1(password + salt).digest() + salt) return "{SSHA}%s" % base64.b64encode(sha1(password + salt).digest() + salt)
def ssha256_passwd(password, salt, **kwargs): def ssha256_passwd(password, salt, **kwargs):
@ -287,6 +305,12 @@ def ssha256_passwd(password, salt, **kwargs):
'{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0' '{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "{SSHA256}%s" % base64.b64encode(sha256(password + salt).digest() + salt) return "{SSHA256}%s" % base64.b64encode(sha256(password + salt).digest() + salt)
def ssha512_passwd(password, salt, **kwargs): def ssha512_passwd(password, salt, **kwargs):
@ -295,6 +319,12 @@ def ssha512_passwd(password, salt, **kwargs):
'{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ=' '{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "{SSHA512}%s" % base64.b64encode(sha512(password + salt).digest() + salt) return "{SSHA512}%s" % base64.b64encode(sha512(password + salt).digest() + salt)
def sha224_generic_passwd(password, uppercase=False): def sha224_generic_passwd(password, uppercase=False):
@ -303,6 +333,9 @@ def sha224_generic_passwd(password, uppercase=False):
'648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f' '648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha224(password).hexdigest() retVal = sha224(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower() return retVal.upper() if uppercase else retVal.lower()
@ -313,6 +346,9 @@ def sha256_generic_passwd(password, uppercase=False):
'13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c' '13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha256(password).hexdigest() retVal = sha256(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower() return retVal.upper() if uppercase else retVal.lower()
@ -323,6 +359,9 @@ def sha384_generic_passwd(password, uppercase=False):
'6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf' '6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha384(password).hexdigest() retVal = sha384(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower() return retVal.upper() if uppercase else retVal.lower()
@ -333,6 +372,9 @@ def sha512_generic_passwd(password, uppercase=False):
'78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44' '78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha512(password).hexdigest() retVal = sha512(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower() return retVal.upper() if uppercase else retVal.lower()
@ -349,6 +391,12 @@ def crypt_generic_passwd(password, salt, **kwargs):
'rl.3StKT.4T8M' 'rl.3StKT.4T8M'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return crypt(password, salt) return crypt(password, salt)
def unix_md5_passwd(password, salt, magic="$1$", **kwargs): def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
@ -357,7 +405,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
http://www.sabren.net/code/python/crypt/md5crypt.py http://www.sabren.net/code/python/crypt/md5crypt.py
>>> unix_md5_passwd(password='testpass', salt='aD9ZLmkp') >>> unix_md5_passwd(password='testpass', salt='aD9ZLmkp')
'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61' u'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61'
""" """
def _encode64(value, count): def _encode64(value, count):
@ -370,13 +418,13 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
return output return output
if isinstance(password, unicode): if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING) password = password.encode(UNICODE_ENCODING)
if isinstance(magic, unicode): if isinstance(magic, six.text_type):
magic = magic.encode(UNICODE_ENCODING) magic = magic.encode(UNICODE_ENCODING)
if isinstance(salt, unicode): if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING) salt = salt.encode(UNICODE_ENCODING)
salt = salt[:8] salt = salt[:8]
@ -427,7 +475,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
hash_ = hash_ + _encode64((int(ord(final[4])) << 16) | (int(ord(final[10])) << 8) | (int(ord(final[5]))), 4) hash_ = hash_ + _encode64((int(ord(final[4])) << 16) | (int(ord(final[10])) << 8) | (int(ord(final[5]))), 4)
hash_ = hash_ + _encode64((int(ord(final[11]))), 2) hash_ = hash_ + _encode64((int(ord(final[11]))), 2)
return "%s%s$%s" % (magic, salt, hash_) return "%s%s$%s" % (magic, salt.decode(UNICODE_ENCODING), hash_.decode(UNICODE_ENCODING))
def joomla_passwd(password, salt, **kwargs): def joomla_passwd(password, salt, **kwargs):
""" """
@ -437,6 +485,12 @@ def joomla_passwd(password, salt, **kwargs):
'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf' 'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt) return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
def django_md5_passwd(password, salt, **kwargs): def django_md5_passwd(password, salt, **kwargs):
@ -447,6 +501,12 @@ def django_md5_passwd(password, salt, **kwargs):
'md5$salt$972141bcbcb6a0acc96e92309175b3c5' 'md5$salt$972141bcbcb6a0acc96e92309175b3c5'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "md5$%s$%s" % (salt, md5("%s%s" % (salt, password)).hexdigest()) return "md5$%s$%s" % (salt, md5("%s%s" % (salt, password)).hexdigest())
def django_sha1_passwd(password, salt, **kwargs): def django_sha1_passwd(password, salt, **kwargs):
@ -457,6 +517,12 @@ def django_sha1_passwd(password, salt, **kwargs):
'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2' 'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "sha1$%s$%s" % (salt, sha1("%s%s" % (salt, password)).hexdigest()) return "sha1$%s$%s" % (salt, sha1("%s%s" % (salt, password)).hexdigest())
def vbulletin_passwd(password, salt, **kwargs): def vbulletin_passwd(password, salt, **kwargs):
@ -467,6 +533,12 @@ def vbulletin_passwd(password, salt, **kwargs):
'85c4d8ea77ebef2236fb7e9d24ba9482:salt' '85c4d8ea77ebef2236fb7e9d24ba9482:salt'
""" """
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt) return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt)
def wordpress_passwd(password, salt, count, prefix, **kwargs): def wordpress_passwd(password, salt, count, prefix, **kwargs):
@ -510,7 +582,7 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
return output return output
if isinstance(password, unicode): if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING) password = password.encode(UNICODE_ENCODING)
cipher = md5(salt) cipher = md5(salt)

1
plugins/generic/databases.py
View File

@ -47,6 +47,7 @@ from lib.request import inject
from lib.techniques.union.use import unionUse from lib.techniques.union.use import unionUse
from lib.utils.brute import columnExists from lib.utils.brute import columnExists
from lib.utils.brute import tableExists from lib.utils.brute import tableExists
from thirdparty import six
class Databases: class Databases:
""" """