sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Couple of patches

Browse Source
This commit is contained in:
Miroslav Stampar 2019-03-28 14:12:11 +01:00
parent afe497a954
commit 83d79692ac
4 changed files with 89 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/dump.py
View File

@ -50,6 +50,7 @@ from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT
from lib.core.settings import VERSION_STRING
from lib.core.settings import WINDOWS_RESERVED_NAMES
from thirdparty import six
from thirdparty.magic import magic
from extra.safe2bin.safe2bin import safechardecode

2
lib/core/settings.py
View File

@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.3.68"
VERSION = "1.3.3.69"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

100
lib/utils/hash.py
View File

@ -101,6 +101,9 @@ def mysql_passwd(password, uppercase=True):
'*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = "*%s" % sha1(sha1(password).digest()).hexdigest()
return retVal.upper() if uppercase else retVal.lower()
@ -139,11 +142,11 @@ def postgres_passwd(password, username, uppercase=False):
'md599e5ea7a6f7c3269995cba3927fd0093'
"""
if isinstance(username, unicode):
username = unicode.encode(username, UNICODE_ENCODING)
if isinstance(username, six.text_type):
username = username.encode(UNICODE_ENCODING)
if isinstance(password, unicode):
password = unicode.encode(password, UNICODE_ENCODING)
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = "md5%s" % md5(password + username).hexdigest()
@ -228,11 +231,11 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version '
IV, pad = "\0" * 8, "\0"
if isinstance(username, unicode):
username = unicode.encode(username, UNICODE_ENCODING)
if isinstance(username, six.text_type):
username = username.encode(UNICODE_ENCODING)
if isinstance(password, unicode):
password = unicode.encode(password, UNICODE_ENCODING)
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
unistr = "".join("\0%s" % c for c in (username + password).upper())
@ -251,6 +254,9 @@ def md5_generic_passwd(password, uppercase=False):
'179ad45c6ce2cb97cf1029e212046e81'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = md5(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower()
@ -261,6 +267,9 @@ def sha1_generic_passwd(password, uppercase=False):
'206c80413b9a96c1312cc346b7d2517b84463edd'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha1(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower()
@ -271,6 +280,9 @@ def apache_sha1_passwd(password, **kwargs):
'{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
return "{SHA}%s" % base64.b64encode(sha1(password).digest())
def ssha_passwd(password, salt, **kwargs):
@ -279,6 +291,12 @@ def ssha_passwd(password, salt, **kwargs):
'{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "{SSHA}%s" % base64.b64encode(sha1(password + salt).digest() + salt)
def ssha256_passwd(password, salt, **kwargs):
@ -287,6 +305,12 @@ def ssha256_passwd(password, salt, **kwargs):
'{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "{SSHA256}%s" % base64.b64encode(sha256(password + salt).digest() + salt)
def ssha512_passwd(password, salt, **kwargs):
@ -295,6 +319,12 @@ def ssha512_passwd(password, salt, **kwargs):
'{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "{SSHA512}%s" % base64.b64encode(sha512(password + salt).digest() + salt)
def sha224_generic_passwd(password, uppercase=False):
@ -303,6 +333,9 @@ def sha224_generic_passwd(password, uppercase=False):
'648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha224(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower()
@ -313,6 +346,9 @@ def sha256_generic_passwd(password, uppercase=False):
'13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha256(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower()
@ -323,6 +359,9 @@ def sha384_generic_passwd(password, uppercase=False):
'6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha384(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower()
@ -333,6 +372,9 @@ def sha512_generic_passwd(password, uppercase=False):
'78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
retVal = sha512(password).hexdigest()
return retVal.upper() if uppercase else retVal.lower()
@ -349,6 +391,12 @@ def crypt_generic_passwd(password, salt, **kwargs):
'rl.3StKT.4T8M'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return crypt(password, salt)
def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
@ -357,7 +405,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
http://www.sabren.net/code/python/crypt/md5crypt.py
>>> unix_md5_passwd(password='testpass', salt='aD9ZLmkp')
'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61'
u'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61'
"""
def _encode64(value, count):
@ -370,13 +418,13 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
return output
if isinstance(password, unicode):
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(magic, unicode):
if isinstance(magic, six.text_type):
magic = magic.encode(UNICODE_ENCODING)
if isinstance(salt, unicode):
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
salt = salt[:8]
@ -427,7 +475,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
hash_ = hash_ + _encode64((int(ord(final[4])) << 16) | (int(ord(final[10])) << 8) | (int(ord(final[5]))), 4)
hash_ = hash_ + _encode64((int(ord(final[11]))), 2)
return "%s%s$%s" % (magic, salt, hash_)
return "%s%s$%s" % (magic, salt.decode(UNICODE_ENCODING), hash_.decode(UNICODE_ENCODING))
def joomla_passwd(password, salt, **kwargs):
"""
@ -437,6 +485,12 @@ def joomla_passwd(password, salt, **kwargs):
'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
def django_md5_passwd(password, salt, **kwargs):
@ -447,6 +501,12 @@ def django_md5_passwd(password, salt, **kwargs):
'md5$salt$972141bcbcb6a0acc96e92309175b3c5'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "md5$%s$%s" % (salt, md5("%s%s" % (salt, password)).hexdigest())
def django_sha1_passwd(password, salt, **kwargs):
@ -457,6 +517,12 @@ def django_sha1_passwd(password, salt, **kwargs):
'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "sha1$%s$%s" % (salt, sha1("%s%s" % (salt, password)).hexdigest())
def vbulletin_passwd(password, salt, **kwargs):
@ -467,6 +533,12 @@ def vbulletin_passwd(password, salt, **kwargs):
'85c4d8ea77ebef2236fb7e9d24ba9482:salt'
"""
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
if isinstance(salt, six.text_type):
salt = salt.encode(UNICODE_ENCODING)
return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt)
def wordpress_passwd(password, salt, count, prefix, **kwargs):
@ -510,7 +582,7 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
return output
if isinstance(password, unicode):
if isinstance(password, six.text_type):
password = password.encode(UNICODE_ENCODING)
cipher = md5(salt)

1
plugins/generic/databases.py
View File

@ -47,6 +47,7 @@ from lib.request import inject
from lib.techniques.union.use import unionUse
from lib.utils.brute import columnExists
from lib.utils.brute import tableExists
from thirdparty import six
class Databases:
"""