sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

some updates regarding hash attack

Browse Source
This commit is contained in:
Miroslav Stampar 2011-10-26 10:30:32 +00:00
parent f41ae9cf49
commit 8d668b1833
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/utils/hash.py
View File

@ -305,17 +305,16 @@ def attackDumpedTable():
results = dictionaryAttack(attack_dict) results = dictionaryAttack(attack_dict)
for (user, hash_, password) in results: for (_, hash_, password) in results:
if not hash_:
continue
for i in xrange(count): for i in xrange(count):
for column in columns: for column in columns:
if column == colUser or column == '__infos__': if not (column == colUser or column == '__infos__' or len(table[column]['values']) <= i):
continue
if len(table[column]['values']) <= i:
continue
value = table[column]['values'][i] value = table[column]['values'][i]
if all(map(lambda x: x, [value, hash_])) and value.lower() == hash_.lower(): if value and value.lower() == hash_.lower():
table[column]['values'][i] += " (%s)" % password table[column]['values'][i] += " (%s)" % password
table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i])) table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i]))
@ -481,11 +480,9 @@ def dictionaryAttack(attack_dict):
if not hash_: if not hash_:
continue continue
hash_ = hash_.split()[0] hash_ = hash_.split()[0].lower()
if getCompiledRegex(hash_regex).match(hash_): if getCompiledRegex(hash_regex).match(hash_):
hash_ = hash_.lower()
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC): if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
attack_info.append([(user, hash_), {}]) attack_info.append([(user, hash_), {}])
@ -556,7 +553,7 @@ def dictionaryAttack(attack_dict):
for item in attack_info: for item in attack_info:
((user, _), _) = item ((user, _), _) = item
if user: if user and not user.startswith(DUMMY_USER_PREFIX):
kb.wordlist.append(normalizeUnicode(user)) kb.wordlist.append(normalizeUnicode(user))
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC): if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):