One more commit for #552 (--passwords)

This commit is contained in:
Miroslav Stampar 2016-09-26 16:38:03 +02:00
parent aa0b97b562
commit 978f56ad10
4 changed files with 25 additions and 19 deletions

View File

@ -19,7 +19,7 @@ from lib.core.enums import OS
from lib.core.revision import getRevisionNumber
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.9.33"
VERSION = "1.0.9.34"
REVISION = getRevisionNumber()
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}

View File

@ -252,6 +252,9 @@ class Users:
if user in retrievedUsers:
continue
if Backend.isDbms(DBMS.INFORMIX):
count = 1
else:
infoMsg = "fetching number of password hashes "
infoMsg += "for user '%s'" % user
logger.info(infoMsg)
@ -283,11 +286,14 @@ class Users:
query = rootQuery.blind.query2 % (user, index, user)
else:
query = rootQuery.blind.query % (user, index, user)
elif Backend.isDbms(DBMS.INFORMIX):
query = rootQuery.blind.query % (user,)
else:
query = rootQuery.blind.query % (user, index)
password = unArrayizeValue(inject.getValue(query, union=False, error=False))
password = parsePasswordHash(password)
passwords.append(password)
if passwords:

View File

@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py
5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py
99a2b496b9d5b546b335653ca801153f lib/core/revision.py
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
55a79706107d51efb7ed0a771f80e58e lib/core/settings.py
2d29c71e80997841c3acb700de58f331 lib/core/settings.py
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py
@ -213,7 +213,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e plugins/generic/__init__.py
7b3e044a7fca497278d79883697089b7 plugins/generic/search.py
73f8d047dbbcff307d62357836e382e6 plugins/generic/syntax.py
da3ebc20998af02e3d952d0417a67792 plugins/generic/takeover.py
078434ac78aaa539526031ebdd5556f2 plugins/generic/users.py
d35f994664fb7a7fcee656633dfb31ed plugins/generic/users.py
cc9c82cfffd8ee9b25ba3af6284f057e plugins/__init__.py
b04db3e861edde1f9dd0a3850d5b96c8 shell/backdoor.asp_
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoor.aspx_
@ -455,4 +455,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml
96adb9bfbab867d221974d3ddb303cb6 xml/payloads/stacked_queries.xml
c8b152ecebf04ec997e52c6c78cbd488 xml/payloads/time_blind.xml
033b39025e8ee0f302935f6db3a39e77 xml/payloads/union_query.xml
3365321fc0217e148c2fa8a217cbfc5e xml/queries.xml
1587a02322a96ac48973e782d6fedf73 xml/queries.xml

View File

@ -749,8 +749,8 @@
<blind query="SELECT SKIP %d LIMIT 1 USERNAME FROM SYSUSERS ORDER BY USERNAME" count="SELECT COUNT(USERNAME) FROM SYSUSERS"/>
</users>
<passwords>
<inband query="SELECT USERNAME,HASHED_PASSWORD,SALT FROM SYSUSER:SYSINTAUTHUSERS" condition="USERNAME"/>
<blind query="SELECT HASHED_PASSWORD FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'" query2="SELECT SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'"/>
<inband query="SELECT USERNAME,HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS" condition="USERNAME"/>
<blind query="SELECT HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'"/>
</passwords>
<privileges>
<inband query="SELECT USERNAME,USERTYPE FROM SYSUSERS" condition="USERNAME"/>