mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
One more commit for #552 (--passwords)
This commit is contained in:
parent
aa0b97b562
commit
978f56ad10
|
@ -19,7 +19,7 @@ from lib.core.enums import OS
|
|||
from lib.core.revision import getRevisionNumber
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.0.9.33"
|
||||
VERSION = "1.0.9.34"
|
||||
REVISION = getRevisionNumber()
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
|
|
|
@ -252,22 +252,25 @@ class Users:
|
|||
if user in retrievedUsers:
|
||||
continue
|
||||
|
||||
infoMsg = "fetching number of password hashes "
|
||||
infoMsg += "for user '%s'" % user
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.blind.count2 % user
|
||||
if Backend.isDbms(DBMS.INFORMIX):
|
||||
count = 1
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
infoMsg = "fetching number of password hashes "
|
||||
infoMsg += "for user '%s'" % user
|
||||
logger.info(infoMsg)
|
||||
|
||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
query = rootQuery.blind.count2 % user
|
||||
else:
|
||||
query = rootQuery.blind.count % user
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
warnMsg = "unable to retrieve the number of password "
|
||||
warnMsg += "hashes for user '%s'" % user
|
||||
logger.warn(warnMsg)
|
||||
continue
|
||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
if not isNumPosStrValue(count):
|
||||
warnMsg = "unable to retrieve the number of password "
|
||||
warnMsg += "hashes for user '%s'" % user
|
||||
logger.warn(warnMsg)
|
||||
continue
|
||||
|
||||
infoMsg = "fetching password hashes for user '%s'" % user
|
||||
logger.info(infoMsg)
|
||||
|
@ -283,11 +286,14 @@ class Users:
|
|||
query = rootQuery.blind.query2 % (user, index, user)
|
||||
else:
|
||||
query = rootQuery.blind.query % (user, index, user)
|
||||
elif Backend.isDbms(DBMS.INFORMIX):
|
||||
query = rootQuery.blind.query % (user,)
|
||||
else:
|
||||
query = rootQuery.blind.query % (user, index)
|
||||
|
||||
password = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
password = parsePasswordHash(password)
|
||||
|
||||
passwords.append(password)
|
||||
|
||||
if passwords:
|
||||
|
|
|
@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py
|
|||
5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py
|
||||
99a2b496b9d5b546b335653ca801153f lib/core/revision.py
|
||||
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
|
||||
55a79706107d51efb7ed0a771f80e58e lib/core/settings.py
|
||||
2d29c71e80997841c3acb700de58f331 lib/core/settings.py
|
||||
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
|
||||
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
|
||||
0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py
|
||||
|
@ -213,7 +213,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e plugins/generic/__init__.py
|
|||
7b3e044a7fca497278d79883697089b7 plugins/generic/search.py
|
||||
73f8d047dbbcff307d62357836e382e6 plugins/generic/syntax.py
|
||||
da3ebc20998af02e3d952d0417a67792 plugins/generic/takeover.py
|
||||
078434ac78aaa539526031ebdd5556f2 plugins/generic/users.py
|
||||
d35f994664fb7a7fcee656633dfb31ed plugins/generic/users.py
|
||||
cc9c82cfffd8ee9b25ba3af6284f057e plugins/__init__.py
|
||||
b04db3e861edde1f9dd0a3850d5b96c8 shell/backdoor.asp_
|
||||
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoor.aspx_
|
||||
|
@ -455,4 +455,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml
|
|||
96adb9bfbab867d221974d3ddb303cb6 xml/payloads/stacked_queries.xml
|
||||
c8b152ecebf04ec997e52c6c78cbd488 xml/payloads/time_blind.xml
|
||||
033b39025e8ee0f302935f6db3a39e77 xml/payloads/union_query.xml
|
||||
3365321fc0217e148c2fa8a217cbfc5e xml/queries.xml
|
||||
1587a02322a96ac48973e782d6fedf73 xml/queries.xml
|
||||
|
|
|
@ -749,8 +749,8 @@
|
|||
<blind query="SELECT SKIP %d LIMIT 1 USERNAME FROM SYSUSERS ORDER BY USERNAME" count="SELECT COUNT(USERNAME) FROM SYSUSERS"/>
|
||||
</users>
|
||||
<passwords>
|
||||
<inband query="SELECT USERNAME,HASHED_PASSWORD,SALT FROM SYSUSER:SYSINTAUTHUSERS" condition="USERNAME"/>
|
||||
<blind query="SELECT HASHED_PASSWORD FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'" query2="SELECT SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'"/>
|
||||
<inband query="SELECT USERNAME,HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS" condition="USERNAME"/>
|
||||
<blind query="SELECT HASHED_PASSWORD||':'||SALT FROM SYSUSER:SYSINTAUTHUSERS WHERE USERNAME='%s'"/>
|
||||
</passwords>
|
||||
<privileges>
|
||||
<inband query="SELECT USERNAME,USERTYPE FROM SYSUSERS" condition="USERNAME"/>
|
||||
|
|
Loading…
Reference in New Issue
Block a user