diff --git a/lib/core/settings.py b/lib/core/settings.py index d8dc4a402..1814d7fdf 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.3.5.6" +VERSION = "1.3.5.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py index 2ae1c71b0..6265fbd34 100644 --- a/lib/core/wordlist.py +++ b/lib/core/wordlist.py @@ -11,8 +11,9 @@ import zipfile from lib.core.common import getSafeExString from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapInstallationException +from thirdparty import six -class Wordlist(object): +class Wordlist(six.Iterator): """ Iterator for looping over a large dictionaries """ @@ -63,7 +64,7 @@ class Wordlist(object): self.fp.close() self.fp = None - def next(self): + def __next__(self): retVal = None while True: self.counter += 1 diff --git a/lib/utils/hash.py b/lib/utils/hash.py index d7f998616..e9780be3a 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -703,20 +703,19 @@ def attackDumpedTable(): def hashRecognition(value): retVal = None - if six.PY2: # currently only supported on Python2 - isOracle, isMySQL = Backend.isDbms(DBMS.ORACLE), Backend.isDbms(DBMS.MYSQL) + isOracle, isMySQL = Backend.isDbms(DBMS.ORACLE), Backend.isDbms(DBMS.MYSQL) - if isinstance(value, six.string_types): - for name, regex in getPublicTypeMembers(HASH): - # Hashes for Oracle and old MySQL look the same hence these checks - if isOracle and regex == HASH.MYSQL_OLD or isMySQL and regex == HASH.ORACLE_OLD: + if isinstance(value, six.string_types): + for name, regex in getPublicTypeMembers(HASH): + # Hashes for Oracle and old MySQL look the same hence these checks + if isOracle and regex == HASH.MYSQL_OLD or isMySQL and regex == HASH.ORACLE_OLD: + continue + elif regex == HASH.CRYPT_GENERIC: + if any((value.lower() == value, value.upper() == value)): continue - elif regex == HASH.CRYPT_GENERIC: - if any((value.lower() == value, value.upper() == value)): - continue - elif re.match(regex, value): - retVal = regex - break + elif re.match(regex, value): + retVal = regex + break return retVal @@ -737,7 +736,9 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc count += 1 - if not isinstance(word, six.string_types): + if isinstance(word, six.binary_type): + word = getUnicode(word) + elif not isinstance(word, six.string_types): continue if suffix: @@ -812,7 +813,9 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found count += 1 - if not isinstance(word, six.string_types): + if isinstance(word, six.binary_type): + word = getUnicode(word) + elif not isinstance(word, six.string_types): continue if suffix: