mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 13:41:10 +03:00 
			
		
		
		
	implementation of Standard DES hashing (crypt)
This commit is contained in:
		
							parent
							
								
									04c4578df7
								
							
						
					
					
						commit
						afe2be6a9f
					
				|  | @ -53,15 +53,16 @@ class NULLCONNECTION: | |||
|     RANGE   = "Range" | ||||
| 
 | ||||
| class HASH: | ||||
|     MYSQL        = r'(?i)\A\*[0-9a-f]{40}\Z' | ||||
|     MYSQL_OLD    = r'(?i)\A[0-9a-f]{16}\Z' | ||||
|     POSTGRES     = r'(?i)\Amd5[0-9a-f]{32}\Z' | ||||
|     MSSQL        = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z' | ||||
|     MSSQL_OLD    = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z' | ||||
|     ORACLE       = r'(?i)\As:[0-9a-f]{60}\Z' | ||||
|     ORACLE_OLD   = r'(?i)\A[01-9a-f]{16}\Z' | ||||
|     MD5_GENERIC  = r'(?i)\A[0-9a-f]{32}\Z' | ||||
|     SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z' | ||||
|     MYSQL         = r'(?i)\A\*[0-9a-f]{40}\Z' | ||||
|     MYSQL_OLD     = r'(?i)\A[0-9a-f]{16}\Z' | ||||
|     POSTGRES      = r'(?i)\Amd5[0-9a-f]{32}\Z' | ||||
|     MSSQL         = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z' | ||||
|     MSSQL_OLD     = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z' | ||||
|     ORACLE        = r'(?i)\As:[0-9a-f]{60}\Z' | ||||
|     ORACLE_OLD    = r'(?i)\A[01-9a-f]{16}\Z' | ||||
|     MD5_GENERIC   = r'(?i)\A[0-9a-f]{32}\Z' | ||||
|     SHA1_GENERIC  = r'(?i)\A[0-9a-f]{40}\Z' | ||||
|     CRYPT_GENERIC = r'(?i)\A[./0-9A-Za-z]{13}\Z' | ||||
| 
 | ||||
| class HTTPHEADER: | ||||
|     ACCEPT_ENCODING     = "Accept-Encoding" | ||||
|  |  | |||
|  | @ -36,6 +36,7 @@ from lib.core.enums import HASH | |||
| from lib.core.exception import sqlmapUserQuitException | ||||
| from lib.core.settings import COMMON_PASSWORD_SUFFIXES | ||||
| from lib.core.settings import DUMMY_USER_PREFIX | ||||
| from lib.core.settings import IS_WIN | ||||
| from lib.core.settings import LIST_EMAIL | ||||
| from lib.core.settings import UNICODE_ENCODING | ||||
| 
 | ||||
|  | @ -186,6 +187,22 @@ def sha1_generic_passwd(password, uppercase=False): | |||
| 
 | ||||
|     return retVal.upper() if uppercase else retVal.lower() | ||||
| 
 | ||||
| def crypt_generic_passwd(password, salt, uppercase=False): | ||||
|     """ | ||||
|     Reference(s): | ||||
|         http://docs.python.org/library/crypt.html | ||||
|         http://helpful.knobs-dials.com/index.php/Hashing_notes | ||||
|         http://php.net/manual/en/function.crypt.php | ||||
|         http://carey.geek.nz/code/python-fcrypt/ | ||||
| 
 | ||||
|     >>> crypt_generic_passwd(password='rasmuslerdorf', salt='rl', uppercase=False) | ||||
|     'rl.3StKT.4T8M' | ||||
|     """ | ||||
| 
 | ||||
|     retVal = crypt.crypt(password, salt) | ||||
| 
 | ||||
|     return retVal.upper() if uppercase else retVal.lower() | ||||
| 
 | ||||
| __functions__ = { | ||||
|                     HASH.MYSQL: mysql_passwd,  | ||||
|                     HASH.MYSQL_OLD: mysql_old_passwd, | ||||
|  | @ -195,7 +212,8 @@ __functions__ = { | |||
|                     HASH.ORACLE: oracle_passwd, | ||||
|                     HASH.ORACLE_OLD: oracle_old_passwd,  | ||||
|                     HASH.MD5_GENERIC: md5_generic_passwd,  | ||||
|                     HASH.SHA1_GENERIC: sha1_generic_passwd | ||||
|                     HASH.SHA1_GENERIC: sha1_generic_passwd, | ||||
|                     HASH.CRYPT_GENERIC: crypt_generic_passwd | ||||
|                 } | ||||
| 
 | ||||
| def attackCachedUsersPasswords(): | ||||
|  | @ -324,6 +342,17 @@ def dictionaryAttack(attack_dict): | |||
|                     elif hash_regex in (HASH.MSSQL, HASH.MSSQL_OLD): | ||||
|                         attack_info.append([(user, hash_), {'salt': hash_[6:14]}]) | ||||
| 
 | ||||
|                     elif hash_regex in (HASH.CRYPT_GENERIC): | ||||
|                         if IS_WIN: | ||||
|                             warnMsg = "attack on '%s' is not available for Windows platform" % __functions__[hash_regex].func_name | ||||
|                             logger.warning(warnMsg) | ||||
|                         else: | ||||
|                             import crypt | ||||
|                             attack_info.append([(user, hash_), {'salt': hash_[0:2]}]) | ||||
| 
 | ||||
|         if not attack_info: | ||||
|             continue | ||||
| 
 | ||||
|         if not kb.wordlist: | ||||
|             if hash_regex == HASH.ORACLE_OLD: #it's the slowest of all methods hence smaller default dict | ||||
|                 message = "what's the dictionary's location? [%s]" % paths.ORACLE_DEFAULT_PASSWD | ||||
|  | @ -355,7 +384,7 @@ def dictionaryAttack(attack_dict): | |||
| 
 | ||||
|         length = len(kb.wordlist) * len(suffix_list) | ||||
| 
 | ||||
|         if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC): | ||||
|         if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.CRYPT_GENERIC): | ||||
|             count = 0 | ||||
| 
 | ||||
|             for suffix in suffix_list: | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user