Minor improvement to --passwords output

2024-11-22 01:26:42 +03:00 · 2011-08-02 09:04:34 +00:00 · 2011-08-02 09:04:34 +00:00 · c15439ab7f
commit c15439ab7f
parent cb0981d858
3 changed files with 12 additions and 4 deletions
--- a/doc/THANKS
+++ b/doc/THANKS
@ -521,6 +521,9 @@ Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
 Carlos Gabriel Vergara <carlosgabrielvergara@gmail.com>
    for suggesting couple of good features

+Ed Williams <ed.williams@ngssecure.com>
+    for suggesting a minor enhancement
+
 Anthony Zboralski <anthony.zboralski@bellua.com>
    for providing with detailed feedback
    for reporting a few minor bugs
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@ -260,6 +260,7 @@ def attackDumpedTable():
        count = table["__infos__"]["count"]

        colUser = ''
+        colPasswords = set()
        attack_dict = {}

        for column in columns:
@ -286,8 +287,11 @@ def attackDumpedTable():
                    else:
                        attack_dict['%s%d' % (DUMMY_USER_PREFIX, i)] = [value]

+                    colPasswords.add(column)
+
        if attack_dict:
-            message = "recognized possible password hashes. Do you want to "
+            message = "recognized possible password hashes in column%s " % ("s" if len(colPasswords) > 1 else "")
+            message += "%s. Do you want to " % ", ".join(col for col in colPasswords)
            message += "crack them via a dictionary-based attack? [Y/n/q]"
            test = readInput(message, default="Y")

@ -595,7 +599,7 @@ def dictionaryAttack(attack_dict):
                except KeyboardInterrupt:
                    print
                    processException = True
-                    warnMsg = "user aborted during dictionary attack phase"
+                    warnMsg = "user aborted during dictionary-based attack phase"
                    logger.warn(warnMsg)

                while not retVal.empty():
@ -662,7 +666,7 @@ def dictionaryAttack(attack_dict):
                    except KeyboardInterrupt:
                        print
                        processException = True
-                        warnMsg = "user aborted during dictionary attack phase"
+                        warnMsg = "user aborted during dictionary-based attack phase"
                        logger.warn(warnMsg)

                    while not retVal.empty():
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -386,7 +386,8 @@ class Enumeration:
            errMsg += "system database table)"
            raise sqlmapNoneDataException, errMsg

-        message = "do you want to use dictionary attack on retrieved password hashes? [Y/n/q]"
+        message = "do you want to perform a dictionary-based attack "
+        message += "against retrieved password hashes? [Y/n/q]"
        test = readInput(message, default="Y")

        if test[0] in ("n", "N"):