sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor improvement to --passwords output

Browse Source
This commit is contained in:
Bernardo Damele 2011-08-02 09:04:34 +00:00
parent cb0981d858
commit c15439ab7f
3 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/THANKS
View File

@ -521,6 +521,9 @@ Kyprianos Vasilopoulos <kyprianos.vasilopoulos@gmail.com>
Carlos Gabriel Vergara <carlosgabrielvergara@gmail.com> Carlos Gabriel Vergara <carlosgabrielvergara@gmail.com>
for suggesting couple of good features for suggesting couple of good features
Ed Williams <ed.williams@ngssecure.com>
for suggesting a minor enhancement
Anthony Zboralski <anthony.zboralski@bellua.com> Anthony Zboralski <anthony.zboralski@bellua.com>
for providing with detailed feedback for providing with detailed feedback
for reporting a few minor bugs for reporting a few minor bugs

10
lib/utils/hash.py
View File

@ -260,6 +260,7 @@ def attackDumpedTable():
count = table["__infos__"]["count"] count = table["__infos__"]["count"]
colUser = '' colUser = ''
colPasswords = set()
attack_dict = {} attack_dict = {}
for column in columns: for column in columns:
@ -286,8 +287,11 @@ def attackDumpedTable():
else: else:
attack_dict['%s%d' % (DUMMY_USER_PREFIX, i)] = [value] attack_dict['%s%d' % (DUMMY_USER_PREFIX, i)] = [value]
colPasswords.add(column)
if attack_dict: if attack_dict:
message = "recognized possible password hashes. Do you want to " message = "recognized possible password hashes in column%s " % ("s" if len(colPasswords) > 1 else "")
message += "%s. Do you want to " % ", ".join(col for col in colPasswords)
message += "crack them via a dictionary-based attack? [Y/n/q]" message += "crack them via a dictionary-based attack? [Y/n/q]"
test = readInput(message, default="Y") test = readInput(message, default="Y")
@ -595,7 +599,7 @@ def dictionaryAttack(attack_dict):
except KeyboardInterrupt: except KeyboardInterrupt:
print print
processException = True processException = True
warnMsg = "user aborted during dictionary attack phase" warnMsg = "user aborted during dictionary-based attack phase"
logger.warn(warnMsg) logger.warn(warnMsg)
while not retVal.empty(): while not retVal.empty():
@ -662,7 +666,7 @@ def dictionaryAttack(attack_dict):
except KeyboardInterrupt: except KeyboardInterrupt:
print print
processException = True processException = True
warnMsg = "user aborted during dictionary attack phase" warnMsg = "user aborted during dictionary-based attack phase"
logger.warn(warnMsg) logger.warn(warnMsg)
while not retVal.empty(): while not retVal.empty():

3
plugins/generic/enumeration.py
View File

@ -386,7 +386,8 @@ class Enumeration:
errMsg += "system database table)" errMsg += "system database table)"
raise sqlmapNoneDataException, errMsg raise sqlmapNoneDataException, errMsg
message = "do you want to use dictionary attack on retrieved password hashes? [Y/n/q]" message = "do you want to perform a dictionary-based attack "
message += "against retrieved password hashes? [Y/n/q]"
test = readInput(message, default="Y") test = readInput(message, default="Y")
if test[0] in ("n", "N"): if test[0] in ("n", "N"):