sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-14 15:14:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for an Issue #379

Browse Source
This commit is contained in:
Miroslav Stampar 2013-02-04 17:43:58 +01:00
parent 6cab3d4759
commit c5ae967fe0
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/utils/hash.py
View File

@ -334,12 +334,17 @@ def attackCachedUsersPasswords():
if kb.data.cachedUsersPasswords:
results = dictionaryAttack(kb.data.cachedUsersPasswords)
lut = {}
for (_, hash_, password) in results:
for user in kb.data.cachedUsersPasswords.keys():
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\
and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower():
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
lut[hash_.lower()] = password
for user in kb.data.cachedUsersPasswords.keys():
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
_ = kb.data.cachedUsersPasswords[user][i]
if _:
hash_ = _.split()[0].lower()
if hash_ in lut and "clear-text password" not in _:
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[hash_])
def attackDumpedTable():
if kb.data.dumpedTable: