From cd76f8863b4b730e9ba1886acd04bf93840042f5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 5 Apr 2022 01:00:02 +0200 Subject: [PATCH] Speeding up oracle_old_passwd if PyCrypto available --- lib/core/settings.py | 2 +- lib/utils/hash.py | 26 +++++++++++++++++++------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 330d22c3f..c1a9c37c0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.6.4.0" +VERSION = "1.6.4.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 36429802f..c1df2d22c 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -12,6 +12,13 @@ try: except: # removed ImportError because of https://github.com/sqlmapproject/sqlmap/issues/3171 from thirdparty.fcrypt.fcrypt import crypt +try: + from Crypto.Cipher.DES import MODE_CBC as CBC + from Crypto.Cipher.DES import new as des +except: + from thirdparty.pydes.pyDes import CBC + from thirdparty.pydes.pyDes import des + _multiprocessing = None import base64 @@ -80,8 +87,6 @@ from lib.core.settings import UNICODE_ENCODING from lib.core.wordlist import Wordlist from thirdparty import six from thirdparty.colorama.initialise import init as coloramainit -from thirdparty.pydes.pyDes import CBC -from thirdparty.pydes.pyDes import des from thirdparty.six.moves import queue as _queue def mysql_passwd(password, uppercase=True): @@ -219,14 +224,21 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version ' 'F894844C34402B67' """ - IV, pad = "\0" * 8, "\0" + IV, pad = b"\0" * 8, b"\0" unistr = b"".join((b"\0" + _.encode(UNICODE_ENCODING)) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in (username + password).upper()) - cipher = des(decodeHex("0123456789ABCDEF"), CBC, IV, pad) - encrypted = cipher.encrypt(unistr) - cipher = des(encrypted[-8:], CBC, IV, pad) - encrypted = cipher.encrypt(unistr) + if des.__module__ == "Crypto.Cipher.DES": + unistr += b"\0" * ((8 - len(unistr) % 8) & 7) + cipher = des(decodeHex("0123456789ABCDEF"), CBC, iv=IV) + encrypted = cipher.encrypt(unistr) + cipher = des(encrypted[-8:], CBC, iv=IV) + encrypted = cipher.encrypt(unistr) + else: + cipher = des(decodeHex("0123456789ABCDEF"), CBC, IV, pad) + encrypted = cipher.encrypt(unistr) + cipher = des(encrypted[-8:], CBC, IV, pad) + encrypted = cipher.encrypt(unistr) retVal = encodeHex(encrypted[-8:], binary=False)