Speeding up oracle_old_passwd if PyCrypto available

This commit is contained in:
Miroslav Stampar 2022-04-05 01:00:02 +02:00
parent 5b2c0f0d46
commit cd76f8863b
2 changed files with 20 additions and 8 deletions

View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.6.4.0"
VERSION = "1.6.4.1"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -12,6 +12,13 @@ try:
except: # removed ImportError because of https://github.com/sqlmapproject/sqlmap/issues/3171
from thirdparty.fcrypt.fcrypt import crypt
try:
from Crypto.Cipher.DES import MODE_CBC as CBC
from Crypto.Cipher.DES import new as des
except:
from thirdparty.pydes.pyDes import CBC
from thirdparty.pydes.pyDes import des
_multiprocessing = None
import base64
@ -80,8 +87,6 @@ from lib.core.settings import UNICODE_ENCODING
from lib.core.wordlist import Wordlist
from thirdparty import six
from thirdparty.colorama.initialise import init as coloramainit
from thirdparty.pydes.pyDes import CBC
from thirdparty.pydes.pyDes import des
from thirdparty.six.moves import queue as _queue
def mysql_passwd(password, uppercase=True):
@ -219,10 +224,17 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version '
'F894844C34402B67'
"""
IV, pad = "\0" * 8, "\0"
IV, pad = b"\0" * 8, b"\0"
unistr = b"".join((b"\0" + _.encode(UNICODE_ENCODING)) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in (username + password).upper())
if des.__module__ == "Crypto.Cipher.DES":
unistr += b"\0" * ((8 - len(unistr) % 8) & 7)
cipher = des(decodeHex("0123456789ABCDEF"), CBC, iv=IV)
encrypted = cipher.encrypt(unistr)
cipher = des(encrypted[-8:], CBC, iv=IV)
encrypted = cipher.encrypt(unistr)
else:
cipher = des(decodeHex("0123456789ABCDEF"), CBC, IV, pad)
encrypted = cipher.encrypt(unistr)
cipher = des(encrypted[-8:], CBC, IV, pad)