From d4b5133df741ed1580eece52d84c1637de167fc2 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 4 Dec 2012 17:04:32 +0100
Subject: [PATCH] Update for an Issue #272

---
 lib/utils/hash.py        | 4 +++-
 plugins/generic/users.py | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index f349eaa4c..f925c5e1a 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -61,6 +61,7 @@ from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD
 from lib.core.settings import IS_WIN
 from lib.core.settings import ITOA64
 from lib.core.settings import ML
+from lib.core.settings import NULL
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import ROTATING_CHARS
 from lib.core.wordlist import Wordlist
@@ -314,6 +315,8 @@ def storeHashesToFile(attack_dict):
     with open(filename, "w+") as f:
         for user, hashes in attack_dict.items():
             for hash_ in hashes:
+                if not hash_ or hash_ == NULL or not hashRecognition(hash_):
+                    continue
                 if user and not user.startswith(DUMMY_USER_PREFIX):
                     f.write("%s:%s\n" % (user.encode(UNICODE_ENCODING), hash_.encode(UNICODE_ENCODING)))
                 else:
@@ -321,7 +324,6 @@ def storeHashesToFile(attack_dict):
 
 def attackCachedUsersPasswords():
     if kb.data.cachedUsersPasswords:
-        storeHashesToFile(kb.data.cachedUsersPasswords)
         results = dictionaryAttack(kb.data.cachedUsersPasswords)
 
         for (_, hash_, password) in results:
diff --git a/plugins/generic/users.py b/plugins/generic/users.py
index 4bb7c9547..c68bcbe36 100644
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@@ -40,6 +40,7 @@ from lib.core.exception import sqlmapUserQuitException
 from lib.core.threads import getCurrentThreadData
 from lib.request import inject
 from lib.utils.hash import attackCachedUsersPasswords
+from lib.utils.hash import storeHashesToFile
 from lib.utils.pivotdumptable import pivotDumpTable
 
 class Users:
@@ -300,6 +301,8 @@ class Users:
             for user in kb.data.cachedUsersPasswords:
                 kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user]))
 
+        storeHashesToFile(kb.data.cachedUsersPasswords)
+
         message = "do you want to perform a dictionary-based attack "
         message += "against retrieved password hashes? [Y/n/q]"
         test = readInput(message, default="Y")