PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-18 20:39:02 +00:00
Code Issues Projects Releases Wiki Activity

Adding experimental option --crack

Browse Source
This commit is contained in:
Miroslav Stampar
2018-12-17 17:38:47 +01:00
parent b288bfdbc3
commit 01d5da18e3
6 changed files with 48 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/controller/controller.py
View File

@@ -71,6 +71,7 @@ from lib.core.settings import REFERER_ALIASES
from lib.core.settings import USER_AGENT_ALIASES
from lib.core.target import initTargetEnv
from lib.core.target import setupTargetEnv
from lib.utils.hash import crackHashFile
def _selectInjection():
"""
@@ -268,6 +269,9 @@ def start():
check if they are dynamic and SQL injection affected
"""
if conf.hashFile:
crackHashFile(conf.hashFile)
if conf.direct:
initTargetEnv()
setupTargetEnv()

16
lib/core/common.py
View File

@@ -4343,19 +4343,23 @@ def hashDBWrite(key, value, serialize=False):
Helper function for writing session data to HashDB
"""
_ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
conf.hashDB.write(_, value, serialize)
if conf.hashDB:
_ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
conf.hashDB.write(_, value, serialize)
def hashDBRetrieve(key, unserialize=False, checkConf=False):
"""
Helper function for restoring session data from HashDB
"""
_ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None
retVal = None
if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):
retVal = None
if conf.hashDB:
_ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None
if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):
retVal = None
return retVal

2
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.12.25"
VERSION = "1.2.12.26"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

6
lib/parse/cmdline.py
View File

@@ -668,6 +668,10 @@ def cmdLineParser(argv=None):
help="Simple wizard interface for beginner users")
# Hidden and/or experimental options
parser.add_option("--crack", dest="hashFile",
help=SUPPRESS_HELP)
#help="Load and crack hashes from a file")
parser.add_option("--dummy", dest="dummy", action="store_true",
help=SUPPRESS_HELP)
@@ -884,7 +888,7 @@ def cmdLineParser(argv=None):
if args.dummy:
args.url = args.url or DUMMY_URL
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)):
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers, args.hashFile)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
errMsg += "Use -h for basic and -hh for advanced help\n"
parser.error(errMsg)

28
lib/utils/hash.py
View File

@@ -1078,7 +1078,8 @@ def dictionaryAttack(attack_dict):
gc.enable()
if retVal:
conf.hashDB.beginTransaction()
if conf.hashDB:
conf.hashDB.beginTransaction()
while not retVal.empty():
user, hash_, word = item = retVal.get(block=False)
@@ -1086,7 +1087,8 @@ def dictionaryAttack(attack_dict):
hashDBWrite(hash_, word)
results.append(item)
conf.hashDB.endTransaction()
if conf.hashDB:
conf.hashDB.endTransaction()
clearConsoleLine()
@@ -1171,15 +1173,17 @@ def dictionaryAttack(attack_dict):
if _multiprocessing:
gc.enable()
if retVal:
conf.hashDB.beginTransaction()
if retVal and conf.hashDB:
if conf.hashDB:
conf.hashDB.beginTransaction()
while not retVal.empty():
user, hash_, word = item = retVal.get(block=False)
hashDBWrite(hash_, word)
results.append(item)
conf.hashDB.endTransaction()
if conf.hashDB:
conf.hashDB.endTransaction()
clearConsoleLine()
@@ -1194,3 +1198,17 @@ def dictionaryAttack(attack_dict):
logger.warn(warnMsg)
return results
def crackHashFile(hashFile):
i = 0
attack_dict = {}
for line in getFileItems(conf.hashFile):
if ':' in line:
user, hash_ = line.split(':', 1)
attack_dict[user] = [hash_]
else:
attack_dict["%s%d" % (DUMMY_USER_PREFIX, i)] = [line]
i += 1
dictionaryAttack(attack_dict)