PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-15 20:29:04 +00:00
Code Issues Projects Releases Wiki Activity

More DREI updates

Browse Source
This commit is contained in:
Miroslav Stampar
2019-05-08 12:28:50 +02:00
parent 1241a025a2
commit 09aba3b5ce
16 changed files with 65 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/utils/api.py
View File

@@ -737,7 +737,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non
DataStore.password = password
dbgMsg = "Example client access from command line:"
dbgMsg += "\n\t$ taskid=$(curl http://%s:%d/task/new 2>1 | grep -o -I '[a-f0-9]\{16\}') && echo $taskid" % (host, port)
dbgMsg += "\n\t$ taskid=$(curl http://%s:%d/task/new 2>1 | grep -o -I '[a-f0-9]\\{16\\}') && echo $taskid" % (host, port)
dbgMsg += "\n\t$ curl -H \"Content-Type: application/json\" -X POST -d '{\"url\": \"http://testphp.vulnweb.com/artists.php?artist=1\"}' http://%s:%d/scan/$taskid/start" % (host, port)
dbgMsg += "\n\t$ curl http://%s:%d/scan/$taskid/data" % (host, port)
dbgMsg += "\n\t$ curl http://%s:%d/scan/$taskid/log" % (host, port)

5
lib/utils/crawler.py
View File

@@ -20,6 +20,7 @@ from lib.core.common import readInput
from lib.core.common import safeCSValue
from lib.core.common import urldecode
from lib.core.compat import xrange
from lib.core.convert import htmlunescape
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@@ -90,7 +91,7 @@ def crawl(target):
tags = soup('a')
if not tags:
tags = re.finditer(r'(?i)<a[^>]+href="(?P<href>[^>"]+)"', content)
tags = re.finditer(r'(?i)<a[^>]+href=["\'](?P<href>[^>"\']+)', content)
for tag in tags:
href = tag.get("href") if hasattr(tag, "get") else tag.group("href")
@@ -98,7 +99,7 @@ def crawl(target):
if href:
if threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID:
current = threadData.lastRedirectURL[1]
url = _urllib.parse.urljoin(current, href)
url = _urllib.parse.urljoin(current, htmlunescape(href))
# flag to know if we are dealing with the same target host
_ = checkSameHost(url, target)

18
lib/utils/hash.py
View File

@@ -162,7 +162,7 @@ def mssql_passwd(password, salt, uppercase=False):
"""
binsalt = decodeHex(salt)
unistr = b"".join(b"%s\0" % _.encode(UNICODE_ENCODING) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)
unistr = b"".join((_.encode(UNICODE_ENCODING) + b"\0") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)
retVal = "0100%s%s" % (salt, sha1(unistr + binsalt).hexdigest())
@@ -180,7 +180,7 @@ def mssql_old_passwd(password, salt, uppercase=True): # prior to version '2005'
"""
binsalt = decodeHex(salt)
unistr = b"".join(b"%s\0" % _.encode(UNICODE_ENCODING) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)
unistr = b"".join((_.encode(UNICODE_ENCODING) + b"\0") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)
retVal = "0100%s%s%s" % (salt, sha1(unistr + binsalt).hexdigest(), sha1(unistr.upper() + binsalt).hexdigest())
@@ -196,7 +196,7 @@ def mssql_new_passwd(password, salt, uppercase=False):
"""
binsalt = decodeHex(salt)
unistr = b"".join(b"%s\0" % _.encode(UNICODE_ENCODING) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)
unistr = b"".join((_.encode(UNICODE_ENCODING) + b"\0") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password)
retVal = "0200%s%s" % (salt, sha512(unistr + binsalt).hexdigest())
@@ -231,7 +231,7 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version '
IV, pad = "\0" * 8, "\0"
unistr = b"".join(b"\0%s" % _.encode(UNICODE_ENCODING) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in (username + password).upper())
unistr = b"".join((b"\0" + _.encode(UNICODE_ENCODING)) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in (username + password).upper())
cipher = des(decodeHex("0123456789ABCDEF"), CBC, IV, pad)
encrypted = cipher.encrypt(unistr)
@@ -434,7 +434,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
hash_ = hash_ + _encode64((int(ord(final[4:5])) << 16) | (int(ord(final[10:11])) << 8) | (int(ord(final[5:6]))), 4)
hash_ = hash_ + _encode64((int(ord(final[11:12]))), 2)
return getText(b"%s%s$%s" % (magic, salt, getBytes(hash_)))
return getText(magic + salt + b'$' + getBytes(hash_))
def joomla_passwd(password, salt, **kwargs):
"""
@@ -444,7 +444,7 @@ def joomla_passwd(password, salt, **kwargs):
'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf'
"""
return "%s:%s" % (md5(b"%s%s" % (getBytes(password), getBytes(salt))).hexdigest(), salt)
return "%s:%s" % (md5(getBytes(password) + getBytes(salt)).hexdigest(), salt)
def django_md5_passwd(password, salt, **kwargs):
"""
@@ -454,7 +454,7 @@ def django_md5_passwd(password, salt, **kwargs):
'md5$salt$972141bcbcb6a0acc96e92309175b3c5'
"""
return "md5$%s$%s" % (salt, md5(b"%s%s" % (getBytes(salt), getBytes(password))).hexdigest())
return "md5$%s$%s" % (salt, md5(getBytes(salt) + getBytes(password)).hexdigest())
def django_sha1_passwd(password, salt, **kwargs):
"""
@@ -464,7 +464,7 @@ def django_sha1_passwd(password, salt, **kwargs):
'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2'
"""
return "sha1$%s$%s" % (salt, sha1(b"%s%s" % (getBytes(salt), getBytes(password))).hexdigest())
return "sha1$%s$%s" % (salt, sha1(getBytes(salt) + getBytes(password)).hexdigest())
def vbulletin_passwd(password, salt, **kwargs):
"""
@@ -474,7 +474,7 @@ def vbulletin_passwd(password, salt, **kwargs):
'85c4d8ea77ebef2236fb7e9d24ba9482:salt'
"""
return "%s:%s" % (md5(b"%s%s" % (binascii.hexlify(md5(getBytes(password)).digest()), getBytes(salt))).hexdigest(), salt)
return "%s:%s" % (md5(binascii.hexlify(md5(getBytes(password)).digest()) + getBytes(salt)).hexdigest(), salt)
def wordpress_passwd(password, salt, count, prefix, **kwargs):
"""