Minor drei update

2025-12-06 12:41:30 +00:00 · 2019-05-02 17:35:56 +02:00
parent ff968c2331
commit 291b491c3e
9 changed files with 33 additions and 60 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -1758,7 +1758,7 @@ def getFileType(filePath):
    """

    try:
-        desc = magic.from_file(filePath) or ""
+        desc = getUnicode(magic.from_file(filePath) or "")
    except:
        return "unknown"

--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@@ -145,8 +145,8 @@ def utf8decode(value):
    """
    Returns UTF-8 representation of the supplied 8-bit string representation

-    >>> utf8decode(b'foobar')
-    u'foobar'
+    >>> utf8decode(b'foobar') == u'foobar'
+    True
    """

    retVal = value
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.4"
+VERSION = "1.3.5.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -269,46 +269,46 @@ def sha1_generic_passwd(password, uppercase=False):

 def apache_sha1_passwd(password, **kwargs):
    """
-    >>> apache_sha1_passwd(password='testpass')
-    '{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
+    >>> apache_sha1_passwd(password='testpass') == '{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
+    True
    """

    password = getBytes(password)

-    return "{SHA}%s" % base64.b64encode(sha1(password).digest())
+    return "{SHA}%s" % getUnicode(base64.b64encode(sha1(password).digest()))

 def ssha_passwd(password, salt, **kwargs):
    """
-    >>> ssha_passwd(password='testpass', salt='salt')
-    '{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'
+    >>> ssha_passwd(password='testpass', salt='salt') == '{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'
+    True
    """

    password = getBytes(password)
    salt = getBytes(salt)

-    return "{SSHA}%s" % base64.b64encode(sha1(password + salt).digest() + salt)
+    return "{SSHA}%s" % getUnicode(base64.b64encode(sha1(password + salt).digest() + salt))

 def ssha256_passwd(password, salt, **kwargs):
    """
-    >>> ssha256_passwd(password='testpass', salt='salt')
-    '{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'
+    >>> ssha256_passwd(password='testpass', salt='salt') == '{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'
+    True
    """

    password = getBytes(password)
    salt = getBytes(salt)

-    return "{SSHA256}%s" % base64.b64encode(sha256(password + salt).digest() + salt)
+    return "{SSHA256}%s" % getUnicode(base64.b64encode(sha256(password + salt).digest() + salt))

 def ssha512_passwd(password, salt, **kwargs):
    """
-    >>> ssha512_passwd(password='testpass', salt='salt')
-    '{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='
+    >>> ssha512_passwd(password='testpass', salt='salt') == '{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='
+    True
    """

    password = getBytes(password)
    salt = getBytes(salt)

-    return "{SSHA512}%s" % base64.b64encode(sha512(password + salt).digest() + salt)
+    return "{SSHA512}%s" % getUnicode(base64.b64encode(sha512(password + salt).digest() + salt))

 def sha224_generic_passwd(password, uppercase=False):
    """
@@ -316,9 +316,7 @@ def sha224_generic_passwd(password, uppercase=False):
    '648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f'
    """

-    password = getBytes(password)
-
-    retVal = sha224(password).hexdigest()
+    retVal = sha224(getBytes(password)).hexdigest()

    return retVal.upper() if uppercase else retVal.lower()

@@ -328,9 +326,7 @@ def sha256_generic_passwd(password, uppercase=False):
    '13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
    """

-    password = getBytes(password)
-
-    retVal = sha256(password).hexdigest()
+    retVal = sha256(getBytes(password)).hexdigest()

    return retVal.upper() if uppercase else retVal.lower()

@@ -340,9 +336,7 @@ def sha384_generic_passwd(password, uppercase=False):
    '6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf'
    """

-    password = getBytes(password)
-
-    retVal = sha384(password).hexdigest()
+    retVal = sha384(getBytes(password)).hexdigest()

    return retVal.upper() if uppercase else retVal.lower()

@@ -352,9 +346,7 @@ def sha512_generic_passwd(password, uppercase=False):
    '78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44'
    """

-    password = getBytes(password)
-
-    retVal = sha512(password).hexdigest()
+    retVal = sha512(getBytes(password)).hexdigest()

    return retVal.upper() if uppercase else retVal.lower()

@@ -366,13 +358,10 @@ def crypt_generic_passwd(password, salt, **kwargs):
        http://php.net/manual/en/function.crypt.php
        http://carey.geek.nz/code/python-fcrypt/

-    >>> crypt_generic_passwd(password='rasmuslerdorf', salt='rl', uppercase=False)
-    'rl.3StKT.4T8M'
+    >>> crypt_generic_passwd(password='rasmuslerdorf', salt='rl', uppercase=False) == 'rl.3StKT.4T8M'
+    True
    """

-    password = getBytes(password)
-    salt = getBytes(salt)
-
    return crypt(password, salt)

 def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
@@ -411,15 +400,15 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
    i = len(password)
    while i:
        if i & 1:
-            ctx = ctx + chr(0)  # if ($i & 1) { $ctx->add(pack("C", 0)); }
+            ctx = ctx + b'\x00'  # if ($i & 1) { $ctx->add(pack("C", 0)); }
        else:
-            ctx = ctx + password[0]
+            ctx = ctx + password[0:1]
        i = i >> 1

    final = md5(ctx).digest()

    for i in xrange(1000):
-        ctx1 = ""
+        ctx1 = b""

        if i & 1:
            ctx1 = ctx1 + password
@@ -456,10 +445,7 @@ def joomla_passwd(password, salt, **kwargs):
    'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf'
    """

-    password = getBytes(password)
-    salt = getBytes(salt)
-
-    return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
+    return "%s:%s" % (md5(b"%s%s" % (getBytes(password), getBytes(salt))).hexdigest(), salt)

 def django_md5_passwd(password, salt, **kwargs):
    """
@@ -469,10 +455,7 @@ def django_md5_passwd(password, salt, **kwargs):
    'md5$salt$972141bcbcb6a0acc96e92309175b3c5'
    """

-    password = getBytes(password)
-    salt = getBytes(salt)
-
-    return "md5$%s$%s" % (salt, md5("%s%s" % (salt, password)).hexdigest())
+    return "md5$%s$%s" % (salt, md5(b"%s%s" % (getBytes(salt), getBytes(password))).hexdigest())

 def django_sha1_passwd(password, salt, **kwargs):
    """
@@ -482,10 +465,7 @@ def django_sha1_passwd(password, salt, **kwargs):
    'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2'
    """

-    password = getBytes(password)
-    salt = getBytes(salt)
-
-    return "sha1$%s$%s" % (salt, sha1("%s%s" % (salt, password)).hexdigest())
+    return "sha1$%s$%s" % (salt, sha1(b"%s%s" % (getBytes(salt), getBytes(password))).hexdigest())

 def vbulletin_passwd(password, salt, **kwargs):
    """
@@ -495,10 +475,7 @@ def vbulletin_passwd(password, salt, **kwargs):
    '85c4d8ea77ebef2236fb7e9d24ba9482:salt'
    """

-    password = getBytes(password)
-    salt = getBytes(salt)
-
-    return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt)
+    return "%s:%s" % (md5(b"%s%s" % (binascii.hexlify(md5(getBytes(password)).digest()), getBytes(salt))).hexdigest(), salt)

 def wordpress_passwd(password, salt, count, prefix, **kwargs):
    """
@@ -515,12 +492,12 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
        i = 0

        while i < count:
-            value = ord(input_[i])
+            value = (input_[i] if isinstance(input_[i], int) else ord(input_[i]))
            i += 1
            output = output + ITOA64[value & 0x3f]

            if i < count:
-                value = value | (ord(input_[i]) << 8)
+                value = value | ((input_[i] if isinstance(input_[i], int) else ord(input_[i])) << 8)

            output = output + ITOA64[(value >> 6) & 0x3f]

@@ -529,7 +506,7 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
                break

            if i < count:
-                value = value | (ord(input_[i]) << 16)
+                value = value | ((input_[i] if isinstance(input_[i], int) else ord(input_[i])) << 16)

            output = output + ITOA64[(value >> 12) & 0x3f]

@@ -542,6 +519,7 @@ def wordpress_passwd(password, salt, count, prefix, **kwargs):
        return output

    password = getBytes(password)
+    salt = getBytes(salt)

    cipher = md5(salt)
    cipher.update(password)
--- a/plugins/dbms/h2/syntax.py
+++ b/plugins/dbms/h2/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """

 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax

 class Syntax(GenericSyntax):
--- a/plugins/dbms/hsqldb/syntax.py
+++ b/plugins/dbms/hsqldb/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """

 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax

 class Syntax(GenericSyntax):
--- a/plugins/dbms/mssqlserver/syntax.py
+++ b/plugins/dbms/mssqlserver/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """

 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax

 class Syntax(GenericSyntax):
--- a/plugins/dbms/oracle/syntax.py
+++ b/plugins/dbms/oracle/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """

 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax

 class Syntax(GenericSyntax):
--- a/plugins/dbms/sybase/syntax.py
+++ b/plugins/dbms/sybase/syntax.py
@@ -6,7 +6,6 @@ See the file 'LICENSE' for copying permission
 """

 from lib.core.common import getOrds
-from lib.core.compat import xrange
 from plugins.generic.syntax import Syntax as GenericSyntax

 class Syntax(GenericSyntax):