From 7cf4ba83dc329e1607a0b84d003e5463b9e471f6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 29 Mar 2011 12:08:07 +0000 Subject: [PATCH] minor refactoring and comment update --- lib/core/settings.py | 9 ++++++++- lib/utils/hash.py | 7 +++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e2f1aaf73..351c53807 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -211,14 +211,17 @@ SQL_STATEMENTS = { "rollback ", ), } +# Regular expressions used for parsing error messages (--parse-errors) ERROR_PARSING_REGEXES = ( r"[^<]*(fatal|error|warning|exception)[^<]*:?\s*(?P.+?)", r"
  • Error Type:
    (?P.+?)
    • ", r"error '[0-9a-f]{8}'((<[^>]+>)|\s)+(?P[^<>]+)" ) +# Regular expression used for parsing charset info from meta html headers META_CHARSET_REGEX = r']+charset=(?P[^">]+)' +# Regular expression used for parsing empty fields in tested form data EMPTY_FORM_FIELDS_REGEX = r'(?P[^=]+=(&|\Z))' # Reference: http://www.cs.ru.nl/bachelorscripties/2010/Martin_Devillers___0437999___Analyzing_password_strength.pdf @@ -281,4 +284,8 @@ URLENCODE_FAILSAFE_CHARS = '()|,' # maximum length of urlencoded value after which failsafe procedure takes away URLENCODE_CHAR_LIMIT = 4000 -DEFAULT_MSSQL_SCHEMA = 'dbo' \ No newline at end of file +# default schema for Microsoft SQL Server DBMS +DEFAULT_MSSQL_SCHEMA = 'dbo' + +# display hash attack info every mod number of items +HASH_MOD_ITEM_DISPLAY = 1117 diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 322f8c7e4..bae9335f4 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -42,6 +42,7 @@ from lib.core.enums import HASH from lib.core.exception import sqlmapUserQuitException from lib.core.settings import COMMON_PASSWORD_SUFFIXES from lib.core.settings import DUMMY_USER_PREFIX +from lib.core.settings import HASH_MOD_ITEM_DISPLAY from lib.core.settings import IS_WIN from lib.core.settings import LIST_EMAIL from lib.core.settings import UNICODE_ENCODING @@ -422,11 +423,12 @@ def dictionaryAttack(attack_dict): attack_info.remove(item) - elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD) or hash_regex == HASH.CRYPT_GENERIC and IS_WIN: + elif count % HASH_MOD_ITEM_DISPLAY == 0 or count == length or hash_regex in (HASH.ORACLE_OLD) or hash_regex == HASH.CRYPT_GENERIC and IS_WIN: status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%') dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) except KeyboardInterrupt: + print warnMsg = "Ctrl+C detected in dictionary attack phase" logger.warn(warnMsg) return results @@ -472,13 +474,14 @@ def dictionaryAttack(attack_dict): found = True break - elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD) or hash_regex == HASH.CRYPT_GENERIC and IS_WIN: + elif count % HASH_MOD_ITEM_DISPLAY == 0 or count == length or hash_regex in (HASH.ORACLE_OLD) or hash_regex == HASH.CRYPT_GENERIC and IS_WIN: status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%') if not user.startswith(DUMMY_USER_PREFIX): status += ' (user: %s)' % user dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) except KeyboardInterrupt: + print warnMsg = "Ctrl+C detected in dictionary attack phase" logger.warn(warnMsg) return results