PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-01 12:29:04 +00:00
Code Issues Projects Releases Wiki Activity

more code refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2010-11-23 14:50:47 +00:00
parent 3cae76627c
commit aa5d038f18
4 changed files with 532 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/core/common.py
View File

@@ -663,7 +663,8 @@ def setPaths():
paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
paths.SQL_KEYWORDS = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt")
paths.WORDLIST_TXT = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.txt")
paths.ORACLE_DEFAULT_PASSWD = os.path.join(paths.SQLMAP_TXT_PATH, "oracle-default-passwords.txt")
paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.txt")
paths.PHPIDS_RULES_XML = os.path.join(paths.SQLMAP_XML_PATH, "phpids_rules.xml")
paths.ERRORS_XML = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
paths.INJECTIONS_XML = os.path.join(paths.SQLMAP_XML_PATH, "injections.xml")
@@ -1607,10 +1608,13 @@ def logHTTPTraffic(requestLogMsg, responseLogMsg):
kb.locks.reqLock.release()
def getPublicTypeMembers(type_):
"""
Useful for getting members from types (e.g. in enums)
"""
retVal = []
for name, value in getmembers(type_):
if not name.startswith('__'):
retVal.append((name, value))
return retVal
return retVal

2
lib/core/enums.py
View File

@@ -50,6 +50,6 @@ class HASH:
MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z'
MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z'
ORACLE = r'(?i)\As:[0-9a-f]{60}\Z'
ORACLE_OLD = r'(?i)\A[0-9a-f]{16}\Z'
ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'

48
lib/utils/hash.py
View File

@@ -16,6 +16,7 @@ from zipfile import ZipFile
from extra.pydes.pyDes import des
from extra.pydes.pyDes import CBC
from lib.core.common import checkFile
from lib.core.common import conf
from lib.core.common import dataToStdout
from lib.core.common import getFileItems
@@ -191,11 +192,23 @@ def dictionaryAttack():
hash_ = hash_.split()[0]
for _, regex in getPublicTypeMembers(HASH):
if re.match(regex, hash_):
for name, regex in getPublicTypeMembers(HASH):
if kb.dbms == DBMS.ORACLE and regex == HASH.MYSQL_OLD:
continue
elif kb.dbms == DBMS.MYSQL and regex == HASH.ORACLE_OLD:
continue
elif re.match(regex, hash_):
rehash = regex
infoMsg = "using hash method: '%s'" % name
logger.info(infoMsg)
break
if rehash:
break
if rehash:
break
if rehash:
for (user, hashes) in kb.data.cachedUsersPasswords.items():
for hash_ in hashes:
@@ -207,7 +220,7 @@ def dictionaryAttack():
if re.match(rehash, hash_):
hash_ = hash_.lower()
if rehash in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC) and kb.dbms != DBMS.ORACLE:
if rehash in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
attack_info.append([(user, hash_), {}])
elif rehash in (HASH.ORACLE_OLD, HASH.POSTGRES):
attack_info.append([(user, hash_), {'username': user}])
@@ -216,16 +229,26 @@ def dictionaryAttack():
elif rehash in (HASH.MSSQL, HASH.MSSQL_OLD):
attack_info.append([(user, hash_), {'salt': hash_[6:14]}])
infoMsg = "loading dictionary from: '%s'" % paths.WORDLIST_TXT
if rehash == HASH.ORACLE_OLD: #it's the slowest of all methods hence smaller default dict
message = "what's the dictionary's location? [%s]" % paths.ORACLE_DEFAULT_PASSWD
dictpath = readInput(message, default=paths.ORACLE_DEFAULT_PASSWD)
else:
message = "what's the dictionary's location? [%s]" % paths.WORDLIST
dictpath = readInput(message, default=paths.WORDLIST)
checkFile(dictpath)
infoMsg = "loading dictionary from: '%s'" % dictpath
logger.info(infoMsg)
wordlist = getFileItems(paths.WORDLIST_TXT, None, False)
wordlist = getFileItems(dictpath, None, False)
infoMsg = "running dictionary attack"
logger.info(infoMsg)
length = len(wordlist)
if rehash in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC) and kb.dbms != DBMS.ORACLE:
if rehash in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
count = 0
for word in wordlist:
count += 1
@@ -233,7 +256,7 @@ def dictionaryAttack():
for item in attack_info:
((user, hash_), _) = item
if count % 1117 == 0 or count == length:
if count % 1117 == 0 or count == length or rehash in (HASH.ORACLE_OLD):
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True)
@@ -242,6 +265,7 @@ def dictionaryAttack():
#dataToStdout("\r[%s] [INFO] found: %s:%s\n" % (time.strftime("%X"), user, word), True)
attack_info.remove(item)
dataToStdout("\n", True)
else:
for ((user, hash_), kwargs) in attack_info:
count = 0
@@ -249,8 +273,8 @@ def dictionaryAttack():
current = __functions__[rehash](password = word, uppercase = False, **kwargs)
count += 1
if count % 1117 == 0 or count == length:
status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
if count % 1117 == 0 or count == length or rehash in (HASH.ORACLE_OLD):
status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True)
if hash_ == current:
@@ -258,9 +282,13 @@ def dictionaryAttack():
#dataToStdout("\r[%s] [INFO] found: %s:%s\n" % (time.strftime("%X"), user, word), True)
break
dataToStdout("\n", True)
dataToStdout("\n", True)
blank = " "
for (user, hash_, password) in results:
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower():
kb.data.cachedUsersPasswords[user][i] += "%s%spassword: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', blank, password)
else:
errMsg = "hash format unrecognized"
logger.error(errMsg)