PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

hello big tables, this is sqlmap, sqlmap this is big tables

Browse Source
This commit is contained in:
Miroslav Stampar
2011-07-24 09:19:33 +00:00
parent 82e1e61554
commit ec1bc0219c
8 changed files with 108 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/utils/hash.py
View File

@@ -33,13 +33,12 @@ from zipfile import ZipFile
from extra.pydes.pyDes import des
from extra.pydes.pyDes import CBC
from lib.core.common import Backend
from lib.core.common import checkFile
from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
from lib.core.common import getCompiledRegex
from lib.core.common import getFileItems
from lib.core.common import Backend
from lib.core.common import getCompiledRegex
from lib.core.common import getPublicTypeMembers
from lib.core.common import normalizeUnicode
from lib.core.common import paths
@@ -252,6 +251,8 @@ def attackCachedUsersPasswords():
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
def attackDumpedTable():
isOracle, isMySQL = Backend.isDbms(DBMS.ORACLE), Backend.isDbms(DBMS.MYSQL)
if kb.data.dumpedTable:
table = kb.data.dumpedTable
columns = table.keys()
@@ -275,7 +276,7 @@ def attackDumpedTable():
value = table[column]['values'][i]
if hashRecognition(value):
if hashRecognition(value, isOracle, isMySQL):
if colUser:
if table[colUser]['values'][i] not in attack_dict:
attack_dict[table[colUser]['values'][i]] = []
@@ -310,15 +311,15 @@ def attackDumpedTable():
table[column]['values'][i] += " (%s)" % password
table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i]))
def hashRecognition(value):
def hashRecognition(value, isOracle=False, isMySQL=False):
retVal = None
if isinstance(value, basestring):
for name, regex in getPublicTypeMembers(HASH):
# Hashes for Oracle and old MySQL look the same hence these checks
if Backend.isDbms(DBMS.ORACLE) and regex == HASH.MYSQL_OLD:
if isOracle and regex == HASH.MYSQL_OLD:
continue
elif Backend.isDbms(DBMS.MYSQL) and regex == HASH.ORACLE_OLD:
elif isMySQL and regex == HASH.ORACLE_OLD:
continue
elif regex == HASH.CRYPT_GENERIC:
if any([getCompiledRegex(GENERAL_IP_ADDRESS_REGEX).match(value), value.lower() == value, value.upper() == value, value.isdigit()]):