important update for dictionary attack

stamparm · stamparm · commit 3873d204bb16 · 2011-01-15T15:56:11.000Z
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -175,3 +175,6 @@
                         )
 
 META_CHARSET_REGEX  = r'<meta http-equiv="Content-Type" content="[^"]*?charset=(?P<result>[^"]+)" />'
+
+# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html
+COMMON_PASSWORD_SUFFIXES = ["", "1", "2", "123", "12", "3", "7", "07", "11", "4", "5", "!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
@@ -34,6 +34,7 @@
 from lib.core.enums import DBMS
 from lib.core.enums import HASH
 from lib.core.exception import sqlmapUserQuitException
+from lib.core.settings import COMMON_PASSWORD_SUFFIXES
 from lib.core.settings import DUMMY_USER_PREFIX
 
 def mysql_passwd(password, uppercase=True):
@@ -336,86 +337,113 @@ def dictionaryAttack(attack_dict):
             logger.info(infoMsg)
             kb.wordlist = getFileItems(dictpath, None, False)
 
+        message = "do you want to use common password suffixes? (slow!) [y/N] "
+        test = readInput(message, default="N")
+
+        suffix_list = [""]
+        if test[0] in ("y", "Y"):
+            suffix_list = COMMON_PASSWORD_SUFFIXES
+
         infoMsg = "starting dictionary attack (%s)" % __functions__[hash_regex].func_name
         logger.info(infoMsg)
 
         for item in attack_info:
             ((user, _), _) = item
             kb.wordlist.append(getUnicode(user))
 
-        length = len(kb.wordlist)
+        length = len(kb.wordlist) * len(suffix_list)
 
         if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
             count = 0
 
-            for word in kb.wordlist:
-                count += 1
+            for suffix in suffix_list:
+                for word in kb.wordlist:
+                    count += 1
+
+                    if suffix:
+                        word = word + suffix
 
-                try:
-                    current = __functions__[hash_regex](password = word, uppercase = False)
+                    try:
+                        current = __functions__[hash_regex](password = word, uppercase = False)
 
-                    for item in attack_info:
-                        ((user, hash_), _) = item
+                        for item in attack_info:
+                            ((user, hash_), _) = item
 
-                        if hash_ == current:
-                            results.append((user, hash_, word))
-                            clearConsoleLine()
+                            if hash_ == current:
+                                results.append((user, hash_, word))
+                                clearConsoleLine()
 
-                            infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
+                                infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
 
-                            if user and not user.startswith(DUMMY_USER_PREFIX):
-                                infoMsg += " for user: '%s'\n" % user
-                            else:
-                                infoMsg += " for hash: '%s'\n" % hash_
+                                if user and not user.startswith(DUMMY_USER_PREFIX):
+                                    infoMsg += " for user: '%s'\n" % user
+                                else:
+                                    infoMsg += " for hash: '%s'\n" % hash_
 
-                            dataToStdout(infoMsg, True)
+                                dataToStdout(infoMsg, True)
 
-                            attack_info.remove(item)
+                                attack_info.remove(item)
 
-                        elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
-                            status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
-                            dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
+                            elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
+                                status = '%d/%d words (%d%s)' % (count, length, round(100.0*count/length), '%')
+                                dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
 
-                except:
-                    warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
-                    warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
-                    logger.critical(warnMsg)
+                    except KeyboardInterrupt:
+                        raise
+
+                    except:
+                        warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
+                        warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
+                        logger.critical(warnMsg)
 
             clearConsoleLine()
 
         else:
             for ((user, hash_), kwargs) in attack_info:
                 count = 0
+                found = False
 
-                for word in kb.wordlist:
-                    current = __functions__[hash_regex](password = word, uppercase = False, **kwargs)
-                    count += 1
-                    try:
-                        if hash_ == current:
-                            if regex == HASH.ORACLE_OLD: #only for cosmetic purposes
-                                word = word.upper()
-                            results.append((user, hash_, word))
-                            clearConsoleLine()
+                for suffix in suffix_list:
+                    if found:
+                        break
 
-                            infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
+                    for word in kb.wordlist:
+                        current = __functions__[hash_regex](password = word, uppercase = False, **kwargs)
+                        count += 1
 
-                            if user and not user.startswith(DUMMY_USER_PREFIX):
-                                infoMsg += " for user: '%s'\n" % user
-                            else:
-                                infoMsg += " for hash: '%s'\n" % hash_
+                        if suffix:
+                            word = word + suffix
 
-                            dataToStdout(infoMsg, True)
+                        try:
+                            if hash_ == current:
+                                if regex == HASH.ORACLE_OLD: #only for cosmetic purposes
+                                    word = word.upper()
+                                results.append((user, hash_, word))
+                                clearConsoleLine()
 
-                            break
+                                infoMsg = "[%s] [INFO] found: '%s'" % (time.strftime("%X"), word)
 
-                        elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
-                            status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
-                            dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
+                                if user and not user.startswith(DUMMY_USER_PREFIX):
+                                    infoMsg += " for user: '%s'\n" % user
+                                else:
+                                    infoMsg += " for hash: '%s'\n" % hash_
 
-                    except:
-                        warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
-                        warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
-                        logger.critical(warnMsg)
+                                dataToStdout(infoMsg, True)
+
+                                found = True
+                                break
+
+                            elif count % 1117 == 0 or count == length or hash_regex in (HASH.ORACLE_OLD):
+                                status = '%d/%d words (%d%s) (user: %s)' % (count, length, round(100.0*count/length), '%', user)
+                                dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
+
+                        except KeyboardInterrupt:
+                            raise
+
+                        except:
+                            warnMsg = "there was a problem while hashing entry: %s. " % repr(word)
+                            warnMsg += "Please report by e-mail to sqlmap-users@lists.sourceforge.net."
+                            logger.critical(warnMsg)
 
                 clearConsoleLine()
 

Original file line number	Diff line number	Diff line change
`@@ -175,3 +175,6 @@`
`175`	`175`	`)`
`176`	`176`
`177`	`177`	`META_CHARSET_REGEX = r'<meta http-equiv="Content-Type" content="[^"]*?charset=(?P<result>[^"]+)" />'`
	`178`	`+`
	`179`	`+# Reference: http://www.the-interweb.com/serendipity/index.php?/archives/94-A-brief-analysis-of-40,000-leaked-MySpace-passwords.html`
	`180`	`+COMMON_PASSWORD_SUFFIXES = ["", "1", "2", "123", "12", "3", "7", "07", "11", "4", "5", "!", ".", "*", "!!", "?", ";", "..", "!!!", ",", "@"]`