Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3e3f037

Browse files
stamparmstamparm
committed
improvement of hash cracking routine
1 parent 4cafc5f commit 3e3f037

1 file changed

Lines changed: 22 additions & 18 deletions

File tree

lib/utils/hash.py

Lines changed: 22 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -247,11 +247,12 @@ def attackCachedUsersPasswords():
247247
if kb.data.cachedUsersPasswords:
248248
results = dictionaryAttack(kb.data.cachedUsersPasswords)
249249

250-
for (user, hash_, password) in results:
251-
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
252-
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\
253-
and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower():
254-
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
250+
for (_, hash_, password) in results:
251+
for user in kb.data.cachedUsersPasswords.keys():
252+
for i in xrange(len(kb.data.cachedUsersPasswords[user])):
253+
if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\
254+
and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower():
255+
kb.data.cachedUsersPasswords[user][i] += "%s clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
255256

256257
def attackDumpedTable():
257258
if kb.data.dumpedTable:
@@ -304,19 +305,20 @@ def attackDumpedTable():
304305
raise sqlmapUserQuitException
305306

306307
results = dictionaryAttack(attack_dict)
308+
lut = dict()
307309

308310
for (_, hash_, password) in results:
309-
if not hash_:
310-
continue
311+
if hash_:
312+
lut[hash_.lower()] = password
311313

312-
for i in xrange(count):
313-
for column in columns:
314-
if not (column == colUser or column == '__infos__' or len(table[column]['values']) <= i):
315-
value = table[column]['values'][i]
314+
for i in xrange(count):
315+
for column in columns:
316+
if not (column == colUser or column == '__infos__' or len(table[column]['values']) <= i):
317+
value = table[column]['values'][i]
316318

317-
if value and value.lower() == hash_.lower():
318-
table[column]['values'][i] += " (%s)" % password
319-
table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i]))
319+
if value and value.lower() in lut:
320+
table[column]['values'][i] += " (%s)" % lut[value.lower()]
321+
table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i]))
320322

321323
def hashRecognition(value):
322324
retVal = None
@@ -459,6 +461,7 @@ def dictionaryAttack(attack_dict):
459461
suffix_list = [""]
460462
hash_regexes = []
461463
results = []
464+
resumes = []
462465
processException = False
463466

464467
for (_, hashes) in attack_dict.items():
@@ -499,8 +502,7 @@ def dictionaryAttack(attack_dict):
499502
elif hash_regex in (HASH.CRYPT_GENERIC):
500503
item = [(user, hash_), {'salt': hash_[0:2]}]
501504

502-
key = hash(repr(item))
503-
if item and key not in keys:
505+
if item and hash_ not in keys:
504506
resumed = conf.hashDB.retrieve(hash_)
505507
if not resumed:
506508
attack_info.append(item)
@@ -509,8 +511,8 @@ def dictionaryAttack(attack_dict):
509511
if user and not user.startswith(DUMMY_USER_PREFIX):
510512
infoMsg += " for user '%s'" % user
511513
logger.info(infoMsg)
512-
results.append((user, hash_, resumed))
513-
keys.add(key)
514+
resumes.append((user, hash_, resumed))
515+
keys.add(hash_)
514516

515517
if not attack_info:
516518
continue
@@ -706,6 +708,8 @@ class Value():
706708

707709
clearConsoleLine()
708710

711+
results.extend(resumes)
712+
709713
if len(hash_regexes) == 0:
710714
warnMsg = "unknown hash format. "
711715
warnMsg += "Please report by e-mail to %s" % ML

0 commit comments

Comments
 (0)