Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 83d7969

Browse files
stamparmstamparm
committed
Couple of patches
1 parent afe497a commit 83d7969

4 files changed

Lines changed: 89 additions & 15 deletions

File tree

lib/core/dump.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@
5050
from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT
5151
from lib.core.settings import VERSION_STRING
5252
from lib.core.settings import WINDOWS_RESERVED_NAMES
53+
from thirdparty import six
5354
from thirdparty.magic import magic
5455

5556
from extra.safe2bin.safe2bin import safechardecode

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
from lib.core.enums import OS
1818

1919
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
20-
VERSION = "1.3.3.68"
20+
VERSION = "1.3.3.69"
2121
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2222
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2323
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/utils/hash.py

Lines changed: 86 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,9 @@ def mysql_passwd(password, uppercase=True):
101101
'*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'
102102
"""
103103

104+
if isinstance(password, six.text_type):
105+
password = password.encode(UNICODE_ENCODING)
106+
104107
retVal = "*%s" % sha1(sha1(password).digest()).hexdigest()
105108

106109
return retVal.upper() if uppercase else retVal.lower()
@@ -139,11 +142,11 @@ def postgres_passwd(password, username, uppercase=False):
139142
'md599e5ea7a6f7c3269995cba3927fd0093'
140143
"""
141144

142-
if isinstance(username, unicode):
143-
username = unicode.encode(username, UNICODE_ENCODING)
145+
if isinstance(username, six.text_type):
146+
username = username.encode(UNICODE_ENCODING)
144147

145-
if isinstance(password, unicode):
146-
password = unicode.encode(password, UNICODE_ENCODING)
148+
if isinstance(password, six.text_type):
149+
password = password.encode(UNICODE_ENCODING)
147150

148151
retVal = "md5%s" % md5(password + username).hexdigest()
149152

@@ -228,11 +231,11 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version '
228231

229232
IV, pad = "\0" * 8, "\0"
230233

231-
if isinstance(username, unicode):
232-
username = unicode.encode(username, UNICODE_ENCODING)
234+
if isinstance(username, six.text_type):
235+
username = username.encode(UNICODE_ENCODING)
233236

234-
if isinstance(password, unicode):
235-
password = unicode.encode(password, UNICODE_ENCODING)
237+
if isinstance(password, six.text_type):
238+
password = password.encode(UNICODE_ENCODING)
236239

237240
unistr = "".join("\0%s" % c for c in (username + password).upper())
238241

@@ -251,6 +254,9 @@ def md5_generic_passwd(password, uppercase=False):
251254
'179ad45c6ce2cb97cf1029e212046e81'
252255
"""
253256

257+
if isinstance(password, six.text_type):
258+
password = password.encode(UNICODE_ENCODING)
259+
254260
retVal = md5(password).hexdigest()
255261

256262
return retVal.upper() if uppercase else retVal.lower()
@@ -261,6 +267,9 @@ def sha1_generic_passwd(password, uppercase=False):
261267
'206c80413b9a96c1312cc346b7d2517b84463edd'
262268
"""
263269

270+
if isinstance(password, six.text_type):
271+
password = password.encode(UNICODE_ENCODING)
272+
264273
retVal = sha1(password).hexdigest()
265274

266275
return retVal.upper() if uppercase else retVal.lower()
@@ -271,6 +280,9 @@ def apache_sha1_passwd(password, **kwargs):
271280
'{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
272281
"""
273282

283+
if isinstance(password, six.text_type):
284+
password = password.encode(UNICODE_ENCODING)
285+
274286
return "{SHA}%s" % base64.b64encode(sha1(password).digest())
275287

276288
def ssha_passwd(password, salt, **kwargs):
@@ -279,6 +291,12 @@ def ssha_passwd(password, salt, **kwargs):
279291
'{SSHA}mU1HPTvnmoXOhE4ROHP6sWfbfoRzYWx0'
280292
"""
281293

294+
if isinstance(password, six.text_type):
295+
password = password.encode(UNICODE_ENCODING)
296+
297+
if isinstance(salt, six.text_type):
298+
salt = salt.encode(UNICODE_ENCODING)
299+
282300
return "{SSHA}%s" % base64.b64encode(sha1(password + salt).digest() + salt)
283301

284302
def ssha256_passwd(password, salt, **kwargs):
@@ -287,6 +305,12 @@ def ssha256_passwd(password, salt, **kwargs):
287305
'{SSHA256}hhubsLrO/Aje9F/kJrgv5ZLE40UmTrVWvI7Dt6InP99zYWx0'
288306
"""
289307

308+
if isinstance(password, six.text_type):
309+
password = password.encode(UNICODE_ENCODING)
310+
311+
if isinstance(salt, six.text_type):
312+
salt = salt.encode(UNICODE_ENCODING)
313+
290314
return "{SSHA256}%s" % base64.b64encode(sha256(password + salt).digest() + salt)
291315

292316
def ssha512_passwd(password, salt, **kwargs):
@@ -295,6 +319,12 @@ def ssha512_passwd(password, salt, **kwargs):
295319
'{SSHA512}mCUSLfPMhXCQOJl9WHW/QMn9v9sjq7Ht/Wk7iVau8vLOfh+PeynkGMikqIE8sStFd0khdfcCD8xZmC6UyjTxsHNhbHQ='
296320
"""
297321

322+
if isinstance(password, six.text_type):
323+
password = password.encode(UNICODE_ENCODING)
324+
325+
if isinstance(salt, six.text_type):
326+
salt = salt.encode(UNICODE_ENCODING)
327+
298328
return "{SSHA512}%s" % base64.b64encode(sha512(password + salt).digest() + salt)
299329

300330
def sha224_generic_passwd(password, uppercase=False):
@@ -303,6 +333,9 @@ def sha224_generic_passwd(password, uppercase=False):
303333
'648db6019764b598f75ab6b7616d2e82563a00eb1531680e19ac4c6f'
304334
"""
305335

336+
if isinstance(password, six.text_type):
337+
password = password.encode(UNICODE_ENCODING)
338+
306339
retVal = sha224(password).hexdigest()
307340

308341
return retVal.upper() if uppercase else retVal.lower()
@@ -313,6 +346,9 @@ def sha256_generic_passwd(password, uppercase=False):
313346
'13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
314347
"""
315348

349+
if isinstance(password, six.text_type):
350+
password = password.encode(UNICODE_ENCODING)
351+
316352
retVal = sha256(password).hexdigest()
317353

318354
return retVal.upper() if uppercase else retVal.lower()
@@ -323,6 +359,9 @@ def sha384_generic_passwd(password, uppercase=False):
323359
'6823546e56adf46849343be991d4b1be9b432e42ed1b4bb90635a0e4b930e49b9ca007bc3e04bf0a4e0df6f1f82769bf'
324360
"""
325361

362+
if isinstance(password, six.text_type):
363+
password = password.encode(UNICODE_ENCODING)
364+
326365
retVal = sha384(password).hexdigest()
327366

328367
return retVal.upper() if uppercase else retVal.lower()
@@ -333,6 +372,9 @@ def sha512_generic_passwd(password, uppercase=False):
333372
'78ddc8555bb1677ff5af75ba5fc02cb30bb592b0610277ae15055e189b77fe3fda496e5027a3d99ec85d54941adee1cc174b50438fdc21d82d0a79f85b58cf44'
334373
"""
335374

375+
if isinstance(password, six.text_type):
376+
password = password.encode(UNICODE_ENCODING)
377+
336378
retVal = sha512(password).hexdigest()
337379

338380
return retVal.upper() if uppercase else retVal.lower()
@@ -349,6 +391,12 @@ def crypt_generic_passwd(password, salt, **kwargs):
349391
'rl.3StKT.4T8M'
350392
"""
351393

394+
if isinstance(password, six.text_type):
395+
password = password.encode(UNICODE_ENCODING)
396+
397+
if isinstance(salt, six.text_type):
398+
salt = salt.encode(UNICODE_ENCODING)
399+
352400
return crypt(password, salt)
353401

354402
def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
@@ -357,7 +405,7 @@ def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
357405
http://www.sabren.net/code/python/crypt/md5crypt.py
358406
359407
>>> unix_md5_passwd(password='testpass', salt='aD9ZLmkp')
360-
'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61'
408+
u'$1$aD9ZLmkp$DRM5a7rRZGyuuOPOjTEk61'
361409
"""
362410

363411
def _encode64(value, count):
@@ -370,13 +418,13 @@ def _encode64(value, count):
370418

371419
return output
372420

373-
if isinstance(password, unicode):
421+
if isinstance(password, six.text_type):
374422
password = password.encode(UNICODE_ENCODING)
375423

376-
if isinstance(magic, unicode):
424+
if isinstance(magic, six.text_type):
377425
magic = magic.encode(UNICODE_ENCODING)
378426

379-
if isinstance(salt, unicode):
427+
if isinstance(salt, six.text_type):
380428
salt = salt.encode(UNICODE_ENCODING)
381429

382430
salt = salt[:8]
@@ -427,7 +475,7 @@ def _encode64(value, count):
427475
hash_ = hash_ + _encode64((int(ord(final[4])) << 16) | (int(ord(final[10])) << 8) | (int(ord(final[5]))), 4)
428476
hash_ = hash_ + _encode64((int(ord(final[11]))), 2)
429477

430-
return "%s%s$%s" % (magic, salt, hash_)
478+
return "%s%s$%s" % (magic, salt.decode(UNICODE_ENCODING), hash_.decode(UNICODE_ENCODING))
431479

432480
def joomla_passwd(password, salt, **kwargs):
433481
"""
@@ -437,6 +485,12 @@ def joomla_passwd(password, salt, **kwargs):
437485
'e3d5794da74e917637332e0d21b76328:6GGlnaquVXI80b3HRmSyE3K1wEFFaBIf'
438486
"""
439487

488+
if isinstance(password, six.text_type):
489+
password = password.encode(UNICODE_ENCODING)
490+
491+
if isinstance(salt, six.text_type):
492+
salt = salt.encode(UNICODE_ENCODING)
493+
440494
return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
441495

442496
def django_md5_passwd(password, salt, **kwargs):
@@ -447,6 +501,12 @@ def django_md5_passwd(password, salt, **kwargs):
447501
'md5$salt$972141bcbcb6a0acc96e92309175b3c5'
448502
"""
449503

504+
if isinstance(password, six.text_type):
505+
password = password.encode(UNICODE_ENCODING)
506+
507+
if isinstance(salt, six.text_type):
508+
salt = salt.encode(UNICODE_ENCODING)
509+
450510
return "md5$%s$%s" % (salt, md5("%s%s" % (salt, password)).hexdigest())
451511

452512
def django_sha1_passwd(password, salt, **kwargs):
@@ -457,6 +517,12 @@ def django_sha1_passwd(password, salt, **kwargs):
457517
'sha1$salt$6ce0e522aba69d8baa873f01420fccd0250fc5b2'
458518
"""
459519

520+
if isinstance(password, six.text_type):
521+
password = password.encode(UNICODE_ENCODING)
522+
523+
if isinstance(salt, six.text_type):
524+
salt = salt.encode(UNICODE_ENCODING)
525+
460526
return "sha1$%s$%s" % (salt, sha1("%s%s" % (salt, password)).hexdigest())
461527

462528
def vbulletin_passwd(password, salt, **kwargs):
@@ -467,6 +533,12 @@ def vbulletin_passwd(password, salt, **kwargs):
467533
'85c4d8ea77ebef2236fb7e9d24ba9482:salt'
468534
"""
469535

536+
if isinstance(password, six.text_type):
537+
password = password.encode(UNICODE_ENCODING)
538+
539+
if isinstance(salt, six.text_type):
540+
salt = salt.encode(UNICODE_ENCODING)
541+
470542
return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt)
471543

472544
def wordpress_passwd(password, salt, count, prefix, **kwargs):
@@ -510,7 +582,7 @@ def _encode64(input_, count):
510582

511583
return output
512584

513-
if isinstance(password, unicode):
585+
if isinstance(password, six.text_type):
514586
password = password.encode(UNICODE_ENCODING)
515587

516588
cipher = md5(salt)

plugins/generic/databases.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@
4747
from lib.techniques.union.use import unionUse
4848
from lib.utils.brute import columnExists
4949
from lib.utils.brute import tableExists
50+
from thirdparty import six
5051

5152
class Databases:
5253
"""

0 commit comments

Comments
 (0)