Update for an Issue #272

stamparm · stamparm · commit d4b5133df741 · 2012-12-04T17:04:32.000+01:00
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
@@ -61,6 +61,7 @@
 from lib.core.settings import IS_WIN
 from lib.core.settings import ITOA64
 from lib.core.settings import ML
+from lib.core.settings import NULL
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import ROTATING_CHARS
 from lib.core.wordlist import Wordlist
@@ -314,14 +315,15 @@ def storeHashesToFile(attack_dict):
     with open(filename, "w+") as f:
         for user, hashes in attack_dict.items():
             for hash_ in hashes:
+                if not hash_ or hash_ == NULL or not hashRecognition(hash_):
+                    continue
                 if user and not user.startswith(DUMMY_USER_PREFIX):
                     f.write("%s:%s\n" % (user.encode(UNICODE_ENCODING), hash_.encode(UNICODE_ENCODING)))
                 else:
                     f.write("%s\n" % hash_.encode(UNICODE_ENCODING))
 
 def attackCachedUsersPasswords():
     if kb.data.cachedUsersPasswords:
-        storeHashesToFile(kb.data.cachedUsersPasswords)
         results = dictionaryAttack(kb.data.cachedUsersPasswords)
 
         for (_, hash_, password) in results:
diff --git a/plugins/generic/users.py b/plugins/generic/users.py
@@ -40,6 +40,7 @@
 from lib.core.threads import getCurrentThreadData
 from lib.request import inject
 from lib.utils.hash import attackCachedUsersPasswords
+from lib.utils.hash import storeHashesToFile
 from lib.utils.pivotdumptable import pivotDumpTable
 
 class Users:
@@ -300,6 +301,8 @@ def getPasswordHashes(self):
             for user in kb.data.cachedUsersPasswords:
                 kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user]))
 
+        storeHashesToFile(kb.data.cachedUsersPasswords)
+
         message = "do you want to perform a dictionary-based attack "
         message += "against retrieved password hashes? [Y/n/q]"
         test = readInput(message, default="Y")
