Adding experimental option --crack

Author: stamparm

lib/controller/controller.py

@@ -71,6 +71,7 @@
 from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
 from lib.core.target import setupTargetEnv
+from lib.utils.hash import crackHashFile
 
 def _selectInjection():
     """
@@ -268,6 +269,9 @@ def start():
     check if they are dynamic and SQL injection affected
     """
 
+    if conf.hashFile:
+        crackHashFile(conf.hashFile)
+
     if conf.direct:
         initTargetEnv()
         setupTargetEnv()

lib/core/common.py

@@ -4343,19 +4343,23 @@ def hashDBWrite(key, value, serialize=False):
     Helper function for writing session data to HashDB
     """
 
-    _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
-    conf.hashDB.write(_, value, serialize)
+    if conf.hashDB:
+        _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
+        conf.hashDB.write(_, value, serialize)
 
 def hashDBRetrieve(key, unserialize=False, checkConf=False):
     """
     Helper function for restoring session data from HashDB
     """
 
-    _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
-    retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None
+    retVal = None
+
+    if conf.hashDB:
+        _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE))
+        retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None
 
-    if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):
-        retVal = None
+        if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)):
+            retVal = None
 
     return retVal
 

lib/core/settings.py

@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.12.25"
+VERSION = "1.2.12.26"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/parse/cmdline.py

@@ -668,6 +668,10 @@ def cmdLineParser(argv=None):
                                  help="Simple wizard interface for beginner users")
 
         # Hidden and/or experimental options
+        parser.add_option("--crack", dest="hashFile",
+                          help=SUPPRESS_HELP)
+                          #help="Load and crack hashes from a file")
+
         parser.add_option("--dummy", dest="dummy", action="store_true",
                           help=SUPPRESS_HELP)
 
@@ -884,7 +888,7 @@ def _(self, *args):
         if args.dummy:
             args.url = args.url or DUMMY_URL
 
-        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)):
+        if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers, args.hashFile)):
             errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). "
             errMsg += "Use -h for basic and -hh for advanced help\n"
             parser.error(errMsg)

lib/utils/hash.py

@@ -1078,15 +1078,17 @@ def dictionaryAttack(attack_dict):
                         gc.enable()
 
                     if retVal:
-                        conf.hashDB.beginTransaction()
+                        if conf.hashDB:
+                            conf.hashDB.beginTransaction()
 
                         while not retVal.empty():
                             user, hash_, word = item = retVal.get(block=False)
                             attack_info = filter(lambda _: _[0][0] != user or _[0][1] != hash_, attack_info)
                             hashDBWrite(hash_, word)
                             results.append(item)
 
-                        conf.hashDB.endTransaction()
+                        if conf.hashDB:
+                            conf.hashDB.endTransaction()
 
             clearConsoleLine()
 
@@ -1171,15 +1173,17 @@ class Value():
                         if _multiprocessing:
                             gc.enable()
 
-                        if retVal:
-                            conf.hashDB.beginTransaction()
+                        if retVal and conf.hashDB:
+                            if conf.hashDB:
+                                conf.hashDB.beginTransaction()
 
                             while not retVal.empty():
                                 user, hash_, word = item = retVal.get(block=False)
                                 hashDBWrite(hash_, word)
                                 results.append(item)
 
-                            conf.hashDB.endTransaction()
+                            if conf.hashDB:
+                                conf.hashDB.endTransaction()
 
                 clearConsoleLine()
 
@@ -1194,3 +1198,17 @@ class Value():
         logger.warn(warnMsg)
 
     return results
+
+def crackHashFile(hashFile):
+    i = 0
+    attack_dict = {}
+
+    for line in getFileItems(conf.hashFile):
+        if ':' in line:
+            user, hash_ = line.split(':', 1)
+            attack_dict[user] = [hash_]
+        else:
+            attack_dict["%s%d" % (DUMMY_USER_PREFIX, i)] = [line]
+            i += 1
+
+    dictionaryAttack(attack_dict)

txt/checksum.md5

@@ -24,12 +24,12 @@ b3e60ea4e18a65c48515d04aab28ff68  extra/sqlharvest/sqlharvest.py
 c1bccc94522d3425a372dcd57f78418e  extra/wafdetectify/wafdetectify.py
 3459c562a6abb9b4bdcc36925f751f3e  lib/controller/action.py
 0f0feede9750be810d2b8a7ab159b7b0  lib/controller/checks.py
-ad968ee04e93f6f850d6b7e5ac0073c5  lib/controller/controller.py
+ae444b08253e10bc4553f011d6100b28  lib/controller/controller.py
 988b548f6578adf9cec17afdeee8291c  lib/controller/handler.py
 1e5532ede194ac9c083891c2f02bca93  lib/controller/__init__.py
 e62309b22a59e60b270e62586f169441  lib/core/agent.py
 c347f085bd561adfa26d3a9512e5f3b9  lib/core/bigarray.py
-a78c563bbaeebd958b25303d83dfe3f2  lib/core/common.py
+ae4bf844c42f9a36ebbe8444e89f7041  lib/core/common.py
 0d082da16c388b3445e656e0760fb582  lib/core/convert.py
 9f87391b6a3395f7f50830b391264f27  lib/core/data.py
 72016ea5c994a711a262fd64572a0fcd  lib/core/datatype.py
@@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-3805f9f360e47798a3e6d4da977c83eb  lib/core/settings.py
+758c731f879a5989288d8809a8d54567  lib/core/settings.py
 a971ce157d04de96ba6e710d3d38a9a8  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 1581be48127a3a7a9fd703359b6e7567  lib/core/target.py
@@ -60,7 +60,7 @@ b35636650cfe721f5cc47fb91737c061  lib/core/update.py
 e772deb63270375e685fa5a7b775c382  lib/core/wordlist.py
 1e5532ede194ac9c083891c2f02bca93  lib/__init__.py
 7620f1f4b8791e13c7184c06b5421754  lib/parse/banner.py
-30d7cbada42154dcbb17f4ca969d812a  lib/parse/cmdline.py
+cfd7938668213fef65a7570997b78403  lib/parse/cmdline.py
 fb2e2f05dde98caeac6ccf3e67192177  lib/parse/configfile.py
 3794ff139869f5ae8e81cfdbe5714f56  lib/parse/handler.py
 6bab53ea9d75bc9bb8169d3e8f3f149f  lib/parse/headers.py
@@ -108,7 +108,7 @@ f9867bbfcd6d31916ca73e72e95fd881  lib/utils/deps.py
 f7af65aa47329d021e2b2cc8521b42a4  lib/utils/getch.py
 7af29f61302c8693cd6436d4b69e22d3  lib/utils/har.py
 1205648d55649accafae2cc77d647aa0  lib/utils/hashdb.py
-4b50c02e803c874c1d03873fd29d63ee  lib/utils/hash.py
+eb2aa3fa9ebdf4cb6ac3e005f7df1e9b  lib/utils/hash.py
 011d2dbf589e0faa0deca61a651239cc  lib/utils/htmlentities.py
 1e5532ede194ac9c083891c2f02bca93  lib/utils/__init__.py
 527409077a094b63c88f3291138b1c81  lib/utils/pivotdumptable.py