Re: [sqlmap-users] BUG Finding passwords
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] BUG Finding passwords
|
From: Miroslav S. <mir...@gm...> - 2011-03-10 20:43:21
|
hi again thank you for your report and find it fixed in the latest commit (r3405) kr On Thu, Mar 10, 2011 at 9:05 PM, <and...@gm...> wrote: > I can pass the full execution that I was trying but it got to be later. :) > > Not on pc rigth now. > > AS > > > -----Original Message----- > From: Miroslav Stampar <mir...@gm...> > Date: Thu, 10 Mar 2011 21:00:13 > To: <and...@gm...> > Subject: Re: [sqlmap-users] BUG Finding passwords > > i believe i was able to reproduce it > > i'll report you back when fixed > > kr > > On Thu, Mar 10, 2011 at 8:57 PM, Miroslav Stampar > <mir...@gm...> wrote: >> in that case could you please in lib/utils/hash.py put the part >> between #### and report the last INFO you get before crash: >> >> def mssql_passwd(password, salt, uppercase=False): >> """ >> Reference(s): >> http://www.leidecker.info/projects/phrasendrescher/mssql.c >> https://www.evilfingers.com/tools/GSAuditor.php >> >> >>> mssql_passwd(password='testpass', salt='4086ceb6', uppercase=False) >> '0x01004086ceb60c90646a8ab9889fe3ed8e5c150b5460ece8425a' >> """ >> ###BEGIN########## >> print 'INFO:', repr(password), repr(salt) >> ###END############ >> binsalt = hexdecode(salt) >> >> thank you very much in advance >> >> kr >> >> On Thu, Mar 10, 2011 at 8:53 PM, <and...@gm...> wrote: >>> Default one >>> -----Original Message----- >>> From: Miroslav Stampar <mir...@gm...> >>> Date: Thu, 10 Mar 2011 20:47:17 >>> To: André Silva<and...@gm...> >>> Cc: <sql...@li...> >>> Subject: Re: [sqlmap-users] BUG Finding passwords >>> >>> hi Andre. >>> >>> are you using your own dictionary or the default one? >>> >>> kr >>> >>> On Thu, Mar 10, 2011 at 4:35 PM, André Silva <and...@gm...> wrote: >>>> Hi all, >>>> >>>> Pasted the error on sqlmap.py >>>> >>>> "[15:32:33] [INFO] 277016/10006704 words (3%) (user: minSel) >>>> [15:32:33] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>>> with the latest development version from the Subversion repository. If the >>>> exception persists, please send by e-mail to >>>> sql...@li... the following text and any information >>>> required to reproduce the bug. The developers will try to reproduce the bug, >>>> fix it accordingly and get back to you. >>>> sqlmap version: 0.9-dev (r3404) >>>> Python version: 2.5.2 >>>> Operating system: posix >>>> Command line: ./sqlmap.py -u ************************************* --data >>>> strPwd=ajvm&strUserLogin=jvm&Submit_button=Submit --passwords >>>> Technique: UNION >>>> Back-end DBMS: Microsoft SQL Server (fingerprinted) >>>> Traceback (most recent call last): >>>> File "./sqlmap.py", line 82, in main >>>> start() >>>> File "/pentest/database/sqlmap/lib/controller/controller.py", line 424, in >>>> start >>>> action() >>>> File "/pentest/database/sqlmap/lib/controller/action.py", line 77, in >>>> action >>>> conf.dbmsHandler.getPasswordHashes(), "password hash") >>>> File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line 377, >>>> in getPasswordHashes >>>> attackCachedUsersPasswords() >>>> File "/pentest/database/sqlmap/lib/utils/hash.py", line 201, in >>>> attackCachedUsersPasswords >>>> results = dictionaryAttack(kb.data.cachedUsersPasswords) >>>> File "/pentest/database/sqlmap/lib/utils/hash.py", line 417, in >>>> dictionaryAttack >>>> current =__functions__[hash_regex](password = word, uppercase = False, >>>> **kwargs) >>>> File "/pentest/database/sqlmap/lib/utils/hash.py", line 104, in >>>> mssql_passwd >>>> retVal = "0100%s%s" % (salt, sha1(unistr + binsalt).hexdigest()) >>>> UnicodeDecodeError: 'ascii' codec can't decode byte 0xee in position 3: >>>> ordinal not in range(128)" >>>> >>>> >>>> Checked out revision 3404 >>>> >>>> >>>> AS >>>> >>>> ------------------------------------------------------------------------------ >>>> Colocation vs. Managed Hosting >>>> A question and answer guide to determining the best fit >>>> for your organization - today and in the future. >>>> http://p.sf.net/sfu/internap-sfd2d >>>>_______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail: miroslav.stampar (at) gmail.com >>> PGP Key ID: 0xB5397B1B >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
