Re: [sqlmap-users] Phpass hash detection
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Phpass hash detection
|
From: Miroslav S. <mir...@gm...> - 2011-11-21 22:01:40
|
Hi Brandon.
Thank you for your report. It should be "patched" with the latest commit.
Kind regards
On Mon, Nov 21, 2011 at 8:32 PM, Brandon Perry <bpe...@gm...>wrote:
> Hi, The phpass detection is working excellently. Would like to report
> these:
>
> [13:27:24] [CRITICAL] there was a problem while hashing entry:
> '<>@\xc2\xa3\xc2\xa7\xe2\x82\xac{[]}'. Please report by e-mail to
> sql...@li...
> [13:27:26] [CRITICAL] there was a problem while hashing entry:
> '-/\xe0\xb8\x88---/\xe0\xb8\x88--'. Please report by e-mail to
> sql...@li...
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x96-\xe0\xb8\x96\xe0\xb8\x84\xe0\xb8\x88\xe0\xb8\xb8'.
> Please report by e-mail to sql...@li...
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x96/\xe0\xb8\x95\xe0\xb8\x88\xe0\xb8\xa0'. Please report by
> e-mail to sql...@li...
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb9\x85\xe0\xb8\x88\xe0\xb8\xb6-\xe0\xb8\x88'. Please report by
> e-mail to sql...@li...
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x88\xe0\xb9\x85\xe0\xb9\x85\xe0\xb8\x84\xe0\xb8\xa0//'.
> Please report by e-mail to sql...@li...
> [13:27:30] [CRITICAL] there was a problem while hashing entry:
> '!"\xc2\xb7$%&/()'. Please report by e-mail to
> sql...@li...
> [13:27:30] [CRITICAL] there was a problem while hashing entry:
> '!"\xc2\xa3$%^&*('. Please report by e-mail to
> sql...@li...
> [13:27:31] [CRITICAL] there was a problem while hashing entry:
> '!\xc2\xa7&\xc2\xa7!)!/'. Please report by e-mail to
> sql...@li...
> [13:27:32] [CRITICAL] there was a problem while hashing entry:
> '!@\xc2\xa3$%^&'. Please report by e-mail to
> sql...@li...
> [13:27:33] [CRITICAL] there was a problem while hashing entry:
> '!\xc2\xa3$"%*'. Please report by e-mail to
> sql...@li...
> [13:27:35] [CRITICAL] there was a problem while hashing entry:
> '/-/\xe0\xb8\x96-/'. Please report by e-mail to
> sql...@li...
> [13:27:35] [CRITICAL] there was a problem while hashing entry:
> '/-\xe0\xb9\x85\xe0\xb9\x85/\xe0\xb8\x96\xe0\xb9\x85\xe0\xb8\xb8'.
> Please report by e-mail to sql...@li...
>
> I have a custom password list I am using and have enabled common
> prefix checking as well.
>
> On Mon, Nov 21, 2011 at 3:25 AM, Miroslav Stampar
> <mir...@gm...> wrote:
> > Aha. I haven't noticed it was yours code :). Thank you for this nice
> piece
> > of code.
> > Kind regards
> >
> > On Mon, Nov 21, 2011 at 10:17 AM, Ulisses Castro <uss...@gm...>
> > wrote:
> >>
> >> Good to see that code helped sqlmap, thanks for the reference Miroslav!
> >>
> >> Nice update.
> >>
> >> Cheers,
> >> Ulisses Castro
> >>
> >> On Sun, Nov 20, 2011 at 5:03 PM, Miroslav Stampar
> >> <mir...@gm...> wrote:
> >> > Hi Brandon.
> >> >
> >> > You can find it implemented in the last revision (r4511).
> >> >
> >> > Kind regards,
> >> > Miroslav Stampar
> >> >
> >> > On Sat, Nov 19, 2011 at 10:09 PM, Brandon Perry
> >> > <bpe...@gm...>
> >> > wrote:
> >> >>
> >> >> Absolutely.
> >> >>
> >> >> Thanks for the response.
> >> >>
> >> >> On Sat, Nov 19, 2011 at 3:00 PM, Miroslav Stampar
> >> >> <mir...@gm...> wrote:
> >> >> > Hi Brandon.
> >> >> >
> >> >> > It will be implemented these days, although don't expect it to be
> too
> >> >> > fast
> >> >> > (compared to the regular MD5 or similar) as it usually uses lots of
> >> >> > MD5
> >> >> > rounds.
> >> >> >
> >> >> > Kind regards
> >> >> >
> >> >> > On Nov 19, 2011 9:05 AM, "Brandon Perry" <
> bpe...@gm...>
> >> >> > wrote:
> >> >> >>
> >> >> >> Are there any plans to add phpass hash detection and cracking
> >> >> >> facilities to sqlmap?
> >> >> >>
> >> >> >> A python script to crack them is here, for reference
> >> >> >>
> >> >> >> http://dl.packetstormsecurity.net/Crackers/phpassbrute.py.txt
> >> >> >>
> >> >> >> --
> >> >> >> http://volatile-minds.blogspot.com -- blog
> >> >> >> http://www.volatileminds.net -- website
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> ------------------------------------------------------------------------------
> >> >> >> All the data continuously generated in your IT infrastructure
> >> >> >> contains a definitive record of customers, application
> performance,
> >> >> >> security threats, fraudulent activity, and more. Splunk takes this
> >> >> >> data and makes sense of it. IT sense. And common sense.
> >> >> >> http://p.sf.net/sfu/splunk-novd2d
> >> >> >> _______________________________________________
> >> >> >> sqlmap-users mailing list
> >> >> >> sql...@li...
> >> >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >> >> >
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> http://volatile-minds.blogspot.com -- blog
> >> >> http://www.volatileminds.net -- website
> >> >
> >> >
> >> >
> >> > --
> >> > Miroslav Stampar
> >> > http://about.me/stamparm
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > All the data continuously generated in your IT infrastructure
> >> > contains a definitive record of customers, application performance,
> >> > security threats, fraudulent activity, and more. Splunk takes this
> >> > data and makes sense of it. IT sense. And common sense.
> >> > http://p.sf.net/sfu/splunk-novd2d
> >> > _______________________________________________
> >> > sqlmap-users mailing list
> >> > sql...@li...
> >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >> >
> >> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
> >
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
--
Miroslav Stampar
http://about.me/stamparm
|
