Re: [sqlmap-users] Phpass hash detection

Mon, 21 Nov 2011 14:02:14 -0800 

Hi Brandon.

Thank you for your report. It should be "patched" with the latest commit.

Kind regards

On Mon, Nov 21, 2011 at 8:32 PM, Brandon Perry <bperry.volat...@gmail.com>wrote:

> Hi, The phpass detection is working excellently. Would like to report
> these:
>
> [13:27:24] [CRITICAL] there was a problem while hashing entry:
> '<>@\xc2\xa3\xc2\xa7\xe2\x82\xac{[]}'. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net
> [13:27:26] [CRITICAL] there was a problem while hashing entry:
> '-/\xe0\xb8\x88---/\xe0\xb8\x88--'. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x96-\xe0\xb8\x96\xe0\xb8\x84\xe0\xb8\x88\xe0\xb8\xb8'.
> Please report by e-mail to sqlmap-users@lists.sourceforge.net
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x96/\xe0\xb8\x95\xe0\xb8\x88\xe0\xb8\xa0'. Please report by
> e-mail to sqlmap-users@lists.sourceforge.net
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb9\x85\xe0\xb8\x88\xe0\xb8\xb6-\xe0\xb8\x88'. Please report by
> e-mail to sqlmap-users@lists.sourceforge.net
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x88\xe0\xb9\x85\xe0\xb9\x85\xe0\xb8\x84\xe0\xb8\xa0//'.
> Please report by e-mail to sqlmap-users@lists.sourceforge.net
> [13:27:30] [CRITICAL] there was a problem while hashing entry:
> '!"\xc2\xb7$%&/()'. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net
> [13:27:30] [CRITICAL] there was a problem while hashing entry:
> '!"\xc2\xa3$%^&*('. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net
> [13:27:31] [CRITICAL] there was a problem while hashing entry:
> '!\xc2\xa7&\xc2\xa7!)!/'. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net
> [13:27:32] [CRITICAL] there was a problem while hashing entry:
> '!@\xc2\xa3$%^&'. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net
> [13:27:33] [CRITICAL] there was a problem while hashing entry:
> '!\xc2\xa3$"%*'. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net
> [13:27:35] [CRITICAL] there was a problem while hashing entry:
> '/-/\xe0\xb8\x96-/'. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net
> [13:27:35] [CRITICAL] there was a problem while hashing entry:
> '/-\xe0\xb9\x85\xe0\xb9\x85/\xe0\xb8\x96\xe0\xb9\x85\xe0\xb8\xb8'.
> Please report by e-mail to sqlmap-users@lists.sourceforge.net
>
> I have a custom password list I am using and have enabled common
> prefix checking as well.
>
> On Mon, Nov 21, 2011 at 3:25 AM, Miroslav Stampar
> <miroslav.stam...@gmail.com> wrote:
> > Aha. I haven't noticed it was yours code :). Thank you for this nice
> piece
> > of code.
> > Kind regards
> >
> > On Mon, Nov 21, 2011 at 10:17 AM, Ulisses Castro <uss.the...@gmail.com>
> > wrote:
> >>
> >> Good to see that code helped sqlmap, thanks for the reference Miroslav!
> >>
> >> Nice update.
> >>
> >> Cheers,
> >> Ulisses Castro
> >>
> >> On Sun, Nov 20, 2011 at 5:03 PM, Miroslav Stampar
> >> <miroslav.stam...@gmail.com> wrote:
> >> > Hi Brandon.
> >> >
> >> > You can find it implemented in the last revision (r4511).
> >> >
> >> > Kind regards,
> >> > Miroslav Stampar
> >> >
> >> > On Sat, Nov 19, 2011 at 10:09 PM, Brandon Perry
> >> > <bperry.volat...@gmail.com>
> >> > wrote:
> >> >>
> >> >> Absolutely.
> >> >>
> >> >> Thanks for the response.
> >> >>
> >> >> On Sat, Nov 19, 2011 at 3:00 PM, Miroslav Stampar
> >> >> <miroslav.stam...@gmail.com> wrote:
> >> >> > Hi Brandon.
> >> >> >
> >> >> > It will be implemented these days, although don't expect it to be
> too
> >> >> > fast
> >> >> > (compared to the regular MD5 or similar) as it usually uses lots of
> >> >> > MD5
> >> >> > rounds.
> >> >> >
> >> >> > Kind regards
> >> >> >
> >> >> > On Nov 19, 2011 9:05 AM, "Brandon Perry" <
> bperry.volat...@gmail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> Are there any plans to add phpass hash detection and cracking
> >> >> >> facilities to sqlmap?
> >> >> >>
> >> >> >> A python script to crack them is here, for reference
> >> >> >>
> >> >> >> http://dl.packetstormsecurity.net/Crackers/phpassbrute.py.txt
> >> >> >>
> >> >> >> --
> >> >> >> http://volatile-minds.blogspot.com -- blog
> >> >> >> http://www.volatileminds.net -- website
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> ------------------------------------------------------------------------------
> >> >> >> All the data continuously generated in your IT infrastructure
> >> >> >> contains a definitive record of customers, application
> performance,
> >> >> >> security threats, fraudulent activity, and more. Splunk takes this
> >> >> >> data and makes sense of it. IT sense. And common sense.
> >> >> >> http://p.sf.net/sfu/splunk-novd2d
> >> >> >> _______________________________________________
> >> >> >> sqlmap-users mailing list
> >> >> >> sqlmap-users@lists.sourceforge.net
> >> >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >> >> >
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> http://volatile-minds.blogspot.com -- blog
> >> >> http://www.volatileminds.net -- website
> >> >
> >> >
> >> >
> >> > --
> >> > Miroslav Stampar
> >> > http://about.me/stamparm
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > All the data continuously generated in your IT infrastructure
> >> > contains a definitive record of customers, application performance,
> >> > security threats, fraudulent activity, and more. Splunk takes this
> >> > data and makes sense of it. IT sense. And common sense.
> >> > http://p.sf.net/sfu/splunk-novd2d
> >> > _______________________________________________
> >> > sqlmap-users mailing list
> >> > sqlmap-users@lists.sourceforge.net
> >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >> >
> >> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
> >
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to