Implements support of old OsCommerce hashing

stamparm · stamparm · commit 26d0b3b23bca · 2025-07-26T15:17:55.000+02:00
diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
@@ -175,7 +175,7 @@ ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024  lib/core/datat
 d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900  lib/core/defaults.py
 ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c  lib/core/dicts.py
 c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd  lib/core/dump.py
-bc8389cf93127dd127cb607ac7726a70d12c41a214b9690c3a81c9c4cefe7219  lib/core/enums.py
+8f7923e8bf58c3f9b0d39cf6d2dfef0c31fae5910059c1cc828d3eb9cd32027d  lib/core/enums.py
 00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856  lib/core/exception.py
 629c0d06d4f4d093badfc8d1de49432d058f66f3223b08dded012eaf05719de2  lib/core/gui.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/core/__init__.py
@@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-4d8d0b6d72f4ca1d9a7f128b026f34ea395a74b28257d517436744031fde30cf  lib/core/settings.py
+cf6b58d256247227e0d833b4c8a27229124594ac7a9e921123891276423da61e  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
@@ -248,7 +248,7 @@ af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16  lib/utils/brut
 3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437  lib/utils/getch.py
 e67aa754b7eeb6ec233c27f7d515e10b6607448056a1daba577936d765551636  lib/utils/har.py
 00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d  lib/utils/hashdb.py
-acf5b98e409f1d1de8f104b994f97b7ad57768e5651898aa6754102563a25809  lib/utils/hash.py
+d1b4cea5658c0936e2003f01fbf7a9e6f6d6cd8503815cb2c358ed0c0e2f147f  lib/utils/hash.py
 ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543  lib/utils/httpd.py
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/utils/__init__.py
 f1d84b1b99ce64c1ccb64aaa35f5231cf094b3dac739f29f76843f23ee10b990  lib/utils/pivotdumptable.py
diff --git a/lib/core/enums.py b/lib/core/enums.py
@@ -192,6 +192,7 @@ class HASH(object):
     APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z'
     VBULLETIN = r'\A[0-9a-fA-F]{32}:.{30}\Z'
     VBULLETIN_OLD = r'\A[0-9a-fA-F]{32}:.{3}\Z'
+    OSCOMMERCE_OLD = r'\A[0-9a-fA-F]{32}:.{2}\Z'
     SSHA = r'\A\{SSHA\}[a-zA-Z0-9+/]+={0,2}\Z'
     SSHA256 = r'\A\{SSHA256\}[a-zA-Z0-9+/]+={0,2}\Z'
     SSHA512 = r'\A\{SSHA512\}[a-zA-Z0-9+/]+={0,2}\Z'
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.7.13"
+VERSION = "1.9.7.14"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/utils/hash.py b/lib/utils/hash.py
@@ -478,6 +478,16 @@ def vbulletin_passwd(password, salt, **kwargs):
 
     return "%s:%s" % (md5(binascii.hexlify(md5(getBytes(password)).digest()) + getBytes(salt)).hexdigest(), salt)
 
+def oscommerce_old_passwd(password, salt, **kwargs):
+    """
+    Reference: http://ryanuber.com/09-24-2010/os-commerce-password-hashing.html
+
+    >>> oscommerce_old_passwd(password='testpass', salt='6b')
+    '16d39816e4545b3179f86f2d2d549af4:6b'
+    """
+
+    return "%s:%s" % (md5(getBytes(salt) + getBytes(password)).hexdigest(), salt)
+
 def phpass_passwd(password, salt, count, prefix, **kwargs):
     """
     Reference(s):
@@ -570,6 +580,7 @@ def _encode64(input_, count):
     HASH.APACHE_SHA1: apache_sha1_passwd,
     HASH.VBULLETIN: vbulletin_passwd,
     HASH.VBULLETIN_OLD: vbulletin_passwd,
+    HASH.OSCOMMERCE_OLD: oscommerce_old_passwd,
     HASH.SSHA: ssha_passwd,
     HASH.SSHA256: ssha256_passwd,
     HASH.SSHA512: ssha512_passwd,
@@ -1055,7 +1066,7 @@ def dictionaryAttack(attack_dict):
                             item = [(user, hash_), {"salt": hash_[0:2]}]
                         elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT):
                             item = [(user, hash_), {"salt": hash_.split('$')[2], "magic": "$%s$" % hash_.split('$')[1]}]
-                        elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD):
+                        elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD, HASH.OSCOMMERCE_OLD):
                             item = [(user, hash_), {"salt": hash_.split(':')[-1]}]
                         elif hash_regex in (HASH.DJANGO_MD5, HASH.DJANGO_SHA1):
                             item = [(user, hash_), {"salt": hash_.split('$')[1]}]
@@ -1302,8 +1313,12 @@ def crackHashFile(hashFile):
     i = 0
     attack_dict = {}
 
+    check = None
     for line in getFileItems(conf.hashFile):
-        if ':' in line:
+        if check is None and not attack_dict and ':' in line:
+            check = any(re.search(_, line) for _ in getPublicTypeMembers(HASH, True))
+
+        if ':' in line and check is False:
             user, hash_ = line.split(':', 1)
             attack_dict[user] = [hash_]
         else:
