From c5ae967fe01e44d63991f5d01ca6d8a5b6a5777e Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 4 Feb 2013 17:43:58 +0100
Subject: [PATCH] Potential fix for an Issue #379

---
 lib/utils/hash.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/utils/hash.py b/lib/utils/hash.py
index 554cdd143..a3927235b 100644
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@@ -334,12 +334,17 @@ def attackCachedUsersPasswords():
     if kb.data.cachedUsersPasswords:
         results = dictionaryAttack(kb.data.cachedUsersPasswords)
 
+        lut = {}
         for (_, hash_, password) in results:
-            for user in kb.data.cachedUsersPasswords.keys():
-                for i in xrange(len(kb.data.cachedUsersPasswords[user])):
-                    if kb.data.cachedUsersPasswords[user][i] and hash_.lower() in kb.data.cachedUsersPasswords[user][i].lower()\
-                    and 'clear-text password' not in kb.data.cachedUsersPasswords[user][i].lower():
-                        kb.data.cachedUsersPasswords[user][i] += "%s    clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', password)
+            lut[hash_.lower()] = password
+
+        for user in kb.data.cachedUsersPasswords.keys():
+            for i in xrange(len(kb.data.cachedUsersPasswords[user])):
+                _ = kb.data.cachedUsersPasswords[user][i]
+                if _:
+                    hash_ = _.split()[0].lower()
+                    if hash_ in lut and "clear-text password" not in _:
+                        kb.data.cachedUsersPasswords[user][i] += "%s    clear-text password: %s" % ('\n' if kb.data.cachedUsersPasswords[user][i][-1] != '\n' else '', lut[hash_])
 
 def attackDumpedTable():
     if kb.data.dumpedTable: