From 9d1d05d85d50e7d3f37323a649da6f247cde9b36 Mon Sep 17 00:00:00 2001 From: jsteube Date: Sat, 9 Feb 2019 16:56:36 +0100 Subject: [PATCH] Add module for -m 7400 --- include/interface_migrate.h | 1 - src/interface_migrate.c | 119 ------------------------------------ 2 files changed, 120 deletions(-) diff --git a/include/interface_migrate.h b/include/interface_migrate.h index 6947a3d7f..26c58d660 100644 --- a/include/interface_migrate.h +++ b/include/interface_migrate.h @@ -347,7 +347,6 @@ typedef enum kern_type KERN_TYPE_SHA1_SLT_PW_SLT = 4900, KERN_TYPE_RIPEMD160 = 6000, KERN_TYPE_WHIRLPOOL = 6100, - KERN_TYPE_FORTIGATE = 7000, KERN_TYPE_SAPB = 7700, KERN_TYPE_SAPB_MANGLED = 7701, KERN_TYPE_SAPG = 7800, diff --git a/src/interface_migrate.c b/src/interface_migrate.c index 0e095ece6..65089c462 100644 --- a/src/interface_migrate.c +++ b/src/interface_migrate.c @@ -85,7 +85,6 @@ " 9200 | Cisco-IOS $8$ (PBKDF2-SHA256) | Operating Systems", " 22 | Juniper NetScreen/SSG (ScreenOS) | Operating Systems", " 15100 | Juniper/NetBSD sha1crypt | Operating Systems", - " 7000 | FortiGate (FortiOS) | Operating Systems", " 13800 | Windows Phone 8+ PIN/password | Operating Systems", " 8100 | Citrix NetScaler | Operating Systems", " 9900 | Radmin2 | Operating Systems", @@ -183,7 +182,6 @@ static const char *ST_HASH_04700 = "92d85978d884eb1d99a51652b1139c8279fa8663"; static const char *ST_HASH_04900 = "75d280ca9a0c2ee18729603104ead576d9ca6285:347070"; static const char *ST_HASH_06000 = "012cb9b334ec1aeb71a9c8ce85586082467f7eb6"; static const char *ST_HASH_06100 = "7ca8eaaaa15eaa4c038b4c47b9313e92da827c06940e69947f85bc0fbef3eb8fd254da220ad9e208b6b28f6bb9be31dd760f1fdb26112d83f87d96b416a4d258"; -static const char *ST_HASH_07000 = "AK1FCIhM0IUIQVFJgcDFwLCMi7GppdwtRzMyDpFOFxdpH8="; static const char *ST_HASH_07700 = "027642760180$77EC38630C08DF8D"; static const char *ST_HASH_07701 = "027642760180$77EC386300000000"; static const char *ST_HASH_07800 = "604020408266$32837BA7B97672BA4E5AC74767A4E6E1AE802651"; @@ -280,7 +278,6 @@ static const char *HT_04700 = "sha1(md5($pass))"; static const char *HT_04900 = "sha1($salt.$pass.$salt)"; static const char *HT_06000 = "RIPEMD-160"; static const char *HT_06100 = "Whirlpool"; -static const char *HT_07000 = "FortiGate (FortiOS)"; static const char *HT_07700 = "SAP CODVN B (BCODE)"; static const char *HT_07701 = "SAP CODVN B (BCODE) mangled from RFC_READ_TABLE"; static const char *HT_07800 = "SAP CODVN F/G (PASSCODE)"; @@ -401,7 +398,6 @@ static const char *SIGNATURE_SYBASEASE = "0xc007"; static const char *SIGNATURE_ZIP2_START = "$zip2$"; static const char *SIGNATURE_ZIP2_STOP = "$/zip2$"; static const char *SIGNATURE_ITUNES_BACKUP = "$itunes_backup$"; -static const char *SIGNATURE_FORTIGATE = "AK1"; static const char *SIGNATURE_ATLASSIAN = "{PKCS5S2}"; static const char *SIGNATURE_NETBSD_SHA1CRYPT = "$sha1$"; static const char *SIGNATURE_JKS_SHA1 = "$jksprivk$"; @@ -7471,80 +7467,6 @@ int itunes_backup_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA return (PARSER_OK); } -int fortigate_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) -{ - u32 *digest = (u32 *) hash_buf->digest; - - salt_t *salt = hash_buf->salt; - - token_t token; - - token.token_cnt = 2; - - token.signatures_cnt = 1; - token.signatures_buf[0] = SIGNATURE_FORTIGATE; - - token.len[0] = 3; - token.attr[0] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_SIGNATURE; - - token.len[1] = 44; - token.attr[1] = TOKEN_ATTR_FIXED_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; - - const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token); - - if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); - - /** - * verify data - */ - - const u8 *hash_pos = token.buf[1]; - const int hash_len = token.len[1]; - - // decode salt + SHA1 hash (12 + 20 = 32) - - u8 tmp_buf[100] = { 0 }; - - const int decoded_len = base64_decode (base64_to_int, hash_pos, hash_len, tmp_buf); - - if (decoded_len != 32) return (PARSER_HASH_LENGTH); - - /** - * store data - */ - - // salt - - u32 salt_len = 12; - - memcpy (salt->salt_buf, tmp_buf, salt_len); - - salt->salt_len = salt_len; - - // digest - - memcpy (digest, tmp_buf + salt_len, 20); - - digest[0] = byte_swap_32 (digest[0]); - digest[1] = byte_swap_32 (digest[1]); - digest[2] = byte_swap_32 (digest[2]); - digest[3] = byte_swap_32 (digest[3]); - digest[4] = byte_swap_32 (digest[4]); - - if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE) - { - digest[0] -= SHA1M_A; - digest[1] -= SHA1M_B; - digest[2] -= SHA1M_C; - digest[3] -= SHA1M_D; - digest[4] -= SHA1M_E; - } - - return (PARSER_OK); -} - int sha256b64s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig) { u32 *digest = (u32 *) hash_buf->digest; @@ -8834,26 +8756,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size, byte_swap_32 (digest_buf[3]), byte_swap_32 (digest_buf[4])); } - else if (hash_mode == 7000) - { - // salt - - memcpy (tmp_buf, salt.salt_buf, 12); - - // digest - - memcpy (tmp_buf + 12, digest_buf, 20); - - // base64 encode (salt + SHA1) - - base64_encode (int_to_base64, (const u8 *) tmp_buf, 12 + 20, (u8 *) ptr_plain); - - ptr_plain[44] = 0; - - snprintf (out_buf, out_size, "%s%s", - SIGNATURE_FORTIGATE, - ptr_plain); - } else if ((hash_mode == 7700) || (hash_mode == 7701)) { snprintf (out_buf, out_size, "%s$%08X%08X", @@ -11338,25 +11240,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx) hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; break; - case 7000: hashconfig->hash_type = HASH_TYPE_SHA1; - hashconfig->salt_type = SALT_TYPE_EMBEDDED; - hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; - hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE; - hashconfig->kern_type = KERN_TYPE_FORTIGATE; - hashconfig->dgst_size = DGST_SIZE_4_5; - hashconfig->parse_func = fortigate_parse_hash; - hashconfig->opti_type = OPTI_TYPE_PRECOMPUTE_INIT - | OPTI_TYPE_PRECOMPUTE_MERKLE - | OPTI_TYPE_EARLY_SKIP - | OPTI_TYPE_NOT_ITERATED; - hashconfig->dgst_pos0 = 3; - hashconfig->dgst_pos1 = 4; - hashconfig->dgst_pos2 = 2; - hashconfig->dgst_pos3 = 1; - hashconfig->st_hash = ST_HASH_07000; - hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN; - break; - case 7700: hashconfig->hash_type = HASH_TYPE_SAPB; hashconfig->salt_type = SALT_TYPE_EMBEDDED; hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL; @@ -12515,8 +12398,6 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co { switch (hashconfig->hash_mode) { - case 7000: pw_max = MIN (pw_max, 19); // pure kernel available - break; case 10700: pw_max = MIN (pw_max, 16); // pure kernel available break; case 14400: pw_max = MIN (pw_max, 24); // todo