mirror of https://github.com/hashcat/hashcat.git
Modularize mode 5600, add random_ helper functions, update readme.pull/1835/head
parent
ae53dd3b85
commit
9f1749dce3
@ -1,15 +1,16 @@
|
||||
### Hashcat test modules ###
|
||||
|
||||
Each module provides the two functions `module_generate_hash` and `module_verify_hash`. The first parameter to `module_generate_hash` is the password, which can be either in ASCII or binary (packed) form. The `module_verify_hash` function accepts a line from the cracks file, without the newline characters.
|
||||
Each module provides the functions `module_generate_hash` and `module_verify_hash`. The first parameter to `module_generate_hash` is the password, which can be either in ASCII or binary (packed) form. The `module_verify_hash` function accepts a line from the cracks file, without the newline characters.
|
||||
|
||||
During `single` and `passthrough` tests the `module_generate_hash` function must provide random values (e.g. salt) for hash generation if necessary. The test.pl script offers a few handy functions like `random_hex_string`, `random_numeric_string` and `random_bytes`. You can implement your own salt generation functions, if your mode has specific requirements.
|
||||
|
||||
During `verify` tests the `module_verify_hash` function must parse the hash:password line and to calculate a hash by passing all necessary data to `module_generate_hash`. How you pass it is up to you, as long as the first parameter is the password.
|
||||
During `verify` tests the `module_verify_hash` function must parse the hash:password line and calculate a hash by passing all necessary data to `module_generate_hash`. How you pass it is up to you, as long as the first parameter is the password.
|
||||
|
||||
**Important**: You have to call `pack_if_HEX_notation` as soon as you have parsed the password, or your tests will fail on passwords in the `$HEX[...]` format.
|
||||
|
||||
#### Examples ####
|
||||
|
||||
* For the most basic test modules, see [m0.pm](m0.pm) and [m100.pm](m100.pm)
|
||||
* For the basic salted hash tests, see [m110.pm](m110.pm) and [m120.pm](m120.pm)
|
||||
* For the most basic test modules, see [m00000.pm](m00000.pm) and [m00100.pm](m00100.pm)
|
||||
* For the basic salted hash tests, see [m00110.pm](m00110.pm) and [m00120.pm](m00120.pm)
|
||||
* For some sligthly more complex modules with PBKDF2 and encryption, see [m18400.pm](m18400.pm) and [m18600.pm](m18600.pm)
|
||||
* For a test module with a custom salt generation algorithm, see [m05600.pm](m05600.pm)
|
||||
|
@ -0,0 +1,89 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
##
|
||||
## Author......: See docs/credits.txt
|
||||
## License.....: MIT
|
||||
##
|
||||
|
||||
use strict;
|
||||
|
||||
use Authen::Passphrase::NTHash;
|
||||
use Digest::HMAC qw (hmac hmac_hex);
|
||||
use Digest::MD5 qw (md5);
|
||||
use Encode qw (encode);
|
||||
|
||||
sub module_generate_hash
|
||||
{
|
||||
my $word = shift;
|
||||
|
||||
my $user_len = random_number (0, 27);
|
||||
my $domain_len = 27 - $user_len;
|
||||
|
||||
my $user = shift // random_string ($user_len);
|
||||
my $domain = shift // random_string ($domain_len);
|
||||
my $srv_ch = shift // random_hex_string (2*8);
|
||||
my $cli_ch = shift // random_client_challenge ();
|
||||
|
||||
my $b_srv_ch = pack ("H*", $srv_ch);
|
||||
my $b_cli_ch = pack ("H*", $cli_ch);
|
||||
|
||||
my $nthash = Authen::Passphrase::NTHash->new (passphrase => $word)->hash;
|
||||
my $identity = encode ("UTF-16LE", uc ($user) . $domain);
|
||||
my $hash_buf = hmac_hex ($b_srv_ch . $b_cli_ch, hmac ($identity, $nthash, \&md5, 64), \&md5, 64);
|
||||
|
||||
my $hash = sprintf ("%s::%s:%s:%s:%s", $user, $domain, $srv_ch, $hash_buf, $cli_ch);
|
||||
|
||||
return $hash;
|
||||
}
|
||||
|
||||
sub module_verify_hash
|
||||
{
|
||||
my $line = shift;
|
||||
|
||||
my $user;
|
||||
my $domain;
|
||||
my $srv_ch;
|
||||
my $cli_ch;
|
||||
my $word;
|
||||
|
||||
my $hash;
|
||||
|
||||
my $index1 = index ($line, "::");
|
||||
my $index2 = index ($line, ":", $index1 + 2);
|
||||
my $index3 = index ($line, ":", $index2 + 3 + 16 + 32);
|
||||
|
||||
return if $index1 eq -1;
|
||||
return if $index2 eq -1;
|
||||
return if $index3 eq -1;
|
||||
|
||||
$hash = substr ($line, 0, $index3);
|
||||
|
||||
$user = substr ($line, 0, $index1);
|
||||
$domain = substr ($line, $index1 + 2, $index2 - $index1 - 2);
|
||||
$srv_ch = substr ($line, $index2 + 1, 16);
|
||||
$cli_ch = substr ($line, $index2 + 3 + 16 + 32, $index3 - $index2 - 3 - 16 - 32);
|
||||
$word = substr ($line, $index3 + 1);
|
||||
|
||||
$word = pack_if_HEX_notation ($word);
|
||||
|
||||
my $new_hash = module_generate_hash ($word, $user, $domain, $srv_ch, $cli_ch);
|
||||
|
||||
return unless lc $new_hash eq lc $hash;
|
||||
|
||||
return $new_hash;
|
||||
}
|
||||
|
||||
sub random_client_challenge
|
||||
{
|
||||
my $ch;
|
||||
|
||||
$ch .= '0101000000000000';
|
||||
$ch .= random_hex_string (2*16);
|
||||
$ch .= '00000000';
|
||||
$ch .= random_hex_string(2 * random_count (20));
|
||||
$ch .= '00';
|
||||
|
||||
return $ch;
|
||||
}
|
||||
|
||||
1;
|
Loading…
Reference in new issue