arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-22 08:08:10 +00:00
Code Issues Releases Wiki Activity

Add -m 11100 module

Browse Source
This commit is contained in:
jsteube 2019-02-11 15:54:31 +01:00
parent f689950e0c
commit aca1776aa5
3 changed files with 239 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/interface_migrate.h
View File

@ -1,5 +1,4 @@
typedef enum kern_type
{
KERN_TYPE_MD5_SLTPW = 20,
@ -42,7 +41,6 @@ typedef enum kern_type
KERN_TYPE_RIPEMD160 = 6000,
KERN_TYPE_WHIRLPOOL = 6100,
KERN_TYPE_SIPHASH = 10100,
KERN_TYPE_POSTGRESQL_AUTH = 11100,
KERN_TYPE_MYSQL_AUTH = 11200,
KERN_TYPE_STREEBOG_256 = 11700,
KERN_TYPE_HMAC_STREEBOG_256_PW = 11750,

126
src/interface_migrate.c
View File

@ -39,7 +39,6 @@
" 11760 | HMAC-Streebog-256 (key = $salt), big-endian | Raw Hash, Authenticated",
" 11850 | HMAC-Streebog-512 (key = $pass), big-endian | Raw Hash, Authenticated",
" 11860 | HMAC-Streebog-512 (key = $salt), big-endian | Raw Hash, Authenticated",
" 11100 | PostgreSQL CRAM (MD5) | Network Protocols",
" 11200 | MySQL CRAM (SHA1) | Network Protocols",
" 121 | SMF (Simple Machines Forum) > v1.1 | Forums, CMS, E-Commerce, Frameworks",
" 2611 | vBulletin < v3.8.5 | Forums, CMS, E-Commerce, Frameworks",
@ -55,7 +54,6 @@
" 1731 | MSSQL (2012, 2014) | Database Server",
" 141 | Episerver 6.x < .NET 4 | HTTP, SMTP, LDAP Server",
" 1441 | Episerver 6.x >= .NET 4 | HTTP, SMTP, LDAP Server",
" 1600 | Apache $apr1$ MD5, md5apr1, MD5 (APR) | HTTP, SMTP, LDAP Server",
" 1421 | hMailServer | HTTP, SMTP, LDAP Server",
" 111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | HTTP, SMTP, LDAP Server",
" 1411 | SSHA-256(Base64), LDAP {SSHA256} | HTTP, SMTP, LDAP Server",
@ -124,7 +122,6 @@ static const char *ST_HASH_04900 = "75d280ca9a0c2ee18729603104ead576d9ca6285:347
static const char *ST_HASH_06000 = "012cb9b334ec1aeb71a9c8ce85586082467f7eb6";
static const char *ST_HASH_06100 = "7ca8eaaaa15eaa4c038b4c47b9313e92da827c06940e69947f85bc0fbef3eb8fd254da220ad9e208b6b28f6bb9be31dd760f1fdb26112d83f87d96b416a4d258";
static const char *ST_HASH_10100 = "583e6f51e52ba296:2:4:47356410265714355482333327356688";
static const char *ST_HASH_11100 = "$postgres$postgres*74402844*4e7fabaaf34d780c4a5822d28ee1c83e";
static const char *ST_HASH_11200 = "$mysqlna$2576670568531371763643101056213751754328*5e4be686a3149a12847caa9898247dcc05739601";
static const char *ST_HASH_11700 = "57e9e50caec93d72e9498c211d6dc4f4d328248b48ecf46ba7abfa874f666e36";
static const char *ST_HASH_11750 = "0f71c7c82700c9094ca95eee3d804cc283b538bec49428a9ef8da7b34effb3ba:08151337";
@ -172,7 +169,6 @@ static const char *HT_04900 = "sha1($salt.$pass.$salt)";
static const char *HT_06000 = "RIPEMD-160";
static const char *HT_06100 = "Whirlpool";
static const char *HT_10100 = "SipHash";
static const char *HT_11100 = "PostgreSQL CRAM (MD5)";
static const char *HT_11200 = "MySQL CRAM (SHA1)";
static const char *HT_11700 = "GOST R 34.11-2012 (Streebog) 256-bit, big-endian";
static const char *HT_11750 = "HMAC-Streebog-256 (key = $pass), big-endian";
@ -212,7 +208,6 @@ static const char *SIGNATURE_MSSQL = "0x0100";
static const char *SIGNATURE_MSSQL2012 = "0x0200";
static const char *SIGNATURE_MYSQL_AUTH = "$mysqlna$";
static const char *SIGNATURE_PHPS = "$PHPS$";
static const char *SIGNATURE_POSTGRESQL_AUTH = "$postgres$";
static const char *SIGNATURE_SHA1B64 = "{SHA}";
static const char *SIGNATURE_SHA256B64S = "{SSHA256}";
static const char *SIGNATURE_SHA512B64S = "{SSHA512}";
@ -2470,90 +2465,6 @@ int punbb_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUS
return (PARSER_OK);
}
int postgresql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig)
{
u32 *digest = (u32 *) hash_buf->digest;
salt_t *salt = hash_buf->salt;
token_t token;
token.token_cnt = 4;
token.signatures_cnt = 1;
token.signatures_buf[0] = SIGNATURE_POSTGRESQL_AUTH;
token.len[0] = 10;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
token.sep[1] = '*';
token.len_min[1] = 0;
token.len_max[1] = 32;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
token.sep[2] = '*';
token.len_min[2] = 8;
token.len_max[2] = 8;
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[3] = '*';
token.len_min[3] = 32;
token.len_max[3] = 32;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
// hash
const u8 *hash_pos = token.buf[3];
digest[0] = hex_to_u32 (hash_pos + 0);
digest[1] = hex_to_u32 (hash_pos + 8);
digest[2] = hex_to_u32 (hash_pos + 16);
digest[3] = hex_to_u32 (hash_pos + 24);
if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE)
{
digest[0] -= MD5M_A;
digest[1] -= MD5M_B;
digest[2] -= MD5M_C;
digest[3] -= MD5M_D;
}
/*
* store salt
*/
const u8 *salt_pos = token.buf[2];
// first 4 bytes are the "challenge"
u8 *salt_buf_ptr = (u8 *) salt->salt_buf;
salt_buf_ptr[0] = hex_to_u8 (salt_pos + 0);
salt_buf_ptr[1] = hex_to_u8 (salt_pos + 2);
salt_buf_ptr[2] = hex_to_u8 (salt_pos + 4);
salt_buf_ptr[3] = hex_to_u8 (salt_pos + 6);
// append the user name
const u8 *user_pos = token.buf[1];
const int user_len = token.len[1];
const bool parse_rc = parse_and_store_generic_salt (salt_buf_ptr + 4, (int *) &salt->salt_len, user_pos, user_len, hashconfig);
if (parse_rc == false) return (PARSER_SALT_LENGTH);
salt->salt_len += 4;
return (PARSER_OK);
}
int mysql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig)
{
u32 *digest = (u32 *) hash_buf->digest;
@ -3218,23 +3129,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size,
byte_swap_32 (salt.salt_buf[2]),
byte_swap_32 (salt.salt_buf[3]));
}
else if (hash_mode == 11100)
{
u32 salt_challenge = salt.salt_buf[0];
salt_challenge = byte_swap_32 (salt_challenge);
unsigned char *user_name = (unsigned char *) (salt.salt_buf + 1);
snprintf (out_buf, out_size, "%s%s*%08x*%08x%08x%08x%08x",
SIGNATURE_POSTGRESQL_AUTH,
user_name,
salt_challenge,
digest_buf[0],
digest_buf[1],
digest_buf[2],
digest_buf[3]);
}
else if (hash_mode == 11200)
{
snprintf (out_buf, out_size, "%s%s*%08x%08x%08x%08x%08x",
@ -4684,26 +4578,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
break;
case 11100: hashconfig->hash_type = HASH_TYPE_MD5;
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_ST_ADD80;
hashconfig->kern_type = KERN_TYPE_POSTGRESQL_AUTH;
hashconfig->dgst_size = DGST_SIZE_4_4;
hashconfig->parse_func = postgresql_auth_parse_hash;
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_PRECOMPUTE_INIT
| OPTI_TYPE_PRECOMPUTE_MERKLE
| OPTI_TYPE_EARLY_SKIP;
hashconfig->dgst_pos0 = 0;
hashconfig->dgst_pos1 = 3;
hashconfig->dgst_pos2 = 2;
hashconfig->dgst_pos3 = 1;
hashconfig->st_hash = ST_HASH_11100;
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
break;
case 11200: hashconfig->hash_type = HASH_TYPE_SHA1;
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;

239
src/modules/module_11100.c Normal file
View File

@ -0,0 +1,239 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#include "common.h"
#include "types.h"
#include "modules.h"
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "inc_hash_constants.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
static const u32 DGST_POS1 = 3;
static const u32 DGST_POS2 = 2;
static const u32 DGST_POS3 = 1;
static const u32 DGST_SIZE = DGST_SIZE_4_4;
static const u32 HASH_CATEGORY = HASH_CATEGORY_NETWORK_PROTOCOL;
static const char *HASH_NAME = "PostgreSQL CRAM (MD5)";
static const u32 HASH_TYPE = HASH_TYPE_GENERIC;
static const u64 KERN_TYPE = 11100;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_PRECOMPUTE_INIT
| OPTI_TYPE_PRECOMPUTE_MERKLE
| OPTI_TYPE_EARLY_SKIP;
static const u64 OPTS_TYPE = OPTS_TYPE_STATE_BUFFER_LE
| OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_ST_ADD80;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$postgres$postgres*74402844*4e7fabaaf34d780c4a5822d28ee1c83e";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; }
u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; }
u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; }
u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; }
u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; }
const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; }
u32 module_hash_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_TYPE; }
u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; }
u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; }
u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; }
u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; }
const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; }
const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; }
static const char *SIGNATURE_POSTGRESQL_AUTH = "$postgres$";
int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len)
{
u32 *digest = (u32 *) digest_buf;
token_t token;
token.token_cnt = 4;
token.signatures_cnt = 1;
token.signatures_buf[0] = SIGNATURE_POSTGRESQL_AUTH;
token.len[0] = 10;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_SIGNATURE;
token.sep[1] = '*';
token.len_min[1] = 0;
token.len_max[1] = 32;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH;
token.sep[2] = '*';
token.len_min[2] = 8;
token.len_max[2] = 8;
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
token.sep[3] = '*';
token.len_min[3] = 32;
token.len_max[3] = 32;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
// hash
const u8 *hash_pos = token.buf[3];
digest[0] = hex_to_u32 (hash_pos + 0);
digest[1] = hex_to_u32 (hash_pos + 8);
digest[2] = hex_to_u32 (hash_pos + 16);
digest[3] = hex_to_u32 (hash_pos + 24);
if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE)
{
digest[0] -= MD5M_A;
digest[1] -= MD5M_B;
digest[2] -= MD5M_C;
digest[3] -= MD5M_D;
}
/*
* store salt
*/
const u8 *salt_pos = token.buf[2];
// first 4 bytes are the "challenge"
u8 *salt_buf_ptr = (u8 *) salt->salt_buf;
salt_buf_ptr[0] = hex_to_u8 (salt_pos + 0);
salt_buf_ptr[1] = hex_to_u8 (salt_pos + 2);
salt_buf_ptr[2] = hex_to_u8 (salt_pos + 4);
salt_buf_ptr[3] = hex_to_u8 (salt_pos + 6);
// append the user name
const u8 *user_pos = token.buf[1];
const int user_len = token.len[1];
const bool parse_rc = parse_and_store_generic_salt (salt_buf_ptr + 4, (int *) &salt->salt_len, user_pos, user_len, hashconfig);
if (parse_rc == false) return (PARSER_SALT_LENGTH);
salt->salt_len += 4;
return (PARSER_OK);
}
int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size)
{
const u32 *digest = (const u32 *) digest_buf;
const u32 salt_challenge = byte_swap_32 (salt->salt_buf[0]);
char user_name[64] = { 0 };
memcpy (user_name, salt->salt_buf + 1, salt->salt_len - 4);
u32 tmp[4];
tmp[0] = digest[0];
tmp[1] = digest[1];
tmp[2] = digest[2];
tmp[3] = digest[3];
if (hashconfig->opti_type & OPTI_TYPE_PRECOMPUTE_MERKLE)
{
tmp[0] += MD5M_A;
tmp[1] += MD5M_B;
tmp[2] += MD5M_C;
tmp[3] += MD5M_D;
}
const int line_len = snprintf (line_buf, line_size, "%s%s*%08x*%08x%08x%08x%08x",
SIGNATURE_POSTGRESQL_AUTH,
user_name,
salt_challenge,
byte_swap_32 (tmp[0]),
byte_swap_32 (tmp[1]),
byte_swap_32 (tmp[2]),
byte_swap_32 (tmp[3]));
return line_len;
}
void module_init (module_ctx_t *module_ctx)
{
module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT;
module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT;
module_ctx->module_attack_exec = module_attack_exec;
module_ctx->module_benchmark_esalt = MODULE_DEFAULT;
module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT;
module_ctx->module_benchmark_mask = MODULE_DEFAULT;
module_ctx->module_benchmark_salt = MODULE_DEFAULT;
module_ctx->module_build_plain_postprocess = MODULE_DEFAULT;
module_ctx->module_deep_comp_kernel = MODULE_DEFAULT;
module_ctx->module_dgst_pos0 = module_dgst_pos0;
module_ctx->module_dgst_pos1 = module_dgst_pos1;
module_ctx->module_dgst_pos2 = module_dgst_pos2;
module_ctx->module_dgst_pos3 = module_dgst_pos3;
module_ctx->module_dgst_size = module_dgst_size;
module_ctx->module_dictstat_disable = MODULE_DEFAULT;
module_ctx->module_esalt_size = MODULE_DEFAULT;
module_ctx->module_extra_buffer_size = MODULE_DEFAULT;
module_ctx->module_extra_tmp_size = MODULE_DEFAULT;
module_ctx->module_forced_outfile_format = MODULE_DEFAULT;
module_ctx->module_hash_binary_count = MODULE_DEFAULT;
module_ctx->module_hash_binary_parse = MODULE_DEFAULT;
module_ctx->module_hash_binary_save = MODULE_DEFAULT;
module_ctx->module_hash_decode_outfile = MODULE_DEFAULT;
module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT;
module_ctx->module_hash_decode = module_hash_decode;
module_ctx->module_hash_encode_status = MODULE_DEFAULT;
module_ctx->module_hash_encode = module_hash_encode;
module_ctx->module_hash_init_selftest = MODULE_DEFAULT;
module_ctx->module_hash_mode = MODULE_DEFAULT;
module_ctx->module_hash_category = module_hash_category;
module_ctx->module_hash_name = module_hash_name;
module_ctx->module_hash_type = module_hash_type;
module_ctx->module_hlfmt_disable = MODULE_DEFAULT;
module_ctx->module_hook12 = MODULE_DEFAULT;
module_ctx->module_hook23 = MODULE_DEFAULT;
module_ctx->module_hook_salt_size = MODULE_DEFAULT;
module_ctx->module_hook_size = MODULE_DEFAULT;
module_ctx->module_jit_build_options = MODULE_DEFAULT;
module_ctx->module_kernel_accel_max = MODULE_DEFAULT;
module_ctx->module_kernel_accel_min = MODULE_DEFAULT;
module_ctx->module_kernel_loops_max = MODULE_DEFAULT;
module_ctx->module_kernel_loops_min = MODULE_DEFAULT;
module_ctx->module_kernel_threads_max = MODULE_DEFAULT;
module_ctx->module_kernel_threads_min = MODULE_DEFAULT;
module_ctx->module_kern_type = module_kern_type;
module_ctx->module_kern_type_dynamic = MODULE_DEFAULT;
module_ctx->module_opti_type = module_opti_type;
module_ctx->module_opts_type = module_opts_type;
module_ctx->module_outfile_check_disable = MODULE_DEFAULT;
module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT;
module_ctx->module_potfile_disable = MODULE_DEFAULT;
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = MODULE_DEFAULT;
module_ctx->module_pw_min = MODULE_DEFAULT;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;
module_ctx->module_separator = MODULE_DEFAULT;
module_ctx->module_st_hash = module_st_hash;
module_ctx->module_st_pass = module_st_pass;
module_ctx->module_tmp_size = MODULE_DEFAULT;
module_ctx->module_unstable_warning = MODULE_DEFAULT;
module_ctx->module_warmup_disable = MODULE_DEFAULT;
}