arno
/
hashcat
mirror of https://github.com/hashcat/hashcat.git
1
0
Fork 0
Code Issues Releases Wiki Activity

using shared buffer between md5 and sha1 SNMPV3_TMP_ELEMS_OPT, fix to crack real hashes

Browse Source
pull/2897/head
Gabriele Gristina 3 years ago
parent 7c8d7f7831
commit c20ff01c39
3 changed files with 79 additions and 57 deletions
Show Stats Download Patch File Download Diff File

97
OpenCL/m25000-pure.cl
Unescape View File

@ -19,8 +19,8 @@
#define COMPARE_M "inc_comp_multi.cl"
#define SNMPV3_SALT_MAX 1500
#define SNMPV3_ENGINEID_MAX 32
#define SNMPV3_MSG_AUTH_PARAMS_MAX 12
#define SNMPV3_ENGINEID_MAX 34
#define SNMPV3_MSG_AUTH_PARAMS_LEN 12
#define SNMPV3_ROUNDS 1048576
#define SNMPV3_MAX_PW_LENGTH 64
@ -192,15 +192,15 @@ KERNEL_FQ void m25000_loop (KERN_ATTR_TMPS_ESALT (hmac_md5_tmp_t, snmpv3_t))
#define SNMPV3_TMP_ELEMS_OPT 1024 // 1024 = (64 max pw length * 64) / sizeof (u32)
// for pw length > 64 we use global memory reads
u32 tmp_md5[SNMPV3_TMP_ELEMS_OPT];
u32 tmp_sha1[SNMPV3_TMP_ELEMS_OPT];
if (pw_len < 64)
{
u32 tmp_shared[SNMPV3_TMP_ELEMS_OPT];
// md5
for (int i = 0; i < pw_len64 / 4; i++)
{
tmp_md5[i] = tmps[gid].tmp_md5[i];
tmp_sha1[i] = tmps[gid].tmp_sha1[i];
tmp_shared[i] = tmps[gid].tmp_md5[i];
}
for (int i = 0, j = loop_pos; i < loop_cnt; i += 64, j += 64)
@ -212,45 +212,58 @@ KERNEL_FQ void m25000_loop (KERN_ATTR_TMPS_ESALT (hmac_md5_tmp_t, snmpv3_t))
u32 w2[4];
u32 w3[4];
// md5
w0[0] = tmp_md5[idx + 0];
w0[1] = tmp_md5[idx + 1];
w0[2] = tmp_md5[idx + 2];
w0[3] = tmp_md5[idx + 3];
w1[0] = tmp_md5[idx + 4];
w1[1] = tmp_md5[idx + 5];
w1[2] = tmp_md5[idx + 6];
w1[3] = tmp_md5[idx + 7];
w2[0] = tmp_md5[idx + 8];
w2[1] = tmp_md5[idx + 9];
w2[2] = tmp_md5[idx + 10];
w2[3] = tmp_md5[idx + 11];
w3[0] = tmp_md5[idx + 12];
w3[1] = tmp_md5[idx + 13];
w3[2] = tmp_md5[idx + 14];
w3[3] = tmp_md5[idx + 15];
w0[0] = tmp_shared[idx + 0];
w0[1] = tmp_shared[idx + 1];
w0[2] = tmp_shared[idx + 2];
w0[3] = tmp_shared[idx + 3];
w1[0] = tmp_shared[idx + 4];
w1[1] = tmp_shared[idx + 5];
w1[2] = tmp_shared[idx + 6];
w1[3] = tmp_shared[idx + 7];
w2[0] = tmp_shared[idx + 8];
w2[1] = tmp_shared[idx + 9];
w2[2] = tmp_shared[idx + 10];
w2[3] = tmp_shared[idx + 11];
w3[0] = tmp_shared[idx + 12];
w3[1] = tmp_shared[idx + 13];
w3[2] = tmp_shared[idx + 14];
w3[3] = tmp_shared[idx + 15];
md5_transform (w0, w1, w2, w3, h_md5);
}
// sha1
// sha1
for (int i = 0; i < pw_len64 / 4; i++)
{
tmp_shared[i] = tmps[gid].tmp_sha1[i];
}
for (int i = 0, j = loop_pos; i < loop_cnt; i += 64, j += 64)
{
const int idx = (j % pw_len64) / 4; // the optimization trick is to be able to do this
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = tmp_sha1[idx + 0];
w0[1] = tmp_sha1[idx + 1];
w0[2] = tmp_sha1[idx + 2];
w0[3] = tmp_sha1[idx + 3];
w1[0] = tmp_sha1[idx + 4];
w1[1] = tmp_sha1[idx + 5];
w1[2] = tmp_sha1[idx + 6];
w1[3] = tmp_sha1[idx + 7];
w2[0] = tmp_sha1[idx + 8];
w2[1] = tmp_sha1[idx + 9];
w2[2] = tmp_sha1[idx + 10];
w2[3] = tmp_sha1[idx + 11];
w3[0] = tmp_sha1[idx + 12];
w3[1] = tmp_sha1[idx + 13];
w3[2] = tmp_sha1[idx + 14];
w3[3] = tmp_sha1[idx + 15];
w0[0] = tmp_shared[idx + 0];
w0[1] = tmp_shared[idx + 1];
w0[2] = tmp_shared[idx + 2];
w0[3] = tmp_shared[idx + 3];
w1[0] = tmp_shared[idx + 4];
w1[1] = tmp_shared[idx + 5];
w1[2] = tmp_shared[idx + 6];
w1[3] = tmp_shared[idx + 7];
w2[0] = tmp_shared[idx + 8];
w2[1] = tmp_shared[idx + 9];
w2[2] = tmp_shared[idx + 10];
w2[3] = tmp_shared[idx + 11];
w3[0] = tmp_shared[idx + 12];
w3[1] = tmp_shared[idx + 13];
w3[2] = tmp_shared[idx + 14];
w3[3] = tmp_shared[idx + 15];
sha1_transform (w0, w1, w2, w3, h_sha1);
}

33
src/modules/module_25000.c
Unescape View File

@ -24,8 +24,8 @@ static const u64 KERN_TYPE = 25000;
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE;
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "$SNMPv3$0$66763052$13981919518623358902340156831753173612320956749283824166083320737667668557830898783481876963136410266762758410322896320705075044221495960812100760230106803899899467077793703068392752686845035561487927252457444567685389901239388468830507087105054207914325254376053788152029716918450770264047103676562621965276752797029332926039166807829108367446173251908238116020942421323633620301312478670302264165059728208402342845743839533979473825394866704960428648622730299023225638967097578710279784722583947877561544154219162080289188160001741612377820114739093961409809862173307722539556954826052612794054060797358016549602977742745078911393042420821004243620362464971828700104979572910001640083882586179153483503492341163054930853321963503411228241996417991605003371264529827508426941919673592574025732354318435733211018917539824570724324796232199960952117561108106623865308577977944499366806697863259301760429786001824121720055893438673268643594146796410437039466462606490272723136671298529920486664067752007564122205089571790718437001200506203464426405927405102300269665189637001279369690218157456566218400534722049383049029139069701182053729830585217732347396312967325628046845068493719801191260136945971516486442056102815519090214442808707545803919529217103430588641187558031052830941742920355893755319896626873275796534820394248837050567688575113833311009595128372820474678989203565094681918285106102363272728922586582037066265522397748326630668375500179630717875844561081542915676557961288028298248995547031274515608973804660067065502484039882958958452781062725550260382637592283691962996228392332833626159043179186189904614052189303508782635840692436969244901198720814518$79f7b1$57e964c7cb117647004cf132";
static const char *ST_PASS = "hashcat1";
static const char *ST_HASH = "$SNMPv3$0$45889431$30818f0201033011020409242fc0020300ffe304010102010304383036041180001f88808106d566db57fd600000000002011002020118040a6d61747269785f4d4435040c0000000000000000000000000400303d041180001f88808106d566db57fd60000000000400a226020411f319300201000201003018301606082b06010201010200060a2b06010401bf0803020a$80001f88808106d566db57fd6000000000$1b37c3ea872731f922959e90";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
@ -45,8 +45,8 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig,
static const char *SIGNATURE_SNMPV3 = "$SNMPv3$0$";
#define SNMPV3_SALT_MAX 1500
#define SNMPV3_ENGINEID_MAX 32
#define SNMPV3_MSG_AUTH_PARAMS_MAX 12
#define SNMPV3_ENGINEID_MAX 34
#define SNMPV3_MSG_AUTH_PARAMS_LEN 12
#define SNMPV3_ROUNDS 1048576
#define SNMPV3_MAX_PW_LENGTH 64
@ -62,6 +62,7 @@ typedef struct hmac_md5_tmp
{
u32 tmp_md5[SNMPV3_TMP_ELEMS];
u32 tmp_sha1[SNMPV3_TMP_ELEMS];
u32 h_md5[SNMPV3_HASH_ELEMS_MD5];
u32 h_sha1[SNMPV3_HASH_ELEMS_SHA1];
@ -79,6 +80,13 @@ typedef struct snmpv3
} snmpv3_t;
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u32 pw_min = 8;
return pw_min;
}
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (snmpv3_t);
@ -133,23 +141,23 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT;
// salt
token.len_min[2] = 12 * 2;
token.len_min[2] = SNMPV3_MSG_AUTH_PARAMS_LEN * 2;
token.len_max[2] = SNMPV3_SALT_MAX * 2;
token.sep[2] = '$';
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
// engineid
token.len_min[3] = 5;
token.len_min[3] = 26;
token.len_max[3] = SNMPV3_ENGINEID_MAX;
token.sep[3] = '$';
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
// digest
token.len_min[4] = SNMPV3_MSG_AUTH_PARAMS_MAX * 2;
token.len_max[4] = SNMPV3_MSG_AUTH_PARAMS_MAX * 2;
token.len[4] = SNMPV3_MSG_AUTH_PARAMS_LEN * 2;
token.sep[4] = '$';
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
token.attr[4] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
@ -206,7 +214,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
digest[0] = hex_to_u32 (hash_pos + 0);
digest[1] = hex_to_u32 (hash_pos + 8);
digest[2] = hex_to_u32 (hash_pos + 16);
digest[3] = 0;
// prefer sha1 due to speed
@ -214,6 +221,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
digest[1] = byte_swap_32 (digest[1]);
digest[2] = byte_swap_32 (digest[2]);
digest[3] = 0;
return (PARSER_OK);
}
@ -320,7 +329,7 @@ void module_init (module_ctx_t *module_ctx)
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
module_ctx->module_pwdump_column = MODULE_DEFAULT;
module_ctx->module_pw_max = MODULE_DEFAULT;
module_ctx->module_pw_min = MODULE_DEFAULT;
module_ctx->module_pw_min = module_pw_min;
module_ctx->module_salt_max = MODULE_DEFAULT;
module_ctx->module_salt_min = MODULE_DEFAULT;
module_ctx->module_salt_type = module_salt_type;

6
tools/test_modules/m25000.pm
Unescape View File

@ -12,14 +12,14 @@ use Digest::MD5 qw (md5 md5_hex);
use Digest::SHA qw (sha1 sha1_hex);
use Digest::HMAC qw (hmac hmac_hex);
sub module_constraints { [[1, 256], [24, 3000], [-1, -1], [-1, -1], [-1, -1]] }
sub module_constraints { [[8, 256], [24, 3000], [-1, -1], [-1, -1], [-1, -1]] }
sub module_generate_hash
{
my $word = shift;
my $salt = shift;
my $pkt_num = shift // int(rand(99999999));
my $engineID = shift // random_hex_string(6);
my $pkt_num = shift // int(rand(100000000));
my $engineID = shift // random_hex_string(26, 34);
my $mode = shift // int(rand(1)) + 1;
# make even if needed

Write Preview
Loading…
Cancel
Save