mirror of
https://github.com/hashcat/hashcat.git
synced 2025-02-16 17:42:04 +00:00
using shared buffer between md5 and sha1 SNMPV3_TMP_ELEMS_OPT, fix to crack real hashes
This commit is contained in:
Gabriele Gristina
parent
7c8d7f7831
commit
c20ff01c39
@ -19,8 +19,8 @@
|
||||
#define COMPARE_M "inc_comp_multi.cl"
|
||||
|
||||
#define SNMPV3_SALT_MAX 1500
|
||||
#define SNMPV3_ENGINEID_MAX 32
|
||||
#define SNMPV3_MSG_AUTH_PARAMS_MAX 12
|
||||
#define SNMPV3_ENGINEID_MAX 34
|
||||
#define SNMPV3_MSG_AUTH_PARAMS_LEN 12
|
||||
#define SNMPV3_ROUNDS 1048576
|
||||
#define SNMPV3_MAX_PW_LENGTH 64
|
||||
|
||||
@ -192,15 +192,15 @@ KERNEL_FQ void m25000_loop (KERN_ATTR_TMPS_ESALT (hmac_md5_tmp_t, snmpv3_t))
|
||||
#define SNMPV3_TMP_ELEMS_OPT 1024 // 1024 = (64 max pw length * 64) / sizeof (u32)
|
||||
// for pw length > 64 we use global memory reads
|
||||
|
||||
u32 tmp_md5[SNMPV3_TMP_ELEMS_OPT];
|
||||
u32 tmp_sha1[SNMPV3_TMP_ELEMS_OPT];
|
||||
|
||||
if (pw_len < 64)
|
||||
{
|
||||
u32 tmp_shared[SNMPV3_TMP_ELEMS_OPT];
|
||||
|
||||
// md5
|
||||
|
||||
for (int i = 0; i < pw_len64 / 4; i++)
|
||||
{
|
||||
tmp_md5[i] = tmps[gid].tmp_md5[i];
|
||||
tmp_sha1[i] = tmps[gid].tmp_sha1[i];
|
||||
tmp_shared[i] = tmps[gid].tmp_md5[i];
|
||||
}
|
||||
|
||||
for (int i = 0, j = loop_pos; i < loop_cnt; i += 64, j += 64)
|
||||
@ -212,45 +212,58 @@ KERNEL_FQ void m25000_loop (KERN_ATTR_TMPS_ESALT (hmac_md5_tmp_t, snmpv3_t))
|
||||
u32 w2[4];
|
||||
u32 w3[4];
|
||||
|
||||
// md5
|
||||
|
||||
w0[0] = tmp_md5[idx + 0];
|
||||
w0[1] = tmp_md5[idx + 1];
|
||||
w0[2] = tmp_md5[idx + 2];
|
||||
w0[3] = tmp_md5[idx + 3];
|
||||
w1[0] = tmp_md5[idx + 4];
|
||||
w1[1] = tmp_md5[idx + 5];
|
||||
w1[2] = tmp_md5[idx + 6];
|
||||
w1[3] = tmp_md5[idx + 7];
|
||||
w2[0] = tmp_md5[idx + 8];
|
||||
w2[1] = tmp_md5[idx + 9];
|
||||
w2[2] = tmp_md5[idx + 10];
|
||||
w2[3] = tmp_md5[idx + 11];
|
||||
w3[0] = tmp_md5[idx + 12];
|
||||
w3[1] = tmp_md5[idx + 13];
|
||||
w3[2] = tmp_md5[idx + 14];
|
||||
w3[3] = tmp_md5[idx + 15];
|
||||
w0[0] = tmp_shared[idx + 0];
|
||||
w0[1] = tmp_shared[idx + 1];
|
||||
w0[2] = tmp_shared[idx + 2];
|
||||
w0[3] = tmp_shared[idx + 3];
|
||||
w1[0] = tmp_shared[idx + 4];
|
||||
w1[1] = tmp_shared[idx + 5];
|
||||
w1[2] = tmp_shared[idx + 6];
|
||||
w1[3] = tmp_shared[idx + 7];
|
||||
w2[0] = tmp_shared[idx + 8];
|
||||
w2[1] = tmp_shared[idx + 9];
|
||||
w2[2] = tmp_shared[idx + 10];
|
||||
w2[3] = tmp_shared[idx + 11];
|
||||
w3[0] = tmp_shared[idx + 12];
|
||||
w3[1] = tmp_shared[idx + 13];
|
||||
w3[2] = tmp_shared[idx + 14];
|
||||
w3[3] = tmp_shared[idx + 15];
|
||||
|
||||
md5_transform (w0, w1, w2, w3, h_md5);
|
||||
}
|
||||
|
||||
// sha1
|
||||
// sha1
|
||||
|
||||
w0[0] = tmp_sha1[idx + 0];
|
||||
w0[1] = tmp_sha1[idx + 1];
|
||||
w0[2] = tmp_sha1[idx + 2];
|
||||
w0[3] = tmp_sha1[idx + 3];
|
||||
w1[0] = tmp_sha1[idx + 4];
|
||||
w1[1] = tmp_sha1[idx + 5];
|
||||
w1[2] = tmp_sha1[idx + 6];
|
||||
w1[3] = tmp_sha1[idx + 7];
|
||||
w2[0] = tmp_sha1[idx + 8];
|
||||
w2[1] = tmp_sha1[idx + 9];
|
||||
w2[2] = tmp_sha1[idx + 10];
|
||||
w2[3] = tmp_sha1[idx + 11];
|
||||
w3[0] = tmp_sha1[idx + 12];
|
||||
w3[1] = tmp_sha1[idx + 13];
|
||||
w3[2] = tmp_sha1[idx + 14];
|
||||
w3[3] = tmp_sha1[idx + 15];
|
||||
for (int i = 0; i < pw_len64 / 4; i++)
|
||||
{
|
||||
tmp_shared[i] = tmps[gid].tmp_sha1[i];
|
||||
}
|
||||
|
||||
for (int i = 0, j = loop_pos; i < loop_cnt; i += 64, j += 64)
|
||||
{
|
||||
const int idx = (j % pw_len64) / 4; // the optimization trick is to be able to do this
|
||||
|
||||
u32 w0[4];
|
||||
u32 w1[4];
|
||||
u32 w2[4];
|
||||
u32 w3[4];
|
||||
|
||||
w0[0] = tmp_shared[idx + 0];
|
||||
w0[1] = tmp_shared[idx + 1];
|
||||
w0[2] = tmp_shared[idx + 2];
|
||||
w0[3] = tmp_shared[idx + 3];
|
||||
w1[0] = tmp_shared[idx + 4];
|
||||
w1[1] = tmp_shared[idx + 5];
|
||||
w1[2] = tmp_shared[idx + 6];
|
||||
w1[3] = tmp_shared[idx + 7];
|
||||
w2[0] = tmp_shared[idx + 8];
|
||||
w2[1] = tmp_shared[idx + 9];
|
||||
w2[2] = tmp_shared[idx + 10];
|
||||
w2[3] = tmp_shared[idx + 11];
|
||||
w3[0] = tmp_shared[idx + 12];
|
||||
w3[1] = tmp_shared[idx + 13];
|
||||
w3[2] = tmp_shared[idx + 14];
|
||||
w3[3] = tmp_shared[idx + 15];
|
||||
|
||||
sha1_transform (w0, w1, w2, w3, h_sha1);
|
||||
}
|
||||
|
||||
@ -24,8 +24,8 @@ static const u64 KERN_TYPE = 25000;
|
||||
static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE;
|
||||
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE;
|
||||
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
|
||||
static const char *ST_PASS = "hashcat";
|
||||
static const char *ST_HASH = "$SNMPv3$0$66763052$13981919518623358902340156831753173612320956749283824166083320737667668557830898783481876963136410266762758410322896320705075044221495960812100760230106803899899467077793703068392752686845035561487927252457444567685389901239388468830507087105054207914325254376053788152029716918450770264047103676562621965276752797029332926039166807829108367446173251908238116020942421323633620301312478670302264165059728208402342845743839533979473825394866704960428648622730299023225638967097578710279784722583947877561544154219162080289188160001741612377820114739093961409809862173307722539556954826052612794054060797358016549602977742745078911393042420821004243620362464971828700104979572910001640083882586179153483503492341163054930853321963503411228241996417991605003371264529827508426941919673592574025732354318435733211018917539824570724324796232199960952117561108106623865308577977944499366806697863259301760429786001824121720055893438673268643594146796410437039466462606490272723136671298529920486664067752007564122205089571790718437001200506203464426405927405102300269665189637001279369690218157456566218400534722049383049029139069701182053729830585217732347396312967325628046845068493719801191260136945971516486442056102815519090214442808707545803919529217103430588641187558031052830941742920355893755319896626873275796534820394248837050567688575113833311009595128372820474678989203565094681918285106102363272728922586582037066265522397748326630668375500179630717875844561081542915676557961288028298248995547031274515608973804660067065502484039882958958452781062725550260382637592283691962996228392332833626159043179186189904614052189303508782635840692436969244901198720814518$79f7b1$57e964c7cb117647004cf132";
|
||||
static const char *ST_PASS = "hashcat1";
|
||||
static const char *ST_HASH = "$SNMPv3$0$45889431$30818f0201033011020409242fc0020300ffe304010102010304383036041180001f88808106d566db57fd600000000002011002020118040a6d61747269785f4d4435040c0000000000000000000000000400303d041180001f88808106d566db57fd60000000000400a226020411f319300201000201003018301606082b06010201010200060a2b06010401bf0803020a$80001f88808106d566db57fd6000000000$1b37c3ea872731f922959e90";
|
||||
|
||||
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
|
||||
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
|
||||
@ -45,8 +45,8 @@ const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig,
|
||||
static const char *SIGNATURE_SNMPV3 = "$SNMPv3$0$";
|
||||
|
||||
#define SNMPV3_SALT_MAX 1500
|
||||
#define SNMPV3_ENGINEID_MAX 32
|
||||
#define SNMPV3_MSG_AUTH_PARAMS_MAX 12
|
||||
#define SNMPV3_ENGINEID_MAX 34
|
||||
#define SNMPV3_MSG_AUTH_PARAMS_LEN 12
|
||||
#define SNMPV3_ROUNDS 1048576
|
||||
#define SNMPV3_MAX_PW_LENGTH 64
|
||||
|
||||
@ -62,6 +62,7 @@ typedef struct hmac_md5_tmp
|
||||
{
|
||||
u32 tmp_md5[SNMPV3_TMP_ELEMS];
|
||||
u32 tmp_sha1[SNMPV3_TMP_ELEMS];
|
||||
|
||||
u32 h_md5[SNMPV3_HASH_ELEMS_MD5];
|
||||
u32 h_sha1[SNMPV3_HASH_ELEMS_SHA1];
|
||||
|
||||
@ -79,6 +80,13 @@ typedef struct snmpv3
|
||||
|
||||
} snmpv3_t;
|
||||
|
||||
u32 module_pw_min (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u32 pw_min = 8;
|
||||
|
||||
return pw_min;
|
||||
}
|
||||
|
||||
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
|
||||
{
|
||||
const u64 esalt_size = (const u64) sizeof (snmpv3_t);
|
||||
@ -133,23 +141,23 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
|
||||
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_DIGIT;
|
||||
// salt
|
||||
token.len_min[2] = 12 * 2;
|
||||
token.len_min[2] = SNMPV3_MSG_AUTH_PARAMS_LEN * 2;
|
||||
token.len_max[2] = SNMPV3_SALT_MAX * 2;
|
||||
token.sep[2] = '$';
|
||||
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_HEX;
|
||||
|
||||
// engineid
|
||||
token.len_min[3] = 5;
|
||||
token.len_min[3] = 26;
|
||||
token.len_max[3] = SNMPV3_ENGINEID_MAX;
|
||||
token.sep[3] = '$';
|
||||
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH;
|
||||
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_HEX;
|
||||
|
||||
// digest
|
||||
token.len_min[4] = SNMPV3_MSG_AUTH_PARAMS_MAX * 2;
|
||||
token.len_max[4] = SNMPV3_MSG_AUTH_PARAMS_MAX * 2;
|
||||
token.len[4] = SNMPV3_MSG_AUTH_PARAMS_LEN * 2;
|
||||
token.sep[4] = '$';
|
||||
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
|
||||
token.attr[4] = TOKEN_ATTR_FIXED_LENGTH
|
||||
| TOKEN_ATTR_VERIFY_HEX;
|
||||
|
||||
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
|
||||
@ -206,7 +214,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
|
||||
digest[0] = hex_to_u32 (hash_pos + 0);
|
||||
digest[1] = hex_to_u32 (hash_pos + 8);
|
||||
digest[2] = hex_to_u32 (hash_pos + 16);
|
||||
digest[3] = 0;
|
||||
|
||||
// prefer sha1 due to speed
|
||||
|
||||
@ -214,6 +221,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
|
||||
digest[1] = byte_swap_32 (digest[1]);
|
||||
digest[2] = byte_swap_32 (digest[2]);
|
||||
|
||||
digest[3] = 0;
|
||||
|
||||
return (PARSER_OK);
|
||||
}
|
||||
|
||||
@ -320,7 +329,7 @@ void module_init (module_ctx_t *module_ctx)
|
||||
module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT;
|
||||
module_ctx->module_pwdump_column = MODULE_DEFAULT;
|
||||
module_ctx->module_pw_max = MODULE_DEFAULT;
|
||||
module_ctx->module_pw_min = MODULE_DEFAULT;
|
||||
module_ctx->module_pw_min = module_pw_min;
|
||||
module_ctx->module_salt_max = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_min = MODULE_DEFAULT;
|
||||
module_ctx->module_salt_type = module_salt_type;
|
||||
|
||||
@ -12,14 +12,14 @@ use Digest::MD5 qw (md5 md5_hex);
|
||||
use Digest::SHA qw (sha1 sha1_hex);
|
||||
use Digest::HMAC qw (hmac hmac_hex);
|
||||
|
||||
sub module_constraints { [[1, 256], [24, 3000], [-1, -1], [-1, -1], [-1, -1]] }
|
||||
sub module_constraints { [[8, 256], [24, 3000], [-1, -1], [-1, -1], [-1, -1]] }
|
||||
|
||||
sub module_generate_hash
|
||||
{
|
||||
my $word = shift;
|
||||
my $salt = shift;
|
||||
my $pkt_num = shift // int(rand(99999999));
|
||||
my $engineID = shift // random_hex_string(6);
|
||||
my $pkt_num = shift // int(rand(100000000));
|
||||
my $engineID = shift // random_hex_string(26, 34);
|
||||
my $mode = shift // int(rand(1)) + 1;
|
||||
|
||||
# make even if needed
|
||||
|
||||
Loading…
Reference in New Issue
Block a user