From 844f2a92d2ffe68731fa8dae214cd7ef537da54a Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Thu, 10 Oct 2024 18:44:32 +0200 Subject: [PATCH 1/5] Add support for Mojolicious session cookies --- src/modules/module_16501.c | 332 +++++++++++++++++++++++++++++++++++ tools/test_modules/m16501.pm | 91 ++++++++++ 2 files changed, 423 insertions(+) create mode 100644 src/modules/module_16501.c create mode 100644 tools/test_modules/m16501.pm diff --git a/src/modules/module_16501.c b/src/modules/module_16501.c new file mode 100644 index 000000000..b6cd10528 --- /dev/null +++ b/src/modules/module_16501.c @@ -0,0 +1,332 @@ +/** + * Author......: See docs/credits.txt + * License.....: MIT + */ + +#include "common.h" +#include "types.h" +#include "modules.h" +#include "bitops.h" +#include "convert.h" +#include "shared.h" +#include "emu_inc_hash_md5.h" +#include "memory.h" + +static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL; +static const u32 DGST_POS0 = 0; +static const u32 DGST_POS1 = 1; +static const u32 DGST_POS2 = 2; +static const u32 DGST_POS3 = 3; +static const u32 DGST_SIZE = DGST_SIZE_4_16; +static const u32 HASH_CATEGORY = HASH_CATEGORY_FRAMEWORK; +static const char *HASH_NAME = "Perl Mojolicious session cookie (HMAC-SHA256, >= v9.19)"; +// Padded cookie with HMAC-SHA256 signature was introduced in version v9.19 of Mojolicious framework +// It's very like JWT HS256 tokens without a header, so it reuses the kernel. +// For versions pre v9.19, that uses non-padded HMAC-SHA1 signed cookies, use module 150. +static const u64 KERN_TYPE = 16511; +static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE + | OPTI_TYPE_NOT_ITERATED; +static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE + | OPTS_TYPE_PT_GENERATE_BE + | OPTS_TYPE_SELF_TEST_DISABLE; +static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; +static const char *ST_PASS = "secret"; +static const char *ST_HASH = "mojolicious=eyIyODY0NTk0MyI6Mzc4NzMyMzJ9ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ--d70a4d495a7eb5764cf7a7db95079bfb23280d33b67aa1589dd4e4f926be1f34"; + +u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } +u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } +u32 module_dgst_pos1 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS1; } +u32 module_dgst_pos2 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS2; } +u32 module_dgst_pos3 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS3; } +u32 module_dgst_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_SIZE; } +u32 module_hash_category (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_CATEGORY; } +const char *module_hash_name (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return HASH_NAME; } +u64 module_kern_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return KERN_TYPE; } +u32 module_opti_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTI_TYPE; } +u64 module_opts_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return OPTS_TYPE; } +u32 module_salt_type (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return SALT_TYPE; } +const char *module_st_hash (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_HASH; } +const char *module_st_pass (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ST_PASS; } + +typedef struct mojolicious +{ + u32 salt_buf[1024]; + u32 salt_len; + + u32 signature_len; + +} mojolicious_t; + +salt_t *module_benchmark_salt (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + salt_t *salt = (salt_t *) hcmalloc (sizeof (salt_t)); + + salt->salt_iter = 1; + salt->salt_len = 16; + + return salt; +} + +void *module_benchmark_esalt (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + mojolicious_t *mojolicious = (mojolicious_t *) hcmalloc (sizeof (mojolicious_t)); + + mojolicious->signature_len = 43; + mojolicious->salt_len = 32; + + return mojolicious; +} + +u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) +{ + const u64 esalt_size = (const u64) sizeof (mojolicious_t); + + return esalt_size; +} + +u64 module_kern_type_dynamic (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info) +{ + return 16511; +} + +int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED void *digest_buf, MAYBE_UNUSED salt_t *salt, MAYBE_UNUSED void *esalt_buf, MAYBE_UNUSED void *hook_salt_buf, MAYBE_UNUSED hashinfo_t *hash_info, const char *line_buf, MAYBE_UNUSED const int line_len) +{ + mojolicious_t *mojolicious = (mojolicious_t *) esalt_buf; + + hc_token_t token; + + memset (&token, 0, sizeof (hc_token_t)); + + token.token_cnt = 4; + + // total = max 4096 characters + // name=value = max 4030 characters + + // cookie name + token.sep[0] = '='; + token.len_min[0] = 1; + token.len_max[0] = 3005; // what's left of max cookie length + token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; + + // '=' as separator + + // cookie value + token.sep[1] = '-'; + token.len_min[1] = 1024; // if there's no padding, it's not new cookie + token.len_max[1] = 4030; + token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH + | TOKEN_ATTR_VERIFY_BASE64A; + + // '--' as separator + token.sep[2] = '-'; + token.len_min[2] = 0; + token.len_max[2] = 0; + token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; + + + // signature = 64 characters + token.sep[3] = '-'; + token.len_min[3] = 64; + token.len_max[3] = 64; + token.attr[3] = 0; + + const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); + + if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); + + const int name_len = token.len[0]; + const int payload_len = token.len[1]; + mojolicious->signature_len = token.len[3]; + + // esalt + + const int esalt_len = name_len + 1 + payload_len; + + if (esalt_len > 4096) return (PARSER_SALT_LENGTH); + + memcpy (mojolicious->salt_buf, line_buf, esalt_len); + + mojolicious->salt_len = esalt_len; + + + // salt + + // Create a hash of the esalt because esalt buffer can change somewhere behind salt->salt_buf size + // Not a regular MD5 but good enough + + u32 hash[4]; + + hash[0] = 0; + hash[1] = 1; + hash[2] = 2; + hash[3] = 3; + + u32 block[16]; + + memset (block, 0, sizeof (block)); + + for (int i = 0; i < 1024; i += 16) + { + for (int j = 0; j < 16; j++) + { + block[j] = mojolicious->salt_buf[i + j]; + + md5_transform (block + 0, block + 4, block + 8, block + 12, hash); + } + } + + salt->salt_buf[0] = hash[0]; + salt->salt_buf[1] = hash[1]; + salt->salt_buf[2] = hash[2]; + salt->salt_buf[3] = hash[3]; + + salt->salt_len = 16; + + + const u8 *hash_pos = token.buf[3]; + u32 *digest = (u32 *) digest_buf; + + digest[0] = hex_to_u32 (hash_pos + 0); + digest[1] = hex_to_u32 (hash_pos + 8); + digest[2] = hex_to_u32 (hash_pos + 16); + digest[3] = hex_to_u32 (hash_pos + 24); + digest[4] = hex_to_u32 (hash_pos + 32); + digest[5] = hex_to_u32 (hash_pos + 40); + digest[6] = hex_to_u32 (hash_pos + 48); + digest[7] = hex_to_u32 (hash_pos + 56); + + + digest[0] = byte_swap_32 (digest[0]); + digest[1] = byte_swap_32 (digest[1]); + digest[2] = byte_swap_32 (digest[2]); + digest[3] = byte_swap_32 (digest[3]); + digest[4] = byte_swap_32 (digest[4]); + digest[5] = byte_swap_32 (digest[5]); + digest[6] = byte_swap_32 (digest[6]); + digest[7] = byte_swap_32 (digest[7]); + + + return (PARSER_OK); +} + +int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const void *digest_buf, MAYBE_UNUSED const salt_t *salt, MAYBE_UNUSED const void *esalt_buf, MAYBE_UNUSED const void *hook_salt_buf, MAYBE_UNUSED const hashinfo_t *hash_info, char *line_buf, MAYBE_UNUSED const int line_size) +{ + const mojolicious_t *mojolicious = (const mojolicious_t *) esalt_buf; + + const u32 *digest32 = (const u32 *) digest_buf; + + char ptr_plain[128]; + + + u32 tmp[8]; + + tmp[0] = byte_swap_32 (digest32[0]); + tmp[1] = byte_swap_32 (digest32[1]); + tmp[2] = byte_swap_32 (digest32[2]); + tmp[3] = byte_swap_32 (digest32[3]); + tmp[4] = byte_swap_32 (digest32[4]); + tmp[5] = byte_swap_32 (digest32[5]); + tmp[6] = byte_swap_32 (digest32[6]); + tmp[7] = byte_swap_32 (digest32[7]); + + + u8 *out_buf = (u8 *) ptr_plain; + + int out_len = 0; + + u32_to_hex (tmp[0], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[1], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[2], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[3], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[4], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[5], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[6], out_buf + out_len); out_len += 8; + u32_to_hex (tmp[7], out_buf + out_len); out_len += 8; + + out_buf[65]=0; + + + const int line_len = snprintf (line_buf, line_size, "%s--%s", (char *) mojolicious->salt_buf, (char *) ptr_plain); + + return line_len; +} + +void module_init (module_ctx_t *module_ctx) +{ + module_ctx->module_context_size = MODULE_CONTEXT_SIZE_CURRENT; + module_ctx->module_interface_version = MODULE_INTERFACE_VERSION_CURRENT; + + module_ctx->module_attack_exec = module_attack_exec; + module_ctx->module_benchmark_esalt = module_benchmark_esalt; + module_ctx->module_benchmark_hook_salt = MODULE_DEFAULT; + module_ctx->module_benchmark_mask = MODULE_DEFAULT; + module_ctx->module_benchmark_charset = MODULE_DEFAULT; + module_ctx->module_benchmark_salt = module_benchmark_salt; + module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; + module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; + module_ctx->module_deprecated_notice = MODULE_DEFAULT; + module_ctx->module_dgst_pos0 = module_dgst_pos0; + module_ctx->module_dgst_pos1 = module_dgst_pos1; + module_ctx->module_dgst_pos2 = module_dgst_pos2; + module_ctx->module_dgst_pos3 = module_dgst_pos3; + module_ctx->module_dgst_size = module_dgst_size; + module_ctx->module_dictstat_disable = MODULE_DEFAULT; + module_ctx->module_esalt_size = module_esalt_size; + module_ctx->module_extra_buffer_size = MODULE_DEFAULT; + module_ctx->module_extra_tmp_size = MODULE_DEFAULT; + module_ctx->module_extra_tuningdb_block = MODULE_DEFAULT; + module_ctx->module_forced_outfile_format = MODULE_DEFAULT; + module_ctx->module_hash_binary_count = MODULE_DEFAULT; + module_ctx->module_hash_binary_parse = MODULE_DEFAULT; + module_ctx->module_hash_binary_save = MODULE_DEFAULT; + module_ctx->module_hash_decode_postprocess = MODULE_DEFAULT; + module_ctx->module_hash_decode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_decode_zero_hash = MODULE_DEFAULT; + module_ctx->module_hash_decode = module_hash_decode; + module_ctx->module_hash_encode_status = MODULE_DEFAULT; + module_ctx->module_hash_encode_potfile = MODULE_DEFAULT; + module_ctx->module_hash_encode = module_hash_encode; + module_ctx->module_hash_init_selftest = MODULE_DEFAULT; + module_ctx->module_hash_mode = MODULE_DEFAULT; + module_ctx->module_hash_category = module_hash_category; + module_ctx->module_hash_name = module_hash_name; + module_ctx->module_hashes_count_min = MODULE_DEFAULT; + module_ctx->module_hashes_count_max = MODULE_DEFAULT; + module_ctx->module_hlfmt_disable = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_size = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_init = MODULE_DEFAULT; + module_ctx->module_hook_extra_param_term = MODULE_DEFAULT; + module_ctx->module_hook12 = MODULE_DEFAULT; + module_ctx->module_hook23 = MODULE_DEFAULT; + module_ctx->module_hook_salt_size = MODULE_DEFAULT; + module_ctx->module_hook_size = MODULE_DEFAULT; + module_ctx->module_jit_build_options = MODULE_DEFAULT; + module_ctx->module_jit_cache_disable = MODULE_DEFAULT; + module_ctx->module_kernel_accel_max = MODULE_DEFAULT; + module_ctx->module_kernel_accel_min = MODULE_DEFAULT; + module_ctx->module_kernel_loops_max = MODULE_DEFAULT; + module_ctx->module_kernel_loops_min = MODULE_DEFAULT; + module_ctx->module_kernel_threads_max = MODULE_DEFAULT; + module_ctx->module_kernel_threads_min = MODULE_DEFAULT; + module_ctx->module_kern_type = module_kern_type; + module_ctx->module_kern_type_dynamic = module_kern_type_dynamic; + module_ctx->module_opti_type = module_opti_type; + module_ctx->module_opts_type = module_opts_type; + module_ctx->module_outfile_check_disable = MODULE_DEFAULT; + module_ctx->module_outfile_check_nocomp = MODULE_DEFAULT; + module_ctx->module_potfile_custom_check = MODULE_DEFAULT; + module_ctx->module_potfile_disable = MODULE_DEFAULT; + module_ctx->module_potfile_keep_all_hashes = MODULE_DEFAULT; + module_ctx->module_pwdump_column = MODULE_DEFAULT; + module_ctx->module_pw_max = MODULE_DEFAULT; + module_ctx->module_pw_min = MODULE_DEFAULT; + module_ctx->module_salt_max = MODULE_DEFAULT; + module_ctx->module_salt_min = MODULE_DEFAULT; + module_ctx->module_salt_type = module_salt_type; + module_ctx->module_separator = MODULE_DEFAULT; + module_ctx->module_st_hash = module_st_hash; + module_ctx->module_st_pass = module_st_pass; + module_ctx->module_tmp_size = MODULE_DEFAULT; + module_ctx->module_unstable_warning = MODULE_DEFAULT; + module_ctx->module_warmup_disable = MODULE_DEFAULT; +} diff --git a/tools/test_modules/m16501.pm b/tools/test_modules/m16501.pm new file mode 100644 index 000000000..09361d368 --- /dev/null +++ b/tools/test_modules/m16501.pm @@ -0,0 +1,91 @@ +#!/usr/bin/env perl + +## +## Author......: See docs/credits.txt +## License.....: MIT +## + +use strict; +use warnings; + +use Digest::HMAC qw (hmac); +use MIME::Base64 qw (encode_base64url); +use JSON qw (encode_json); + +sub module_constraints { [[0, 64], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } + +sub module_generate_hash +{ + my $word = shift; + my $salt = shift || get_random_mojolicious_salt (); + + ## mojolicious=eyJleHBpcmVzIjoxMTEyNDcwNjIwLCJuZXdfZmxhc2giOnsibWVzc2FnZSI6IkhlbGxvIHRoZXJlLiJ9LCJ1c2VyIjoiYWxpY2UifQ + my ($name, $value) = split('=', $salt); + + ## example is 102 chars in length, 1025-102 = so it gets 923 chars of "Z" padding, "--" separator and HMAC-SHA256 signature + ## mojolicious=eyJleHBpcmVzIjoxMTEyNDcwNjIwLCJuZXdfZmxhc2giOnsibWVzc2FnZSI6IkhlbGxvIHRoZXJlLiJ9LCJ1c2VyIjoiYWxpY2UifQZZZZZZZ(...)ZZZZZZ--1bf346f55562ac2a08d1b86a28e87bf5aad357d7a92e816567271f5b420b93c1 + my $hash = get_signed_cookie ($name, $value, $word); + + return $hash; +} + +sub module_verify_hash +{ + my $line = shift; + + my ($hash, $word) = split (':', $line); + + return unless defined $hash; + return unless defined $word; + + my @data = split (/--/, $hash); + + return unless scalar @data == 2; + + my ($padded_cookie, $signature) = @data; + + my $unpadded_cookie = $padded_cookie =~ s/\}\KZ*$//r; + + my ($cookie_name, $cookie_value) = split('=', $unpadded_cookie); + + my $salt = $cookie_name . "=" . $cookie_value; + + my $word_packed = pack_if_HEX_notation ($word); + + my $new_hash = module_generate_hash ($word_packed, $salt); + + return ($new_hash, $word); +} + +sub get_random_mojolicious_salt +{ + my $random_key = random_number (1, 100000000); + my $random_val = random_number (1, 100000000); + + my $payload = + { + $random_key => $random_val + }; + + my $payload_json = encode_json ($payload); + + my $payload_base64 = encode_base64url ($payload_json, ""); + + return "mojolicious=$payload_base64"; +} + +sub get_signed_cookie +{ + my ($name, $value, $secret) = @_; + + sub add_mojolicious_padding { + return $_[0] . 'Z' x (1025 - length $_[0]); + } + + my $padded = add_mojolicious_padding $value; + + my $sum = Digest::SHA::hmac_sha256_hex("$name=$padded", $secret); + return "$name=$padded--$sum" +} + +1; From 0700efa01570b0ab6324c54cc8309c67df220c47 Mon Sep 17 00:00:00 2001 From: Jakub Kramarz Date: Thu, 31 Oct 2024 09:16:10 +0100 Subject: [PATCH 2/5] Fixed padding format in Mojolicious session cookies --- src/modules/module_16501.c | 2 +- tools/test_modules/m16501.pm | 26 ++++++++++++-------------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/src/modules/module_16501.c b/src/modules/module_16501.c index b6cd10528..06b8f7e37 100644 --- a/src/modules/module_16501.c +++ b/src/modules/module_16501.c @@ -31,7 +31,7 @@ static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_SELF_TEST_DISABLE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; static const char *ST_PASS = "secret"; -static const char *ST_HASH = "mojolicious=eyIyODY0NTk0MyI6Mzc4NzMyMzJ9ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ--d70a4d495a7eb5764cf7a7db95079bfb23280d33b67aa1589dd4e4f926be1f34"; +static const char *ST_HASH = "mojolicious=eyJleHBpcmVzIjoyMDAwMDAwMDAwLCAidXNlciI6ICJzdXBlcnVzZXIifVpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo--9d32db342a1caa83910dc8db51ff387591c40144bc0dddfa437d03a7d65688da"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } diff --git a/tools/test_modules/m16501.pm b/tools/test_modules/m16501.pm index 09361d368..ee68f4565 100644 --- a/tools/test_modules/m16501.pm +++ b/tools/test_modules/m16501.pm @@ -8,7 +8,7 @@ use strict; use warnings; -use Digest::HMAC qw (hmac); +use Digest::SHA qw (hmac_sha256_hex); use MIME::Base64 qw (encode_base64url); use JSON qw (encode_json); @@ -19,11 +19,10 @@ sub module_generate_hash my $word = shift; my $salt = shift || get_random_mojolicious_salt (); - ## mojolicious=eyJleHBpcmVzIjoxMTEyNDcwNjIwLCJuZXdfZmxhc2giOnsibWVzc2FnZSI6IkhlbGxvIHRoZXJlLiJ9LCJ1c2VyIjoiYWxpY2UifQ + ## mojolicious=eyJleHBpcmVzIjoxMTEyNDcwNjIwLCJuZXdfZmxhc2giOnsibWVzc2FnZSI6IkhlbGxvIHRoZXJlLiJ9LCJ1c2VyIjoiYWxpY2UifQWlpaWlpaWlpaWlp(...)aWlpaWlpaWlpaWlpaWlpaWlpaWlp my ($name, $value) = split('=', $salt); - ## example is 102 chars in length, 1025-102 = so it gets 923 chars of "Z" padding, "--" separator and HMAC-SHA256 signature - ## mojolicious=eyJleHBpcmVzIjoxMTEyNDcwNjIwLCJuZXdfZmxhc2giOnsibWVzc2FnZSI6IkhlbGxvIHRoZXJlLiJ9LCJ1c2VyIjoiYWxpY2UifQZZZZZZZ(...)ZZZZZZ--1bf346f55562ac2a08d1b86a28e87bf5aad357d7a92e816567271f5b420b93c1 + ## mojolicious=eyJleHBpcmVzIjoxMTEyNDcwNjIwLCJuZXdfZmxhc2giOnsibWVzc2FnZSI6IkhlbGxvIHRoZXJlLiJ9LCJ1c2VyIjoiYWxpY2UifQWlpaWlpaWlpaWlp(...)aWlpaWlpaWlpaWlpaWlpaWlpaWlp--1bf346f55562ac2a08d1b86a28e87bf5aad357d7a92e816567271f5b420b93c1 my $hash = get_signed_cookie ($name, $value, $word); return $hash; @@ -59,6 +58,11 @@ sub module_verify_hash sub get_random_mojolicious_salt { + sub add_mojolicious_padding + { + return $_[0] . 'Z' x (1025 - length $_[0]); + } + my $random_key = random_number (1, 100000000); my $random_val = random_number (1, 100000000); @@ -68,8 +72,8 @@ sub get_random_mojolicious_salt }; my $payload_json = encode_json ($payload); - - my $payload_base64 = encode_base64url ($payload_json, ""); + my $payload_padded = add_mojolicious_padding ($payload_json); + my $payload_base64 = encode_base64url ($payload_padded, ""); return "mojolicious=$payload_base64"; } @@ -77,15 +81,9 @@ sub get_random_mojolicious_salt sub get_signed_cookie { my ($name, $value, $secret) = @_; + my $sum = Digest::SHA::hmac_sha256_hex("$name=$value", $secret); - sub add_mojolicious_padding { - return $_[0] . 'Z' x (1025 - length $_[0]); - } - - my $padded = add_mojolicious_padding $value; - - my $sum = Digest::SHA::hmac_sha256_hex("$name=$padded", $secret); - return "$name=$padded--$sum" + return "$name=$value--$sum" } 1; From ebf2c154c2786c65d32e5dfb10047f3c55205066 Mon Sep 17 00:00:00 2001 From: Stig Palmquist Date: Thu, 21 Nov 2024 18:04:31 +0100 Subject: [PATCH 3/5] Fix problems with Mojolicious "paWlpaWl" module This commit fixes issues with the 16501 module for Mojolicious cookies. - Fix parsing of message: The base64 encoded message has '=' characters replaced with '-' meaning that three such characters can be encountered at the end of the message. This commit sets a fixed size for the message and doesnt use a `sep` to parse it. - Update self-test with real-world mojolicious cookie. - Update the test module to reflect what's actually happening when Mojolicious generates a signed cookie. --- src/modules/module_16501.c | 39 ++++++++++++++++++------------------ tools/test_modules/m16501.pm | 18 +++++------------ 2 files changed, 25 insertions(+), 32 deletions(-) diff --git a/src/modules/module_16501.c b/src/modules/module_16501.c index 06b8f7e37..36ddd6e4c 100644 --- a/src/modules/module_16501.c +++ b/src/modules/module_16501.c @@ -30,8 +30,8 @@ static const u64 OPTS_TYPE = OPTS_TYPE_STOCK_MODULE | OPTS_TYPE_PT_GENERATE_BE | OPTS_TYPE_SELF_TEST_DISABLE; static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED; -static const char *ST_PASS = "secret"; -static const char *ST_HASH = "mojolicious=eyJleHBpcmVzIjoyMDAwMDAwMDAwLCAidXNlciI6ICJzdXBlcnVzZXIifVpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo--9d32db342a1caa83910dc8db51ff387591c40144bc0dddfa437d03a7d65688da"; +static const char *ST_PASS = "foobar"; +static const char *ST_HASH = "mojolicious=eyJiYXIiOiJhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmNhYmMiLCJleHBpcmVzIjoxNzMyMTYyOTMyLCJmb29vIjoxfVpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo---113312f6f43e8f53e4e5eddb3d1603613fcd5073d947935ff7e08b2f79d921f8"; u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; } u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; } @@ -97,7 +97,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE memset (&token, 0, sizeof (hc_token_t)); - token.token_cnt = 4; + token.token_cnt = 5; // total = max 4096 characters // name=value = max 4030 characters @@ -105,17 +105,14 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE // cookie name token.sep[0] = '='; token.len_min[0] = 1; - token.len_max[0] = 3005; // what's left of max cookie length + token.len_max[0] = 128; token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH; - // '=' as separator - - // cookie value - token.sep[1] = '-'; - token.len_min[1] = 1024; // if there's no padding, it's not new cookie - token.len_max[1] = 4030; - token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH - | TOKEN_ATTR_VERIFY_BASE64A; + // cookie value: uses a fixed length as the value is padded to 1025 + // bytes with 'Z' characters before being base64 encoded. Note that + // '=' is replaced with '-' in the base64 output. + token.len[1] = 1368; + token.attr[1] = TOKEN_ATTR_FIXED_LENGTH; // '--' as separator token.sep[2] = '-'; @@ -123,12 +120,16 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.len_max[2] = 0; token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH; - - // signature = 64 characters + // '--' as separator token.sep[3] = '-'; - token.len_min[3] = 64; - token.len_max[3] = 64; - token.attr[3] = 0; + token.len_min[3] = 0; + token.len_max[3] = 0; + token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH; + + // signature: hmac_sha256 hex encoded + token.len_min[4] = 64; + token.len_max[4] = 64; + token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); @@ -136,7 +137,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const int name_len = token.len[0]; const int payload_len = token.len[1]; - mojolicious->signature_len = token.len[3]; + mojolicious->signature_len = token.len[4]; // esalt @@ -183,7 +184,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE salt->salt_len = 16; - const u8 *hash_pos = token.buf[3]; + const u8 *hash_pos = token.buf[4]; u32 *digest = (u32 *) digest_buf; digest[0] = hex_to_u32 (hash_pos + 0); diff --git a/tools/test_modules/m16501.pm b/tools/test_modules/m16501.pm index ee68f4565..c0fd3e1ea 100644 --- a/tools/test_modules/m16501.pm +++ b/tools/test_modules/m16501.pm @@ -9,7 +9,7 @@ use strict; use warnings; use Digest::SHA qw (hmac_sha256_hex); -use MIME::Base64 qw (encode_base64url); +use MIME::Base64 qw (encode_base64); use JSON qw (encode_json); sub module_constraints { [[0, 64], [-1, -1], [-1, -1], [-1, -1], [-1, -1]] } @@ -19,12 +19,9 @@ sub module_generate_hash my $word = shift; my $salt = shift || get_random_mojolicious_salt (); - ## mojolicious=eyJleHBpcmVzIjoxMTEyNDcwNjIwLCJuZXdfZmxhc2giOnsibWVzc2FnZSI6IkhlbGxvIHRoZXJlLiJ9LCJ1c2VyIjoiYWxpY2UifQWlpaWlpaWlpaWlp(...)aWlpaWlpaWlpaWlpaWlpaWlpaWlp my ($name, $value) = split('=', $salt); - ## mojolicious=eyJleHBpcmVzIjoxMTEyNDcwNjIwLCJuZXdfZmxhc2giOnsibWVzc2FnZSI6IkhlbGxvIHRoZXJlLiJ9LCJ1c2VyIjoiYWxpY2UifQWlpaWlpaWlpaWlp(...)aWlpaWlpaWlpaWlpaWlpaWlpaWlp--1bf346f55562ac2a08d1b86a28e87bf5aad357d7a92e816567271f5b420b93c1 my $hash = get_signed_cookie ($name, $value, $word); - return $hash; } @@ -43,7 +40,7 @@ sub module_verify_hash my ($padded_cookie, $signature) = @data; - my $unpadded_cookie = $padded_cookie =~ s/\}\KZ*$//r; + my $unpadded_cookie = $padded_cookie =~ s/Z*$//; my ($cookie_name, $cookie_value) = split('=', $unpadded_cookie); @@ -58,11 +55,6 @@ sub module_verify_hash sub get_random_mojolicious_salt { - sub add_mojolicious_padding - { - return $_[0] . 'Z' x (1025 - length $_[0]); - } - my $random_key = random_number (1, 100000000); my $random_val = random_number (1, 100000000); @@ -72,8 +64,9 @@ sub get_random_mojolicious_salt }; my $payload_json = encode_json ($payload); - my $payload_padded = add_mojolicious_padding ($payload_json); - my $payload_base64 = encode_base64url ($payload_padded, ""); + my $payload_padded = $payload_json . 'Z' x (1025 - length $payload_json); + my $payload_base64 = encode_base64 ($payload_padded, ""); + $payload_base64 =~ y/=/-/; return "mojolicious=$payload_base64"; } @@ -82,7 +75,6 @@ sub get_signed_cookie { my ($name, $value, $secret) = @_; my $sum = Digest::SHA::hmac_sha256_hex("$name=$value", $secret); - return "$name=$value--$sum" } From 6952f20be2754595e258c249e4f1fb25ab340d9f Mon Sep 17 00:00:00 2001 From: hashcat-bot Date: Sun, 13 Jul 2025 16:07:27 +0200 Subject: [PATCH 4/5] Updated to latest hashcat base --- src/modules/module_16501.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/modules/module_16501.c b/src/modules/module_16501.c index 36ddd6e4c..8dcc490d2 100644 --- a/src/modules/module_16501.c +++ b/src/modules/module_16501.c @@ -263,6 +263,8 @@ void module_init (module_ctx_t *module_ctx) module_ctx->module_benchmark_mask = MODULE_DEFAULT; module_ctx->module_benchmark_charset = MODULE_DEFAULT; module_ctx->module_benchmark_salt = module_benchmark_salt; + module_ctx->module_bridge_name = MODULE_DEFAULT; + module_ctx->module_bridge_type = MODULE_DEFAULT; module_ctx->module_build_plain_postprocess = MODULE_DEFAULT; module_ctx->module_deep_comp_kernel = MODULE_DEFAULT; module_ctx->module_deprecated_notice = MODULE_DEFAULT; From 5850571e1d4927d73cbad3bfa18d23d4b390d9aa Mon Sep 17 00:00:00 2001 From: hashcat-bot Date: Sun, 13 Jul 2025 18:35:34 +0200 Subject: [PATCH 5/5] Fix zero terminator position --- src/modules/module_16501.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/module_16501.c b/src/modules/module_16501.c index 8dcc490d2..0ec06e450 100644 --- a/src/modules/module_16501.c +++ b/src/modules/module_16501.c @@ -244,7 +244,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE u32_to_hex (tmp[6], out_buf + out_len); out_len += 8; u32_to_hex (tmp[7], out_buf + out_len); out_len += 8; - out_buf[65]=0; + out_buf[64]=0; const int line_len = snprintf (line_buf, line_size, "%s--%s", (char *) mojolicious->salt_buf, (char *) ptr_plain);