|
|
|
|
@ -195,7 +195,6 @@
|
|
|
|
|
" 15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256 | Password Managers",
|
|
|
|
|
" 15700 | Ethereum Wallet, SCRYPT | Password Managers",
|
|
|
|
|
" 16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 | Password Managers",
|
|
|
|
|
" 16900 | Ansible Vault | Password Managers",
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const char *ST_PASS_HASHCAT_PLAIN = "hashcat";
|
|
|
|
|
@ -402,7 +401,6 @@ static const char *ST_HASH_16300 = "$ethereum$w*e94a8e49deac2d62206bf9bfb7d2aaea
|
|
|
|
|
static const char *ST_HASH_16400 = "{CRAM-MD5}5389b33b9725e5657cb631dc50017ff100000000000000000000000000000000";
|
|
|
|
|
static const char *ST_HASH_16600 = "$electrum$1*44358283104603165383613672586868*c43a6632d9f59364f74c395a03d8c2ea";
|
|
|
|
|
static const char *ST_HASH_16700 = "$fvde$1$16$84286044060108438487434858307513$20000$f1620ab93192112f0a23eea89b5d4df065661f974b704191";
|
|
|
|
|
static const char *ST_HASH_16900 = "$ansible$0*0*6b761adc6faeb0cc0bf197d3d4a4a7d3f1682e4b169cae8fa6b459b3214ed41e*426d313c5809d4a80a4b9bc7d4823070*d8bad190c7fbc7c3cb1c60a27abfb0ff59d6fb73178681c7454d94a0f56a4360";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static const char *HT_00030 = "md5(utf16le($pass).$salt)";
|
|
|
|
|
@ -550,7 +548,6 @@ static const char *HT_16400 = "CRAM-MD5 Dovecot";
|
|
|
|
|
static const char *HT_16500 = "JWT (JSON Web Token)";
|
|
|
|
|
static const char *HT_16600 = "Electrum Wallet (Salt-Type 1-3)";
|
|
|
|
|
static const char *HT_16700 = "FileVault 2";
|
|
|
|
|
static const char *HT_16900 = "Ansible Vault";
|
|
|
|
|
|
|
|
|
|
static const char *HT_00022 = "Juniper NetScreen/SSG (ScreenOS)";
|
|
|
|
|
static const char *HT_00023 = "Skype";
|
|
|
|
|
@ -668,7 +665,6 @@ static const char *SIGNATURE_TACACS_PLUS = "$tacacs-plus$0$";
|
|
|
|
|
static const char *SIGNATURE_ETHEREUM_PRESALE = "$ethereum$w";
|
|
|
|
|
static const char *SIGNATURE_ELECTRUM_WALLET = "$electrum$";
|
|
|
|
|
static const char *SIGNATURE_FILEVAULT2 = "$fvde$";
|
|
|
|
|
static const char *SIGNATURE_ANSIBLE_VAULT = "$ansible$";
|
|
|
|
|
static const char *SIGNATURE_APPLE_SECURE_NOTES = "$ASN$";
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -13994,144 +13990,6 @@ int filevault2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE
|
|
|
|
|
return (PARSER_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int ansible_vault_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED hashconfig_t *hashconfig)
|
|
|
|
|
{
|
|
|
|
|
u32 *digest = (u32 *) hash_buf->digest;
|
|
|
|
|
|
|
|
|
|
salt_t *salt = hash_buf->salt;
|
|
|
|
|
|
|
|
|
|
ansible_vault_t *ansible_vault = (ansible_vault_t *) hash_buf->esalt;
|
|
|
|
|
|
|
|
|
|
token_t token;
|
|
|
|
|
|
|
|
|
|
token.token_cnt = 6;
|
|
|
|
|
|
|
|
|
|
token.signatures_cnt = 1;
|
|
|
|
|
token.signatures_buf[0] = SIGNATURE_ANSIBLE_VAULT;
|
|
|
|
|
|
|
|
|
|
token.len[0] = 9;
|
|
|
|
|
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_SIGNATURE;
|
|
|
|
|
|
|
|
|
|
token.sep[1] = '*';
|
|
|
|
|
token.len_min[1] = 1;
|
|
|
|
|
token.len_max[1] = 1;
|
|
|
|
|
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_DIGIT;
|
|
|
|
|
|
|
|
|
|
token.sep[2] = '*';
|
|
|
|
|
token.len_min[2] = 1;
|
|
|
|
|
token.len_max[2] = 1;
|
|
|
|
|
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_DIGIT;
|
|
|
|
|
|
|
|
|
|
token.sep[3] = '*';
|
|
|
|
|
token.len_min[3] = 64;
|
|
|
|
|
token.len_max[3] = 64;
|
|
|
|
|
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
|
|
|
|
|
token.sep[4] = '*';
|
|
|
|
|
token.len_min[4] = 32;
|
|
|
|
|
token.len_max[4] = 32768;
|
|
|
|
|
token.attr[4] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
|
|
|
|
|
token.sep[5] = '*';
|
|
|
|
|
token.len_min[5] = 64;
|
|
|
|
|
token.len_max[5] = 64;
|
|
|
|
|
token.attr[5] = TOKEN_ATTR_VERIFY_LENGTH
|
|
|
|
|
| TOKEN_ATTR_VERIFY_HEX;
|
|
|
|
|
|
|
|
|
|
const int rc_tokenizer = input_tokenizer (input_buf, input_len, &token);
|
|
|
|
|
|
|
|
|
|
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
|
|
|
|
|
|
|
|
|
|
// cipher (unused)
|
|
|
|
|
|
|
|
|
|
const u8 *cipher_pos = token.buf[1];
|
|
|
|
|
|
|
|
|
|
ansible_vault->cipher = hc_strtoul ((const char *) cipher_pos, NULL, 10);
|
|
|
|
|
|
|
|
|
|
// version (unused)
|
|
|
|
|
|
|
|
|
|
const u8 *version_pos = token.buf[2];
|
|
|
|
|
|
|
|
|
|
ansible_vault->version = hc_strtoul ((const char *) version_pos, NULL, 10);
|
|
|
|
|
|
|
|
|
|
// salt
|
|
|
|
|
|
|
|
|
|
const u8 *salt_pos = token.buf[3];
|
|
|
|
|
|
|
|
|
|
salt->salt_len = 32;
|
|
|
|
|
salt->salt_iter = ROUNDS_ANSIBLE_VAULT - 1;
|
|
|
|
|
|
|
|
|
|
salt->salt_buf[0] = hex_to_u32 (salt_pos + 0);
|
|
|
|
|
salt->salt_buf[1] = hex_to_u32 (salt_pos + 8);
|
|
|
|
|
salt->salt_buf[2] = hex_to_u32 (salt_pos + 16);
|
|
|
|
|
salt->salt_buf[3] = hex_to_u32 (salt_pos + 24);
|
|
|
|
|
salt->salt_buf[4] = hex_to_u32 (salt_pos + 32);
|
|
|
|
|
salt->salt_buf[5] = hex_to_u32 (salt_pos + 40);
|
|
|
|
|
salt->salt_buf[6] = hex_to_u32 (salt_pos + 48);
|
|
|
|
|
salt->salt_buf[7] = hex_to_u32 (salt_pos + 56);
|
|
|
|
|
|
|
|
|
|
salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]);
|
|
|
|
|
salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]);
|
|
|
|
|
salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]);
|
|
|
|
|
salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]);
|
|
|
|
|
salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]);
|
|
|
|
|
salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]);
|
|
|
|
|
salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]);
|
|
|
|
|
salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]);
|
|
|
|
|
|
|
|
|
|
// ciphertext
|
|
|
|
|
|
|
|
|
|
const u8 *ct_buf_pos = token.buf[4];
|
|
|
|
|
const int ct_buf_len = token.len[4];
|
|
|
|
|
|
|
|
|
|
u8 *ct_data_ptr = (u8 *) ansible_vault->ct_data_buf;
|
|
|
|
|
|
|
|
|
|
for (int i = 0, j = 0; j < ct_buf_len; i += 1, j += 2)
|
|
|
|
|
{
|
|
|
|
|
ct_data_ptr[i] = hex_to_u8 ((const u8 *) &ct_buf_pos[j]);
|
|
|
|
|
|
|
|
|
|
ansible_vault->ct_data_len++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// hash
|
|
|
|
|
|
|
|
|
|
const u8 *hash_pos = token.buf[5];
|
|
|
|
|
|
|
|
|
|
digest[0] = hex_to_u32 ((const u8 *) &hash_pos[ 0]);
|
|
|
|
|
digest[1] = hex_to_u32 ((const u8 *) &hash_pos[ 8]);
|
|
|
|
|
digest[2] = hex_to_u32 ((const u8 *) &hash_pos[16]);
|
|
|
|
|
digest[3] = hex_to_u32 ((const u8 *) &hash_pos[24]);
|
|
|
|
|
digest[4] = hex_to_u32 ((const u8 *) &hash_pos[32]);
|
|
|
|
|
digest[5] = hex_to_u32 ((const u8 *) &hash_pos[40]);
|
|
|
|
|
digest[6] = hex_to_u32 ((const u8 *) &hash_pos[48]);
|
|
|
|
|
digest[7] = hex_to_u32 ((const u8 *) &hash_pos[56]);
|
|
|
|
|
|
|
|
|
|
digest[0] = byte_swap_32 (digest[0]);
|
|
|
|
|
digest[1] = byte_swap_32 (digest[1]);
|
|
|
|
|
digest[2] = byte_swap_32 (digest[2]);
|
|
|
|
|
digest[3] = byte_swap_32 (digest[3]);
|
|
|
|
|
digest[4] = byte_swap_32 (digest[4]);
|
|
|
|
|
digest[5] = byte_swap_32 (digest[5]);
|
|
|
|
|
digest[6] = byte_swap_32 (digest[6]);
|
|
|
|
|
digest[7] = byte_swap_32 (digest[7]);
|
|
|
|
|
|
|
|
|
|
return (PARSER_OK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* hook functions
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
u32 kernel_threads_mxx (hashcat_ctx_t *hashcat_ctx)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
@ -14303,8 +14161,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
|
|
|
|
|
break;
|
|
|
|
|
case 16700: salt->salt_len = 16;
|
|
|
|
|
break;
|
|
|
|
|
case 16900: salt->salt_len = 32;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// special esalt handling
|
|
|
|
|
@ -14506,8 +14362,6 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
|
|
|
|
|
break;
|
|
|
|
|
case 16700: salt->salt_iter = ROUNDS_APPLE_SECURE_NOTES - 1;
|
|
|
|
|
break;
|
|
|
|
|
case 16900: salt->salt_iter = ROUNDS_ANSIBLE_VAULT - 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
@ -16868,43 +16722,6 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const int out_size,
|
|
|
|
|
byte_swap_32 (apple_secure_notes->ZCRYPTOWRAPPEDKEY[4]),
|
|
|
|
|
byte_swap_32 (apple_secure_notes->ZCRYPTOWRAPPEDKEY[5]));
|
|
|
|
|
}
|
|
|
|
|
else if (hash_mode == 16900)
|
|
|
|
|
{
|
|
|
|
|
ansible_vault_t *ansible_vaults = (ansible_vault_t *) esalts_buf;
|
|
|
|
|
|
|
|
|
|
ansible_vault_t *ansible_vault = &ansible_vaults[digest_cur];
|
|
|
|
|
|
|
|
|
|
u8 ct_data[16384 + 1] = { 0 };
|
|
|
|
|
|
|
|
|
|
u32 *ct_data_ptr = ansible_vault->ct_data_buf;
|
|
|
|
|
|
|
|
|
|
for (u32 i = 0, j = 0; i < ansible_vault->ct_data_len / 4; i++, j += 8)
|
|
|
|
|
{
|
|
|
|
|
u32_to_hex (ct_data_ptr[i], ct_data + j);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
snprintf (out_buf, out_size, "%s%u*%u*%08x%08x%08x%08x%08x%08x%08x%08x*%s*%08x%08x%08x%08x%08x%08x%08x%08x",
|
|
|
|
|
SIGNATURE_ANSIBLE_VAULT,
|
|
|
|
|
ansible_vault->cipher,
|
|
|
|
|
ansible_vault->version,
|
|
|
|
|
salt.salt_buf[0],
|
|
|
|
|
salt.salt_buf[1],
|
|
|
|
|
salt.salt_buf[2],
|
|
|
|
|
salt.salt_buf[3],
|
|
|
|
|
salt.salt_buf[4],
|
|
|
|
|
salt.salt_buf[5],
|
|
|
|
|
salt.salt_buf[6],
|
|
|
|
|
salt.salt_buf[7],
|
|
|
|
|
ct_data,
|
|
|
|
|
byte_swap_32 (digest_buf[0]),
|
|
|
|
|
byte_swap_32 (digest_buf[1]),
|
|
|
|
|
byte_swap_32 (digest_buf[2]),
|
|
|
|
|
byte_swap_32 (digest_buf[3]),
|
|
|
|
|
byte_swap_32 (digest_buf[4]),
|
|
|
|
|
byte_swap_32 (digest_buf[5]),
|
|
|
|
|
byte_swap_32 (digest_buf[6]),
|
|
|
|
|
byte_swap_32 (digest_buf[7]));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (hash_type == HASH_TYPE_MD4)
|
|
|
|
|
@ -20904,23 +20721,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
|
|
|
|
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 16900: hashconfig->hash_type = HASH_TYPE_ANSIBLE_VAULT;
|
|
|
|
|
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
|
|
|
|
|
hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
|
|
|
|
|
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE;
|
|
|
|
|
hashconfig->kern_type = KERN_TYPE_ANSIBLE_VAULT;
|
|
|
|
|
hashconfig->dgst_size = DGST_SIZE_4_8;
|
|
|
|
|
hashconfig->parse_func = ansible_vault_parse_hash;
|
|
|
|
|
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE
|
|
|
|
|
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
|
|
|
|
|
hashconfig->dgst_pos0 = 0;
|
|
|
|
|
hashconfig->dgst_pos1 = 1;
|
|
|
|
|
hashconfig->dgst_pos2 = 2;
|
|
|
|
|
hashconfig->dgst_pos3 = 3;
|
|
|
|
|
hashconfig->st_hash = ST_HASH_16900;
|
|
|
|
|
hashconfig->st_pass = ST_PASS_HASHCAT_PLAIN;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
@ -20996,7 +20796,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
|
|
|
|
case 16500: hashconfig->esalt_size = sizeof (jwt_t); break;
|
|
|
|
|
case 16600: hashconfig->esalt_size = sizeof (electrum_wallet_t); break;
|
|
|
|
|
case 16700: hashconfig->esalt_size = sizeof (apple_secure_notes_t); break;
|
|
|
|
|
case 16900: hashconfig->esalt_size = sizeof (ansible_vault_t); break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// tmp_size
|
|
|
|
|
@ -21068,7 +20867,6 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
|
|
|
|
|
case 16200: hashconfig->tmp_size = sizeof (apple_secure_notes_tmp_t); break;
|
|
|
|
|
case 16300: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break;
|
|
|
|
|
case 16700: hashconfig->tmp_size = sizeof (apple_secure_notes_tmp_t); break;
|
|
|
|
|
case 16900: hashconfig->tmp_size = sizeof (pbkdf2_sha256_tmp_t); break;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
@ -21231,7 +21029,6 @@ u32 default_pw_max (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED co
|
|
|
|
|
case 15600: pw_max = PW_MAX; break;
|
|
|
|
|
case 15700: pw_max = PW_MAX; break;
|
|
|
|
|
case 16000: pw_max = 8; break; // Underlaying DES max
|
|
|
|
|
case 16900: pw_max = PW_MAX; break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return pw_max;
|
|
|
|
|
|
jsteube
5 years ago