arno
/
hashcat
mirror of https://github.com/hashcat/hashcat.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Rename 23911 to 10901 and populate salt->salt_buf[]

Browse Source
pull/2387/head
Jens Steube 4 years ago
parent a18ba9fde6
commit ef47811c9d
4 changed files with 36 additions and 156 deletions
Show Stats Download Patch File Download Diff File

1
docs/changes.txt
Unescape View File

@ -53,6 +53,7 @@
- Added hash-mode: QNX /etc/shadow (MD5)
- Added hash-mode: QNX /etc/shadow (SHA256)
- Added hash-mode: QNX /etc/shadow (SHA512)
- Added hash-mode: RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256)
- Added hash-mode: Ruby on Rails Restful-Authentication
- Added hash-mode: sha1(md5(md5($pass)))
- Added hash-mode: sha1(md5($pass.$salt))

1
docs/readme.txt
Unescape View File

@ -220,6 +220,7 @@ NVIDIA GPUs require "NVIDIA Driver" (418.56 or later) and "CUDA Toolkit" (9.0 or
- CRAM-MD5 Dovecot
- SSHA-256(Base64), LDAP {SSHA256}
- SSHA-512(Base64), LDAP {SSHA512}
- RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256)
- FileZilla Server >= 0.9.55
- ColdFusion 10+
- Apache $apr1$ MD5, md5apr1, MD5 (APR)

187
src/modules/module_23911.c → src/modules/module_10901.c
Unescape View File

@ -25,11 +25,7 @@ static const u32 OPTI_TYPE = OPTI_TYPE_ZERO_BYTE
static const u64 OPTS_TYPE = OPTS_TYPE_PT_GENERATE_LE;
static const u32 SALT_TYPE = SALT_TYPE_EMBEDDED;
static const char *ST_PASS = "hashcat";
static const char *ST_HASH = "{PBKDF2_SHA256}AACkEGhlaiBqZW5z/jtuSox0CrtV9SHiVFjYeHpQ/ki2kwDrQeSqiiTn8LOmpPCw3r6TK/JDfl+ZAXRoc3VidGxldHllIXuxBDl6ItQOMupkRn+hzi/LEdr62a7B9sNOo8BPL9Z2nOi/m9AI+nAd/qwpLD1fbeDgs2DdpCZ4QfljuCLRBdURZV3HcXDUjD7PZ1CQcIOv9VbFlbu0IBmiU7ccMyb/qoxi+rPMqE4U8f6hL0TQjTjlOzU9MpPYS+WfztpYy7lEN6QghhOz0xe+0y2rDoK+yCS4PykkNS4FFc+xeiT6SNy3r7m+0teyaQKOExLrjogWkj+t+e4bMpHNx/FL3jkjCsuZnhq/t8eshG9DKmeD9b/QMkqT8dxe0jmr0s4+GnmHpMQMAxYW3pg70TluiDp3kJrDr1/d8OQerkQRevNx";
static const u32 HASH_LEN_RAW = 256;
static const u32 SALT_LEN_RAW = 64;
static const u32 ITER_LEN_RAW = 4;
static const char *ST_HASH = "{PBKDF2_SHA256}AAAgADkxMjM2NTIzMzgzMjQ3MjI4MDAwNTk5OTAyOTk4NDI2MjkyMzAzNjg0NjQwOTMxNjI3OTMzNjg0MDI0OTY5NTe5ULagRTYpLaUoeqJMg8x9W/DXu+9VTFaVhaYvebYrY+sOqn1ZMRnws22C1uAkiE2tFM8qN+xw5xe7OmCPZ203NuruK4oB33QlsKIEz4ppm0TR94JB9PJx7lIQwFHD3FUNUNryj4jk6UYyJ4+V1Z9Ug/Iy/ylQBJgfs5ihzgxHYZrfp1wUCXFzlZG9mxmziPm8VFnAhaX4+FBAZvLAx33jpbKOwEg7TmwP2VJ8BNFLQRqwYdlqIjQlAhncXH+dqIF9VdM4MonAA0hx76bMvFTP7LF5VO1IqVmcuYz7YG9v4KKRjnvoUUqOj6okUBQTay3EzsdFVnUW1FemYOccJd5q";
u32 module_attack_exec (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return ATTACK_EXEC; }
u32 module_dgst_pos0 (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra) { return DGST_POS0; }
@ -64,6 +60,10 @@ typedef struct pbkdf2_sha256_tmp
static const char *SIGNATURE_REDHAT_PBKDF2_SHA256 = "{PBKDF2_SHA256}";
static const int HASH_LEN_RAW = 256;
static const int SALT_LEN_RAW = 64;
static const int ITER_LEN_RAW = 4;
u64 module_esalt_size (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSED const user_options_t *user_options, MAYBE_UNUSED const user_options_extra_t *user_options_extra)
{
const u64 esalt_size = (const u64) sizeof (pbkdf2_sha256_t);
@ -106,7 +106,6 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
//length of base64 encoded hash
token.len_min[1] = 432;
token.len_max[1] = 432;
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_BASE64A;
@ -119,103 +118,43 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
const u8 *tmp_pos = token.buf[1];
const int tmp_len = token.len[1];
u8 tmp_buf[324];
u8 tmp_buf[512];
memset (tmp_buf, 0, sizeof (tmp_buf));
const int base64_decode_len = base64_decode (base64_to_int, tmp_pos, tmp_len, tmp_buf);
if (base64_decode_len != (4 + 64 + 256)) return (PARSER_HASH_LENGTH);
if (base64_decode_len != (ITER_LEN_RAW + SALT_LEN_RAW + HASH_LEN_RAW)) return (PARSER_HASH_LENGTH);
// iter
u8 *iter_pos = tmp_buf;
uint32_t iters[4] = {0};
u32 salt_iter;
memcpy (iters, iter_pos, ITER_LEN_RAW);
memcpy (&salt_iter, iter_pos, ITER_LEN_RAW);
// implementation does a ntohl(*iters)
salt->salt_iter = byte_swap_32(*iters) - 1;
salt_iter = byte_swap_32 (salt_iter); // implementation does a ntohl()
salt->salt_iter = salt_iter - 1;
// salt
u8 *salt_pos = tmp_buf + ITER_LEN_RAW;
salt->salt_len = SALT_LEN_RAW;
salt->salt_len = SALT_LEN_RAW;
memcpy (pbkdf2_sha256->salt_buf, salt_pos, SALT_LEN_RAW);
u8 *salt_buf_ptr = (u8 *) pbkdf2_sha256->salt_buf;
memcpy (salt_buf_ptr, salt_pos, SALT_LEN_RAW);
for (int i = 0; i < SALT_LEN_RAW / 4; i++) salt->salt_buf[i] = pbkdf2_sha256->salt_buf[i];
// hash
u8 *hash_pos = tmp_buf + ITER_LEN_RAW + SALT_LEN_RAW;
memcpy(digest, hash_pos, HASH_LEN_RAW);
digest[0] = byte_swap_32 (digest[0]);
digest[1] = byte_swap_32 (digest[1]);
digest[2] = byte_swap_32 (digest[2]);
digest[3] = byte_swap_32 (digest[3]);
digest[4] = byte_swap_32 (digest[4]);
digest[5] = byte_swap_32 (digest[5]);
digest[6] = byte_swap_32 (digest[6]);
digest[7] = byte_swap_32 (digest[7]);
digest[8] = byte_swap_32 (digest[8]);
digest[9] = byte_swap_32 (digest[9]);
digest[10] = byte_swap_32 (digest[10]);
digest[11] = byte_swap_32 (digest[11]);
digest[12] = byte_swap_32 (digest[12]);
digest[13] = byte_swap_32 (digest[13]);
digest[14] = byte_swap_32 (digest[14]);
digest[15] = byte_swap_32 (digest[15]);
digest[16] = byte_swap_32 (digest[16]);
digest[17] = byte_swap_32 (digest[17]);
digest[18] = byte_swap_32 (digest[18]);
digest[19] = byte_swap_32 (digest[19]);
digest[20] = byte_swap_32 (digest[20]);
digest[21] = byte_swap_32 (digest[21]);
digest[22] = byte_swap_32 (digest[22]);
digest[23] = byte_swap_32 (digest[23]);
digest[24] = byte_swap_32 (digest[24]);
digest[25] = byte_swap_32 (digest[25]);
digest[26] = byte_swap_32 (digest[26]);
digest[27] = byte_swap_32 (digest[27]);
digest[28] = byte_swap_32 (digest[28]);
digest[29] = byte_swap_32 (digest[29]);
digest[30] = byte_swap_32 (digest[30]);
digest[31] = byte_swap_32 (digest[31]);
digest[32] = byte_swap_32 (digest[32]);
digest[33] = byte_swap_32 (digest[33]);
digest[34] = byte_swap_32 (digest[34]);
digest[35] = byte_swap_32 (digest[35]);
digest[36] = byte_swap_32 (digest[36]);
digest[37] = byte_swap_32 (digest[37]);
digest[38] = byte_swap_32 (digest[38]);
digest[39] = byte_swap_32 (digest[39]);
digest[40] = byte_swap_32 (digest[40]);
digest[41] = byte_swap_32 (digest[41]);
digest[42] = byte_swap_32 (digest[42]);
digest[43] = byte_swap_32 (digest[43]);
digest[44] = byte_swap_32 (digest[44]);
digest[45] = byte_swap_32 (digest[45]);
digest[46] = byte_swap_32 (digest[46]);
digest[47] = byte_swap_32 (digest[47]);
digest[48] = byte_swap_32 (digest[48]);
digest[49] = byte_swap_32 (digest[49]);
digest[50] = byte_swap_32 (digest[50]);
digest[51] = byte_swap_32 (digest[51]);
digest[52] = byte_swap_32 (digest[52]);
digest[53] = byte_swap_32 (digest[53]);
digest[54] = byte_swap_32 (digest[54]);
digest[55] = byte_swap_32 (digest[55]);
digest[56] = byte_swap_32 (digest[56]);
digest[57] = byte_swap_32 (digest[57]);
digest[58] = byte_swap_32 (digest[58]);
digest[59] = byte_swap_32 (digest[59]);
digest[60] = byte_swap_32 (digest[60]);
digest[61] = byte_swap_32 (digest[61]);
digest[62] = byte_swap_32 (digest[62]);
digest[63] = byte_swap_32 (digest[63]);
memcpy (digest, hash_pos, HASH_LEN_RAW);
for (int i = 0; i < HASH_LEN_RAW / 4; i++) digest[i] = byte_swap_32 (digest[i]);
return (PARSER_OK);
}
@ -227,90 +166,28 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
const pbkdf2_sha256_t *pbkdf2_sha256 = (pbkdf2_sha256_t *) esalt_buf;
u32 tmp_digest[64];
tmp_digest[0] = byte_swap_32 (digest[0]);
tmp_digest[1] = byte_swap_32 (digest[1]);
tmp_digest[2] = byte_swap_32 (digest[2]);
tmp_digest[3] = byte_swap_32 (digest[3]);
tmp_digest[4] = byte_swap_32 (digest[4]);
tmp_digest[5] = byte_swap_32 (digest[5]);
tmp_digest[6] = byte_swap_32 (digest[6]);
tmp_digest[7] = byte_swap_32 (digest[7]);
tmp_digest[8] = byte_swap_32 (digest[8]);
tmp_digest[9] = byte_swap_32 (digest[9]);
tmp_digest[10] = byte_swap_32 (digest[10]);
tmp_digest[11] = byte_swap_32 (digest[11]);
tmp_digest[12] = byte_swap_32 (digest[12]);
tmp_digest[13] = byte_swap_32 (digest[13]);
tmp_digest[14] = byte_swap_32 (digest[14]);
tmp_digest[15] = byte_swap_32 (digest[15]);
tmp_digest[16] = byte_swap_32 (digest[16]);
tmp_digest[17] = byte_swap_32 (digest[17]);
tmp_digest[18] = byte_swap_32 (digest[18]);
tmp_digest[19] = byte_swap_32 (digest[19]);
tmp_digest[20] = byte_swap_32 (digest[20]);
tmp_digest[21] = byte_swap_32 (digest[21]);
tmp_digest[22] = byte_swap_32 (digest[22]);
tmp_digest[23] = byte_swap_32 (digest[23]);
tmp_digest[24] = byte_swap_32 (digest[24]);
tmp_digest[25] = byte_swap_32 (digest[25]);
tmp_digest[26] = byte_swap_32 (digest[26]);
tmp_digest[27] = byte_swap_32 (digest[27]);
tmp_digest[28] = byte_swap_32 (digest[28]);
tmp_digest[29] = byte_swap_32 (digest[29]);
tmp_digest[30] = byte_swap_32 (digest[30]);
tmp_digest[31] = byte_swap_32 (digest[31]);
tmp_digest[32] = byte_swap_32 (digest[32]);
tmp_digest[33] = byte_swap_32 (digest[33]);
tmp_digest[34] = byte_swap_32 (digest[34]);
tmp_digest[35] = byte_swap_32 (digest[35]);
tmp_digest[36] = byte_swap_32 (digest[36]);
tmp_digest[37] = byte_swap_32 (digest[37]);
tmp_digest[38] = byte_swap_32 (digest[38]);
tmp_digest[39] = byte_swap_32 (digest[39]);
tmp_digest[40] = byte_swap_32 (digest[40]);
tmp_digest[41] = byte_swap_32 (digest[41]);
tmp_digest[42] = byte_swap_32 (digest[42]);
tmp_digest[43] = byte_swap_32 (digest[43]);
tmp_digest[44] = byte_swap_32 (digest[44]);
tmp_digest[45] = byte_swap_32 (digest[45]);
tmp_digest[46] = byte_swap_32 (digest[46]);
tmp_digest[47] = byte_swap_32 (digest[47]);
tmp_digest[48] = byte_swap_32 (digest[48]);
tmp_digest[49] = byte_swap_32 (digest[49]);
tmp_digest[50] = byte_swap_32 (digest[50]);
tmp_digest[51] = byte_swap_32 (digest[51]);
tmp_digest[52] = byte_swap_32 (digest[52]);
tmp_digest[53] = byte_swap_32 (digest[53]);
tmp_digest[54] = byte_swap_32 (digest[54]);
tmp_digest[55] = byte_swap_32 (digest[55]);
tmp_digest[56] = byte_swap_32 (digest[56]);
tmp_digest[57] = byte_swap_32 (digest[57]);
tmp_digest[58] = byte_swap_32 (digest[58]);
tmp_digest[59] = byte_swap_32 (digest[59]);
tmp_digest[60] = byte_swap_32 (digest[60]);
tmp_digest[61] = byte_swap_32 (digest[61]);
tmp_digest[62] = byte_swap_32 (digest[62]);
tmp_digest[63] = byte_swap_32 (digest[63]);
char tmp_buf[324] = { 0 };
for (int i = 0; i < HASH_LEN_RAW / 4; i++) tmp_digest[i] = byte_swap_32 (digest[i]);
char tmp_buf[512];
memset (tmp_buf, 0, sizeof (tmp_buf));
uint32_t salt_iters[4] = { 0 };
const u32 salt_iters = byte_swap_32 (salt->salt_iter + 1); //htonl (salt->salt_iter);
salt_iters[0] = byte_swap_32 (salt->salt_iter + 1); //htonl(salt->salt_iter);
memcpy (tmp_buf, &salt_iters, ITER_LEN_RAW);
memcpy (tmp_buf + ITER_LEN_RAW, pbkdf2_sha256->salt_buf, salt->salt_len);
memcpy (tmp_buf + ITER_LEN_RAW + SALT_LEN_RAW, tmp_digest, HASH_LEN_RAW);
memcpy (tmp_buf, salt_iters, 4);
memcpy (tmp_buf + 4, pbkdf2_sha256->salt_buf, salt->salt_len);
memcpy (tmp_buf + 4 + 64, tmp_digest, 256);
char ptr_plain[512];
char ptr_plain[433] = { 0 };
memset (ptr_plain, 0, sizeof (ptr_plain));
base64_encode (int_to_base64, (const u8 *) tmp_buf, 324, (u8 *) ptr_plain);
base64_encode (int_to_base64, (const u8 *) tmp_buf, (ITER_LEN_RAW + SALT_LEN_RAW + HASH_LEN_RAW), (u8 *) ptr_plain);
const int line_len = snprintf (line_buf, line_size, "%s%s", SIGNATURE_REDHAT_PBKDF2_SHA256, ptr_plain);
return line_len;
}
void module_init (module_ctx_t *module_ctx)

3
tools/test_modules/m23911.pm → tools/test_modules/m10901.pm
Unescape View File

@ -16,7 +16,7 @@ sub module_generate_hash
{
my $word = shift;
my $salt = shift;
my $iter = shift // 10000;
my $iter = shift // 8192; ## https://pagure.io/389-ds-base/blob/master/f/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
if (length $salt == 0)
{
@ -29,6 +29,7 @@ sub module_generate_hash
output_len => 256,
salt_len => 64,
);
my $p = $pbkdf2->generate($word, $salt);
my $decoded_hash = $pbkdf2->decode_string($p);
Write Preview
Loading…
Cancel
Save