Module implements hashing according to version 2 of passlib's
bcrypt-sha256. Code is based on modules 30600, 3200, and 28300.
Version 1 of the hash could also be added to this, but the format of the
generated hashes differs significantly in length, because of the
increased verbosity of the new format.
Example hash:
$bcrypt-sha256$v=2,t=2b,r=12$n79VH.0Q2TMWmt3Oqt9uku$Kq4Noyk3094Y2QlB8NdRT8SvGiI4ft2
Reference:
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt_sha256.html
Add the ability to [b]ypass, [c]heckpoint and [f]inish an attack while paused. I'm not too sure why it was limited to only [r]unning states but have not found any bugs in testing
This commit fixes issues with the 16501 module for Mojolicious cookies.
- Fix parsing of message: The base64 encoded message has '=' characters
replaced with '-' meaning that three such characters can be encountered
at the end of the message. This commit sets a fixed size for the
message and doesnt use a `sep` to parse it.
- Update self-test with real-world mojolicious cookie.
- Update the test module to reflect what's actually happening when
Mojolicious generates a signed cookie.
Actually the key can be 40 to 128 bits in multiples of 4 according to the
specification, but supporting arbitrary key length hits performance (and
need for that should be extremely rare).
Note: Self-test vector is a mockup but the format was first tested using a
real document hash.
I tried to keep much of the hash extraction code the same. The main changes are it detects the file encoding to deal with ASCII vs. UTF16-LE, it strips out any header info in the registry dump, and then it breaks up the registry for each radmin3 user so that it can then loop through them to generate the hash.
For generating hashes for mode 22100. Hashcat supports modes $bitlocker$0$ and $bitlocker$1$ and therefore this script will output hashes that relate to a VMK protected by a user password only. Script created since bitlocker2john takes an extremely long time to run and sometimes fails to output a hash, or outputs incorrect information. Script created using information at https://github.com/libyal/libbde/blob/main/documentation/BitLocker%20Drive%20Encryption%20(BDE)%20format.asciidoc#encryption_methods
and tested on Windows hard drives and USB sticks.
