mirror of
https://github.com/hashcat/hashcat.git
synced 2025-01-07 14:20:59 +00:00
183 lines
3.7 KiB
Perl
183 lines
3.7 KiB
Perl
#!/usr/bin/env perl
|
|
|
|
##
|
|
## Author......: See docs/credits.txt
|
|
## License.....: MIT
|
|
##
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use Crypt::RC4;
|
|
use Digest::SHA qw (sha1);
|
|
use Encode;
|
|
|
|
sub module_constraints { [[-1, -1], [-1, -1], [0, 15], [32, 32], [-1, -1]] }
|
|
|
|
sub module_generate_hash
|
|
{
|
|
my $word = shift;
|
|
my $salt = shift;
|
|
my $param = shift;
|
|
my $param2 = shift;
|
|
my $param3 = shift;
|
|
|
|
my $salt_bin = pack ("H*", $salt);
|
|
|
|
my $tmp = sha1 ($salt_bin. encode ("UTF-16LE", $word));
|
|
|
|
my $version;
|
|
|
|
if (defined $param2)
|
|
{
|
|
$version = $param2;
|
|
}
|
|
else
|
|
{
|
|
$version = (unpack ("L", $tmp) & 1) ? 3 : 4;
|
|
}
|
|
|
|
my $rc4_key = sha1 ($tmp . "\x00\x00\x00\x00");
|
|
|
|
if ($version == 3)
|
|
{
|
|
$rc4_key = substr ($rc4_key, 0, 5) . "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
|
|
}
|
|
|
|
my $m = Crypt::RC4->new (substr ($rc4_key, 0, 16));
|
|
|
|
my $encdata;
|
|
|
|
if (defined $param)
|
|
{
|
|
$encdata = $m->RC4 (pack ("H*", $param));
|
|
}
|
|
else
|
|
{
|
|
$encdata = "A" x 16; ## can be anything
|
|
}
|
|
|
|
my $data1_buf = $encdata;
|
|
my $data2_buf = sha1 (substr ($data1_buf, 0, 16));
|
|
|
|
$m = Crypt::RC4->new (substr ($rc4_key, 0, 16));
|
|
|
|
my $encrypted1 = $m->RC4 ($data1_buf);
|
|
my $encrypted2 = $m->RC4 ($data2_buf);
|
|
|
|
|
|
my $secblock = "";
|
|
|
|
if ($version == 3)
|
|
{
|
|
my $key2 = substr (sha1 ($tmp . "\x01\x00\x00\x00"), 0, 5) . "\x00" x 11;
|
|
|
|
my $rc4 = Crypt::RC4->new ($key2);
|
|
|
|
if (defined $param3) # verify/decrypt:
|
|
{
|
|
if (length ($param3) > 0)
|
|
{
|
|
my $decrypted = $rc4->RC4 (pack ("H*", $param3));
|
|
|
|
# count the number of NUL (\x00) bytes:
|
|
|
|
my $num_nul_bytes = 0;
|
|
|
|
for (my $i = 0; $i < 32; $i++)
|
|
{
|
|
$num_nul_bytes++ if (substr ($decrypted, $i, 1) eq "\x00");
|
|
}
|
|
|
|
if ($num_nul_bytes < 10)
|
|
{
|
|
$secblock = "*"; # incorrect/fake/empty result
|
|
}
|
|
else
|
|
{
|
|
$secblock = "*$param3";
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (random_number (0, 1) == 1) # the second block data is optional
|
|
{
|
|
my $num_zeros = random_number (10, 32); # at least 10 NUL bytes
|
|
|
|
$secblock = "\x00" x $num_zeros;
|
|
|
|
# fill the buffer with some random bytes (up to 32 bytes total):
|
|
|
|
for (my $i = 0; $i < 32 - $num_zeros; $i++)
|
|
{
|
|
my $idx = random_number (0, $num_zeros + $i); # insert at random position
|
|
|
|
my $c = random_bytes (1); # 0x00-0xff
|
|
|
|
$secblock = substr ($secblock, 0, $idx) . $c . substr ($secblock, $idx);
|
|
}
|
|
|
|
$secblock = $rc4->RC4 ($secblock);
|
|
|
|
$secblock = "*" . unpack ("H*", $secblock);
|
|
}
|
|
}
|
|
}
|
|
|
|
my $hash = sprintf ("\$oldoffice\$%d*%s*%s*%s%s", $version, $salt, unpack ("H*", $encrypted1), unpack ("H*", $encrypted2), $secblock);
|
|
|
|
return $hash;
|
|
}
|
|
|
|
sub module_verify_hash
|
|
{
|
|
my $line = shift;
|
|
|
|
# Office Old $3 $4
|
|
my ($hash_in, $word) = split ":", $line;
|
|
|
|
return unless defined $hash_in;
|
|
return unless defined $word;
|
|
|
|
my @data = split /\*/, $hash_in;
|
|
|
|
my $num_fields = scalar @data;
|
|
|
|
return unless (($num_fields == 4) || ($num_fields == 5));
|
|
|
|
my $signature = shift @data;
|
|
|
|
return unless (($signature eq '$oldoffice$3') || ($signature eq '$oldoffice$4'));
|
|
|
|
return unless (length $data[0] == 32);
|
|
return unless (length $data[1] == 32);
|
|
return unless (length $data[2] == 40);
|
|
|
|
my $salt = shift @data;
|
|
my $param = shift @data;
|
|
my $param2 = substr ($signature, 11, 1);
|
|
|
|
my $param3 = "";
|
|
|
|
if ($num_fields == 5)
|
|
{
|
|
shift @data; # ignore the "digest"
|
|
|
|
$param3 = shift @data;
|
|
}
|
|
|
|
return unless defined $salt;
|
|
return unless defined $word;
|
|
return unless defined $param;
|
|
return unless defined $param2;
|
|
|
|
$word = pack_if_HEX_notation ($word);
|
|
|
|
my $new_hash = module_generate_hash ($word, $salt, $param, $param2, $param3);
|
|
|
|
return ($new_hash, $word);
|
|
}
|
|
|
|
1;
|