Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hashing algorithms to be implemented #3

Closed
Ekultek opened this issue Jun 27, 2017 · 13 comments
Closed

Hashing algorithms to be implemented #3

Ekultek opened this issue Jun 27, 2017 · 13 comments
Assignees
@Ekultek
Labels
enhancement Project

Comments

@Ekultek
Copy link
Owner

Ekultek commented Jun 27, 2017
edited
Loading

These hashes will be implemented before version 2.0. If you have any ideas on hashes that I should implement, make a comment here with the hash type and an example of the hash if possible

Special algorithms to be implemented (no time frame on these)

Regular expressions to verify the hash

  • SSHA -> ^{[^{}]*}[a-zA-Z0-9][\w/-]+=?$
  • MsSQL 2005 -> ^0x0100[a-f0-9]{54}$
  • MsSQL 2000 -> ^0x0100[a-f0-9]\w{87}$
  • PostgreSQL -> ^(md5)?[a-f0-9]{32}$
  • Wordpress -> ^$[\w.]{1}$\w+$\S{22}$ ^\$\w+\$\w+(\$)?\w+(.)?$ -> test Hashing algorithms to be implemented #3 (comment)
  • NTLM
    • full hash -> ^\w+:\d+:[a-z0-9]{32}:[a-z0-9]{32}:::$
    • just ntlm hash -> ^(md5)?[a-f0-9]{32}$
  • Scrypt -> (c2NyeXB0AA4AAAAIAAAAA)?\w+(/)?(//)?\w+(/)?\w+(/)?\w+(/)?\w+(/?)\w+(w+)?.. -> test Hashing algorithms to be implemented #3 (comment)
  • DSA -> ^[a-f0-9]{40}(:.+)?$
  • Oracle10g -> ^[a-f0-9]{16}(:.+)?$
  • Oracle11g -> ^S:[a-zA-Z0-9]{60}$
  • CRC64 ^(0x)?[a-f0-9]{16}(L)?$
  • Haval-160 -> ^[a-f0-9]{40}(:.+)?$
  • Tiger-160 -> ^[a-f0-9]{40}(:.+)?$
@Ekultek
Copy link
Owner Author

Ekultek commented Jun 27, 2017

NTLM done 06/12/2017

@Ekultek
Copy link
Owner Author

Ekultek commented Jun 27, 2017
edited
Loading

Oracle 10g/11g and SSHA done 06/25/2017

@Ekultek
Copy link
Owner Author

Ekultek commented Jun 27, 2017

PostgreSQL and MsSQL 2005 done 06/27/2017

@Ekultek Ekultek self-assigned this Jun 27, 2017
@Ekultek
Copy link
Owner Author

Ekultek commented Jun 28, 2017

Hash examples list: https://hashcat.net/wiki/doku.php?id=example_hashes

@Ekultek
Copy link
Owner Author

Ekultek commented Jun 29, 2017

Wordpress new re test:

>>> data_list = [
	'$P$9aD9ZLmkpsN4A83G8MefaaP888gVKX0',
        '$P$984478476IagS59wHZvyQMArzfx58u.',
        '$P$D0bvd1k4$6v8qlQdP4boGl8vOtgbzL0',
        '$1$STLDxaNZ$CUa39AASTza8HpYF1trFR.',
        '$1$Xuxygilk$DoASOA3PL2uw3WqOT8Ak10'
	]
>>> wordpress_re = re.compile("^\$\w+\$\w+(\$)?\w+(.)?$")
>>> for i, h in enumerate(data_list, start=1):
	if wordpress_re.match(h):
		print("[{}] matched -> {}".format(i, h))
	else:
		print("[{}] did not match -> {}".format(i, h))

		
[1] matched -> $P$9aD9ZLmkpsN4A83G8MefaaP888gVKX0
[2] matched -> $P$984478476IagS59wHZvyQMArzfx58u.
[3] matched -> $P$D0bvd1k4$6v8qlQdP4boGl8vOtgbzL0
[4] matched -> $1$STLDxaNZ$CUa39AASTza8HpYF1trFR.
[5] matched -> $1$Xuxygilk$DoASOA3PL2uw3WqOT8Ak10
>>>

@Ekultek
Copy link
Owner Author

Ekultek commented Jun 29, 2017

Scrypt re test:

>>> for i, h in enumerate(h_list, start=1):
	if scrypt_re.match(h):
		print("[{}] matched -> {}".format(i ,h))
	else:
		print("[{}] did not match -> {}".format(i, h))

		
[1] matched -> c2NyeXB0AA4AAAAIAAAAARgcJ72bb4RmaCo1/twa41IezhSBeoXLax/IYoHP4Zv4wCBOR103TVPWsRGOip5zi5xYW1MVXB7YWQLmrr92Bj5lLBfcKqtKZvESyR1KAW8c
[2] matched -> c2NyeXB0AA4AAAAIAAAAAcI8WmpOYPQhOxaAXD97crEbw0o//NcJQf8l8M5J1Q6vO2QmBnK/4fQrNMJGlVFii6/OgwgiDhXMdJQ2d0/c/GvJ1xoSaJve5z0mCK2QNefy
[3] matched -> c2NyeXB0AA4AAAAIAAAAAUlgFFFEypsmaeeB7JoYilyB/t1CUw65fCpwF1TfT2XqSDmblNq6jhXQpNKl/75OCQZjUQDTN7A8/yan60o3oJkTqlkmkNGCxzgwelaN9DLe
>>>

@Ekultek
Copy link
Owner Author

Ekultek commented Jun 29, 2017

Possible DSA implementation https://github.com/rrottmann/pydsa/blob/master/pydsa/dsa.py

@Ekultek
Copy link
Owner Author

Ekultek commented Jun 29, 2017
edited
Loading

Possible sha1(sha1(sha1(pass)) implementation

>>> def sha1_sha1_sha1_pass(string, salt=None):
	obj1 = hashlib.sha1()
	obj2 = hashlib.sha1()
	obj3 = hashlib.sha1()
	print "updating obj1"
	obj1.update(string)
	print "digesting obj1"
	data1 = obj1.hexdigest()
	print "updating obj2 with {}".format(data1)
	obj2.update(data1)
	print "digesting obj2"
	data2 = obj2.hexdigest()
	print "updating obj3 with {}".format(data2)
	obj3.update(data2)
	print "digesting obj3"
	if salt is None:
	    return obj3.hexdigest()
	else:
		return obj3.hexdigest() + ":{}".format(salt)

	
>>> sha1_sha1_sha1_pass("test", salt="tset")
updating obj1
digesting obj1
updating obj2 with a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
digesting obj2
updating obj3 with c4033bff94b567a190e33faa551f411caef444f2
digesting obj3
'b2c2a9ca41e220a80237ea3f484b92af0b7c7223:tset'
>>> sha1_sha1_sha1_pass("test")
updating obj1
digesting obj1
updating obj2 with a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
digesting obj2
updating obj3 with c4033bff94b567a190e33faa551f411caef444f2
digesting obj3
'b2c2a9ca41e220a80237ea3f484b92af0b7c7223'
>>>

@Ekultek
Copy link
Owner Author

Ekultek commented Jun 30, 2017

MsSQL 2000 done 06/30/2017

@Ekultek
Copy link
Owner Author

Ekultek commented Jul 3, 2017

crc64 done 07/03/2017

@Ekultek
Copy link
Owner Author

Ekultek commented Aug 11, 2017

created sha1 rounds 08/11/2017

@Ekultek
Copy link
Owner Author

Ekultek commented Aug 11, 2017
edited
Loading

md5 crypt added 08/11/2017 #52

@Ekultek
Copy link
Owner Author

Ekultek commented Aug 21, 2017

Closing this, I have most of them so I'm gonna go with it.

@Ekultek Ekultek closed this as completed Aug 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ekultek Ekultek

Labels
enhancement Project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ekultek