Hash guarantee (DELtw.CG9)

Ekultek / Dagon

Advanced Hash Manipulation

172 stars 54 forks source link

Hash guarantee (DELtw.CG9) #72

Open Dagon-Project opened 7 years ago

Dagon-Project commented 7 years ago

Dagon has failed to crack given hash: DELtw.CG9Db.pOYgP4K.VbDiI4W3gfCmhhMi9Dxpsg2.

This was attempted on 2017-09-22 23:26:29.161485..

Commands that were used during failure: ['dagon.py', '-v', 'DELtw.CG9Db.pOYgP4K.VbDiI4W3gfCmhhMi9Dxpsg2']

Algorithm attempted: None

Ekultek commented 7 years ago

This hash is a Cisco type 4 hash, which has not been implemented yet. I'm not even 100% sure how this hash works, so I'll go ahead and do my best and see if I can't figure something out. This may take a little bit longer then a normal hash guarantee, so stick with me.

Ekultek commented 7 years ago

So far I’ve learned that type 4 is an sha256 hash. Still working on this

Ekultek commented 7 years ago

So after a lot of research I found the following here:

The design called for using Password-Based Key Derivation Function version 2 (PBKDF2), as described in RFC 2898 section 5.2, with the following input values:
 - Hash algorithm = SHA-256
 - Password = the user-provided plaintext password
 - Salt = 80 bits (generated by calling a cryptographically secure random number generator)
 - Iteration count = 1,000 (one thousand)
Due to an implementation issue, the Type 4 password algorithm does not use PBKDF2 and does not use a salt, but instead performs a single iteration of SHA-256 over the user-provided plaintext password. This approach causes a Type 4 password to be less resilient to brute-force attacks than a Type 5 password of equivalent complexity.

So idk what’s going on here let me figure this out

Ekultek commented 7 years ago

Alright I’ve got it figured out. It’s a sha256 hash obfuscated with base64 using ./0-9A-Za-z as the set characters. So it would look something along the lines of:

def cisco(string)
    def __encode64(string, set=“./{}{}”):
        set.format(_string.ascii_uppercase, _string.ascii_lowercase)
        retval = # some fancy shit to obfuscate the hash
        return retval

    retval = hashlib.sha256()
    retval.update(string)
    return __encode64(retval)

# psedocode return DELtw.CG9Db.pOYgP4K.VbDiI4W3gfCmhhMi9Dxpsg2

Ekultek commented 6 years ago

Sorry for the delay in updates, I've been waiting for some hashes in order to start implementing new ones. Almost ready