hashID does not recognize werkzeug hash results

[asaf400]

hashID is unable to automatically detect the hash which is a result of the generate_password_hash function in the common werkzeug library \ module used by flask based apps,

As defined here: https://github.com/pallets/werkzeug/blob/d2625f545f53252314aee0c36818f52a52f7d321/src/werkzeug/security.py#L172

Example result:

In [1]: from werkzeug.security import check_password_hash, generate_password_hash

In [2]: generate_password_hash('demo') Out[2]: 'pbkdf2:sha256:150000$GeDI5o4S$79f2079efda1d5b3953f062cb14a404a30e9c0458992f44a109a2cad0916b2d7'

In [4]: check_password_hash('pbkdf2:sha256:150000$GeDI5o4S$79f2079efda1d5b3953f062cb14a404a30e9c0458992f44a109a2cad0916b2d7','demo') Out[4]: True

In [8]: list(myhash.identifyHash('pbkdf2:sha256:150000$GeDI5o4S$79f2079efda1d5b3953f062cb14a404a30e9c0458992f44a109a2cad0916b2d7')) Out[8]: []

Note that for the example I used it hash id as an import, but the shell registered command returns same results but more human readable: '[+] Unknown hash'

I have been trying to identify this type of hash for some time, luckily I was able to find the correct function following the app code import stack. app -> flask app builder --> werkzeug/security.py

I came across hashID recommended in various sources (mainly stack overflow questions) but it was unable to help this case..

[bburky]

This project is no longer under active development. See #50 for some alternative tools