Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0f4d202

Browse files
stamparmstamparm
committed
Implemented support for Joomla passwd (Issue #1881)
1 parent a1dd736 commit 0f4d202

2 files changed

Lines changed: 20 additions & 6 deletions

File tree

lib/core/enums.py

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -124,11 +124,12 @@ class HASH:
124124
SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z'
125125
SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z'
126126
SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
127-
CRYPT_GENERIC = r'(?i)\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
128-
WORDPRESS = r'(?i)\A\$P\$[./0-9A-Za-z]{31}\Z'
129-
APACHE_MD5_CRYPT = r'(?i)\A\$apr1\$.{1,8}\$[./a-z0-9]+\Z'
130-
UNIX_MD5_CRYPT = r'(?i)\A\$1\$.{1,8}\$[./a-z0-9]+\Z'
131-
APACHE_SHA1 = r'(?i)\A\{SHA\}[a-z0-9+/]+={0,2}\Z'
127+
CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
128+
JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z'
129+
WORDPRESS = r'\A\$P\$[./0-9a-zA-Z]{31}\Z'
130+
APACHE_MD5_CRYPT = r'\A\$apr1\$.{1,8}\$[./a-zA-Z0-9]+\Z'
131+
UNIX_MD5_CRYPT = r'\A\$1\$.{1,8}\$[./a-zA-Z0-9]+\Z'
132+
APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z'
132133

133134
# Reference: http://www.zytrax.com/tech/web/mobile_ids.html
134135
class MOBILES:

lib/utils/hash.py

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -378,6 +378,16 @@ def _encode64(value, count):
378378

379379
return "%s%s$%s" % (magic, salt, hash_)
380380

381+
def joomla_passwd(password, salt, **kwargs):
382+
"""
383+
Reference: https://stackoverflow.com/a/10428239
384+
385+
>>> joomla_passwd(password='testpass', salt='WZGO7gQEl1UHHKeT7mN9n1VNtHj7xhC')
386+
'd5875f832ce9d83c21a14075019d3d24:WZGO7gQEl1UHHKeT7mN9n1VNtHj7xhC'
387+
"""
388+
389+
return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
390+
381391
def wordpress_passwd(password, salt, count, prefix, **kwargs):
382392
"""
383393
Reference(s):
@@ -448,6 +458,7 @@ def _encode64(input_, count):
448458
HASH.SHA384_GENERIC: sha384_generic_passwd,
449459
HASH.SHA512_GENERIC: sha512_generic_passwd,
450460
HASH.CRYPT_GENERIC: crypt_generic_passwd,
461+
HASH.JOOMLA: joomla_passwd,
451462
HASH.WORDPRESS: wordpress_passwd,
452463
HASH.APACHE_MD5_CRYPT: unix_md5_passwd,
453464
HASH.UNIX_MD5_CRYPT: unix_md5_passwd,
@@ -796,7 +807,7 @@ def dictionaryAttack(attack_dict):
796807
if re.match(hash_regex, hash_):
797808
item = None
798809

799-
if hash_regex not in (HASH.CRYPT_GENERIC, HASH.WORDPRESS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1):
810+
if hash_regex not in (HASH.CRYPT_GENERIC, HASH.JOOMLA, HASH.WORDPRESS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1):
800811
hash_ = hash_.lower()
801812

802813
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1):
@@ -811,6 +822,8 @@ def dictionaryAttack(attack_dict):
811822
item = [(user, hash_), {'salt': hash_[0:2]}]
812823
elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT):
813824
item = [(user, hash_), {'salt': hash_.split('$')[2], 'magic': '$%s$' % hash_.split('$')[1]}]
825+
elif hash_regex in (HASH.JOOMLA,):
826+
item = [(user, hash_), {'salt': hash_.split(':')[-1]}]
814827
elif hash_regex in (HASH.WORDPRESS,):
815828
if ITOA64.index(hash_[3]) < 32:
816829
item = [(user, hash_), {'salt': hash_[4:12], 'count': 1 << ITOA64.index(hash_[3]), 'prefix': hash_[:12]}]

0 commit comments

Comments
 (0)