Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5f25a77

Browse files
stamparmstamparm
committed
Adding support for vBulletin password hashes (Issue #1881)
1 parent ae3c013 commit 5f25a77

2 files changed

Lines changed: 18 additions & 4 deletions

File tree

lib/core/enums.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,8 @@ class HASH:
131131
APACHE_MD5_CRYPT = r'\A\$apr1\$.{1,8}\$[./a-zA-Z0-9]+\Z'
132132
UNIX_MD5_CRYPT = r'\A\$1\$.{1,8}\$[./a-zA-Z0-9]+\Z'
133133
APACHE_SHA1 = r'\A\{SHA\}[a-zA-Z0-9+/]+={0,2}\Z'
134+
VBULLETIN = r'\A[0-9a-fA-F]{32}:.{30}\Z'
135+
VBULLETIN_OLD = r'\A[0-9a-fA-F]{32}:.{3}\Z'
134136

135137
# Reference: http://www.zytrax.com/tech/web/mobile_ids.html
136138
class MOBILES:

lib/utils/hash.py

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -255,7 +255,7 @@ def sha1_generic_passwd(password, uppercase=False):
255255

256256
return retVal.upper() if uppercase else retVal.lower()
257257

258-
def apache_sha1_passwd(password, uppercase=False):
258+
def apache_sha1_passwd(password, **kwargs):
259259
"""
260260
>>> apache_sha1_passwd(password='testpass')
261261
'{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
@@ -399,6 +399,16 @@ def joomla_passwd(password, salt, **kwargs):
399399

400400
return "%s:%s" % (md5("%s%s" % (password, salt)).hexdigest(), salt)
401401

402+
def vbulletin_passwd(password, salt, **kwargs):
403+
"""
404+
Reference: https://stackoverflow.com/a/2202810
405+
406+
>>> vbulletin_passwd(password='testpass', salt='xOs')
407+
'dfc52862d70bc8813c366fca5a6b7f88:xOs'
408+
"""
409+
410+
return "%s:%s" % (md5("%s%s" % (md5(password).hexdigest(), salt)).hexdigest(), salt)
411+
402412
def wordpress_passwd(password, salt, count, prefix, **kwargs):
403413
"""
404414
Reference(s):
@@ -475,6 +485,8 @@ def _encode64(input_, count):
475485
HASH.APACHE_MD5_CRYPT: unix_md5_passwd,
476486
HASH.UNIX_MD5_CRYPT: unix_md5_passwd,
477487
HASH.APACHE_SHA1: apache_sha1_passwd,
488+
HASH.VBULLETIN: vbulletin_passwd,
489+
HASH.VBULLETIN_OLD: vbulletin_passwd,
478490
}
479491

480492
def storeHashesToFile(attack_dict):
@@ -819,7 +831,7 @@ def dictionaryAttack(attack_dict):
819831
if re.match(hash_regex, hash_):
820832
item = None
821833

822-
if hash_regex not in (HASH.CRYPT_GENERIC, HASH.JOOMLA, HASH.WORDPRESS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1):
834+
if hash_regex not in (HASH.CRYPT_GENERIC, HASH.JOOMLA, HASH.WORDPRESS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1, HASH.VBULLETIN, HASH.VBULLETIN_OLD):
823835
hash_ = hash_.lower()
824836

825837
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1):
@@ -834,7 +846,7 @@ def dictionaryAttack(attack_dict):
834846
item = [(user, hash_), {'salt': hash_[0:2]}]
835847
elif hash_regex in (HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT):
836848
item = [(user, hash_), {'salt': hash_.split('$')[2], 'magic': '$%s$' % hash_.split('$')[1]}]
837-
elif hash_regex in (HASH.JOOMLA,):
849+
elif hash_regex in (HASH.JOOMLA, HASH.VBULLETIN, HASH.VBULLETIN_OLD):
838850
item = [(user, hash_), {'salt': hash_.split(':')[-1]}]
839851
elif hash_regex in (HASH.WORDPRESS,):
840852
if ITOA64.index(hash_[3]) < 32:
@@ -924,7 +936,7 @@ def dictionaryAttack(attack_dict):
924936
custom_wordlist.append(normalizeUnicode(user))
925937

926938
# Algorithms without extra arguments (e.g. salt and/or username)
927-
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1):
939+
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1, HASH.VBULLETIN, HASH.VBULLETIN_OLD):
928940
for suffix in suffix_list:
929941
if not attack_info or processException:
930942
break

0 commit comments

Comments
 (0)