Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7b0f1fd

Browse files
stamparmstamparm
committed
Couple of patches and implementation for SHA256 (Issue #1881)
1 parent 1f60dfc commit 7b0f1fd

2 files changed

Lines changed: 18 additions & 4 deletions

File tree

lib/core/enums.py

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -121,9 +121,10 @@ class HASH:
121121
ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
122122
MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
123123
SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
124-
SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z'
125-
SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z'
126-
SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
124+
SHA224_GENERIC = r'(?i)\A[0-9a-f]{56}\Z'
125+
SHA256_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
126+
SHA384_GENERIC = r'(?i)\A[0-9a-f]{96}\Z'
127+
SHA512_GENERIC = r'(?i)\A[0-9a-f]{128}\Z'
127128
CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
128129
JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z'
129130
WORDPRESS = r'\A\$P\$[./0-9a-zA-Z]{31}\Z'

lib/utils/hash.py

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@
3535
from hashlib import md5
3636
from hashlib import sha1
3737
from hashlib import sha224
38+
from hashlib import sha256
3839
from hashlib import sha384
3940
from hashlib import sha512
4041
from Queue import Queue
@@ -272,6 +273,16 @@ def sha224_generic_passwd(password, uppercase=False):
272273

273274
return retVal.upper() if uppercase else retVal.lower()
274275

276+
def sha256_generic_passwd(password, uppercase=False):
277+
"""
278+
>>> sha256_generic_passwd(password='testpass', uppercase=False)
279+
'13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
280+
"""
281+
282+
retVal = sha256(password).hexdigest()
283+
284+
return retVal.upper() if uppercase else retVal.lower()
285+
275286
def sha384_generic_passwd(password, uppercase=False):
276287
"""
277288
>>> sha384_generic_passwd(password='testpass', uppercase=False)
@@ -455,6 +466,7 @@ def _encode64(input_, count):
455466
HASH.MD5_GENERIC: md5_generic_passwd,
456467
HASH.SHA1_GENERIC: sha1_generic_passwd,
457468
HASH.SHA224_GENERIC: sha224_generic_passwd,
469+
HASH.SHA256_GENERIC: sha256_generic_passwd,
458470
HASH.SHA384_GENERIC: sha384_generic_passwd,
459471
HASH.SHA512_GENERIC: sha512_generic_passwd,
460472
HASH.CRYPT_GENERIC: crypt_generic_passwd,
@@ -911,7 +923,8 @@ def dictionaryAttack(attack_dict):
911923
if user and not user.startswith(DUMMY_USER_PREFIX):
912924
custom_wordlist.append(normalizeUnicode(user))
913925

914-
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1):
926+
# Algorithms without extra arguments (e.g. salt and/or username)
927+
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1):
915928
for suffix in suffix_list:
916929
if not attack_info or processException:
917930
break

0 commit comments

Comments
 (0)