Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a1dd736

Browse files
stamparmstamparm
committed
Implemented support for Apache SHA1 (Issue #1881)
1 parent 12b3311 commit a1dd736

2 files changed

Lines changed: 20 additions & 16 deletions

File tree

lib/core/enums.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,7 @@ class HASH:
128128
WORDPRESS = r'(?i)\A\$P\$[./0-9A-Za-z]{31}\Z'
129129
APACHE_MD5_CRYPT = r'(?i)\A\$apr1\$.{1,8}\$[./a-z0-9]+\Z'
130130
UNIX_MD5_CRYPT = r'(?i)\A\$1\$.{1,8}\$[./a-z0-9]+\Z'
131+
APACHE_SHA1 = r'(?i)\A\{SHA\}[a-z0-9+/]+={0,2}\Z'
131132

132133
# Reference: http://www.zytrax.com/tech/web/mobile_ids.html
133134
class MOBILES:

lib/utils/hash.py

Lines changed: 19 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -254,6 +254,14 @@ def sha1_generic_passwd(password, uppercase=False):
254254

255255
return retVal.upper() if uppercase else retVal.lower()
256256

257+
def apache_sha1_passwd(password, uppercase=False):
258+
"""
259+
>>> apache_sha1_passwd(password='testpass')
260+
'{SHA}IGyAQTualsExLMNGt9JRe4RGPt0='
261+
"""
262+
263+
return "{SHA}%s" % sha1(password).digest().encode("base64").strip()
264+
257265
def sha224_generic_passwd(password, uppercase=False):
258266
"""
259267
>>> sha224_generic_passwd(password='testpass', uppercase=False)
@@ -284,7 +292,7 @@ def sha512_generic_passwd(password, uppercase=False):
284292

285293
return retVal.upper() if uppercase else retVal.lower()
286294

287-
def crypt_generic_passwd(password, salt, uppercase=False):
295+
def crypt_generic_passwd(password, salt, **kwargs):
288296
"""
289297
Reference(s):
290298
http://docs.python.org/library/crypt.html
@@ -296,11 +304,9 @@ def crypt_generic_passwd(password, salt, uppercase=False):
296304
'rl.3StKT.4T8M'
297305
"""
298306

299-
retVal = crypt(password, salt)
307+
return crypt(password, salt)
300308

301-
return retVal.upper() if uppercase else retVal
302-
303-
def unix_md5_passwd(password, salt, magic="$1$", uppercase=False):
309+
def unix_md5_passwd(password, salt, magic="$1$", **kwargs):
304310
"""
305311
Reference(s):
306312
http://www.sabren.net/code/python/crypt/md5crypt.py
@@ -370,17 +376,15 @@ def _encode64(value, count):
370376
hash_ = hash_ + _encode64((int(ord(final[4])) << 16) | (int(ord(final[10])) << 8) | (int(ord(final[5]))), 4)
371377
hash_ = hash_ + _encode64((int(ord(final[11]))), 2)
372378

373-
output = magic + salt + '$' + hash_
374-
375-
return output.upper() if uppercase else output
379+
return "%s%s$%s" % (magic, salt, hash_)
376380

377-
def wordpress_passwd(password, salt, count, prefix, uppercase=False):
381+
def wordpress_passwd(password, salt, count, prefix, **kwargs):
378382
"""
379383
Reference(s):
380384
http://packetstormsecurity.org/files/74448/phpassbrute.py.txt
381385
http://scriptserver.mainframe8.com/wordpress_password_hasher.php
382386
383-
>>> wordpress_passwd(password='testpass', salt='aD9ZLmkp', count=2048, prefix='$P$9aD9ZLmkp', uppercase=False)
387+
>>> wordpress_passwd(password='testpass', salt='aD9ZLmkp', count=2048, prefix='$P$9aD9ZLmkp')
384388
'$P$9aD9ZLmkpsN4A83G8MefaaP888gVKX0'
385389
"""
386390

@@ -427,9 +431,7 @@ def _encode64(input_, count):
427431
_.update(password)
428432
hash_ = _.digest()
429433

430-
retVal = prefix + _encode64(hash_, 16)
431-
432-
return retVal.upper() if uppercase else retVal
434+
return "%s%s" % (prefix, _encode64(hash_, 16))
433435

434436
__functions__ = {
435437
HASH.MYSQL: mysql_passwd,
@@ -449,6 +451,7 @@ def _encode64(input_, count):
449451
HASH.WORDPRESS: wordpress_passwd,
450452
HASH.APACHE_MD5_CRYPT: unix_md5_passwd,
451453
HASH.UNIX_MD5_CRYPT: unix_md5_passwd,
454+
HASH.APACHE_SHA1: apache_sha1_passwd,
452455
}
453456

454457
def storeHashesToFile(attack_dict):
@@ -793,10 +796,10 @@ def dictionaryAttack(attack_dict):
793796
if re.match(hash_regex, hash_):
794797
item = None
795798

796-
if hash_regex not in (HASH.CRYPT_GENERIC, HASH.WORDPRESS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT):
799+
if hash_regex not in (HASH.CRYPT_GENERIC, HASH.WORDPRESS, HASH.UNIX_MD5_CRYPT, HASH.APACHE_MD5_CRYPT, HASH.APACHE_SHA1):
797800
hash_ = hash_.lower()
798801

799-
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
802+
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1):
800803
item = [(user, hash_), {}]
801804
elif hash_regex in (HASH.ORACLE_OLD, HASH.POSTGRES):
802805
item = [(user, hash_), {'username': user}]
@@ -895,7 +898,7 @@ def dictionaryAttack(attack_dict):
895898
if user and not user.startswith(DUMMY_USER_PREFIX):
896899
custom_wordlist.append(normalizeUnicode(user))
897900

898-
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC):
901+
if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1):
899902
for suffix in suffix_list:
900903
if not attack_info or processException:
901904
break

0 commit comments

Comments
 (0)