HashPump – A Tool To Exploit The Hash Length Extension Attack In Various Hashing Algorithms

A tool to exploit the hash length extension attack in various hashing algorithms.
Currently supported algorithms: MD5, SHA1, SHA256, SHA512.Help Menu

$ hashpump -hHashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength] HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack. -h –help Display this message. -t –test Run tests to verify each algorithm is operating properly. -s –signature The signature from known message. -d –data The data from the known message. -a –additional The information you would like to add to the known message. -k –keylength The length in bytes of the key being used to sign the original message with. Version 1.2.0 with CRC32, MD5, SHA1, SHA256 and SHA512 support.

Sample Output

$ hashpump -s ‘6d5f807e23db210bc254a28be2d6759a0f5f5d99’ –data ‘count=10&lat=37.351&user_id=1&long=-119.827&waffle=eggo’ -a ‘&waffle=liege’ -k 140e41270260895979317fff3898ab85668953aaa2count=10&lat=37.351&user_id=1&long=-119.827&waffle=eggo\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02(&waffle=liege

Compile & install

$ git clone http://ift.tt/2pxty9m apt-get install g++ libssl-dev$ cd HashPump$ make$ make install

apt-get and make install require root privileges to run correctly. The actual requirement is for -lcrypto, so depending on your operating system, your dependencies may vary.
On OS X HashPump can also be installed using Homebrew:

$ brew install hashpump

Mentions
HashPump has been mentioned in a few write-ups. If you are wondering how you can use HashPump, these are some great examples.

http://ift.tt/2ob7SyV

http://ift.tt/2paHQA9 (JP)

http://ift.tt/2ob9uso

http://ift.tt/2paFLo6

http://ift.tt/2ob8nc9

http://ift.tt/2pav3xJ

Python Bindings
Fellow Python lovers will be pleased with this addition. Saving me from writing an implementation of all these hash algorithms with the ability to modify states in Python, Python bindings have been added in the form of hashpumpy. This addition comes from zachriggle.Installation
These Python bindings are available on PyPI and can be installed via pip. pip install hashpumpyUsage

>>> import hashpumpy>>> help(hashpumpy.hashpump)Help on built-in function hashpump in module hashpumpy:hashpump(…) hashpump(hexdigest, original_data, data_to_add, key_length) -> (digest, message) Arguments: hexdigest(str): Hex-encoded result of hashing key + original_data. original_data(str): Known data used to get the hash result hexdigest. data_to_add(str): Data to append key_length(int): Length of unknown data prepended to the hash Returns: A tuple containing the new hex digest and the new message.>>> hashpumpy.hashpump(‘ffffffff’, ‘original_data’, ‘data_to_add’, len(‘KEYKEYKEY’))(‘e3c4a05f’, ‘original_datadata_to_add’)

Python 3 note
hashpumpy supports Python 3. Different from the Python 2 version, the second value (the new message) in the returned tuple from hashpumpy.hashpump is a bytes-like object instead of a string.
Download HashPump http://ift.tt/2obfr8x http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s