TL;DR: Magic hashes are well known specific hashes used to exploit Type Juggling attacks in PHP. Combined with bcrypt limitations, we propose the concept of Super Magic Hashes. These hashes can detect 3 different vulnerabilities: type juggling, weak password storage and incorrect Bcrypt usage. A Go PoC found some MD5, SHA1 and SHA224 super magic hashes.
If you do not care about maths, you can just skip this section.Finding super magic hashes is not trivial for hashing functions with a long output. The hashes need to start by at least two 0 followed by the letter e and then only numbers.
MD5 magics hashes
Download Zip: https://miimms.com/2vD2Hr
The probability to get a SHA224 super magic hash for a random password is: 4.12e-15. Here is the probability to get at least one super magic hash depending on the number of hashes calculated (logarithmic scale):
For a quick PoC I decided to use the Go language. To be as efficient as possible we will use the nice benchmark functionality of Golang. We will also use the testing function to be sure that the hash parsing function we create does not miss (super) magic hashes.
Carl Löndahl has done what was expected for many years: tweak hashcat to find magic hashes. This is a game changer as it is probably the fastest way to compute hashes nowadays. @Chick3nman512 and @hops_ch are also working on a hashcat fork to find magic hashes. Stay tuned!
This post will cover two vulnerabilities in rConfig 3.9.6 when chained together could potentially lead to unauthenticated code execution. The first vulnerability involves type juggling using magic hashes to bypass authentication, and the second involves command injection via its cron job functionality.
The 128-bit (16-byte) MD5 hashes (also termed message digests) are typically represented as a sequence of 32 hexadecimal digits. The following demonstrates a 43-byte ASCII input and the corresponding MD5 hash:
The underlying algorithm takes in a password specifiedas a series of non-null bytes, and does not specify what encodingshould be used; though a us-ascii compatible encodingis implied by nearly all implementations of md5-cryptas well as all known reference hashes.
The library supports two encryption formats: traditional Unix DES-hashes3On non-Unix systems, crypt() is provided by the NetBSD library. The license header is added at the end of this document. and FreeBSD compatible MD5 hashes (all platforms). MD5 hashes start with the magic sequence $1$, followed by an up to 8 character salt. DES hashes start with a 2 charactersalt. Note that a DES hash considers only the first 8 characters. The MD5 considers the whole string.
NOTE: crypt/2 provides an interface to the Unix password hashing API. Above we already introduced support for classical DES and MD5 hashes, both hashes that are considered insecure by today's standards.4Insecure means that the password can realistically be derived from the password hash using a brute-force attack. This implies that leaking the password database is an immediate security risk. The crypt() API of modern Unix systems typically support more secure hashes. Using crypt/2 is suitable if compatibility with OS passwords is required. If strong hashes and platform independence are important to you, use crypto_password_hash/2 provided by librarylibrary(crypto) from thessl package.
Next up, is find_dups.py which will recursively find duplicate files (even if the filenames are different). It does this by calculating the md5 hash of all the files, and looking for files with matching hashes. It is possible that two different files have the same hash, but the chances are remote.
The idea I had was to use MD5 hashes for that. Each object has a built-in function called .GetHashCode(). This method returns an Integer, although according to the name of the method, you would expect a string. That's because these HashValues are intended to be used as Keys in e.g. a HashTable.
Generating MD5-hashes can be useful, if you must have a procedure both sides can execute to ensure the uniqueness and changeless serialization / deserialization of objects. The most difficult part for me was to convert an object into a byte array and the conversion of a byte array to an Hex - String. Using Guids is also a possibility. But the Guid is created when the object is initialized and the consumer cannot "recreate" the Guid to ensure that no changes on the object were done. He just knows that he has received the same object the producer has created.
Password Hash DecryptionNow that the PEK is decrypted the next task is decrypt the hashes stored in the ATTk589879 (encrypted LM hash) and ATTk589914 (encrypted NT hash) attributes of user objects.
Currently there are a few ways to dump Active Directory and local password hashes. Until recently, the techniques I had seen used to get the hashes either relied on injecting code in to LSASS or using the Volume Shadow Copy service to obtain copies of the files which contain the hashes. I have created a PowerShell script called Invoke-NinjaCopy that allows any file (including NTDS.dit) to be copied without starting suspicious services, injecting in to processes, or elevating to SYSTEM.
Image hashes tell whether two images look nearly identical.This is different from cryptographic hashing algorithms (like MD5, SHA-1)where tiny changes in the image give completely different hashes.In image fingerprinting, we actually want our similar inputs to havesimilar output hashes as well.
Average hashing (aHashref)Perceptual hashing (pHashref)
Difference hashing (dHashref)
Wavelet hashing (wHashref)
Crop-resistant hashing (crop_resistant_hashref)
ExamplesTo help evaluate how different hashing algorithms behave, below are a few hashes appliedto two datasets. This will let you know what images an algorithm thinks are basically identical.
phash (or with z-transform)dhash (or with z-transform)
colorhash
average_hash (with z-transform)
The hashes use hashsize=8; colorhash uses binbits=3.You may want to adjust the hashsize or require some manhattan distance (hash1 - hash2
phash (or with z-transform)dhash (or with z-transform)
colorhash
average_hash (with z-transform)
For understanding hash distances, check out these excellent blog posts:* -perceptual-image-hashes-at-okcupid-e98a3e74aa3a* -blockchain.org/research/testing-different-image-hash-functions/
When such hashes are compared against the hashes of actual password, values that are also treated as 0 by PHP they end up getting evaluated as being equivalent, or true. In such cases attackers will be able to log into the account without the valid password, he said.
The above-given output was generated on a website ( -addr.com/md5_salted_hash-md5_salt_hash_generator_tool.php) that generates hashes based on input string and salt.How can I generate the same hash value using the same password "rose" and salt "jack123" on command line using md5? 2ff7e9595c
Comments