Couple of patches and implementation for SHA256 (Issue #1881)

2025-01-23 15:54:24 +03:00 · 2017-10-16 15:15:44 +02:00 · 2017-10-16 15:15:44 +02:00 · 7b0f1fd7fc
commit 7b0f1fd7fc
parent 1f60dfc835
2 changed files with 18 additions and 4 deletions
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -121,9 +121,10 @@ class HASH:
    ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z'
    MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
    SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
-    SHA224_GENERIC = r'(?i)\A[0-9a-f]{28}\Z'
-    SHA384_GENERIC = r'(?i)\A[0-9a-f]{48}\Z'
-    SHA512_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
+    SHA224_GENERIC = r'(?i)\A[0-9a-f]{56}\Z'
+    SHA256_GENERIC = r'(?i)\A[0-9a-f]{64}\Z'
+    SHA384_GENERIC = r'(?i)\A[0-9a-f]{96}\Z'
+    SHA512_GENERIC = r'(?i)\A[0-9a-f]{128}\Z'
    CRYPT_GENERIC = r'\A(?!\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z)(?![0-9]+\Z)[./0-9A-Za-z]{13}\Z'
    JOOMLA = r'\A[0-9a-f]{32}:\w{32}\Z'
    WORDPRESS = r'\A\$P\$[./0-9a-zA-Z]{31}\Z'
--- a/lib/utils/hash.py
+++ b/lib/utils/hash.py
@ -35,6 +35,7 @@ import zipfile
 from hashlib import md5
 from hashlib import sha1
 from hashlib import sha224
+from hashlib import sha256
 from hashlib import sha384
 from hashlib import sha512
 from Queue import Queue
@ -272,6 +273,16 @@ def sha224_generic_passwd(password, uppercase=False):

    return retVal.upper() if uppercase else retVal.lower()

+def sha256_generic_passwd(password, uppercase=False):
+    """
+    >>> sha256_generic_passwd(password='testpass', uppercase=False)
+    '13d249f2cb4127b40cfa757866850278793f814ded3c587fe5889e889a7a9f6c'
+    """
+
+    retVal = sha256(password).hexdigest()
+
+    return retVal.upper() if uppercase else retVal.lower()
+
 def sha384_generic_passwd(password, uppercase=False):
    """
    >>> sha384_generic_passwd(password='testpass', uppercase=False)
@ -455,6 +466,7 @@ __functions__ = {
                    HASH.MD5_GENERIC: md5_generic_passwd,
                    HASH.SHA1_GENERIC: sha1_generic_passwd,
                    HASH.SHA224_GENERIC: sha224_generic_passwd,
+                    HASH.SHA256_GENERIC: sha256_generic_passwd,
                    HASH.SHA384_GENERIC: sha384_generic_passwd,
                    HASH.SHA512_GENERIC: sha512_generic_passwd,
                    HASH.CRYPT_GENERIC: crypt_generic_passwd,
@ -911,7 +923,8 @@ def dictionaryAttack(attack_dict):
            if user and not user.startswith(DUMMY_USER_PREFIX):
                custom_wordlist.append(normalizeUnicode(user))

-        if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1):
+        # Algorithms without extra arguments (e.g. salt and/or username)
+        if hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1):
            for suffix in suffix_list:
                if not attack_info or processException:
                    break