implementing WordPress phpass hash cracking routine

2025-12-09 06:01:29 +00:00 · 2011-11-20 19:10:46 +00:00
parent f1979936c8
commit e1a92d59de
4 changed files with 91 additions and 36 deletions
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -73,6 +73,7 @@ class HASH:
    MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
    SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
    CRYPT_GENERIC = r'(?i)\A[./0-9A-Za-z]{13}\Z'
+    WORDPRESS = r'(?i)\A\$P\$[./0-9A-Za-z]{31}\Z'

 # Reference: http://www.zytrax.com/tech/web/mobile_ids.html
 class MOBILES:
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -365,6 +365,9 @@ REFLECTIVE_MISS_THRESHOLD = 20
 # Regular expression used for extracting HTML title
 HTML_TITLE_REGEX = "<title>(?P<result>[^<]+)</title>"

+# Table used for Base64 conversion in WordPress hash cracking routine
+ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+
 # Chars used to quickly distinguish if the user provided tainted parameter values
 DUMMY_SQL_INJECTION_CHARS = ";()'"

@@ -402,4 +405,7 @@ PARAMETER_SPLITTING_REGEX = r'[,|;]'
 UNION_CHAR_REGEX = r'\A\w+\Z'

 # Attribute used for storing original parameter value in special cases (e.g. POST)
-UNENCODED_ORIGINAL_VALUE = 'original'
+UNENCODED_ORIGINAL_VALUE = 'original'
+
+# Common column names containing usernames (used for hash cracking in some cases)
+COMMON_USER_COLUMNS = ('user', 'username', 'user_name', 'benutzername', 'benutzer', 'utilisateur', 'usager', 'consommateur', 'utente', 'utilizzatore', 'usufrutuario', 'korisnik', 'usuario', 'consumidor')