Different Hash ValuesWe often store passwords using one-way hashes. These hashes can often be reversed either with brute-force or with rainbow tables. A typical format is the MD5 method, which is identified by its ID (with a value of 1), along with the salt value ("fred") and hashed value of the password: We can use the crypt library in Python to generate the hashed values. It supports: 1 MD5 2a Blowfish 5 SHA-256 6 SHA-512 So if we want to compute the MD5 hash for a password of “password” and a salt value of “ZDzPE45C”, we use: import crypt; print crypt.crypt("password","$1$ZDzPE45C$") and the result is: # python 11.py $1$ZDzPE45C$EEQHJaCXI6yInV3FnskmF1 Again if we check with OpenSSL we get: # openssl passwd -1 -salt ZDzPE45C password $1$ZDzPE45C$EEQHJaCXI6yInV3FnskmF1 Unfortunately the crypt() library does not support APR1 within Linux systems, so we can use the apr_md5_crypt method: from passlib.hash import apr_md5_crypt; print apr_md5_crypt.encrypt("password",salt="ZDzPE45C") which gives: $apr1$ZDzPE45C$y372GZYCbB1WYtOkbm4/u. Again we can check against OpenSSL: root@kali:~# openssl passwd -apr1 -salt ZDzPE45C password $apr1$ZDzPE45C$y372GZYCbB1WYtOkbm4/u. Now we can use this library to create a wide range of hash values using hashlib and passlib: import hashlib; import passlib.hash; salt="ZDzPE45C" string="password" salt2="1111111111111111111111" print "General Hashes" print "MD5:"+hashlib.md5(string).hexdigest() print "SHA1:"+hashlib.sha1(string).hexdigest() print "SHA256:"+hashlib.sha256(string).hexdigest() print "SHA512:"+hashlib.sha512(string).hexdigest() print "UNIX hashes (with salt)" print "DES:"+passlib.hash.des_crypt.encrypt(string, salt=salt[:2]) print "MD5:"+passlib.hash.md5_crypt.encrypt(string, salt=salt) print "Bcrypt:"+passlib.hash.bcrypt.encrypt(string, salt=salt2[:22]) print "Sun MD5:"+passlib.hash.sun_md5_crypt.encrypt(string, salt=salt) print "SHA1:"+passlib.hash.sha1_crypt.encrypt(string, salt=salt) print "SHA256:"+passlib.hash.sha256_crypt.encrypt(string, salt=salt) print "SHA512:"+passlib.hash.sha512_crypt.encrypt(string, salt=salt) print "APR1:"+passlib.hash.apr_md5_crypt.encrypt(string, salt=salt) print "PHPASS:"+passlib.hash.phpass.encrypt(string, salt=salt) print "PBKDF2 (SHA1):"+passlib.hash.pbkdf2_sha1.encrypt(string, salt=salt) print "PBKDF2 (SHA256):"+passlib.hash.pbkdf2_sha256.encrypt(string, salt=salt) print "PBKDF2 (SHA512):"+passlib.hash.pbkdf2_sha512.encrypt(string, salt=salt) print "CTA PBKDF2:"+passlib.hash.cta_pbkdf2_sha1.encrypt(string, salt=salt) print "DLITZ PBKDF2:"+passlib.hash.dlitz_pbkdf2_sha1.encrypt(string, salt=salt) print "MS Windows Hashes" print "LM Hash:"+passlib.hash.lmhash.encrypt(string) print "NT Hash:"+passlib.hash.nthash.encrypt(string) print "MS DCC:"+passlib.hash.msdcc.encrypt(string, salt) print "MS DCC2:"+passlib.hash.msdcc2.encrypt(string, salt) print "LDAP Hashes" print "LDAP (MD5):"+passlib.hash.ldap_md5.encrypt(string) print "LDAP (MD5 Salted):"+passlib.hash.ldap_salted_md5.encrypt(string, salt=salt) print "LDAP (SHA):"+passlib.hash.ldap_sha1.encrypt(string) print "LDAP (SHA1 Salted):"+passlib.hash.ldap_salted_sha1.encrypt(string, salt=salt) print "LDAP (DES Crypt):"+passlib.hash.ldap_des_crypt.encrypt(string) print "LDAP (BSDI Crypt):"+passlib.hash.ldap_bsdi_crypt.encrypt(string) print "LDAP (MD5 Crypt):"+passlib.hash.ldap_md5_crypt.encrypt(string) print "LDAP (Bcrypt):"+passlib.hash.ldap_bcrypt.encrypt(string) print "LDAP (SHA1):"+passlib.hash.ldap_sha1_crypt.encrypt(string) print "LDAP (SHA256):"+passlib.hash.ldap_sha256_crypt.encrypt(string) print "LDAP (SHA512):"+passlib.hash.ldap_sha512_crypt.encrypt(string) print "LDAP (Hex MD5):"+passlib.hash.ldap_hex_md5.encrypt(string) print "LDAP (Hex SHA1):"+passlib.hash.ldap_hex_sha1.encrypt(string) print "LDAP (At Lass):"+passlib.hash.atlassian_pbkdf2_sha1.encrypt(string) print "LDAP (FSHP):"+passlib.hash.fshp.encrypt(string) print "Database Hashes" print "MS SQL 2000:"+passlib.hash.mssql2000.encrypt(string) print "MS SQL 2005:"+passlib.hash.mssql2005.encrypt(string) print "MS SQL 323:"+passlib.hash.mysql323.encrypt(string) print "MySQL:"+passlib.hash.mysql41.encrypt(string) print "Postgres (MD5):"+passlib.hash.postgres_md5.encrypt(string, user=salt) print "Oracle 10:"+passlib.hash.oracle10.encrypt(string, user=salt) print "Oracle 11:"+passlib.hash.oracle11.encrypt(string) print "Other Known Hashes" print "Cisco PIX:"+passlib.hash.cisco_pix.encrypt(string, user=salt) print "Cisco Type 7:"+passlib.hash.cisco_type7.encrypt(string) print "Dyango DES:"+passlib.hash.django_des_crypt.encrypt(string, salt=salt) print "Dyango MD5:"+passlib.hash.django_salted_md5.encrypt(string, salt=salt[:2]) print "Dyango SHA1:"+passlib.hash.django_salted_sha1.encrypt(string, salt=salt) print "Dyango Bcrypt:"+passlib.hash.django_bcrypt.encrypt(string, salt=salt2[:22]) print "Dyango PBKDF2 SHA1:"+passlib.hash.django_pbkdf2_sha1.encrypt(string, salt=salt) print "Dyango PBKDF2 SHA1:"+passlib.hash.django_pbkdf2_sha256.encrypt(string, salt=salt) It can be seen that in some cases the salt value needs to be at least 22 characters. Also the [:2] modifier will generate a string with 2 characters. When we run it we get: General Hashes MD5:5f4dcc3b5aa765d61d8327deb882cf99 SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 SHA256:5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 SHA512:b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 UNIX hashes (with salt) DES:ZD3yxA4N/XZVg MD5:$1$ZDzPE45C$EEQHJaCXI6yInV3FnskmF1 Sun MD5:$md5,rounds=34000$ZDzPE45C$$RGKsbBUBhidHsaNDUMEEX0 Bcrypt:$2a$12$NkYh0RCM8pNWPaYvRLgN9./EyVCd3YsYT8XQ/zq3bHrjqWaPB38Ou SHA1:$sha1$480000$ZDzPE45C$gfgoLWRrJHj/ZiXsV101NCX1GfUH SHA256:$5$rounds=535000$ZDzPE45C$OuICueKPJYEtr8.A1iZMpZ11v07uuX/2cXfRrKmF1i6 SHA512:$6$rounds=656000$ZDzPE45C$uCmjusfwHL378JNZeUuFbTqoeBentVZzoRAVHzke6/mcqJpOppAkVyqn8A41sKXMad3DG7O2QL/ZnYABfK3j1/ APR1:$apr1$ZDzPE45C$y372GZYCbB1WYtOkbm4/u. PHPASS:$P$HZDzPE45Ch4tvOeT9mhtu3i2G/JybR1 PBKDF2 (SHA1):$pbkdf2$131000$WkR6UEU0NUM$.L1L.AVXTBSsc0FuHRQz4PNMVXc PBKDF2 (SHA256):$pbkdf2-sha256$29000$WkR6UEU0NUM$pd1VbFkOA/VwbhJZhJ.25kHPsKVXika2XsuKYoudcug PBKDF2 (SHA512):$pbkdf2-sha512$25000$WkR6UEU0NUM$S.ymDjKjwM9XaQsofRC6KX1s.pQvZvVmMxdrrLi16pCazREoyJGxe8.Tn6Zhi3S0B6H6rcrxITllAEo3rDwBng CTA PBKDF2:$p5k2$1ffb8$WkR6UEU0NUM=$-L1L-AVXTBSsc0FuHRQz4PNMVXc= DLITZ PBKDF2:$p5k2$1ffb8$ZDzPE45C$2Cye7ESZt2eO2ouLHuL7h4bJmD13yGsq MS Windows Hashes LM Hash:e52cac67419a9a224a3b108f3fa6cb6d NT Hash:8846f7eaee8fb117ad06bdd830b7586c MS DCC:c531cc9702cbbe9053dfa32d8940c2ca MS DCC2:920873ab14cffe2420ebf69c6d5f8ee7 LDAP Hashes LDAP (MD5):{MD5}X03MO1qnZdYdgyfeuILPmQ== LDAP (MD5 Salted):{SMD5}ZYxs6V7nZOz+ALwZu8nWglpEelBFNDVD LDAP (SHA):{SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= LDAP (SHA1 Salted):{SSHA}Rr2ARpei2FyhmO51IpsE0S1np2BaRHpQRTQ1Qw== LDAP (DES Crypt):{CRYPT}QzBi8W6DGi.6k LDAP (BSDI Crypt):{CRYPT}_7C/.sjJLVVlrcUCQx6o LDAP (MD5 Crypt):{CRYPT}$1$FQXexPtH$66qrMxgwefypEbMBJ5FQr1 LDAP (Bcrypt):{CRYPT}$2a$12$S8KIwdBkwMPkff6lyjEaCObeR2HtROivuE0xMDhacvgqjuRwMa2Tm LDAP (SHA1):{CRYPT}$sha1$480000$5I8psE7V$2xXDpJWp0e2GYPMBnIGeyb5Vy.5/ LDAP (SHA256):{CRYPT}$5$rounds=535000$frqKv7qdl/lnihf3$FPUfuGgtHNwtdMu3L.l9MMk2QuBGTawT/tnM/1iRnk3 LDAP (SHA512):{CRYPT}$6$rounds=656000$f6H3agww00E2yaA5$UMUiTEM/KZ8oj01zt.3pk9c0Mf5qGgCs2s6xc.fJzNJ21SkXHBHilgb4l4CG.H4lfmS5rVSiEOg8.KSkK9BgS. LDAP (Hex MD5):{MD5}5f4dcc3b5aa765d61d8327deb882cf99 LDAP (Hex SHA1):{SHA}5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 LDAP (At Lass):{PKCS5S2}QQjBWAuhFGJMScl5z5mT8mCgjdVhjpdNtEtPhEfRH+yJdPyMIdO9cA+Wasl0xZDc LDAP (FSHP):{FSHP1|16|480000}i1GqlXIuxThHCOFcC6FUKmtHXnGkdqCXJZHLbEPpRpeWLwV+czhOcOoQSthWRudL Database Hashes MS SQL 2000:0x01006EED7DAFD5917DB47D0B735192DFC78F41C18D938EF2C9CAFE1DB1DEA402D32506FB7BA82AFE9C14CB1493EC MS SQL 2005:0x010026C4F8DFDCD1D683FDA48CCF6DF4D5623F979711A4C24E7D MS SQL 323:5d2e19393cc5ef67 MySQL:*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 Postgres (MD5):md5658c6ce95ee764ecfe00bc19bbc9d682 Oracle 10:A8F6239BAE6A967A Oracle 11:S:3CF158912C1E6D32DB86D2424754F1935DABD1197FD1CC0D9498BFC15761 Other Known Hashes Cisco PIX:NLETddx4AEoSe48z Cisco Type 7:140713181F13253920 Dyango DES:crypt$ZDzPE45C$ZD3yxA4N/XZVg Dyango MD5:md5$ZD$32797d3a40d12ed6dc6fa57d0f745ca5 Dyango SHA1:sha1$ZDzPE45C$525954ca97fad2fdb772ebc621bd1d4f846be2d4 Dyango Bcrypt:bcrypt$$2a$12$111111111111111111111uAQxS9vJNRtBb6zeFDV6k7tyB0DZJF0a Dyango PBKDF2 SHA1:pbkdf2_sha1$131000$ZDzPE45C$+L1L+AVXTBSsc0FuHRQz4PNMVXc= Dyango PBKDF2 SHA1:pbkdf2_sha256$29000$ZDzPE45C$pd1VbFkOA/VwbhJZhJ+25kHPsKVXika2XsuKYoudcug= We can see that our salted "APR1" password of “password” and with a salt of “ZDzPE45C” comes out as we expected as “\$apr1\$ZDzPE45C\$y372GZYCbB1WYtOkbm4/u.” |