Last active
August 29, 2016 23:13
-
-
Save jrwarwick/44c1b13bc28410828f0f618dafda9df2 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!Powershell | |
| #Attempt to detect method of hashing/encrypting, focusing on the out-of-the-box .NET offerings | |
| $messages = ('Create Enemy/Small Standard', | |
| 'create enemy/small standard', | |
| 'CREATE ENEMY/SMALL STANDARD', | |
| 'CreateEnemy/SmallStandard', | |
| 'Create Enemy/Small Standard ' ) #padded to 100 chars | |
| $secret_keys = ('Artemis','artemis''ARTEMIS','2.4.0','eochu','EOCHU','techbear') | |
| $hmac_classes = ('HMACMD5','HMACRIPEMD160','HMACSHA1','HMACSHA256','HMACSHA384','HMACSHA512') | |
| $hash_classes = ('MD5','SHA1','SHA256','SHA384','SHA512') | |
| $symmetric_classes = ('AES','DES','TripleDES','RC2') | |
| $expected_output='9b4e92f7' | |
| function hash_spread($message, $hash_class) { | |
| #$hash = [System.Security.Cryptography.MD5]::Create() | |
| $hasher = New-Object System.Security.Cryptography.$($hash_class)CryptoServiceProvider | |
| #$data = [Text.Encoding]::ASCII.GetBytes($message) | |
| #$array = $hash.ComputeHash($data) | |
| $hash = $hasher.ComputeHash([Text.Encoding]::ASCII.GetBytes($message)) | |
| foreach($byte in $hash) {$hash_hex += $byte.ToString("x2")} | |
| write-output "$($hash_class):`t $($hash_hex)" ` | |
| $complete_match = $($hash_hex.ToUpper() -eq $expected_output.ToUpper()) | |
| $substring_found = $($hash_hex.ToUpper().Contains($expected_output.ToUpper())) | |
| if ($complete_match -or $substring_found) { | |
| write-host -ForegroundColor Green "`t`t$($complete_match) , $substring_found `t ( $($expected_output) )" | |
| } else { | |
| write-output "`t`t$($complete_match) , $substring_found `t ( $($expected_output) )" | |
| } | |
| } | |
| function hmac_spread($message, $secret, $hmac_class) { | |
| $hmac = New-Object System.Security.Cryptography.$hmac_class | |
| $hmac.key = [Text.Encoding]::ASCII.GetBytes($secret) | |
| $signature = $hmac.ComputeHash([Text.Encoding]::ASCII.GetBytes($message)) | |
| #unless we need it later# $signature = [Convert]::ToBase64String($signature) | |
| foreach($byte in $signature) {$sig_hex += $byte.ToString("x2")} | |
| write-output "$($hmac_class):`t $($sig_hex)" ` | |
| ## Do we get the expected signature? | |
| #write-output "`t`t $($signature -eq $expected_output) , $($signature.ToUpper().Contains($expected_output.ToUpper()))" | |
| $complete_match = $($sig_hex -eq $expected_output) | |
| $substring_found = $($sig_hex.ToUpper().Contains($expected_output.ToUpper())) | |
| if ($complete_match -or $substring_found) { | |
| write-host -ForegroundColor Green "`t`t$($complete_match) , $substring_found `t ( $($expected_output) )" | |
| } else { | |
| write-output "`t`t$($complete_match) , $substring_found `t ( $($expected_output) )" | |
| } | |
| } | |
| function symmetric_spread($message, $secret, $symmetric_class) { | |
| #TODO. This could be a bit more complicated with modes, ivs, etc. | |
| #and customs: http://stackoverflow.com/questions/2351087/what-is-the-best-32bit-hash-function-for-short-strings-tag-names | |
| #crc-32, fnv-1a, | |
| } | |
| write-output "Plain hashes ..." | |
| foreach ($hash_class_id in $hash_classes) { | |
| foreach ($msg in $messages) { | |
| hash_spread $msg $hash_class_id | |
| } | |
| } | |
| write-output "HMACs ..." | |
| foreach ($hmac_class_id in $hmac_classes) { | |
| foreach ($msg in $messages) { | |
| foreach ($key in $secret_keys) { | |
| #hmac_spread $messages[0] $secrets[0] $hmac_classes[3] | |
| hmac_spread $msg $key $hmac_class_id | |
| } | |
| } | |
| } | |
| #TODO# write-output "Symmetric ciphers ..." | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment