Go Back   Exetools > General > Community Tools


Thread Tools Display Modes
Old 01-15-2019, 18:55
CodeCracker CodeCracker is offline
Join Date: Jun 2011
Posts: 297
Rept. Given: 18
Rept. Rcvd 245 Times in 68 Posts
Thanks Given: 12
Thanks Rcvd at 1,005 Times in 222 Posts
CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299
Hexpand - hash key legth attack for Window

Hexpand - hash key legth attack for Window

Original source location:
This version is ported to Windows.

Version of OPENSSL used:
OpenSLL 1.1.0e 16 Feb 2017
The fallowing files should be present:
These filess are present in SSL_DLLS.rar rar archive!

I've used Visual Studio 2008 Command Prompt
for compling source code with nmake.exe
see Compile.bat

Hexpand is a tool for automating hash length extension attacks.

## What's a length extension attack? ##

Hash length extension attacks allow an attacker to construct the `H(secret|message|append)`
given only `H(secret|message)` and the length of `secret|message`.
The attack uses the output hash to reconstruct the internal state of the hash function.
From there, it is trivial to feed the hash function the data to be appended and output the new hash.

How this works?
We continue hasing for we "left" by setting hash internal state:
SHA512_CTX.h[] for SHA and MD5_CTX.a, MD5_CTX.b, MD5_CTX.c, MD5_CTX.d for MD5
The data to be append is standard padding of the hash algorithms!
Plus of course the message to be append!

Missing dlls (OpenSLL), should be placed on hexpand.exe location:
Attached Files
File Type: zip hexpandw.zip (49.1 KB, 13 views)
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
niculaita (01-16-2019)
The Following 8 Users Say Thank You to CodeCracker For This Useful Post:
Git (01-15-2019), gsaralji (01-16-2019), Indigo (07-19-2019), niculaita (01-16-2019), ontryit (01-15-2019), p4r4d0x (01-16-2019), toro (01-16-2019), user1 (05-21-2019)

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
known-plaintext attack eychei General Discussion 6 04-08-2018 06:03
RC4 Attack DARKER General Discussion 1 02-27-2015 02:44
Themida Attack Yado General Discussion 23 01-28-2005 04:07
Zip Plaintext Attack Query Numega Softice General Discussion 1 03-26-2004 01:30

All times are GMT +8. The time now is 10:52.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )