mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
Insecure Randomness
This commit is contained in:
parent
8df0f565f3
commit
2fc3eed8a5
43
Insecure Randomness/README.md
Normal file
43
Insecure Randomness/README.md
Normal file
@ -0,0 +1,43 @@
|
||||
# Insecure Randomness
|
||||
|
||||
## Summary
|
||||
|
||||
* [GUID / UUID](#guid--uuid)
|
||||
* [GUID Versions](#guid-versions)
|
||||
* [Tools](#tools)
|
||||
* [References](#references)
|
||||
|
||||
## GUID / UUID
|
||||
|
||||
### GUID Versions
|
||||
|
||||
Version identification: `xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx`
|
||||
The four-bit M and the 1- to 3-bit N fields code the format of the UUID itself.
|
||||
|
||||
| Version | Notes |
|
||||
|----------|--------|
|
||||
| 0 | Only `00000000-0000-0000-0000-000000000000` |
|
||||
| 1 | based on time, or clock sequence |
|
||||
| 2 | reserved in the RFC 4122, but ommitted in many implementations |
|
||||
| 3 | based on a MD5 hash |
|
||||
| 4 | randomly generated |
|
||||
| 5 | based on a SHA1 hash |
|
||||
|
||||
### Tools
|
||||
|
||||
* [intruder-io/guidtool](https://github.com/intruder-io/guidtool) - A tool to inspect and attack version 1 GUIDs
|
||||
```ps1
|
||||
$ guidtool -i 95f6e264-bb00-11ec-8833-00155d01ef00
|
||||
UUID version: 1
|
||||
UUID time: 2022-04-13 08:06:13.202186
|
||||
UUID timestamp: 138691299732021860
|
||||
UUID node: 91754721024
|
||||
UUID MAC address: 00:15:5d:01:ef:00
|
||||
UUID clock sequence: 2099
|
||||
|
||||
$ guidtool 1b2d78d0-47cf-11ec-8d62-0ff591f2a37c -t '2021-11-17 18:03:17' -p 10000
|
||||
```
|
||||
|
||||
### References
|
||||
|
||||
* [In GUID We Trust - Daniel Thatcher - October 11, 2022](https://www.intruder.io/research/in-guid-we-trust)
|
@ -149,10 +149,13 @@ john --restore
|
||||
* PACK (Password Analysis and Cracking Kit)
|
||||
* https://github.com/iphelix/pack/blob/master/README
|
||||
* Can produce custom hcmask files to use with hashcat, based on statistics and rules applied on an input dataset
|
||||
* Use Deep Learning
|
||||
* [brannondorsey/PassGAN](https://github.com/brannondorsey/PassGAN)
|
||||
|
||||
|
||||
## Online Cracking Resources
|
||||
|
||||
* ~~[hashes.com](https://hashes.com)~~
|
||||
* [hashes.com](https://hashes.com)
|
||||
* [crackstation](https://crackstation.net)
|
||||
* [Hashmob](https://hashmob.net/)
|
||||
|
||||
@ -163,3 +166,4 @@ john --restore
|
||||
* [Using Hashcat to Crack Hashes on Azure](https://durdle.com/2017/04/23/using-hashcat-to-crack-hashes-on-azure/)
|
||||
* [miloserdov.org hashcat](https://miloserdov.org/?p=5426&PageSpeed=noscript)
|
||||
* [miloserdov.org john](https://miloserdov.org/?p=4961&PageSpeed=noscript)
|
||||
* [DeepPass — Finding Passwords With Deep Learning - Will Schroeder - Jun 1](https://posts.specterops.io/deeppass-finding-passwords-with-deep-learning-4d31c534cd00)
|
Loading…
Reference in New Issue
Block a user