1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-03-29 15:29:58 +01:00

Insecure Randomness

This commit is contained in:
Swissky 2022-10-17 11:07:33 +02:00
parent 8df0f565f3
commit 2fc3eed8a5
2 changed files with 48 additions and 1 deletions

View File

@ -0,0 +1,43 @@
# Insecure Randomness
## Summary
* [GUID / UUID](#guid--uuid)
* [GUID Versions](#guid-versions)
* [Tools](#tools)
* [References](#references)
## GUID / UUID
### GUID Versions
Version identification: `xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx`
The four-bit M and the 1- to 3-bit N fields code the format of the UUID itself.
| Version | Notes |
|----------|--------|
| 0 | Only `00000000-0000-0000-0000-000000000000` |
| 1 | based on time, or clock sequence |
| 2 | reserved in the RFC 4122, but ommitted in many implementations |
| 3 | based on a MD5 hash |
| 4 | randomly generated |
| 5 | based on a SHA1 hash |
### Tools
* [intruder-io/guidtool](https://github.com/intruder-io/guidtool) - A tool to inspect and attack version 1 GUIDs
```ps1
$ guidtool -i 95f6e264-bb00-11ec-8833-00155d01ef00
UUID version: 1
UUID time: 2022-04-13 08:06:13.202186
UUID timestamp: 138691299732021860
UUID node: 91754721024
UUID MAC address: 00:15:5d:01:ef:00
UUID clock sequence: 2099
$ guidtool 1b2d78d0-47cf-11ec-8d62-0ff591f2a37c -t '2021-11-17 18:03:17' -p 10000
```
### References
* [In GUID We Trust - Daniel Thatcher - October 11, 2022](https://www.intruder.io/research/in-guid-we-trust)

View File

@ -149,10 +149,13 @@ john --restore
* PACK (Password Analysis and Cracking Kit)
* https://github.com/iphelix/pack/blob/master/README
* Can produce custom hcmask files to use with hashcat, based on statistics and rules applied on an input dataset
* Use Deep Learning
* [brannondorsey/PassGAN](https://github.com/brannondorsey/PassGAN)
## Online Cracking Resources
* ~~[hashes.com](https://hashes.com)~~
* [hashes.com](https://hashes.com)
* [crackstation](https://crackstation.net)
* [Hashmob](https://hashmob.net/)
@ -163,3 +166,4 @@ john --restore
* [Using Hashcat to Crack Hashes on Azure](https://durdle.com/2017/04/23/using-hashcat-to-crack-hashes-on-azure/)
* [miloserdov.org hashcat](https://miloserdov.org/?p=5426&PageSpeed=noscript)
* [miloserdov.org john](https://miloserdov.org/?p=4961&PageSpeed=noscript)
* [DeepPass — Finding Passwords With Deep Learning - Will Schroeder - Jun 1](https://posts.specterops.io/deeppass-finding-passwords-with-deep-learning-4d31c534cd00)