Cryptographic Failures

Any misuse or lack of cryptographic security. The most common examples are weak password hashing, the use of HTTP instead of HTTPS, and vulnerable JavaScript web tokens.

We can find a typical example of this vulnerability as follows:

Assume we have obtained a password hash. First, we save it on a file

echo '$hash' > $file.hash

Then, we can use hashcat to break this hashed password

hashcat -a $attackmode -m $hashtype $hashFile $dictionary
#Example
hashcat -a 0 -m 400 password.hash ~/passwords.txt #400 for PHP, 0 straight

If successful, this will crack the hash and give us the corresponding password in the form of $hash:$password

#Example output
...
$P$BSAsRXrty.su96KEtHWItmZmNoXW8n0:pericles               
                                                          
Session..........: hashcat
Status...........: Cracked
...

PreviousBroken Access Control NextInjection

Last updated 8 months ago