Cryptographic Failures (WIP)

Any misuse or lack of cryptographic security. The most common examples are weak password hashing, the use of HTTP instead of HTTPS, and vulnerable JavaScript web tokens.

We can find a typical example of this vulnerability as follows:

Assume we have obtained a password hash. First, we save it in a file

echo '$hash' > $file.hash

Then, we can use hashcat to break this hashed password

hashcat -a $attackmode -m $hashtype $hashFile $dictionary
#Example
hashcat -a 0 -m 400 password.hash ~/passwords.txt #400 for PHP, 0 straight

If successful, this will crack the hash and give us the corresponding password in the form of $hash:$password

#Example output
...
$P$BSAsRXrty.su96KEtHWItmZmNoXW8n0:pericles               
                                                          
Session..........: hashcat
Status...........: Cracked
...

PreviousInsecure Design (WIP)NextAuthentication Failures (WIP)

Last updated 8 months ago