去年我寫了一篇哈希長度擴展攻擊的簡介以及HashPump安裝使用方法,本來已經足夠了,但HashPump還不是很完善的哈希長度擴展攻擊,HashPump在使用的時候必須提供original_data,近來的哈希長度擴展攻擊的題目已經不提供original_data,從原理上來說也不一定需要這個original_data,所以今年pcat又來寫一篇hexpand的安裝使用方法,鑒於時間關系,本人只在kali、Ubuntu14.04下測試。
--------------------------------------------------------------------
1. 安裝pkg-config
https://pkg-config.freedesktop.org/releases/
目前最新版pkg-config-0.29.2.tar.gz
v=0.29.2 wget https://pkg-config.freedesktop.org/releases/pkg-config-${v}.tar.gz tar -xzvf pkg-config-${v}.tar.gz cd pkg-config-${v}/ ./configure --with-internal-glib && make && make install
2. 安裝OpenSSL開發包
apt-get update apt-get install -y libssl-dev
# 新版kali里這樣安裝openssl是不行的,參考下面第7點。
3. hexpand的安裝
git clone https://github.com/amlweems/hexpand cd hexpand make
4. 報錯Package openssl was not found in the pkg-config search path.
搜索本機pkgconfig文件夾的openssl.pc、libssl.pc、libcrypto.pc,並將這3個文件復制到/usr/lib/pkgconfig/(如果不存在就新建個)下,然后
export PKG_CONFIG_PATH=/usr/lib/pkgconfig:$PKG_CONFIG_PATH
再進去hexpand所在目錄下進行hexpand的編譯
5. 報錯make: clang: Command not found
apt-get install clang
6. hexpand的使用方法
在hexpand所在目錄(當然你也可以把文件復制到/usr/bin/里)
./hexpand -t md5 -s 21232f297a57a5a743894a0e4a801fc3 -l 5 -m "pcat"
其中-l的5是哈希原文的長度,運行后就會得到附加數據,以及新得到的哈希值。
7. Kali 2018.1等安裝錯誤
-= 2018.08補充 =-
按以上的方法如果在Kali 2018.1或者別的版本上運行報錯如下:
hexpand.c:22:27: error: incomplete definition of type 'struct evp_md_ctx_st' int length_modulo = mdctx->digest->block_size; ~~~~~^ /usr/include/openssl/ossl_typ.h:92:16: note: forward declaration of 'struct evp_md_ctx_st' typedef struct evp_md_ctx_st EVP_MD_CTX; ^ hexpand.c:32:63: error: incomplete definition of type 'struct evp_md_ctx_st' unsigned char* h_data = (unsigned char *)((SHA512_CTX *)mdctx->md_data)->h; ……
這個跟系統有關系,Kali每一次變化都很大。這個得更新到最新的OpenSSL
git clone https://github.com/PeterMosmans/openssl cd openssl ./config && make && make test && make install
在最后的make install會看到
cp libcrypto.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc cp libssl.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc cp openssl.pc /usr/local/ssl/lib/pkgconfig chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
把這3個新的pc文件替換到/usr/lib/pkgconfig/下
cd /usr/local/ssl/lib/pkgconfig/ && cp openssl.pc libssl.pc libcrypto.pc /usr/lib/pkgconfig/
(注意,PKG_CONFIG_PATH環境變量要存在,可往上翻看第4點)
再進去hexpand文件夾下編譯會報錯:
hexpand.c:47:70: error: format specifies type 'unsigned int' but the argument has type '__uint64_t' (aka 'unsigned long') [-Werror,-Wformat] if (length_modulo == 128) sprintf(output+2*padding, "%032" PRIx32 , htole64(8*length)); ~~~~~~ ^~~~~~~~~~~~~~~~~ /usr/include/endian.h:75:22: note: expanded from macro 'htole64' # define htole64(x) __uint64_identity (x) ^~~~~~~~~~~~~~~~~~~~~ hexpand.c:48:48: error: format specifies type 'unsigned int' but the argument has type '__uint64_t' (aka 'unsigned long') [-Werror,-Wformat] else sprintf(output+2*padding, "%016" PRIx32 ,htole64(8*length)); ~~~~~~ ^~~~~~~~~~~~~~~~~ /usr/include/endian.h:75:22: note: expanded from macro 'htole64' # define htole64(x) __uint64_identity (x) ^~~~~~~~~~~~~~~~~~~~~ 2 errors generated. Makefile:21: recipe for target 'hexpand.o' failed
這個就是系統文件的問題了,我查閱了當前的/usr/include/endian.h
# define htole64(x) __uint64_identity (x)
而查閱老系統版本的/usr/include/endian.h
# define htole64(x) (x)
所以這個問題的暫時解決方法,修改下hexpand.c文件
sed -i 's/htole64(8\*length)/(8\*length)/g' hexpand.c
再進行編譯,報錯:
clang hexpand.o main.o -o hexpand -L/usr/local/ssl/lib -lssl -lcrypto /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup': dso_dlfcn.c:(.text+0x11): undefined reference to `dlopen' dso_dlfcn.c:(.text+0x24): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x2f): undefined reference to `dlclose' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func': dso_dlfcn.c:(.text+0x374): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x432): undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var': dso_dlfcn.c:(.text+0x4a7): undefined reference to `dlsym' dso_dlfcn.c:(.text+0x562): undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load': dso_dlfcn.c:(.text+0x5c8): undefined reference to `dlopen' dso_dlfcn.c:(.text+0x62d): undefined reference to `dlclose' dso_dlfcn.c:(.text+0x665): undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_pathbyaddr': dso_dlfcn.c:(.text+0x701): undefined reference to `dladdr' dso_dlfcn.c:(.text+0x75f): undefined reference to `dlerror' /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload': dso_dlfcn.c:(.text+0x7b2): undefined reference to `dlclose' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:19: recipe for target 'hexpand' failed
這也是新版OpenSSL的問題,只要加上-ldl -lpthread進行編譯即可,編輯Makefile文件
sed -i 's/--libs openssl)/& -ldl -lpthread /g' Makefile
最后就可以順利編譯成功。