05-12-2017, 08:14 AM
Hey guys,
I stumbled upon this problem looking at a MySQL db record of a forum software which had a faulty implementation of passing passwords on register-process.
Turned out, every password containing one or more of different special characters (like !, &, < and >) was encoded into its html-entity pendant.
! turned to #&33;
& turned to #&
Weird stuff but I finally realized this happened when passing the passwords into the db.
Now my question:
Regarding the different attack modes I had to use workarounds to deal with this encoding, like appending $#$&$3$3$; to a wordlist. But I need this a little more simple for like character injection into passwords of a wordlist. Thought of using the char-substitution-rule like
s!#&33;
but this is not a valid rule. Solved this by preparing my wordlists with 'sed' before using it, but this is still not very flexible.
Is there a way to tell hashcat to substitute the single characters with the whole 5-or-more-char-strings?
I stumbled upon this problem looking at a MySQL db record of a forum software which had a faulty implementation of passing passwords on register-process.
Turned out, every password containing one or more of different special characters (like !, &, < and >) was encoded into its html-entity pendant.
! turned to #&33;
& turned to #&
Weird stuff but I finally realized this happened when passing the passwords into the db.
Now my question:
Regarding the different attack modes I had to use workarounds to deal with this encoding, like appending $#$&$3$3$; to a wordlist. But I need this a little more simple for like character injection into passwords of a wordlist. Thought of using the char-substitution-rule like
s!#&33;
but this is not a valid rule. Solved this by preparing my wordlists with 'sed' before using it, but this is still not very flexible.
Is there a way to tell hashcat to substitute the single characters with the whole 5-or-more-char-strings?