Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-22 02:53:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #26 from vin01/patch-1

Browse source 
Update crypto.md
This commit is contained in:
EdOverflow 2017-10-17 16:03:19 +02:00 committed by GitHub
commit 469dda90e9
1 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
cheatsheets/crypto.md
View file

@ -47,3 +47,31 @@
```
0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345
```
**Length extension attack**
In cryptography and computer security, a length extension attack is a type of attack where an attacker can use `Hash(message1)` and the length of `message1` to calculate `Hash(message1 ∥ message2)` for an attacker-controlled `message2`.
In Summary: Given a hash that is composed of a string with an unknown prefix, an attacker can append to the string and produce a new hash that still has the unknown prefix.
An example:
```
http://example.com/download?file=report.pdf&mac=563162c9c71a17367d44c165b84b85ab59d036f9
```
```
http://example.com/download?file=report.pdf%80%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00
%00%00%A8/../../../../../../../etc/passwd&mac=ee40aa8ec0cfafb7e2ec4de20943b673968857a5
```
A related HackerOne report: https://hackerone.com/reports/251572
Tool to extend a hash: https://github.com/iagox86/hash_extender
More details about the attack:
https://www.whitehatsec.com/blog/hash-length-extension-attacks/
https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks