Module Name: Adobe Hash Cracker
Module path: recon/credentials-credentials/adobe
Name: Adobe Hash Cracker
Path: modules/recon/credentials-credentials/adobe.py
Author: Ethan Robish (@EthanRobish) and Tim Tomes (@LaNMaSteR53)
Description:
Decrypts hashes leaked from the 2013 Adobe breach. First, the module cross references the leak ID to identify Adobe hashes in the 'password' column of the 'creds' table, moves the Adobe hashes to the 'hash' column, and changes the 'type' to 'Adobe'. Second, the module attempts to crack the hashes by comparing the ciphertext's decoded cipher blocks to a local block lookup table (BLOCK_DB) of known cipher block values. Finally, the module updates the 'creds' table with the results based on the level of success.
Options:
| Name |
Current Value |
Required |
Description |
| BLOCK_DB |
/usr/share/recon-ng/data/adobe_blocks.json |
yes |
JSON file containing known Adobe cipher blocks and plaintext |
| SOURCE |
default |
yes |
source of input (see 'show info' for details) |
Source Options:
| default |
SELECT DISTINCT hash FROM credentials WHERE hash IS NOT NULL AND password IS NULL AND type IS 'Adobe' |
| <string> |
string representing a single input |
| <path> |
path to a file containing a list of inputs |
| query <sql> |
database query returning one column of inputs |
Comments:
* Hash types supported: Adobe's base64 format
* Hash database from: http://stricture-group.com/files/adobe-top100.txt
* A completely padded password indicates that the exact length is known.