Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added php hashes #969

Merged
merged 2 commits into from
Feb 16, 2024
Merged

Added php hashes #969

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a43614b
Imported and cleaned php magic hashes
molangning Feb 16, 2024
b322c01
Moved pbkdf and updated updated readme.md
molangning Feb 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 0 additions & 25 deletions Passwords/PHP-Magic-Hashes.txt
View file
Open in desktop

This file was deleted.

47 changes: 47 additions & 0 deletions Passwords/php-hashes/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# PHP magic hashes

PHP has some unique features which makes hash collisions more easier when using the `==` to compare.

The raw text are taken directly from [spaze/hashes](https://github.com/spaze/hashes/)

- - -

### Floating comparison

Any strings that starts with any numbers of `0`, followed by `e` then ends with only numbers will be treated as zero. An example of such strings are `0e123456` and `00e123456`. [Example code](https://3v4l.org/n8iOp)

This behavior can be extended to numbers, like `'0' == '000`. [Example code](https://3v4l.org/K9QRb)

With loose comparison, these two example strings will equate to each other as both of them are treated as a zero in the backend.

Sometimes, hashes of specific strings will result in those special strings as an result. Those hashes are called `magic hashes`

Here is an example of such weak comparison for [sha256](https://3v4l.org/Lu7tm).

- - -

### Plaintext

Plaintext.txt just contains some ways to abuse php's weak comparison

- - -

### Truncated text

For bcrypt, passwords are automatically truncated to 72 characters, so as long as the first 72 characters match, the hashes will match.

[Bcrypt example](https://3v4l.org/MsfS0)

Descrypt have similar behavior to bcrypt, but passwords are instead truncated to 8 characters.

- - -

## Pre-hashed

<!--- Modified from https://github.com/spaze/hashes?tab%253Dreadme-ov-file#pbkdf2-hmac-sha1-pbkdf2-hmac-sha224-pbkdf2-hmac-sha256-->

If you use a password longer than 64 bytes and hash it with PBKDF2-HMAC-SHA1, it is first pre-hashed with SHA1.

For example, `PBKDF2-HMAC-SHA1(password1) === PBKDF2-HMAC-SHA1(password2)` as `sha1(password1) === bin2hex(password2)`.

This behavior can also be seen in `PBKDF2-HMAC-SHA224` and `PBKDF2-HMAC-SHA256`.
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/crc32.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
HFS_uPqtIQPl:0e929373
HFS_NhqlNQ1D:0e965437
HFS_+1G2t/1r:00e84097
HFS_6nk6Zta1:0e673017
HFS_MmTo331q:0e644471
HFS_AzZkcN8f:0e551616
HFS_0LxhhhkZ:0e840769
HFS_iKGvCNnD:0e402980
HFS_YYdr5SWA:00e60109
HFS_kJ8SLtXh:0e513732
do+d4JXvGqvL:0e687021
9tawE8a0EUyU:0e626693
i6BliFUdioZ2:0e805102
ZzukD6ZZUYnf:0e138757
R0GVRbsgqAkq:0e263353
Dusy8MDlN1DG:0e859691
o2XXS8QutHnK:0e616557
rWySA3KKmokQ:0e951917
zu9dxemJPNdk:0e223236
cG4ZtD4z8JiK:0e559727
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/crc32b.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
HFS_t90miW9g:0e395566
HFS_cJ3zkvQY:0e508686
HFS_BtdiQ0kq:0e867068
HFS_oimsNm9f:00e36431
HFS_Ff7z2lY9:0e957694
HFS_1ogclZt0:0e245532
HFS_6lpwmZAV:00e62469
HFS_1nUsdYXt:0e731733
HFS_sseFHTIO:0e975617
HFS_3y5RlRwJ:00e65928
m7IHnxcRTBBO:0e940524
s8nGXfzc1gLV:0e306100
5JYJnHH7EB7w:0e383201
ppBjSUTcuIde:0e956113
W/GKrHQ9sRqk:0e772663
cCsoYjRJ3qL0:0e050048
0rc8nlzuCvtG:0e419810
Prq11e6Styrp:0e292230
0joOpQlWgVSD:0e501433
XqrtwN9LgTM/:0e689095
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/fnv132.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
HFS_fJRRVm+S:0e604578
HFS_jpRkyCVW:0e812503
HFS_GrBcUOEe:0e362351
HFS_CP4WQQ/m:0e829559
HFS_MYXHoW7e:00e21725
HFS_6m34HXl+:0e300614
HFS_hVCZWCh4:0e824542
HFS_VNIzVR6G:0e349231
HFS_FwB287AP:0e887988
HFS_fnsOA2UV:0e962163
jQBvBPJca0X6:0e191084
v9v5lkxbgndN:0e708569
KKduycJo2NA4:0e859228
RW3AsBuFRofx:00e21355
H/8tFwVkV0nd:0e829312
vH55u2YbjcAA:0e265582
zP9Izjs2irUW:0e673403
61ePjhO7MXSy:0e997362
zEL2Ax4CVoFz:00e03591
kAnNwLx+vmlh:0e498108
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/fnv164.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
HFS_mmjH9CNN:0e99769769728569
HFS_6XEFLJOH:0e77252548411175
HFS_2jtp0982:0e34597864874626
HFS_b3kSpfs+:0e30751543430386
HFS_aAQs6Cyu:0e66626906207668
HFS_qRCQCIaK:0e97108743422874
HFS_h/B2aEbV:0e48470717638788
HFS_NQRnuOOl:0e78474377494907
HFS_BaC2dl4c:00e7018025920202
HFS_HF6Wgc28:00e4477970079172
ICE1d0K/RL7T:0e87116729093816
OgpHAyV7w/pt:0e92510903960722
Ls/ijNyI2dW3:0e49565360806964
vT+ia3KjNMMn:0e43654725309262
8UZZxmSBbj7f:0e55840857685749
mUxTfMMkdSec:0e33409805165683
z9B8zV8jAUJl:0e43960404058632
LfauICk8l0d6:0e10379759030222
BMS4d1MCRE3m:0e12639087316691
6KyW3y0vOXSS:0e44708754369825
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/fnv1a32.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
HFS_wyEBSA7V:0e534803
HFS_NTG/rp8K:0e380702
HFS_8bb79J+r:0e499146
HFS_NCLJdw8D:0e279619
HFS_+U/ddhtj:0e844548
HFS_wR+uZeeF:0e696336
HFS_t8jKENCz:00e50378
HFS_p0BbTwIs:0e873774
HFS_HcjAD1gZ:0e558807
HFS_Y1iiKHNg:0e850401
Ky/FMUV7acqp:0e338008
nIao+ZCGW1yi:0e850185
Ba+1AjsMkgU4:0e611004
dBWEkOOVrm1H:00e81498
pz0fUrCik7Xj:0e561856
VVwHKixOOkp5:0e265262
brm9jKlyPDuD:0e577432
j9ppOBAEe4FI:0e888223
2XCVJqdz5buc:0e647622
ifU9AwKqTpFk:0e859873
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/fnv1a64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
HFS_Zk558Stl:0e63735032620881
HFS_Z0zC19dz:00e4539999025438
HFS_AjgVckBy:0e24330735757830
HFS_Rsa1ptfV:0e14987418690258
HFS_EB4aWjEF:0e99230175338237
HFS_xiyO7ooR:0e59842152613905
HFS_ZzkcfVgb:0e25056956505672
HFS_Dn1zB//4:0e03757793636208
HFS_NGPMd7bq:0e44676527555825
HFS_tmbw2/qf:0e40131582938791
pco3ZfZmrUBJ:0e05359896370116
bz9ISyvY9Vb3:0e65395150279106
M6R0BrFPl148:0e43580429083055
W3ip6wIFHvas:0e06505527087824
eCDWwfqkpUIR:0e25777293567931
IJtSxVbjF2ob:0e81314171010538
064Tu56U1UEb:0e68411166834011
v2juiQs2UUxS:0e06435821426364
pviQoG24tL22:00e3577320523955
mGToWOBcVspV:0e53560715322800
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/haval128,3.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
Hc0aB8p8CpKi:00e87990840549464436715117226983
BGGJlLv/GYok:00e85650966369081160436000945995
s7WMcKnZ/kzg:00e97615161216545460560708019418
NK+nx5eetv/p:0e637481972504749625591446873225
MUn+9Ib6/NMO:0e564934382199694374935868660885
towJzaPbSeJN:0e800051290985131754184104629939
EjFIOVEP2Y/w:0e648021848868658747230365721319
tVf4T+/e1BRT:0e197045554516607160549489551104
+Q8pxIx4VkiZ:0e323951952843860186883283848540
xWAK0mTzfVrG:0e338717845199315687624058385989
HFS_eVqZgPDV2o6D:0e803410568231701558419329821959
HFS_FmSb/K9NnkL3:00e27465814007486943610626830963
HFS_csuacgV1fhVy:0e496412321227784868481853981968
HFS_h6PP2IEtlFat:0e109202590694681889848277372784
HFS_woa6CK0FITIy:0e888470791968982727374420202621
HFS_49EiLRodZfmQ:0e843253718875009042858566146390
HFS_Ja7HxaNIKdD2:0e300530956879222335658470434733
HFS_+fAaaZUkDHUE:0e087311696200150344500783258968
HFS_HqJ0DJ0q3plN:0e109720983314623637038758578773
HFS_76se6PIp21MU:0e223117526056466767519217492299
22 changes: 22 additions & 0 deletions Passwords/php-hashes/floating_comp/haval128,4.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
kkNwiLvp:0e224499306604034592498556683884
aVzj4kSl:0e699098147704478302187197452577
Rr0rtxAmJkX1:0e948786571371740736679014195910
pOfQlZN1bEe+:0e763143522516249376445822634702
X5FUngTs0xmK:0e034132293760348512897203627244
B2wruC8LuwPp:0e792256378944410505513115026683
GkKeU7RSZ+tB:00e00956485375103399460147021060
eEo15Ae+wfot:0e731970944586972288355541307227
hN6nZpUTJbUL:0e546684356004016895095440515698
KnJ12oTxpzM0:0e230201982980004430779943196315
Eq1Lp91ZUwdJ:0e850895948803892376429698758484
8a0rD9lxxe/d:0e494613744998704148276916252662
HFS_2vFy8egqyX86:0e411443916369260608664108755373
HFS_rpeHhFxDD8Hr:0e430966836024156014941675462009
HFS_s3ZC0Zi0KUT8:0e308320803113259548747746525892
HFS_MeNMcKEgAq6s:0e911510173906812607381599030115
HFS_mzdfepOik2d9:0e406117797053803350857960561164
HFS_/gafnmo3h7te:0e707962923571076517504510602074
HFS_VolXadwBfBGS:0e354055072092201161847707006284
HFS_bC2bKTitaVql:0e588031527566426353005807499347
HFS_4kNYv081anJC:0e924023131980996780460963248504
HFS_fYISH6WAAXUQ:0e262623687505394293343859341884
17 changes: 17 additions & 0 deletions Passwords/php-hashes/floating_comp/haval128,5.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
KrRepI8+:0e094737743220655841445846663343
IvgTEsdw:0e276916413118993176031864485352
c+vK/GHW:0e981995477080918746281793582934
UoCPK6mj:0e400819262258099937317495389706
fJk2R+pcCVY9:0e009896675943615722112567195960
x0nlxkSR7fiA:0e285677133603495779179085825289
1j61rkcol66D:0e233981993594667945785775640925
EEXyi3oeVxzW:0e002979692843695876894172401128
mb3+B2N9jF5b:00e76164452839109593406041060211
e6GKAIOoj0XV:0e637440114391585835904801245594
HFS_aMlK2UEMfz8d:00e13969398729504363246601585262
HFS_oLKA+vood/da:0e489300866492752037963655684467
HFS_tR9HPw4a1UkW:0e547532540990180584942317746309
HFS_aWiwsgAzvH0k:0e847695237242596964571128852021
HFS_+MoaPZ67Zph0:0e372044489395836853593728552254
HFS_BMG6q5c6UXf1:0e286388205363071342083757396906
HFS_cZQsQmvfTeY7:0e796062662479589143658605156616
1 change: 1 addition & 0 deletions Passwords/php-hashes/floating_comp/haval160,3.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
v0EUjJxPgLhJ:0e02871491133112088423036355480238947466
1 change: 1 addition & 0 deletions Passwords/php-hashes/floating_comp/haval160,4.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
E/iU4G/RWX2U:0e05619243841962186068015638184515831754
4 changes: 4 additions & 0 deletions Passwords/php-hashes/floating_comp/haval160,5.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
JRRw+CPb:0e50989194437111063473436963220380916416
xvRv0OwB:00e9115554617769276224983939931756498863
s48z7zZIxfs8:0e92477519284007915582397909940677463532
dCkYzB/Amt4W:0e36718864763663089365908126910404869095
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/joaat.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
HFS_xG1i0UHi:0e156093
HFS_rGlu/rqL:0e019292
HFS_5Qj1GlHT:0e109380
HFS_AFsRjJ+2:0e368964
HFS_NQCJ4LWI:0e943551
HFS_bOSU4YxR:00e07556
HFS_Bia7DVjj:0e439006
HFS_+kI9wKwW:0e580981
HFS_RmTwgQv3:0e661211
HFS_FJUGF1lp:0e088912
wuO+Q/Nx1FYZ:0e146837
fEpESni3CU8R:0e920159
DvV7QdVoamTi:0e339036
bKMX2R2nuXfL:0e278242
wUFfWJX+j35l:0e796936
MZD1lO5tgEgt:0e469124
RZd+D2PsJPbE:0e592738
hRahCHdKdxFD:00e44630
fyr3tLFm3GwU:0e463099
2wxS/xSQF9/G:0e042304
21 changes: 21 additions & 0 deletions Passwords/php-hashes/floating_comp/md2.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
Oq9wqi64:0e299969168079221277306999992834
txYZT4cl:00e86369060362984332983859018031
rj+EHv52:0e471200778606499034287013358745
9Y+MjJ29:0e752615265323820839442808619986
NGbONxf/:0e274947243675490162706392207166
2HlFqrdIKK6z:0e775864032084923962202802082987
nugVNza87sc1:0e492589969087156856048517023660
6ze9qXw7bqvf:0e778903522307133193708445518814
W2WrCWFdBdC4:0e009309245621109838125862797697
3dAHjEEvaWhd:0e753246436162655664120457142403
SH2JgwgXue4C:00e87419238621437076826744464218
HFS_aU8YVtvk7uFd:0e108733548132157028200118844601
HFS_B+Cl0xVAQn6k:0e912082349509472197532286758907
HFS_Ch4Cwv8EWyeT:00e92012083082702301818382846187
HFS_rPvcjXrN1trW:0e709873821179025966368591895008
HFS_HGFiLsnEgkHN:0e696728618198124445143742651767
HFS_q7IdVN3SuaSh:0e643040953997048990922471871309
HFS_CW9wBRP/hJE/:00e16211331329674937024700072488
HFS_fRCqrXeKYINW:0e391392996959320839227567015414
HFS_lfwAhKJW0qOC:00e71867370461470440096217786836
HFS_Nu2iJp1YS/aQ:0e552107017564446716951105766452
20 changes: 20 additions & 0 deletions Passwords/php-hashes/floating_comp/md4.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
gH0nAdHk:0e096229559581069251163783434175
IiF+hTai:00e90130237707355082822449868597
cbl1Bbfx:0e501810953487319804019049523665
qAxkkpGIvmyV:0e023511603034810990326197996106
w9A4O5c2AcCI:0e117159255837959360238582783358
MXBCJu4/R+te:0e822491196139737657055959804476
eLJi1fX6kgzI:00e79740107547458069306261903674
BEUMinS4LASy:0e393530938832712096692131547891
AcOQSt6sNGN9:0e396217575381614256802963302190
DHl4YbGCyl1A:0e684191063268313205630041920469
HFS_xMr1f9btEwWc:0e856901476824931362949658192340
HFS_tgzvSmlCbidm:00e68046312964100558804629291774
HFS_BMdeGsYykS7w:0e690129148133908797898341004833
HFS_Ajo9SAVRVEH4:0e887861753855845773838472382503
HFS_l2OcPx/x5Bzh:0e594437669422240019387761183696
HFS_fic53BOMy7J8:0e865432596624568327445739676432
HFS_WnGbX8sRbjYh:0e037670520101929789823750424895
HFS_gy1B+SQG9Cop:0e542018559046586704942037834686
HFS_HSFs5z+SWwsi:0e583916835001260204962621340859
HFS_7vt0svmr6mPG:0e281163708594849287164907175655
Loading
Loading