哈希長度擴展攻擊(Hash Length Extension Attack)利用工具hexpand安裝使用方法

去年我寫了一篇哈希長度擴展攻擊的簡介以及HashPump安裝使用方法，原本已經足夠了，但HashPump還不是很完善的哈希長度擴展攻擊，HashPump在使用的時候必須提供original_data，近來的哈希長度擴展攻擊的題目已經不提供original_data，從原理上來講也不必定須要這個original_data，因此今年pcat又來寫一篇hexpand的安裝使用方法，鑑於時間關係，本人只在kali、Ubuntu14.04下測試。

--------------------------------------------------------------------

1. 安裝pkg-config

https://pkg-config.freedesktop.org/releases/

目前最新版pkg-config-0.29.2.tar.gz

v=0.29.2
wget https://pkg-config.freedesktop.org/releases/pkg-config-${v}.tar.gz
tar -xzvf pkg-config-${v}.tar.gz
cd pkg-config-${v}/
./configure --with-internal-glib && make && make install

 

2. 安裝OpenSSL開發包

apt-get update
apt-get install -y libssl-dev

 

3. hexpand的安裝

git clone https://github.com/amlweems/hexpand
cd hexpand
make

 

4. 報錯Package openssl was not found in the pkg-config search path.

搜索本機pkgconfig文件夾的openssl.pc、libssl.pc、libcrypto.pc，並將這3個文件複製到/usr/lib/pkgconfig/（若是不存在就新建個）下，而後

export PKG_CONFIG_PATH=/usr/lib/pkgconfig:$PKG_CONFIG_PATH

再進去hexpand所在目錄下進行hexpand的編譯

 

5. 報錯make: clang: Command not found

apt-get install clang

 

6. hexpand的使用方法

在hexpand所在目錄（固然你也能夠把文件複製到/usr/bin/裏）

./hexpand -t md5 -s 21232f297a57a5a743894a0e4a801fc3 -l 5 -m "pcat"

其中-l的5是哈希原文的長度，運行後就會獲得附加數據，以及新獲得的哈希值。

 

7. Kali 2018.1等安裝錯誤

-= 2018.08補充 =-

按以上的方法若是在Kali 2018.1或者別的版本上運行報錯以下：

hexpand.c:22:27: error: incomplete definition of type 'struct evp_md_ctx_st'
        int length_modulo = mdctx->digest->block_size;
                            ~~~~~^
/usr/include/openssl/ossl_typ.h:92:16: note: forward declaration of 'struct evp_md_ctx_st'
typedef struct evp_md_ctx_st EVP_MD_CTX;
               ^
hexpand.c:32:63: error: incomplete definition of type 'struct evp_md_ctx_st'
        unsigned char* h_data = (unsigned char *)((SHA512_CTX *)mdctx->md_data)->h;

……

這個跟系統有關係，Kali每一次變化都很大。這個得更新到最新的OpenSSL

git clone https://github.com/PeterMosmans/openssl
cd openssl
./config && make && make test && make install

在最後的make install會看到

cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc

把這3個新的pc文件替換到/usr/lib/pkgconfig/下

cd /usr/local/ssl/lib/pkgconfig/ && cp openssl.pc libssl.pc libcrypto.pc /usr/lib/pkgconfig/

再進去hexpand文件夾下編譯會報錯：

hexpand.c:47:70: error: format specifies type 'unsigned int' but the argument has type '__uint64_t' (aka 'unsigned long') [-Werror,-Wformat]
        if (length_modulo == 128) sprintf(output+2*padding, "%032" PRIx32 , htole64(8*length));
                                                             ~~~~~~         ^~~~~~~~~~~~~~~~~
/usr/include/endian.h:75:22: note: expanded from macro 'htole64'
#  define htole64(x) __uint64_identity (x)
                     ^~~~~~~~~~~~~~~~~~~~~
hexpand.c:48:48: error: format specifies type 'unsigned int' but the argument has type '__uint64_t' (aka 'unsigned long') [-Werror,-Wformat]
        else sprintf(output+2*padding, "%016" PRIx32 ,htole64(8*length));
                                        ~~~~~~        ^~~~~~~~~~~~~~~~~
/usr/include/endian.h:75:22: note: expanded from macro 'htole64'
#  define htole64(x) __uint64_identity (x)
                     ^~~~~~~~~~~~~~~~~~~~~
2 errors generated.
Makefile:21: recipe for target 'hexpand.o' failed

這個就是系統文件的問題了，我查閱了當前的/usr/include/endian.h

# define htole64(x) __uint64_identity (x)

而查閱老系統版本的/usr/include/endian.h

# define htole64(x) (x)

因此這個問題的暫時解決方法，修改下hexpand.c文件

sed -i 's/htole64(8\*length)/(8\*length)/g' hexpand.c

再進行編譯，報錯：

clang hexpand.o main.o -o hexpand  -L/usr/local/ssl/lib -lssl -lcrypto
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_globallookup':
dso_dlfcn.c:(.text+0x11): undefined reference to `dlopen'
dso_dlfcn.c:(.text+0x24): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x2f): undefined reference to `dlclose'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_func':
dso_dlfcn.c:(.text+0x374): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x432): undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_bind_var':
dso_dlfcn.c:(.text+0x4a7): undefined reference to `dlsym'
dso_dlfcn.c:(.text+0x562): undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_load':
dso_dlfcn.c:(.text+0x5c8): undefined reference to `dlopen'
dso_dlfcn.c:(.text+0x62d): undefined reference to `dlclose'
dso_dlfcn.c:(.text+0x665): undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_pathbyaddr':
dso_dlfcn.c:(.text+0x701): undefined reference to `dladdr'
dso_dlfcn.c:(.text+0x75f): undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): In function `dlfcn_unload':
dso_dlfcn.c:(.text+0x7b2): undefined reference to `dlclose'
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Makefile:19: recipe for target 'hexpand' failed

這也是新版OpenSSL的問題，只要加上-ldl -lpthread進行編譯便可，編輯Makefile文件

sed -i 's/--libs openssl)/& -ldl -lpthread /g' Makefile

最後就能夠順利編譯成功。