sync/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists.git synced 2025-04-27 17:26:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
SecLists/Passwords/php-hashes/README.md
Mo Langning a43614bf22 Imported and cleaned php magic hashes
2024-02-16 05:50:44 +00:00

1.3 KiB
Raw Blame History

PHP magic hashes

PHP has some unique features which makes hash collisions more easier when using the == to compare.

The raw text are taken directly from spaze/hashes

Floating comparison

Any strings that starts with any numbers of 0, followed by e then ends with only numbers will be treated as zero. An example of such strings are 0e123456 and 00e123456. Example code

This behavior can be extended to numbers, like '0' == '000. Example code

With loose comparison, these two example strings will equate to each other as both of them are treated as a zero in the backend.

Sometimes, hashes of specific strings will result in those special strings as an result. Those hashes are called magic hashes

Here is an example of such weak comparison for sha256.

Plaintext

Plaintext.txt just contains some ways to abuse php's weak comparison

Truncated text

For bcrypt, passwords are automatically truncated to 72 characters, so as long as the first 72 characters match, the hashes will match.

Bcrypt example

Descrypt have similar behavior to bcrypt, but passwords are instead truncated to 8 characters.