Module Name: Adobe Hash Cracker
Module path: recon/credentials-credentials/adobe


BLOCK_DB:
SOURCE:


Name: Adobe Hash Cracker
Path: modules/recon/credentials-credentials/adobe.py
Author: Ethan Robish (@EthanRobish) and Tim Tomes (@LaNMaSteR53)

Description:
Decrypts hashes leaked from the 2013 Adobe breach. First, the module cross references the leak ID to identify Adobe hashes in the 'password' column of the 'creds' table, moves the Adobe hashes to the 'hash' column, and changes the 'type' to 'Adobe'. Second, the module attempts to crack the hashes by comparing the ciphertext's decoded cipher blocks to a local block lookup table (BLOCK_DB) of known cipher block values. Finally, the module updates the 'creds' table with the results based on the level of success.

Options:
Name Current Value Required Description
BLOCK_DB /usr/share/recon-ng/data/adobe_blocks.json yes JSON file containing known Adobe cipher blocks and plaintext
SOURCE default yes source of input (see 'show info' for details)

Source Options:
default SELECT DISTINCT hash FROM credentials WHERE hash IS NOT NULL AND password IS NULL AND type IS 'Adobe'
<string> string representing a single input
<path> path to a file containing a list of inputs
query <sql> database query returning one column of inputs

Comments:
* Hash types supported: Adobe's base64 format
* Hash database from: http://stricture-group.com/files/adobe-top100.txt
* A completely padded password indicates that the exact length is known.