Word list generator to crack security tokens.
Example use case
- You are testing reset password function
- Reset password token was sent to your email box (e.g. 582431d4c7b57cb4a3570041ffeb7e10)
- You suppose, it is a md5 hash of the data you provided during registration process
- You remember that on registration you entered the following data:
- First name: Foo
- Last name: Bar
- Email: foo.bar@example.com
- Birth date: 1985-05-23
- Phone: 202-555-0185
- Address: 3634 Forest Drive
- In addition, you have an access to the following extra data:
- Application user ID: 74824
- Date of the reset password HTTP request ("Date" response header): Tue, 10 Mar 2020 17:12:59 GMT
- You use Token Reverser to generate word list from the known data:
./token-reverser.py --date "Tue, 10 Mar 2020 17:12:59 GMT" Foo Bar foo.bar@example.com 1985-05-23 202-555-0185 "3634 Forest Drive" 74824 > words
- You use hashcat to crack reset password token:
hashcat64.exe -m 0 582431d4c7b57cb4a3570041ffeb7e10 words
hashcat (v5.1.0) starting...
[...]
582431d4c7b57cb4a3570041ffeb7e10:74824!Foo!Bar!foo.bar@example.com!1583860379
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 582431d4c7b57cb4a3570041ffeb7e10
[...] - Now you know that reset password tokens are generated as follow:
md5(user ID!first name!last name!email!current timestamp)
Usage
usage: token-reverser.py [-h] [-d DATE] [-o TIMESTAMP_OFFSET] [-s SEPARATORS]
data [data ...]
Word list generator to crack security tokens v1.1
positional arguments:
data data chunks
optional arguments:
-h, --help show this help message and exit
-d DATE, --date DATE timestamp from this date will be used as an additional
data chunk, example: Tue, 10 Mar 2020 14:06:36 GMT
-o TIMESTAMP_OFFSET, --timestamp-offset TIMESTAMP_OFFSET
how many previous (to timestamp from date) timestamps
should be used as an additional data chunk, default: 1
-s SEPARATORS, --separators SEPARATORS
data chunks separators to check, default:
~`!@#$%^&*()_+-={}|[]\:";'<>?,./ \t