November 15, 2022 at 1:36 AM
(November 15, 2022, 12:32 AM)samfisher91 Wrote:(November 13, 2022, 05:48 PM)Null4ble Wrote: Since many people it's reaching me on PM, I will try to explain it here:
basically it's about to "exploit" the 72bytes limit on bcrypt. Just as sempit3rnal comment days ago.
https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length
the script ask for minimum of 1 char, and max 30 char, normally each char use 1 byte, but not all chars, for example á, you can search for them in UTF-8
so if you bcrypt() let say 4 "á" (that weights 4bytes each), you will be using 16bytes
so the salt will be attaching to you string, so in the reality the system will be doing this:
bcrypt( ááááSECRET_SALT)
this "payload" weights 27bytes, no problem for bcrypt, if you put let say 15xá + 11xo
áááááááááááááááooooooooooo this weights 71bytes
so the script will be doing this
bcrypt(áááááááááááááááoooooooooooS) <--- only one space left for the SECRET_SALT on position 72
so you have to brute force your already know payload (áááááááááááááááooooooooooo+$) where $ is a loop of every know character, and each hash created, you need to compare it with the one created with the server script (with the server script you need to use exactly the same payload as your script (áááááááááááááááooooooooooo+$)), if they match, you have found the first letter, of the SECRET_SALT
then you have to delete one "o" from the original 11 and you will attach the letter found on the bruteforce (S), then again, brute force every letter on the position 72, loop this, until you get your SECRET_SALT
I hope I made myself clear, stoned as fuck, and not my native language.
Thanks my fellow stoner from other side of the world ,enjoy ur joint :angel:
Any time, glad I can help