Get full access to Hands-On Penetration Testing on Windows and 60K+ other titles, with a free 10-day trial of O'Reilly.

There are also live events, courses curated by job role, and more.

Start your free trial

Understanding SHA-1's running state and compression function

In our browser window, let's pick Challenge 5 (gain access to /etc/passwd), change the algorithm to SHA-1, click save, and then click on test:

Well, I don't see much happening here. But that URL sure looks interesting. Check out the parameters visible to us (and, apparently, under our control): http://192.168.108.106/ctf/challenge5/index.php?algo=sha1&file=test&hash=dd03bd22af3a4a0253a66621bcb80631556b100e

Clearly, algo=sha1 is defining the algorithm we selected. But file=test and the hash field should be catching our attention, as it appears to be a message authentication code mechanism ...

Get Hands-On Penetration Testing on Windows now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Don’t leave empty-handed

Get Mark Richards’s Software Architecture Patterns ebook to better understand how to design components—and how they should interact.

It’s yours, free.

Get it now

Check it out now on O’Reilly

Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.

Start your free trial Become a member now