-
-
Save Techlord-RCE/46dda738e5a51db54a6eff4878613ac0 to your computer and use it in GitHub Desktop.
CRC32 brute force for dridex network requests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "hash/crc32" | |
| ) | |
| const ( | |
| MAXCHARLEN = 6 | |
| ) | |
| var ( | |
| crcTable *crc32.Table = crc32.MakeTable(crc32.IEEE) | |
| seenCommands map[uint32]bool = map[uint32]bool{ | |
| 0x011f0411: true, // bot | |
| 0x44c8f818: true, // list | |
| 0xee7cbe69: true, // dmod6 | |
| 0x7775efd3: true, // dmod5 | |
| 0xf81ddc32: true, // dmod11 | |
| } | |
| ) | |
| func generateCombinations(alphabet string, length int) <-chan string { | |
| c := make(chan string) | |
| go func(c chan string) { | |
| defer close(c) | |
| addLetter(c, "", alphabet, length) // start with empty string | |
| }(c) | |
| return c // return chan | |
| } | |
| func addLetter(c chan string, combo string, alphabet string, length int) { | |
| if length <= 0 { | |
| return | |
| } | |
| var newCombo string | |
| for _, ch := range alphabet { | |
| newCombo = combo + string(ch) | |
| c <- newCombo | |
| addLetter(c, newCombo, alphabet, length-1) | |
| } | |
| } | |
| func hashFuncCrc32(val []byte) uint32 { | |
| return crc32.Checksum(val, crcTable) | |
| } | |
| func main() { | |
| for combination := range generateCombinations("abcdefghijklmnopqrstuvwxyz0123456789", MAXCHARLEN) { | |
| crc := hashFuncCrc32([]byte(combination)) | |
| if seenCommands[crc] { | |
| fmt.Printf("found matching hash: %s = 0x%x\n", combination, crc) | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment