Categories: Kali Linux

Token Reverser : Word List Generator To Crack Security Tokens

Token Reverser is a word list generator to crack security tokens.

Example Use Case

  • You are testing reset password function
  • Reset password token was sent to your email box (e.g. 582431d4c7b57cb4a3570041ffeb7e10)
  • You suppose, it is a md5 hash of the data you provided during registration process
  • You remember that on registration you entered the following data:
    • First name: Foo
    • Last name: Bar
    • Email: foo.bar@example.com
    • Birth date: 1985-05-23
    • Phone: 202-555-0185
    • Address: 3634 Forest Drive
  • In addition, you have an access to the following extra data:
    • Application user ID: 74824
    • Date of the reset password HTTP request (“Date” response header): Tue, 10 Mar 2020 17:12:59 GMT
  • You use Token Reverser to generate word list from the known data:

./token-reverser.py –date “Tue, 10 Mar 2020 17:12:59 GMT” Foo Bar foo.bar@example.com 1985-05-23 202-555-0185 “3634 Forest Drive” 74824 > words

  • You use hashcat to crack reset password token:

hashcat64.exe -m 0 582431d4c7b57cb4a3570041ffeb7e10 words
hashcat (v5.1.0) starting…
[…]
582431d4c7b57cb4a3570041ffeb7e10:74824!Foo!Bar!foo.bar@example.com!1583860379
Session……….: hashcat
Status………..: Cracked
Hash.Type……..: MD5
Hash.Target……: 582431d4c7b57cb4a3570041ffeb7e10
[…]

  • Now you know that reset password tokens are generated as follow:

md5(user ID!first name!last name!email!current timestamp)

Also Read – Pickl3 : Windows Active User Credential Phishing Tool

Usage

usage: token-reverser.py [-h] [-d DATE] [-o TIMESTAMP_OFFSET] [-s SEPARATORS]
data [data …]

Word list generator to crack security tokens v1.1

Positional arguments:
data data chunks

Optional arguments:
-h, –help show this help message and exit
-d DATE, –date DATE timestamp from this date will be used as an additional data chunk, example: Tue, 10 Mar 2020 14:06:36 GMT
-o TIMESTAMP_OFFSET, –timestamp-offset TIMESTAMP_OFFSET
how many previous (to timestamp from date) timestamps
should be used as an additional data chunk, default: 1
-s SEPARATORS, –separators SEPARATORS data chunks separators to check, default: ~`!@#$%^&*()_+-={}|[]\:”;'<>?,./ \t

Download
R K

Share
Published by
R K
5 years ago

Recent Posts

Promptmap

Prompt injection is a type of security vulnerability that can be exploited to control the…

2 days ago

Firefly – Black Box Fuzzer For Web Applications

Firefly is an advanced black-box fuzzer and not just a standard asset discovery tool. Firefly…

2 days ago

Winit : Cross-Platform Window Creation And Management In Rust

Winit is a robust, cross-platform library designed for creating and managing windows in Rust applications.…

2 days ago

Browser Autofill Phishing – The Hidden Dangers And Security Risks

In today’s digital age, convenience often comes at the cost of security. One such overlooked…

2 days ago

Terminal GPT (tgpt) – Your Direct CLI Gateway To ChatGPT 3.5

Terminal GPT (tgpt) offers a seamless way to bring the power of ChatGPT 3.5 directly…

2 days ago

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

5 days ago