This repository contains two useful tools that were used when creating the Apache Shiro 1 Hashcat module:
-
shiro-crack- This is a standalone
Capplication which uses OpenSSL to crack the Apache Shiro 1 hashing implementation- Shout out to khr0x40sh for showing me the original gist showing the cracking implementation
- This is a standalone
-
shiro-hash-generator- This is a Java application which uses the official Apache Shiro 1 libraries to generate hashes for testing
A blog was created for the creation of the Hashcat module and is available here.
Both of the tools mentioned above are already built and exist inside of the shiro1buntu-latest.tar exported Docker image file, which can be downloaded under the Releases page. To import the image, run the following command below:
docker load -i <path_to_tar_file>
shiro-crack:
./a.out <password_file> <shiro_hash>
shiro-hash-generator:
java -jar <path-to-jar> <string-to-hash> <iterations>
A script to automate exploiting CVE-2024-4956, a path traversal vulnerability in Sonatype Repository 3 allowing unauthenticated attackers to read system files is available here. Sonatype Repository 3 uses the Apache Shiro 1 hashing algorithm at the time of writing and stores user hashes inside of OrientDB .pcl files. A sample of 155 known OrientDB .pcl existing file paths are included in the repository.
A script for automating the extraction of Apache Shiro 1 hashes from OrientDB .pcl files is available here for extracting/gathering hashes to use with the Hashcat module.
This program is intended for legitimate and authorized purposes only. The author holds no responsibility or liability for misuse of this project.