{"id":599,"date":"2012-07-09T12:45:51","date_gmt":"2012-07-09T18:45:51","guid":{"rendered":"http:\/\/www.foofus.net\/?p=599"},"modified":"2012-07-09T12:45:51","modified_gmt":"2012-07-09T18:45:51","slug":"fgdump3hashdump-flawed-hashes","status":"publish","type":"post","link":"http:\/\/h.foofus.net\/?p=599","title":{"rendered":"fgdump3\/HashDump Flawed Hashes"},"content":{"rendered":"<p>I got a very interesting note from Ryan Reynolds and Jonathan Claudius, who will be presenting at BlackHat and Defcon 20 in a few weeks. They discovered that, in certain circumstances, the hashes returned by tools like fgdump3 (which is a very limited &#8220;ask-and-you-shall-receive&#8221; research version I unveiled at ToorCon 2011) as well as HashDump are wrong. They have a proposed patch to HashDump, and I will be incorporating it into the fgdump3 branch as well.<\/p>\n<p>&nbsp;<\/p>\n<p><strong><span style=\"text-decoration: underline;\">FAQ<\/span><\/strong><\/p>\n<p><strong>So does this affect fgdump2\/2.1?<\/strong><\/p>\n<p>No &#8211; this only affects versions pulling their values right from the registry (which version 3 is doing).<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Where is fgdump3 anyway?<\/strong><\/p>\n<p>I unofficially\/quietly released version 3 at ToorCon last year. However, speed issues continued to plague me (changing permissions on the keys is SLOW), and I started looking for a new solution. Right now, the NEW fgdump3 is about 80% done, and combines the old injection method, the registry method, and a new &#8220;super s3kr1t&#8221; method that looks to work well, and quickly I might add. I have yet to finish the new version (about 80% complete), but I&#8217;m going to see if I can pound this out before DC 20 in time for their presentation. It will be ultra-beta, but something to play with.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>How can I get a copy to play with?<\/strong><\/p>\n<p>I can send you the old fgdump3 if you want to play with the registry method &#8211; email me at fizzgig@foofus.net if you like. It&#8217;s unsupported and may cause nausea, but feel free to give it a shot. :)<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I got a very interesting note from Ryan Reynolds and Jonathan Claudius, who will be presenting at BlackHat and Defcon 20 in a few weeks. They discovered that, in certain circumstances, the hashes returned by tools like fgdump3 (which is a very limited &#8220;ask-and-you-shall-receive&#8221; research version I unveiled at ToorCon 2011) as well as HashDump [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,6],"tags":[],"class_list":["post-599","post","type-post","status-publish","format-standard","hentry","category-fgdump-pwdump6","category-tools"],"_links":{"self":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/posts\/599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=599"}],"version-history":[{"count":0,"href":"http:\/\/h.foofus.net\/index.php?rest_route=\/wp\/v2\/posts\/599\/revisions"}],"wp:attachment":[{"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=599"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/h.foofus.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}