{"id":1186,"date":"2025-11-10T09:51:24","date_gmt":"2025-11-10T01:51:24","guid":{"rendered":"http:\/\/xiyu12.top\/?p=1186"},"modified":"2025-11-10T09:51:24","modified_gmt":"2025-11-10T01:51:24","slug":"hacked","status":"publish","type":"post","link":"http:\/\/www.xiyu12.top\/?p=1186","title":{"rendered":"Hacked"},"content":{"rendered":"\n<pre class=\"wp-block-code\"><code>import bcrypt\n\nPEPPER = b\"number1\"   # \u56fa\u5b9a pepper\nCOST = 5               # \u56fa\u5b9a cost=5\n\ndef bcrypt_with_pepper(password: str) -> str:\n    # \u628a\u8f93\u5165\u5bc6\u7801\uff08\u53ef\u80fd\u542b \\x00\uff09\u89e3\u6790\u6210\u771f\u5b9e\u5b57\u8282\n    pwd_bytes = password.encode('utf-8').decode('unicode_escape').encode('latin1')\n    # \u6dfb\u52a0 pepper\n    combined = pwd_bytes + PEPPER\n    # \u81ea\u52a8\u751f\u6210\u76d0\uff08cost=5\uff09\n    salt = bcrypt.gensalt(rounds=COST)\n    # \u8ba1\u7b97 bcrypt\n    hashed = bcrypt.hashpw(combined, salt)\n    return hashed.decode()\n\nif __name__ == \"__main__\":\n    password = input(\"\u8f93\u5165\u5bc6\u7801: \")\n    hashed = bcrypt_with_pepper(password)\n    print(\"bcrypt \u54c8\u5e0c\u7ed3\u679c:\")\n    print(hashed)\n\n<\/code><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\">salt  \u548cpepper \u662f\u4ec0\u4e48\uff1f<\/h5>\n\n\n\n<p class=\"wp-block-paragraph\">salt\u662f\u968f\u673a\u751f\u6210\u5d4c\u5165\u5230\u54c8\u5e0c\u4e2d\u7684\u5b57\u7b26\uff0c\u7528\u4e86salt \u540e\uff1a\u5373\u4f7f\u4e24\u4e2a\u7528\u6237\u7528\u4e86\u76f8\u540c\u5bc6\u7801\uff08\u6bd4\u5982\u90fd\u7528 \u201c123456\u201d\uff09\uff0c\u5404\u81ea\u7684 salt \u4e0d\u540c\uff0c\u6700\u7ec8\u54c8\u5e0c\u7ed3\u679c\u4e5f\u5b8c\u5168\u4e0d\u540c\uff08\u6bd4\u5982\u4f60\u7684\u4ee3\u7801\u4e2d\uff0c\u540c\u4e00\u5bc6\u7801\u751f\u6210\u7684\u54c8\u5e0c\u6bcf\u6b21\u90fd\u4e0d\u4e00\u6837\uff09\uff0c\u5f69\u8679\u8868\u4f1a\u5f7b\u5e95\u5931\u6548 \u2014\u2014 \u653b\u51fb\u8005\u4e0d\u53ef\u80fd\u63d0\u524d\u8ba1\u7b97\u51fa \u201c\u6240\u6709\u5bc6\u7801 + \u6240\u6709\u53ef\u80fd salt\u201d \u7684\u7ec4\u5408\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">pepper \u662f\u5728\u5bc6\u7801\u524d\u540e\u6dfb\u52a0\u7684\u56fa\u5b9a\u5b57\u7b26\uff0c\u4e0d\u4f1a\u4f53\u73b0\u5728hash\u4e2d\uff0c\u52a0\u5bc6\u8005\u81ea\u5df1\u4fdd\u5b58\u3002<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">\u7834\u89e3\u6dfb\u52a0\u4e86pepper\u7684hash\uff08\u77e5\u9053pass\u7684\u60c5\u51b5\u4e0b\uff09<\/h5>\n\n\n\n<p class=\"wp-block-paragraph\">1\u3001\u83b7\u53d6pepper<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>python.exe .\\d.py\n\u8f93\u5165\u5bc6\u7801: a\nbcrypt \u54c8\u5e0c\u7ed3\u679c:\n$2b$05$ZTvj5aQDc9dZc1tmGCUDUuSbj3kxrPIQPBrLYhXlHGJes4Q47AqOG\necho $2b$05$ZTvj5aQDc9dZc1tmGCUDUuSbj3kxrPIQPBrLYhXlHGJes4Q47AqOG > hash<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u6307\u5b9a\u7684pass<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo a > pass.txt<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">pepper \u53ef\u4ee5\u6dfb\u52a0\u5728pass \u524d\u9762\uff0c\u4e5f\u53ef\u4ee5\u6dfb\u52a0\u5728pass \u540e\u9762\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>D:\\hashcat-7.1.2\\hashcat-7.1.2>hashcat.exe -a 1 -m 3200 hash pass.txt rockyou.txt -O -D 2\nD:\\hashcat-7.1.2\\hashcat-7.1.2>hashcat.exe -a 1 -m 3200 hash rockyou.txt pass.txt -O -D 2<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u91cc\u662f\u6dfb\u52a0\u5728 pass \u540e\u9762<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Session..........: hashcat\nStatus...........: Running\nHash.Mode........: 3200 (bcrypt $2*$, Blowfish (Unix))\nHash.Target......: $2b$05$ZTvj5aQDc9dZc1tmGCUDUuSbj3kxrPIQPBrLYhXlHGJe...47AqOG\nTime.Started.....: Mon Nov 10 09:47:07 2025 (6 secs)\nTime.Estimated...: Thu Nov 13 16:50:20 2025 (3 days, 7 hours)\nKernel.Feature...: Pure Kernel (password length 0-72 bytes)\nGuess.Base.......: File (pass.txt), Left Side\nGuess.Mod........: File (rockyou.txt), Right Side\nSpeed.#01........:       50 H\/s (18.37ms) @ Accel:1 Loops:32 Thr:16 Vec:1\nSpeed.#02........:        0 H\/s (0.00ms) @ Accel:1 Loops:32 Thr:16 Vec:1\nSpeed.#03........:        0 H\/s (0.00ms) @ Accel:1 Loops:32 Thr:16 Vec:1\nSpeed.#04........:        0 H\/s (0.00ms) @ Accel:1 Loops:32 Thr:16 Vec:1\nSpeed.#*.........:       50 H\/s\nRecovered........: 0\/1 (0.00%) Digests (total), 0\/1 (0.00%) Digests (new)\nProgress.........: 291\/14344385 (0.00%)\nRejected.........: 0\/291 (0.00%)\nRestore.Point....: 0\/1 (0.00%)\nRestore.Sub.#01..: Salt:0 Amplifier:291-292 Iteration:0-32\nRestore.Sub.#02..: Salt:0 Amplifier:0-0 Iteration:0-32\nRestore.Sub.#03..: Salt:0 Amplifier:0-0 Iteration:0-32\nRestore.Sub.#04..: Salt:0 Amplifier:0-0 Iteration:0-32\nCandidate.Engine.: Device Generator\nCandidates.#01...: amustang -> amustang\nCandidates.#02...: &#91;Copying]\nCandidates.#03...: &#91;Copying]\nCandidates.#04...: &#91;Copying]\nHardware.Mon.#01.: Temp:  0c Fan:  0% Util:  0% Core: 400MHz Mem: 800MHz Bus:16\nHardware.Mon.#02.: Temp:  0c Fan:  0% Util:  0% Core: 400MHz Mem: 400MHz Bus:16\nHardware.Mon.#03.: Temp:  0c Fan:  0% Util:  0% Core: 400MHz Mem: 800MHz Bus:16\nHardware.Mon.#04.: Temp:  0c Fan:  0% Util:  0% Core: 400MHz Mem: 400MHz Bus:16\n\n$2b$05$ZTvj5aQDc9dZc1tmGCUDUuSbj3kxrPIQPBrLYhXlHGJes4Q47AqOG:anumber1<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u83b7\u53d6\u5230pepper=number1<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">qiaojojo <\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>welcome@Hacked:~$ echo -n -e '\\x00' | sudo \/opt\/hash_system\/hash_passwd.py\n Enter Password> &#91;+] Hash: $2b$05$4I8RL9HIjLK38CT\/wkzyMuiKl3P9LQX1uEx9jVae6r35An5gEMdS6<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u63a9\u7801\u52a0\u5b57\u5178\uff0c\u5b57\u5178\u52a0\u63a9\u7801\uff0c?b <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"> <code>?b<\/code>\u00a0\u662f\u4e00\u4e2a\u00a0<strong>\u5b57\u7b26\u96c6\u5360\u4f4d\u7b26<\/strong>\uff0c\u7528\u4e8e\u8868\u793a\u300c\u6240\u6709\u53ef\u80fd\u7684\u5b57\u8282\uff080x00-0xFF\uff09\u300d\uff0c\u5305\u62ec\u53ef\u6253\u5370\u5b57\u7b26\uff08\u5982\u5b57\u6bcd\u3001\u6570\u5b57\u3001\u7b26\u53f7\uff09\u548c\u4e0d\u53ef\u6253\u5370\u7684\u4e8c\u8fdb\u5236\u5b57\u7b26\uff08\u5982\u63a7\u5236\u5b57\u7b26\u3001\u7a7a\u5b57\u8282\u7b49\uff09\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>-a 6<\/code>\uff1a\u5b57\u5178 + \u63a9\u7801\u6a21\u5f0f\uff08Dictionary + Mask\uff09<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><code>-a 7<\/code>\uff1a\u63a9\u7801 + \u5b57\u5178\u6a21\u5f0f\uff08Mask + Dictionary\uff09<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>PS D:\\Tools\\hashcat-6.2.6> .\\hashcat.exe -m 3200 -a 6 -d 1 D:\\test\\x00.hash D:\\Tools\\rockyou.txt ?b -O\n PS D:\\Tools\\hashcat-6.2.6> .\\hashcat.exe -m 3200 -a 7 -d 1 D:\\test\\x00.hash ?b D:\\Tools\\rockyou.txt -O<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Session..........: hashcat\nStatus...........: Running\nHash.Mode........: 3200 (bcrypt $2*$, Blowfish (Unix))\nHash.Target......: $2b$05$4I8RL9HIjLK38CT\/wkzyMuiKl3P9LQX1uEx9jVae6r35...gEMdS6\nTime.Started.....: Mon Nov 10 10:26:02 2025 (10 secs)\nTime.Estimated...: Tue Nov 18 07:35:03 2025 (7 days, 21 hours)\nKernel.Feature...: Pure Kernel (password length 0-72 bytes)\nGuess.Base.......: File (rockyou.txt), Right Side\nGuess.Mod........: Mask (?b) &#91;1], Left Side\nGuess.Queue.Base.: 1\/1 (100.00%)\nGuess.Queue.Mod..: 1\/1 (100.00%)\nSpeed.#01........:     2015 H\/s (22.90ms) @ Accel:1 Loops:32 Thr:16 Vec:1\nSpeed.#02........:     1365 H\/s (22.96ms) @ Accel:1 Loops:32 Thr:16 Vec:1\nSpeed.#03........:        0 H\/s (0.00ms) @ Accel:1 Loops:32 Thr:16 Vec:1\nSpeed.#04........:     2018 H\/s (22.47ms) @ Accel:1 Loops:32 Thr:16 Vec:1\nSpeed.#*.........:     5401 H\/s\nRecovered........: 0\/1 (0.00%) Digests (total), 0\/1 (0.00%) Digests (new)\nProgress.........: 53696\/3672162560 (0.00%)\nRejected.........: 0\/53696 (0.00%)\nRestore.Point....: 0\/256 (0.00%)\nRestore.Sub.#01..: Salt:0 Amplifier:209-210 Iteration:0-32\nRestore.Sub.#02..: Salt:0 Amplifier:212-213 Iteration:0-32\nRestore.Sub.#03..: Salt:0 Amplifier:0-0 Iteration:0-32\nRestore.Sub.#04..: Salt:0 Amplifier:209-210 Iteration:0-32\nCandidate.Engine.: Device Generator\nCandidates.#01...: skimberly -> $HEX&#91;d86b696d6265726c79]\nCandidates.#02...: $HEX&#91;827069637475726573] -> $HEX&#91;ff7069637475726573]\nCandidates.#03...: &#91;Copying]\nCandidates.#04...: |kimberly -> $HEX&#91;bf6b696d6265726c79]\nHardware.Mon.#01.: Temp:  0c Fan:  0% Util:  0% Core: 400MHz Mem: 800MHz Bus:16\nHardware.Mon.#02.: Temp:  0c Fan:  0% Util:  0% Core: 400MHz Mem: 800MHz Bus:16\nHardware.Mon.#03.: Temp:  0c Fan:  0% Util:  0% Core: 400MHz Mem: 800MHz Bus:16\nHardware.Mon.#04.: Temp:  0c Fan:  0% Util:  0% Core: 400MHz Mem: 800MHz Bus:16\n\n$2b$05$4I8RL9HIjLK38CT\/wkzyMuiKl3P9LQX1uEx9jVae6r35An5gEMdS6:$HEX&#91;006e756d62657231]\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/xiyu12.top\/wp-content\/uploads\/2025\/11\/image.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/xiyu12.top\/wp-content\/uploads\/2025\/11\/image.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1197\" style=\"width:472px;height:auto\"\/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><code>?l<\/code><\/td><td>\u5c0f\u5199\u5b57\u6bcd<\/td><td><code>a b c ... z<\/code><\/td><td>26 \u4e2a\u5c0f\u5199\u82f1\u6587\u5b57\u6bcd<\/td><\/tr><tr><td><code>?u<\/code><\/td><td>\u5927\u5199\u5b57\u6bcd<\/td><td><code>A B C ... Z<\/code><\/td><td>26 \u4e2a\u5927\u5199\u82f1\u6587\u5b57\u6bcd<\/td><\/tr><tr><td><code>?d<\/code><\/td><td>\u6570\u5b57<\/td><td><code>0 1 2 ... 9<\/code><\/td><td>10 \u4e2a\u6570\u5b57<\/td><\/tr><tr><td><code>?s<\/code><\/td><td>\u7279\u6b8a\u7b26\u53f7<\/td><td><code>! @ # $ % ^ &amp; * ( ) ...<\/code>\uff08\u5171 33 \u4e2a\uff09<\/td><td>\u53ef\u6253\u5370\u7684\u7279\u6b8a\u7b26\u53f7\uff08\u5982\u6807\u70b9\u3001\u8fd0\u7b97\u7b26\uff09<\/td><\/tr><tr><td><code>?b<\/code><\/td><td>\u6240\u6709\u5b57\u8282<\/td><td>0x00-0xFF\uff08\u5305\u542b\u4e0d\u53ef\u6253\u5370\u5b57\u7b26\uff0c\u5982\u6362\u884c\u3001\u7a7a\u5b57\u8282\uff09<\/td><td>\u8986\u76d6\u6240\u6709\u53ef\u80fd\u7684\u4e8c\u8fdb\u5236\u5b57\u8282\uff0c\u8303\u56f4\u6700\u5e7f<\/td><\/tr><tr><td><code>?h<\/code><\/td><td>\u5341\u516d\u8fdb\u5236<\/td><td><code>0-9 a-f A-F<\/code>\uff08\u5171 16 \u4e2a\u5b57\u7b26\uff09<\/td><td>\u9002\u5408\u7834\u89e3\u5341\u516d\u8fdb\u5236\u683c\u5f0f\u7684\u5bc6\u7801<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ftasy<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u4e0d\u592a\u61c2<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u4e2a bcrypt \u5b9e\u9645\u4e0a\u670972\u5b57\u8282\u7684\u9650\u5236\uff0c\u2f46\u8bba\u4f60\u8f93\u2f0a\u591a\u5c11\uff0c\u5b83\u548c salt \u7ec4\u5408\u4e4b\u540e\u53ea\u4f1a\u5904\u7406\u524d\u2faf 72 \u5b57<br>\u8282\u3002\u90a3\u5982\u679c\u9700\u8981\u77e5\u9053 salt \u503c\uff0c\u6700\u597d\u7684\u2f45\u6cd5\u5c31\u662f\u9010\u4e2a\u7206\u7834\u3002<br>\u8fd9\u2fa5\u53ef\u4ee5\u77e5\u9053\u6761\u4ef6\u6709\uff1a<br>1\u3001hash\u7ecf\u8fc7 \uff08password + salt \uff09\uff0c\u4e94\u8f6e\u52a0\u5bc6\u8f93\u51fa\u3002<br>2\u3001\u8f93\u2f0a\u603b\u2ed3 \u2264 30\u3002<br>3\u3001\u8f93\u2f0a\u603b\u2ed3\u7684\u5b57\u8282 \u2264 72\u3002<br>\u90a3\u6211\u6784\u9020 71\u5b57\u8282\u5c31\u53ef\u4ee5\u5f97\u5230 salt \u7684\u7b2c\u2f00\u4f4d\uff0c<br>\u6784\u902070\u5b57\u8282\u5c31\u53ef\u4ee5\u5f97\u5230 salt \u7684\u7b2c\u2f06\u4f4d\uff0c<br>\u4f9d\u6b64\u7c7b\u63a8\u3002<br>\u2fb8\u5148\u5206\u522b\u627e\u5230 1\u5b57\u8282\u30012\u5b57\u8282\u30013\u5b57\u8282\u7684\u5b57\u7b26\u3002\u4e3a\u4ec0\u4e48\u8981\u52303\u2f7d\u4e0d\u662f2\uff0c30x \u2264 72 \u2264 30y\uff0c\u660e\u663ey\u8981\u52303<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/xiyu12.top\/wp-content\/uploads\/2025\/11\/image-1-1024x583.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/xiyu12.top\/wp-content\/uploads\/2025\/11\/image-1-1024x583.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1202\"\/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>salt \u548cpepper \u662f\u4ec0\u4e48\uff1f salt\u662f\u968f\u673a\u751f\u6210\u5d4c\u5165\u5230\u54c8\u5e0c\u4e2d\u7684\u5b57\u7b26\uff0c\u7528\u4e86salt \u540e\uff1a\u5373\u4f7f\u4e24\u4e2a\u7528\u6237\u7528\u4e86\u76f8 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1186","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/1186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1186"}],"version-history":[{"count":1,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/1186\/revisions"}],"predecessor-version":[{"id":1226,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/1186\/revisions\/1226"}],"wp:attachment":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1186"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}