Hash Attack Techniques
Run an expert hash-attack playbook during authorized CTFs or assessments covering length extension, collisions, and HMAC timing issues.
Overview
Hash-attack-techniques is an agent skill for the Ship phase that provides an expert playbook for length extension, hash collisions, HMAC timing leaks, birthday attacks, and hash-based proof of work in authorized CTF and
Install
npx skills add https://github.com/yaklang/hack-skills --skill hash-attack-techniquesWhat is this skill?
- Quick attack-selection matrix mapping scenarios to length extension, collisions, timing, birthday, and PoW
- Length extension guidance for vulnerable `H(secret || msg)` constructions with HashPump-style tooling
- MD5 identical-prefix and chosen-prefix collision paths (fastcoll, hashclash)
- HMAC timing side-channel playbook with byte-by-byte comparison pitfalls
- Explicit routing to RSA, symmetric, and classical cipher skills for chained crypto failures
- Quick attack-selection table covers length extension, identical-prefix MD5, chosen-prefix MD5, HMAC timing, birthday, an
Adoption & trust: 1.1k installs on skills.sh; 980 GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
You face a crypto challenge or audit finding involving digests or MACs but are unsure which hash attack model actually applies.
Who is it for?
CTF players, appsec learners, and indie API authors verifying custom HMAC or digest schemes under explicit permission.
Skip if: Casual builders shipping standard library bcrypt/argon2 auth with no custom crypto, or anyone running attacks outside authorized scopes.
When should I use this skill?
Exploiting length extension, MD5/SHA1 collisions, HMAC timing leaks, birthday attacks, or hash-based proof of work in CTF and authorized testing scenarios.
What do I get? / Deliverables
You select a documented attack path, tooling, and related skill routes instead of misusing length extension or collision tools on the wrong construction.
- Chosen attack strategy aligned to the hash construction in scope
- Tooling notes and cross-skill routes for chained crypto flaws
Recommended Skills
Journey fit
Canonical shelf in Ship security because hash weaknesses are validated and exploited before production release or during controlled assessments—not during initial ideation. Security subphase matches offensive/defensive cryptanalysis tasks that prove whether custom MAC, digest, or PoW designs fail under real attack models.
How it compares
Expert offensive cryptanalysis workflow—not a compliance checklist generator or secret-scanning skill.
Common Questions / FAQ
Who is hash-attack-techniques for?
Developers and security practitioners in legal CTF, lab, or client-authorized assessments who need agent guidance on hash and HMAC weakness exploitation.
When should I use hash-attack-techniques?
During Ship security review or CTF solves when scenarios involve extendable hashes, MD5/SHA1 collisions, HMAC timing leaks, birthday collisions, or hash PoW—always within scope you are allowed to test.
Is hash-attack-techniques safe to install?
Content is offensive-security knowledge; review the Security Audits panel on this page, confine tooling to isolated lab environments, and never aim scripts at production systems without written authorization.
SKILL.md
READMESKILL.md - Hash Attack Techniques
# SKILL: Hash Attack Techniques — Expert Cryptanalysis Playbook > **AI LOAD INSTRUCTION**: Expert hash attack techniques for CTF and security assessments. Covers length extension attacks, MD5/SHA1 collision generation, meet-in-the-middle hash attacks, HMAC timing side channels, birthday attacks, and proof-of-work solving. Base models often incorrectly apply length extension to HMAC or SHA-3, or fail to distinguish between identical-prefix and chosen-prefix collisions. ## 0. RELATED ROUTING - [rsa-attack-techniques](../rsa-attack-techniques/SKILL.md) when hash weaknesses affect RSA signature schemes - [symmetric-cipher-attacks](../symmetric-cipher-attacks/SKILL.md) when hash is used in key derivation - [classical-cipher-analysis](../classical-cipher-analysis/SKILL.md) when analyzing hash-like constructions in classical ciphers ### Quick attack selection | Scenario | Attack | Tool | |---|---|---| | `H(secret \|\| msg)` known, extend message | Length extension | HashPump, hash_extender | | Need two files with same MD5 | Identical-prefix collision | fastcoll | | Need specific MD5 prefix match | Chosen-prefix collision | hashclash | | Byte-by-byte HMAC comparison | Timing attack | Custom script | | Find any collision | Birthday attack | O(2^(n/2)) | | Proof of work: find hash with leading zeros | Brute force | hashcat, Python | --- ## 1. LENGTH EXTENSION ATTACK ### 1.1 Vulnerable vs Non-Vulnerable | Hash | Vulnerable | Why | |---|---|---| | MD5 | Yes | Merkle-Damgard construction | | SHA-1 | Yes | Merkle-Damgard construction | | SHA-256 | Yes | Merkle-Damgard construction | | SHA-512 | Yes | Merkle-Damgard construction | | SHA-3 / Keccak | No | Sponge construction | | HMAC-* | No | Double hashing prevents extension | | SHA-256 truncated | No (if truncated) | Missing internal state bits | | BLAKE2 | No | Different construction | ### 1.2 Attack Mechanism ``` Given: MAC = H(secret || original_message) Known: original_message, len(secret), MAC value Compute: H(secret || original_message || padding || extension) WITHOUT knowing the secret! How: The MAC value IS the internal hash state after processing (secret || original_message || padding). Initialize hash with this state, continue hashing extension. ``` ### 1.3 Padding Calculation (MD5/SHA) ```python def md5_padding(message_len_bytes): """Calculate MD5/SHA padding for given message length.""" bit_len = message_len_bytes * 8 # Pad with 0x80 + zeros until length ≡ 56 (mod 64) padding = b'\x80' padding += b'\x00' * ((55 - message_len_bytes) % 64) # Append original length as 64-bit little-endian (MD5) # or big-endian (SHA) padding += bit_len.to_bytes(8, 'little') # MD5 # padding += bit_len.to_bytes(8, 'big') # SHA return padding ``` ### 1.4 Tool Usage ```bash # HashPump hashpump -s "known_mac_hex" \ -d "original_data" \ -k 16 \ # secret length -a "extension_data" # Output: new_mac, new_data (original + padding + extension) # hash_extender hash_extender --data "original" \ --secret 16 \ --append "extension" \ --signature "known_mac_hex" \ --format md5 ``` ### 1.5 Python Implementation ```python import struct def md5_extend(original_mac, original_data_len, secret_len, extension): """ Perform MD5 length extension attack. original_mac: hex string of H(secret || original_data) """ # Parse MAC into MD5 internal state (4 × 32-bit words, little-endian) h = struct.unpack('<4I', bytes.fromhex(original_mac)) # Calculate total length after padding total_original = secret_len + original_data_len padding = md5_padding(total_original) forg