diff --git a/config.json b/config.json index 9c3c920..1313211 100644 --- a/config.json +++ b/config.json @@ -3,5 +3,9 @@ "hcatBin": "hashcat", "hcatTuning": "--force", "hcatWordlists": "/Passwords/wordlists", - "hcatOptimizedWordlists": "/Passwords/optimized_wordlists" + "hcatOptimizedWordlists": "/Passwords/optimized_wordlists", + "hcatMiddleCombinatorMasks": ["2","4"," ","-","_","+",",",".","&"], + "hcatMiddleBaseList": "rockyou.txt", + "hcatThoroughCombinatorMasks": ["0","1","2","3","4","5","6","7","8","9"," ","-","_","+",",","!","#","$","\"","%","&","'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"], + "hcatThoroughBaseList": "rockyou.txt" } \ No newline at end of file diff --git a/hate_crack.py b/hate_crack.py index 88e9f67..8c731ae 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -28,6 +28,10 @@ with open(hate_path + '/config.json') as config: hcatTuning = config_parser['hcatTuning'] hcatWordlists = config_parser['hcatWordlists'] hcatOptimizedWordlists = config_parser['hcatOptimizedWordlists'] + hcatMiddleCombinatorMasks = config_parser['hcatMiddleCombinatorMasks'] + hcatMiddleBaseList = config_parser['hcatMiddleBaseList'] + hcatThoroughCombinatorMasks = config_parser['hcatThoroughCombinatorMasks'] + hcatThoroughBaseList = config_parser['hcatThoroughBaseList'] if sys.platform == 'darwin': hcatExpanderBin = "expander.app" @@ -48,6 +52,24 @@ else: print('Invalid path for hashcat binary. Please check configuration and try again.') quit(1) +if os.path.isfile(hcatMiddleBaseList): + pass +elif os.path.isfile(hcatWordlists+'/'+hcatMiddleBaseList): + hcatMiddleBaseList = hcatWordlists+'/'+hcatMiddleBaseList +else: + print('Invalid path for hcatMiddleBaseList. Please check configuration and try again.') + quit(1) + +if os.path.isfile(hcatThoroughBaseList): + pass +elif os.path.isfile(hcatWordlists+'/'+hcatThoroughBaseList): + hcatThoroughBaseList = hcatWordlists+'/'+hcatThoroughBaseList +else: + print('Invalid path for hcatThoroughBaseList. Please check configuration and try again.') + quit(1) + + + hcatHashCount = 0 hcatHashCracked = 0 hcatBruteCount = 0 @@ -77,8 +99,8 @@ def ascii_art(): \ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| < \___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \ \/ \/ \/_____/ \/ \/ \/ \/ - Public Release - Version 1.03 + Public Release + Version 1.04 """) @@ -436,6 +458,115 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): print('Killing PID {0}...'.format(str(hcatProcess.pid))) hcatProcess.kill() +# Middle fast Combinator Attack +def hcatMiddleCombinator(hcatHashType, hcatHashFile): + global hcatProcess + masks = hcatMiddleCombinatorMasks + try: + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {left} " + "{right} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatMiddleBaseList, + right=hcatMiddleBaseList, + tuning=hcatTuning, + middle_mask=masks[x], + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + +# Middle thorough Combinator Attack +def hcatThoroughCombinator(hcatHashType, hcatHashFile): + global hcatProcess + masks = hcatThoroughCombinatorMasks + try: + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {left} " + "{right} {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatThoroughBaseList, + right=hcatThoroughBaseList, + word_lists=hcatWordlists, + tuning=hcatTuning, + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + + try: + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 " + "-j '${middle_mask}' {left} {right} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatThoroughBaseList, + right=hcatThoroughBaseList, + word_lists=hcatWordlists, + tuning=hcatTuning, + middle_mask=masks[x], + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + try: + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 " + "-k '${end_mask}' {left} {right} {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatThoroughBaseList, + right=hcatThoroughBaseList, + word_lists=hcatWordlists, + tuning=hcatTuning, + end_mask=masks[x], + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + try: + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 " + "-j '${middle_mask}' -k '${end_mask}' {left} {right} {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatThoroughBaseList, + right=hcatThoroughBaseList, + word_lists=hcatWordlists, + tuning=hcatTuning, + middle_mask=masks[x], + end_mask=masks[x], + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + # Pathwell Mask Brute Force Attack def hcatPathwellBruteForce(hcatHashType, hcatHashFile): global hcatProcess @@ -749,6 +880,13 @@ def prince_attack(): def yolo_combination(): hcatYoloCombination(hcatHashType, hcatHashFile) +# Thorough Combinator +def thorough_combinator(): + hcatThoroughCombinator(hcatHashType, hcatHashFile) + +# Middle Combinator +def middle_combinator(): + hcatMiddleCombinator(hcatHashType, hcatHashFile) # convert hex words for recycling def convert_hex(working_file): @@ -907,6 +1045,8 @@ def main(): print("\t(8) Pathwell Top 100 Mask Brute Force Crack") print("\t(9) PRINCE Attack") print("\t(10) YOLO Combinator Attack") + print("\t(11) Middle Combinator Attack") + print("\t(12) Thorough Combinator Attack") print("\n\t(96) Export Output to Excel Format") print("\t(97) Display Cracked Hashes") print("\t(98) Display README") @@ -921,6 +1061,8 @@ def main(): "8": pathwell_crack, "9": prince_attack, "10": yolo_combination, + "11": middle_combinator, + "12": thorough_combinator, "96": export_excel, "97": show_results, "98": show_readme, diff --git a/readme.md b/readme.md index 6b5b91c..4809d12 100644 --- a/readme.md +++ b/readme.md @@ -71,6 +71,8 @@ $ ./hate_crack.py 1000 (8) Pathwell Top 100 Mask Brute Force Crack (9) PRINCE Attack (10) YOLO Combinator Attack + (11) Middle Combinator Attack + (12) Thorough Combinator Attack (96) Export Output to Excel Format (97) Display Cracked Hashes @@ -139,6 +141,28 @@ Runs a PRINCE attack using wordlists/rockyou.txt Runs a continuous combinator attack using random wordlists from the optimized wordlists for the left and right sides. +#### Middle Combinator Attack +https://jeffh.net/2018/04/26/combinator_methods/ + +Runs a modified combinator attack adding a middle character mask: +wordlists/rockyou.txt + masks + worklists/rockyou.txt + +Where the masks are some of the most commonly used separator characters: +2 4 - _ , + . & + +#### Thorough Combinator Attack +https://jeffh.net/2018/04/26/combinator_methods/ + +* Runs many rounds of different combinator attacks with the rockyou list. + - Standard Combinator attack: rockyou.txt + rockyou.txt + - Middle Combinator attack: rockyou.txt + ?n + rockyou.txt + - Middle Combinator attack: rockyou.txt + ?s + rockyou.txt + - End Combinator attack: rockyou.txt + rockyou.txt + ?n + - End Combinator attack: rockyou.txt + rockyou.txt + ?s + - Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n + - Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s + + ------------------------------------------------------------------- ### Version History Version 1.03