From 1198f83bb653b511a95ec9ccb26bddfbabc0f3cc Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Thu, 26 Apr 2018 21:48:04 -0700 Subject: [PATCH 01/42] Added discription of the Holden Combinar Attack Method. --- readme.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/readme.md b/readme.md index 69898a1..b29f574 100644 --- a/readme.md +++ b/readme.md @@ -71,6 +71,7 @@ $ ./hate_crack.py 1000 (8) Pathwell Top 100 Mask Brute Force Crack (9) PRINCE Attack (10) YOLO Combinator Attack + (11) Holden Combinator Attack (97) Display Cracked Hashes (98) Display README @@ -138,6 +139,18 @@ Runs a PRINCE attack using wordlists/rockyou.txt Runs a continuous combinator attack using random wordlists from the optimized wordlists for the left and right sides. +#### Holden Combinator Attack +https://jeffh.net/2018/04/26/holden-combinator/ + +Runs a modified combinator attack using: +rockyou + ?d + rockyou +rockyou + ?s + rockyou +rockyou + ?d + rockyou + ?d +rockyou + ?s + rockyou + ?s +rockyou + ?d + rockyou + ?s +rockyou + ?s + rockyou + ?d + + ------------------------------------------------------------------- ### Version History Version 1.00 From ef78418b0d1d338a81509adc881ea8900a415448 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Thu, 26 Apr 2018 21:50:19 -0700 Subject: [PATCH 02/42] Partal implementation of Holden Combinator Method --- hate_crack.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/hate_crack.py b/hate_crack.py index 4060c73..5c0590b 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -311,6 +311,24 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): right=hcatRight, hate_path=hate_path), shell=True).wait() +# Holden Combinator Attack +def hcatHoldenCombinator(hcatHashType, hcatHashFile): + global hcatCombinationCount + global hcatProcess + while 1: + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " + "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + word_lists=hcatWordlists, + tuning=hcatTuning, + hate_path=hate_path), + shell=True).wait() + hcatCombinationCount = lineCount(hcatHashFile + ".out") - hcatHashCracked + + # Pathwell Mask Brute Force Attack def hcatPathwellBruteForce(hcatHashType, hcatHashFile): global hcatProcess @@ -570,6 +588,10 @@ def prince_attack(): def yolo_combination(): hcatYoloCombination(hcatHashType, hcatHashFile) +# Holden Combinator +def holden_combinator(): + hcatHoldenCombinator(hcatHashType, hcatHashFile) + # convert hex words for recycling def convert_hex(working_file): @@ -684,6 +706,7 @@ def main(): print("\t(8) Pathwell Top 100 Mask Brute Force Crack") print("\t(9) PRINCE Attack") print("\t(10) YOLO Combinator Attack") + print("\t(11) Holden Combinator Attack") print("\n\t(97) Display Cracked Hashes") print("\t(98) Display README") print("\t(99) Quit") @@ -697,6 +720,7 @@ def main(): "8": pathwell_crack, "9": prince_attack, "10": yolo_combination, + "11": holden_combinator, "97": show_results, "98": show_readme, "99": quit_hc From 4060ccc3c07cf8ea583284ca322473d045f2313e Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 10:43:31 -0700 Subject: [PATCH 03/42] Add debug print --- hate_crack.py | 1 + 1 file changed, 1 insertion(+) diff --git a/hate_crack.py b/hate_crack.py index 5c0590b..4623121 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -340,6 +340,7 @@ def hcatPathwellBruteForce(hcatHashType, hcatHashFile): hash_file=hcatHashFile, tuning=hcatTuning, hate_path=hate_path), shell=True).wait() + print $hcatProcess # PRINCE Attack From 53ee6eb51a60479468373ac1d24fb43bde1b014f Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 11:45:15 -0700 Subject: [PATCH 04/42] Add debug print --- masks/holdenSpecial | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 masks/holdenSpecial diff --git a/masks/holdenSpecial b/masks/holdenSpecial new file mode 100644 index 0000000..d6b0be8 --- /dev/null +++ b/masks/holdenSpecial @@ -0,0 +1,33 @@ + +- +_ ++ +! +" +# +$ +% +& +' +( +) +* +, +. +/ +: +; +< += +> +? +@ +[ +\ +] +^ +` +{ +| +} +~ From afd146186a221fcccd67fbcbe30ca05324866178 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 11:46:03 -0700 Subject: [PATCH 05/42] Add debug print --- hate_crack.py | 30 ++++++++++++++++-------------- masks/holdenNum | 10 ++++++++++ 2 files changed, 26 insertions(+), 14 deletions(-) create mode 100644 masks/holdenNum diff --git a/hate_crack.py b/hate_crack.py index 4623121..0685672 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -313,20 +313,23 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): # Holden Combinator Attack def hcatHoldenCombinator(hcatHashType, hcatHashFile): - global hcatCombinationCount global hcatProcess - while 1: - hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " - "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( - hcatBin=hcatBin, - hash_type=hcatHashType, - hash_file=hcatHashFile, - word_lists=hcatWordlists, - tuning=hcatTuning, - hate_path=hate_path), - shell=True).wait() - hcatCombinationCount = lineCount(hcatHashFile + ".out") - hcatHashCracked + with open({hate_path}/masks/holdenNum) as middle: + for line in middle: + print line + if 'str' in line: + break + + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " + "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + word_lists=hcatWordlists, + tuning=hcatTuning, + hate_path=hate_path), + shell=True).wait() # Pathwell Mask Brute Force Attack @@ -340,7 +343,6 @@ def hcatPathwellBruteForce(hcatHashType, hcatHashFile): hash_file=hcatHashFile, tuning=hcatTuning, hate_path=hate_path), shell=True).wait() - print $hcatProcess # PRINCE Attack diff --git a/masks/holdenNum b/masks/holdenNum new file mode 100644 index 0000000..f55b5c9 --- /dev/null +++ b/masks/holdenNum @@ -0,0 +1,10 @@ +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 \ No newline at end of file From b596a737e01bdd120c9186c8746ba17cd7dc9b54 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 11:53:21 -0700 Subject: [PATCH 06/42] Add debug print --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 0685672..ee6e255 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -314,7 +314,7 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): # Holden Combinator Attack def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess - with open({hate_path}/masks/holdenNum) as middle: + with open("{hate_path}/masks/holdenNum".format(hate_path=hate_path)) as middle: for line in middle: print line if 'str' in line: From da0e1e6b7c9bd2bcf0c0cfc3904c377b6c815fd6 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 11:55:23 -0700 Subject: [PATCH 07/42] Add debug print --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index ee6e255..129bce2 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -316,7 +316,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess with open("{hate_path}/masks/holdenNum".format(hate_path=hate_path)) as middle: for line in middle: - print line + print line.strip() if 'str' in line: break From d7dbf4be84a316da6d3912020f6c25c93fd5898a Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:10:20 -0700 Subject: [PATCH 08/42] Add debug print --- hate_crack.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index 129bce2..f9de764 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -314,11 +314,10 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): # Holden Combinator Attack def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess - with open("{hate_path}/masks/holdenNum".format(hate_path=hate_path)) as middle: - for line in middle: - print line.strip() - if 'str' in line: - break + numbers = ("0","1","2","3","4","5","6","7","8","9") + special = (" ","-"."_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\","]","^","`","{","|","}","~",")" + print (*special) + print (*numbers) hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " From 4334c8a526e0b33cb7c166021109116aeca6016d Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:11:20 -0700 Subject: [PATCH 09/42] Add debug print --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index f9de764..390e652 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -315,7 +315,7 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess numbers = ("0","1","2","3","4","5","6","7","8","9") - special = (" ","-"."_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\","]","^","`","{","|","}","~",")" + special = (" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\","]","^","`","{","|","}","~",")" print (*special) print (*numbers) From 916e32b22841d0552371b101f45c54a966fb4292 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:23:33 -0700 Subject: [PATCH 10/42] Add debug print --- hate_crack.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index 390e652..596862d 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -314,10 +314,10 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): # Holden Combinator Attack def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess - numbers = ("0","1","2","3","4","5","6","7","8","9") - special = (" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\","]","^","`","{","|","}","~",")" - print (*special) - print (*numbers) + numbers = ["0","1","2","3","4","5","6","7","8","9"] + special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","\]","^","`","{","|","}","~","\)"] + print (special) + print (numbers) hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " From cb3eda9f8d199fa2d622a9d91c0a109a56b43615 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:27:53 -0700 Subject: [PATCH 11/42] Add debug print --- hate_crack.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index 596862d..4b47647 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -316,8 +316,8 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess numbers = ["0","1","2","3","4","5","6","7","8","9"] special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","\]","^","`","{","|","}","~","\)"] - print (special) - print (numbers) + for x in range(len(special)): + print special[x], hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " From f40ae2deb4dd449b6099178ebedb0e65ea7cb6df Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:30:09 -0700 Subject: [PATCH 12/42] Add debug print --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 4b47647..50b74c6 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -315,7 +315,7 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess numbers = ["0","1","2","3","4","5","6","7","8","9"] - special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","\]","^","`","{","|","}","~","\)"] + special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~",")"] for x in range(len(special)): print special[x], From 861a621275ec82d9ebd9121e58b71f6de1c88882 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:31:38 -0700 Subject: [PATCH 13/42] Add debug print --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 50b74c6..d8b433e 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -315,7 +315,7 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess numbers = ["0","1","2","3","4","5","6","7","8","9"] - special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~",")"] + special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] for x in range(len(special)): print special[x], From 5c0c139ad47fd983e58325483e0697470b2f7fa7 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:33:00 -0700 Subject: [PATCH 14/42] Add debug print --- hate_crack.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index d8b433e..ed3ed71 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -316,8 +316,8 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess numbers = ["0","1","2","3","4","5","6","7","8","9"] special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] - for x in range(len(special)): - print special[x], + for x in range(len(numbers)): + print special[numbers], hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " From 37dcc1c5709b956b309181410429614a0e76afdd Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:36:34 -0700 Subject: [PATCH 15/42] Add debug print --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index ed3ed71..c081441 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -314,7 +314,7 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): # Holden Combinator Attack def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess - numbers = ["0","1","2","3","4","5","6","7","8","9"] + numbers = [0,1,2,3,4,5,6,7,8,9] special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] for x in range(len(numbers)): print special[numbers], From 6a0c4f7b7d5c1bd01c83686579c21648551a2265 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 12:40:22 -0700 Subject: [PATCH 16/42] Add debug print --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index c081441..4c78650 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -317,7 +317,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): numbers = [0,1,2,3,4,5,6,7,8,9] special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] for x in range(len(numbers)): - print special[numbers], + print numbers[x], hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " From 4cf0a125ed94c19f5d4857a1cef2ad4926cd3d87 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 14:12:52 -0700 Subject: [PATCH 17/42] Add debug print --- masks/holdenNum | 10 ---------- masks/holdenSpecial | 33 --------------------------------- 2 files changed, 43 deletions(-) delete mode 100644 masks/holdenNum delete mode 100644 masks/holdenSpecial diff --git a/masks/holdenNum b/masks/holdenNum deleted file mode 100644 index f55b5c9..0000000 --- a/masks/holdenNum +++ /dev/null @@ -1,10 +0,0 @@ -0 -1 -2 -3 -4 -5 -6 -7 -8 -9 \ No newline at end of file diff --git a/masks/holdenSpecial b/masks/holdenSpecial deleted file mode 100644 index d6b0be8..0000000 --- a/masks/holdenSpecial +++ /dev/null @@ -1,33 +0,0 @@ - -- -_ -+ -! -" -# -$ -% -& -' -( -) -* -, -. -/ -: -; -< -= -> -? -@ -[ -\ -] -^ -` -{ -| -} -~ From 5ac4e80e9a82137056a0bc3d1430a0b40d6dab4e Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 16:22:42 -0700 Subject: [PATCH 18/42] Add debug print --- hate_crack.py | 1 + 1 file changed, 1 insertion(+) diff --git a/hate_crack.py b/hate_crack.py index 4c78650..b913efc 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -319,6 +319,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): for x in range(len(numbers)): print numbers[x], + hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( From 4e27c5b323a96d06fdd266241d756eeec0a8fe5d Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 16:31:27 -0700 Subject: [PATCH 19/42] testing Middle Mask --- hate_crack.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index b913efc..4e476ac 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -319,17 +319,18 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): for x in range(len(numbers)): print numbers[x], - - hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '$9' {word_lists}/rockyou.txt " - "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( - hcatBin=hcatBin, - hash_type=hcatHashType, - hash_file=hcatHashFile, - word_lists=hcatWordlists, - tuning=hcatTuning, - hate_path=hate_path), - shell=True).wait() + for x in range(len(numbers)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " + "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + word_lists=hcatWordlists, + tuning=hcatTuning, + hate_path=hate_path), + middle_mask=numbers[x], + shell=True).wait() # Pathwell Mask Brute Force Attack From ea5e3b70a2f78a3c2031dfc9914ee9d9622568aa Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 16:32:50 -0700 Subject: [PATCH 20/42] testing Middle Mask --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 4e476ac..fc8b38a 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -330,7 +330,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): tuning=hcatTuning, hate_path=hate_path), middle_mask=numbers[x], - shell=True).wait() + shell=True).wait(), # Pathwell Mask Brute Force Attack From c344fa3c2fc1d1be5dda2b986e0459e2bd1b7232 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 16:46:27 -0700 Subject: [PATCH 21/42] testing Middle Mask --- hate_crack.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index fc8b38a..c67c84d 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -330,7 +330,8 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): tuning=hcatTuning, hate_path=hate_path), middle_mask=numbers[x], - shell=True).wait(), + shell=True).wait() + print "-j '${middle_mask}'".format(middle_mask=numbers[x]) # Pathwell Mask Brute Force Attack From 1d345d448fd1c9cff85cb73ee27a9be734bb7136 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 16:48:10 -0700 Subject: [PATCH 22/42] testing Middle Mask --- hate_crack.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index c67c84d..e9aa8df 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -317,7 +317,8 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): numbers = [0,1,2,3,4,5,6,7,8,9] special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] for x in range(len(numbers)): - print numbers[x], + print numbers[x] + print "-j '${middle_mask}'".format(middle_mask=numbers[x]) for x in range(len(numbers)): hcatProcess = subprocess.Popen( @@ -331,7 +332,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): hate_path=hate_path), middle_mask=numbers[x], shell=True).wait() - print "-j '${middle_mask}'".format(middle_mask=numbers[x]) + # Pathwell Mask Brute Force Attack From c169dd90e5d052b9068f41adfb1a4d9d1e4b40b1 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 16:49:43 -0700 Subject: [PATCH 23/42] testing Middle Mask --- hate_crack.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index e9aa8df..0da0ee2 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -316,9 +316,9 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): global hcatProcess numbers = [0,1,2,3,4,5,6,7,8,9] special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] - for x in range(len(numbers)): - print numbers[x] - print "-j '${middle_mask}'".format(middle_mask=numbers[x]) + for y in range(len(numbers)): + print numbers[y] + print "-j '${middle_mask}'".format(middle_mask=numbers[y]) for x in range(len(numbers)): hcatProcess = subprocess.Popen( From ec5f9688f78bd0d0db07cd5bd03fd3817bcc017e Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 17:02:28 -0700 Subject: [PATCH 24/42] testing Middle Mask --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 0da0ee2..94fe27a 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -318,7 +318,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] for y in range(len(numbers)): print numbers[y] - print "-j '${middle_mask}'".format(middle_mask=numbers[y]) + print "-j {middle_mask}".format(middle_mask="'$numbers[y]'") for x in range(len(numbers)): hcatProcess = subprocess.Popen( From ff5106a014368bf5ca87cc923ba058a65c1e99df Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 17:05:11 -0700 Subject: [PATCH 25/42] testing Middle Mask --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 94fe27a..4feadc2 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -318,7 +318,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] for y in range(len(numbers)): print numbers[y] - print "-j {middle_mask}".format(middle_mask="'$numbers[y]'") + print "-j '${middle_mask}".format(middle_mask=numbers[y]) for x in range(len(numbers)): hcatProcess = subprocess.Popen( From 7bd151303a46663e0f7a6646d868ef59b2a68afb Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 17:06:00 -0700 Subject: [PATCH 26/42] testing Middle Mask --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 4feadc2..003f425 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -318,7 +318,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] for y in range(len(numbers)): print numbers[y] - print "-j '${middle_mask}".format(middle_mask=numbers[y]) + print "-j \'${middle_mask}\'".format(middle_mask=numbers[y]) for x in range(len(numbers)): hcatProcess = subprocess.Popen( From 5c0b77cce720cc082e2cbc1906482f516b0200e3 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 17:07:11 -0700 Subject: [PATCH 27/42] testing Middle Mask --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 003f425..fc0310e 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -322,7 +322,7 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): for x in range(len(numbers)): hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j \'${middle_mask}\' {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, From e86f253a067335ab98e02071a9fed8e89289e33d Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 17:11:17 -0700 Subject: [PATCH 28/42] testing Middle Mask --- hate_crack.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index fc0310e..100da02 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -318,7 +318,14 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] for y in range(len(numbers)): print numbers[y] - print "-j \'${middle_mask}\'".format(middle_mask=numbers[y]) + print "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j \'${middle_mask}\' {word_lists}/rockyou.txt {word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + word_lists=hcatWordlists, + tuning=hcatTuning, + hate_path=hate_path, + middle_mask = numbers[y]) for x in range(len(numbers)): hcatProcess = subprocess.Popen( From 87f05b57863bfa6f3b77dc9c5fbe632b377bb9b6 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 17:12:45 -0700 Subject: [PATCH 29/42] testing Middle Mask --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 100da02..4679c83 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -336,8 +336,8 @@ def hcatHoldenCombinator(hcatHashType, hcatHashFile): hash_file=hcatHashFile, word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), middle_mask=numbers[x], + hate_path=hate_path), shell=True).wait() From 2d5d1377dfe7963d2f81f244b551df435a721b1b Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 22:21:30 -0700 Subject: [PATCH 30/42] Add two new attack methods --- hate_crack.py | 87 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 70 insertions(+), 17 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index 4679c83..ece044e 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -311,35 +311,83 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): right=hcatRight, hate_path=hate_path), shell=True).wait() -# Holden Combinator Attack -def hcatHoldenCombinator(hcatHashType, hcatHashFile): + +# Middle fast Combinator Attack +def hcatMiddleCombinator(hcatHashType, hcatHashFile): global hcatProcess - numbers = [0,1,2,3,4,5,6,7,8,9] - special = [" ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] - for y in range(len(numbers)): - print numbers[y] - print "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j \'${middle_mask}\' {word_lists}/rockyou.txt {word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + masks = ["2","4"," ","-","_","+",",",".","&"] + + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " + "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + word_lists=hcatWordlists, + tuning=hcatTuning, + middle_mask=masks[x], + hate_path=hate_path), + shell=True).wait() + + +# Middle thorough Combinator Attack +def hcatThoroughCombinator(hcatHashType, hcatHashFile): + global hcatProcess + masks = ["0","1","2","3","4","5","6","7","8","9"," ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] + + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 {word_lists}/rockyou.txt " + "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path, - middle_mask = numbers[y]) + hate_path=hate_path), + shell=True).wait() - for x in range(len(numbers)): + for x in range(len(masks)): hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j \'${middle_mask}\' {word_lists}/rockyou.txt " + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, word_lists=hcatWordlists, tuning=hcatTuning, - middle_mask=numbers[x], + middle_mask=masks[x], hate_path=hate_path), shell=True).wait() + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -k '${end_mask}' {word_lists}/rockyou.txt " + "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + word_lists=hcatWordlists, + tuning=hcatTuning, + end_mask=masks[x], + hate_path=hate_path), + shell=True).wait() + + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' -k '${end_mask} {word_lists}/rockyou.txt " + "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + word_lists=hcatWordlists, + tuning=hcatTuning, + middle_mask=masks[x], + end_mask=masks[x], + hate_path=hate_path), + shell=True).wait() + + # Pathwell Mask Brute Force Attack @@ -601,10 +649,13 @@ def prince_attack(): def yolo_combination(): hcatYoloCombination(hcatHashType, hcatHashFile) -# Holden Combinator -def holden_combinator(): - hcatHoldenCombinator(hcatHashType, hcatHashFile) +# Thorough Combinator +def thorough_combinator(): + hcatThoroughCombinator(hcatHashType, hcatHashFile) +# Middle Combinator +def middle_combinator(): + hcatMiddleCombinator(hcatHashType, hcatHashFile) # convert hex words for recycling def convert_hex(working_file): @@ -719,7 +770,8 @@ def main(): print("\t(8) Pathwell Top 100 Mask Brute Force Crack") print("\t(9) PRINCE Attack") print("\t(10) YOLO Combinator Attack") - print("\t(11) Holden Combinator Attack") + print("\t(11) Middle Combinator Attack") + print("\t(12) Thorough Combinator Attack") print("\n\t(97) Display Cracked Hashes") print("\t(98) Display README") print("\t(99) Quit") @@ -733,7 +785,8 @@ def main(): "8": pathwell_crack, "9": prince_attack, "10": yolo_combination, - "11": holden_combinator, + "11": middle_combinator, + "12": thorough_combinator, "97": show_results, "98": show_readme, "99": quit_hc From 3e21c0a66d6c9c12383fc9e87ef035da7b718aa1 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 22:54:38 -0700 Subject: [PATCH 31/42] Add two new attack methods to readme file --- readme.md | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/readme.md b/readme.md index b29f574..56dc37c 100644 --- a/readme.md +++ b/readme.md @@ -139,16 +139,26 @@ Runs a PRINCE attack using wordlists/rockyou.txt Runs a continuous combinator attack using random wordlists from the optimized wordlists for the left and right sides. -#### Holden Combinator Attack +#### Middle Combinator Attack https://jeffh.net/2018/04/26/holden-combinator/ -Runs a modified combinator attack using: -rockyou + ?d + rockyou -rockyou + ?s + rockyou -rockyou + ?d + rockyou + ?d -rockyou + ?s + rockyou + ?s -rockyou + ?d + rockyou + ?s -rockyou + ?s + rockyou + ?d +Runs a modified combinator attack adding a middle character mask: +wordlists/rockyou.txt + masks + worklists/rockyou.txt + +Where the masks are some of the most commonly used separator characters: +2 4 - _ , + . & + +#### Thorough Combinator Attack +https://jeffh.net/2018/04/26/holden-combinator/ + +*Runs many rounds of different combinator attacks with the rockyou list. + - Standard Combinator attack: rockyou.txt + rockyou.txt + - Middle Combinator attack: rockyou.txt + ?n + rockyou.txt + - Middle Combinator attack: rockyou.txt + ?s + rockyou.txt + - End Combinator attack: rockyou.txt + rockyou.txt + ?n + - End Combinator attack: rockyou.txt + rockyou.txt + ?s + - Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n + - Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s ------------------------------------------------------------------- From 5dbaf948399116fa8d47d818d1b35997445e2121 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 22:55:00 -0700 Subject: [PATCH 32/42] Add two new attack methods to readme file --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index ece044e..7fc9c48 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -375,7 +375,7 @@ def hcatThoroughCombinator(hcatHashType, hcatHashFile): for x in range(len(masks)): hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' -k '${end_mask} {word_lists}/rockyou.txt " + "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' -k '${end_mask}' {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, From 206c5d64473c9c00a9851874c54cd0bb47cd904c Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Fri, 27 Apr 2018 23:39:13 -0700 Subject: [PATCH 33/42] Add two new attack methods to readme file --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 56dc37c..5a18bfa 100644 --- a/readme.md +++ b/readme.md @@ -140,7 +140,7 @@ Runs a continuous combinator attack using random wordlists from the optimized wordlists for the left and right sides. #### Middle Combinator Attack -https://jeffh.net/2018/04/26/holden-combinator/ +https://jeffh.net/2018/04/26/combinator_methods/ Runs a modified combinator attack adding a middle character mask: wordlists/rockyou.txt + masks + worklists/rockyou.txt @@ -149,7 +149,7 @@ Where the masks are some of the most commonly used separator characters: 2 4 - _ , + . & #### Thorough Combinator Attack -https://jeffh.net/2018/04/26/holden-combinator/ +https://jeffh.net/2018/04/26/combinator_methods/ *Runs many rounds of different combinator attacks with the rockyou list. - Standard Combinator attack: rockyou.txt + rockyou.txt From 913d44d9368cadd25dc2a5b10d78d6e2e87bb3f4 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Sat, 28 Apr 2018 00:05:57 -0700 Subject: [PATCH 34/42] Fix readme file --- readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 5a18bfa..bd86315 100644 --- a/readme.md +++ b/readme.md @@ -71,7 +71,8 @@ $ ./hate_crack.py 1000 (8) Pathwell Top 100 Mask Brute Force Crack (9) PRINCE Attack (10) YOLO Combinator Attack - (11) Holden Combinator Attack + (11) Middle Combinator Attack + (12) Thorough Combinator Attack (97) Display Cracked Hashes (98) Display README From ea46c1fd3a216edecaca7964085eee8e4a3f5183 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Sat, 28 Apr 2018 18:06:08 -0700 Subject: [PATCH 35/42] Merge remote-tracking branch 'remotes/Trusted_SEC/master' # Conflicts: # hate_crack.py --- hate_crack.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index 78b1717..c4e9e34 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -819,10 +819,9 @@ def main(): print("\t(8) Pathwell Top 100 Mask Brute Force Crack") print("\t(9) PRINCE Attack") print("\t(10) YOLO Combinator Attack") - print("\n\t(96) Export Output to Excel Format") - print("\t(97) Display Cracked Hashes") print("\t(11) Middle Combinator Attack") print("\t(12) Thorough Combinator Attack") + print("\n\t(96) Export Output to Excel Format") print("\n\t(97) Display Cracked Hashes") print("\t(98) Display README") print("\t(99) Quit") From 0f5da15457c45a9aae4848fd3f1896fa83dc30ac Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Sat, 28 Apr 2018 18:07:47 -0700 Subject: [PATCH 36/42] Merge remote-tracking branch 'remotes/Trusted_SEC/master' # Conflicts: # hate_crack.py --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index c4e9e34..860c5e0 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -822,7 +822,7 @@ def main(): print("\t(11) Middle Combinator Attack") print("\t(12) Thorough Combinator Attack") print("\n\t(96) Export Output to Excel Format") - print("\n\t(97) Display Cracked Hashes") + print("\t(97) Display Cracked Hashes") print("\t(98) Display README") print("\t(99) Quit") options = {"1": quick_crack, From bbbea4fc1f1f282856b02a38a1b695a3bee09338 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Sat, 28 Apr 2018 18:15:22 -0700 Subject: [PATCH 37/42] fix readme --- readme.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/readme.md b/readme.md index c19228f..7945f5e 100644 --- a/readme.md +++ b/readme.md @@ -154,13 +154,14 @@ Where the masks are some of the most commonly used separator characters: https://jeffh.net/2018/04/26/combinator_methods/ *Runs many rounds of different combinator attacks with the rockyou list. - - Standard Combinator attack: rockyou.txt + rockyou.txt - - Middle Combinator attack: rockyou.txt + ?n + rockyou.txt - - Middle Combinator attack: rockyou.txt + ?s + rockyou.txt - - End Combinator attack: rockyou.txt + rockyou.txt + ?n - - End Combinator attack: rockyou.txt + rockyou.txt + ?s - - Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n - - Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s + - Standard Combinator attack: rockyou.txt + rockyou.txt + + - Middle Combinator attack: rockyou.txt + ?n + rockyou.txt + - Middle Combinator attack: rockyou.txt + ?s + rockyou.txt + - End Combinator attack: rockyou.txt + rockyou.txt + ?n + - End Combinator attack: rockyou.txt + rockyou.txt + ?s + - Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n + - Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s ------------------------------------------------------------------- From c3614c9b18cbf5a54c48babe8b8af5f91a686d70 Mon Sep 17 00:00:00 2001 From: Jeff Holden Date: Sat, 28 Apr 2018 18:17:02 -0700 Subject: [PATCH 38/42] fix readme --- readme.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 7945f5e..735161f 100644 --- a/readme.md +++ b/readme.md @@ -153,9 +153,8 @@ Where the masks are some of the most commonly used separator characters: #### Thorough Combinator Attack https://jeffh.net/2018/04/26/combinator_methods/ -*Runs many rounds of different combinator attacks with the rockyou list. +* Runs many rounds of different combinator attacks with the rockyou list. - Standard Combinator attack: rockyou.txt + rockyou.txt - - Middle Combinator attack: rockyou.txt + ?n + rockyou.txt - Middle Combinator attack: rockyou.txt + ?s + rockyou.txt - End Combinator attack: rockyou.txt + rockyou.txt + ?n From 390829d03e062892c42d0565cb3a04c3af4f9b0b Mon Sep 17 00:00:00 2001 From: bandrel Date: Mon, 7 May 2018 16:56:27 -0400 Subject: [PATCH 39/42] Added sessions to new attacks --- hate_crack.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index 058c325..efac141 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -334,11 +334,12 @@ def hcatMiddleCombinator(hcatHashType, hcatHashFile): for x in range(len(masks)): hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, middle_mask=masks[x], @@ -352,7 +353,7 @@ def hcatThoroughCombinator(hcatHashType, hcatHashFile): masks = ["0","1","2","3","4","5","6","7","8","9"," ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 {word_lists}/rockyou.txt " + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, @@ -364,11 +365,12 @@ def hcatThoroughCombinator(hcatHashType, hcatHashFile): for x in range(len(masks)): hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, middle_mask=masks[x], @@ -377,11 +379,12 @@ def hcatThoroughCombinator(hcatHashType, hcatHashFile): for x in range(len(masks)): hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -k '${end_mask}' {word_lists}/rockyou.txt " + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 -k '${end_mask}' {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, end_mask=masks[x], @@ -390,11 +393,13 @@ def hcatThoroughCombinator(hcatHashType, hcatHashFile): for x in range(len(masks)): hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' -k '${end_mask}' {word_lists}/rockyou.txt " + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 " + "-j '${middle_mask}' -k '${end_mask}' {word_lists}/rockyou.txt " "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, middle_mask=masks[x], @@ -857,7 +862,7 @@ def main(): "9": prince_attack, "10": yolo_combination, "96": export_excel, - "11": middle_combinator, + "11": middle_combinator, "12": thorough_combinator, "97": show_results, "98": show_readme, From 8202b5709ba552dff66228bef793fc3e9610e7f7 Mon Sep 17 00:00:00 2001 From: bandrel Date: Tue, 8 May 2018 09:44:41 -0400 Subject: [PATCH 40/42] Updating branch to include recent additions --- hate_crack.py | 404 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 278 insertions(+), 126 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index efac141..645db87 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -7,8 +7,6 @@ import subprocess import sys import os -import signal -import time import random import re import json @@ -109,7 +107,13 @@ def hcatBruteForce(hcatHashType, hcatHashFile, hcatMinLen, hcatMaxLen): min=hcatMinLen, max=hcatMaxLen, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatBruteCount = lineCount(hcatHashFile + ".out") @@ -127,7 +131,13 @@ def hcatDictionary(hcatHashType, hcatHashFile): session_name=os.path.basename(hcatHashFile), optimized_wordlists=hcatOptimizedWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m {hcatHashType} {hash_file} --session {session_name} --remove -o {hash_file}.out {hcatWordlists}/rockyou.txt " @@ -136,9 +146,16 @@ def hcatDictionary(hcatHashType, hcatHashFile): hcatBin=hcatBin, hcatHashType=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), hcatWordlists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m {hcatHashType} {hash_file} --session {session_name} --remove -o {hash_file}.out {hcatWordlists}/rockyou.txt " @@ -150,7 +167,13 @@ def hcatDictionary(hcatHashType, hcatHashFile): session_name=os.path.basename(hcatHashFile), hcatWordlists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatDictionaryCount = lineCount(hcatHashFile + ".out") - hcatBruteCount @@ -167,7 +190,13 @@ def hcatQuickDictionary(hcatHashType, hcatHashFile, hcatChains): optimized_wordlists=hcatOptimizedWordlists, chains=hcatChains, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + # Top Mask Attack @@ -180,13 +209,25 @@ def hcatTopMask(hcatHashType, hcatHashFile, hcatTargetTime): hcatProcess = subprocess.Popen( "{hate_path}/PACK/statsgen.py {hash_file}.working -o {hash_file}.masks".format( hash_file=hcatHashFile, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hate_path}/PACK/maskgen.py {hash_file}.masks --targettime {target_time} --optindex -q --pps 14000000000 " "--minlength=7 -o {hash_file}.hcmask".format( hash_file=hcatHashFile, target_time=hcatTargetTime, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 3 {hash_file}.hcmask {tuning} " "--potfile-path={hate_path}/hashcat.pot".format( @@ -195,7 +236,13 @@ def hcatTopMask(hcatHashType, hcatHashFile, hcatTargetTime): hash_file=hcatHashFile, session_name=os.path.basename(hcatHashFile), tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatMaskCount = lineCount(hcatHashFile + ".out") - hcatHashCracked @@ -213,7 +260,12 @@ def hcatFingerprint(hcatHashType, hcatHashFile): "{hate_path}/hashcat-utils/bin/{expander_bin} < {hash_file}.working | sort -u > {hash_file}.expanded".format( expander_bin=hcatExpanderBin, hash_file=hcatHashFile, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {hash_file}.expanded " "{hash_file}.expanded {tuning} --potfile-path={hate_path}/hashcat.pot".format( @@ -222,7 +274,12 @@ def hcatFingerprint(hcatHashType, hcatHashFile): hash_file=hcatHashFile, session_name=os.path.basename(hcatHashFile), tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() crackedAfter = lineCount(hcatHashFile + ".out") hcatFingerprintCount = lineCount(hcatHashFile + ".out") - hcatHashCracked @@ -241,7 +298,13 @@ def hcatCombination(hcatHashType, hcatHashFile): word_lists=hcatWordlists, tuning=hcatTuning, hate_path=hate_path), - shell=True).wait() + shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatCombinationCount = lineCount(hcatHashFile + ".out") - hcatHashCracked @@ -250,81 +313,128 @@ def hcatHybrid(hcatHashType, hcatHashFile): global hcatHybridCount global hcatProcess hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 6 -1 ?s?d {word_lists}/rockyou.txt ?1?1 " + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 6 -1 ?s?d {word_lists}/rockyou.txt ?1?1 " "{tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 6 -1 ?s?d {word_lists}/rockyou.txt ?1?1?1 " "{tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 6 -1 ?s?d {word_lists}/rockyou.txt " "?1?1?1?1 {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 7 -1 ?s?d ?1?1 {word_lists}/rockyou.txt " "{tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 7 -1 ?s?d ?1?1?1 {word_lists}/rockyou.txt " "{tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 7 -1 ?s?d ?1?1?1?1 {word_lists}/rockyou.txt " "{tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatHybridCount = lineCount(hcatHashFile + ".out") - hcatHashCracked # YOLO Combination Attack def hcatYoloCombination(hcatHashType, hcatHashFile): global hcatProcess - while 1: - hcatLeft = random.choice(os.listdir(hcatOptimizedWordlists)) - hcatRight = random.choice(os.listdir(hcatOptimizedWordlists)) - hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {optimized_lists}/{left} " - "{optimized_lists}/{right} {tuning} --potfile-path={hate_path}/hashcat.pot".format( - hcatBin=hcatBin, - hash_type=hcatHashType, - hash_file=hcatHashFile, - session_name=os.path.basename(hcatHashFile), - word_lists=hcatWordlists, - optimized_lists=hcatOptimizedWordlists, - tuning=hcatTuning, - left=hcatLeft, - right=hcatRight, - hate_path=hate_path), shell=True).wait() + try: + while 1: + hcatLeft = random.choice(os.listdir(hcatOptimizedWordlists)) + hcatRight = random.choice(os.listdir(hcatOptimizedWordlists)) + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {optimized_lists}/{left} " + "{optimized_lists}/{right} {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + word_lists=hcatWordlists, + optimized_lists=hcatOptimizedWordlists, + tuning=hcatTuning, + left=hcatLeft, + right=hcatRight, + hate_path=hate_path), shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() # Middle fast Combinator Attack @@ -421,7 +531,12 @@ def hcatPathwellBruteForce(hcatHashType, hcatHashFile): hash_file=hcatHashFile, session_name=os.path.basename(hcatHashFile), tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() # PRINCE Attack @@ -440,8 +555,12 @@ def hcatPrince(hcatHashType, hcatHashFile): word_lists=hcatWordlists, optimized_lists=hcatOptimizedWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() - + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() # Extra - Good Measure def hcatGoodMeasure(hcatHashType, hcatHashFile): @@ -458,7 +577,13 @@ def hcatGoodMeasure(hcatHashType, hcatHashFile): session_name=os.path.basename(hcatHashFile), word_lists=hcatWordlists, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatExtraCount = lineCount(hcatHashFile + ".out") - hcatHashCracked @@ -469,7 +594,13 @@ def hcatLMtoNT(): "{hcatBin} --show --potfile-path={hate_path}/hashcat.pot -m 3000 {hash_file}.lm > {hash_file}.lm.cracked".format( hcatBin=hcatBin, hash_file=hcatHashFile, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m 3000 {hash_file}.lm --session {session_name} --remove -o {hash_file}.lm.cracked -1 ?u?d?s --increment -a 3 ?1?1?1?1?1?1?1 " "{tuning} --potfile-path={hate_path}/hashcat.pot".format( @@ -477,7 +608,12 @@ def hcatLMtoNT(): hash_file=hcatHashFile, session_name=os.path.basename(hcatHashFile), tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + hcatProcess.kill() + hcatProcess = subprocess.Popen("cat {hash_file}.lm.cracked | cut -d : -f 2 > {hash_file}.working".format( hash_file=hcatHashFile), shell=True).wait() hcatProcess = subprocess.Popen( @@ -487,14 +623,25 @@ def hcatLMtoNT(): hcatBin=hcatBin, hash_file=hcatHashFile, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() hcatProcess = subprocess.Popen( "{hcatBin} --show --potfile-path={hate_path}/hashcat.pot -m 1000 {hash_file}.nt > {hash_file}.nt.out".format( hcatBin=hcatBin, hash_file=hcatHashFile, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + hcatProcess = subprocess.Popen( "{hcatBin} -m 1000 {hash_file}.nt --session {session_name} --remove -o {hash_file}.nt.out {hash_file}.combined " "-r {hate_path}/rules/toggles-lm-ntlm.rule {tuning} --potfile-path={hate_path}/hashcat.pot".format( @@ -502,7 +649,13 @@ def hcatLMtoNT(): hash_file=hcatHashFile, session_name=os.path.basename(hcatHashFile), tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + # toggle-lm-ntlm.rule by Didier Stevens https://blog.didierstevens.com/2016/07/16/tool-to-generate-hashcat-toggle-rules/ @@ -512,7 +665,13 @@ def hcatRecycle(hcatHashType, hcatHashFile, hcatNewPasswords): working_file = hcatHashFile + '.working' if hcatNewPasswords > 0: hcatProcess = subprocess.Popen("cat {hash_file}.out | cut -d : -f 2 > {working_file}".format( - hash_file=hcatHashFile, working_file=working_file), shell=True).wait() + hash_file=hcatHashFile, working_file=working_file), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + converted = convert_hex(working_file) # Overwrite working file with updated converted words @@ -528,7 +687,12 @@ def hcatRecycle(hcatHashType, hcatHashFile, hcatNewPasswords): session_name=os.path.basename(hcatHashFile), hcatPath=hcatPath, tuning=hcatTuning, - hate_path=hate_path), shell=True).wait() + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + hcatProcess.kill() + # creating the combined output for pwdformat + cleartext def combine_ntlm_output(): with open(hcatHashFileOrig + ".out", "w+") as hcatCombinedHashes: @@ -541,44 +705,35 @@ def combine_ntlm_output(): # Cleanup Temp Files def cleanup(): - if hcatHashType == "1000": - print("\nComparing cracked hashes to original file...") - combine_ntlm_output() - print("\nCracked passwords combined with original hashes in %s" % (hcatHashFileOrig + ".out")) - print('\nCleaning up temporary files...') - if os.path.exists(hcatHashFile + ".masks"): - os.remove(hcatHashFile + ".masks") - if os.path.exists(hcatHashFile + ".working"): - os.remove(hcatHashFile + ".working") - if os.path.exists(hcatHashFile + ".expanded"): - os.remove(hcatHashFile + ".expanded") - if os.path.exists(hcatHashFileOrig + ".combined"): - os.remove(hcatHashFileOrig + ".combined") - if os.path.exists(hcatHashFileOrig + ".lm"): - os.remove(hcatHashFileOrig + ".lm") - if os.path.exists(hcatHashFileOrig + ".lm.cracked"): - os.remove(hcatHashFileOrig + ".lm.cracked") - if os.path.exists(hcatHashFileOrig + ".working"): - os.remove(hcatHashFileOrig + ".working") - - -# CTRL-C Function -def signal_handler(signal, frame): - global hcatHashFile - global hcatBin - global hcatProcess - - print("Killing %s..." % hcatBin) - processGroup = os.getpgid(hcatProcess) - hcatProcess = subprocess.Popen("kill -%d" % processGroup, shell=True).wait() - time.sleep(5) - + try: + if hcatHashType == "1000": + print("\nComparing cracked hashes to original file...") + combine_ntlm_output() + print("\nCracked passwords combined with original hashes in %s" % (hcatHashFileOrig + ".out")) + print('\nCleaning up temporary files...') + if os.path.exists(hcatHashFile + ".masks"): + os.remove(hcatHashFile + ".masks") + if os.path.exists(hcatHashFile + ".working"): + os.remove(hcatHashFile + ".working") + if os.path.exists(hcatHashFile + ".expanded"): + os.remove(hcatHashFile + ".expanded") + if os.path.exists(hcatHashFileOrig + ".combined"): + os.remove(hcatHashFileOrig + ".combined") + if os.path.exists(hcatHashFileOrig + ".lm"): + os.remove(hcatHashFileOrig + ".lm") + if os.path.exists(hcatHashFileOrig + ".lm.cracked"): + os.remove(hcatHashFileOrig + ".lm.cracked") + if os.path.exists(hcatHashFileOrig + ".working"): + os.remove(hcatHashFileOrig + ".working") + except KeyboardInterrupt: + #incase someone mashes the Control+C it will still cleanup + cleanup() # Quick Dictionary Attack with Optional Chained Best64 Rules def quick_crack(): - hcatChainsInput = int(input("\nHow many times would you like to chain the best64.rule? (1): ") or 1) - hcatChains = "-r {hcatPath}/rules/best64.rule ".format(hcatPath=hcatPath) - if hcatChainsInput > 1: + hcatChainsInput = int(input("\nHow many times would you like to chain the best64.rule? (0): ") or 0) + hcatChains = '' + if hcatChainsInput > 0: for n in range(1, hcatChainsInput): hcatChains += "-r {hcatPath}/rules/best64.rule ".format(hcatPath=hcatPath) @@ -731,7 +886,7 @@ def export_excel(): current_ws['E1'] = 'Clear-Text Password' with open(hcatHashFileOrig+'.out') as input_file: for line in input_file: - matches = re.match(r'(^[^:]+):([0-9]+):([a-z0-9]{32}):([a-z0-9]{32}):::(.*)',line.rstrip('\r\n')) + matches = re.match(r'(^[^:]+):([0-9]+):([a-z0-9A-Z]{32}):([a-z0-9A-Z]{32}):::(.*)',line.rstrip('\r\n')) username = matches.group(1) sid = matches.group(2) lm = matches.group(3) @@ -787,9 +942,6 @@ def main(): ascii_art() - # Catch CTRL-C - signal.signal(signal.SIGINT, signal_handler) - # Get Initial Input Hash Count hcatHashCount = lineCount(hcatHashFile) @@ -797,7 +949,7 @@ def main(): if hcatHashType == "1000": lmHashesFound = False hcatHashFileLine = open(hcatHashFile, "r").readline() - if re.search(r"[a-z0-9]{32}:[a-z0-9]{32}:::$", hcatHashFileLine): + if re.search(r"[a-z0-9A-Z]{32}:[a-z0-9A-Z]{32}:::$", hcatHashFileLine): print("PWDUMP format detected...") print("Parsing NT hashes...") subprocess.Popen( @@ -834,45 +986,45 @@ def main(): print("No hashes found in POT file.") # Display Options - while 1: - print("\n\t(1) Quick Crack") - print("\t(2) Extensive Pure_Hate Methodology Crack") - print("\t(3) Brute Force Attack") - print("\t(4) Top Mask Attack") - print("\t(5) Fingerprint Attack") - print("\t(6) Combinator Attack") - print("\t(7) Hybrid Attack") - print("\t(8) Pathwell Top 100 Mask Brute Force Crack") - print("\t(9) PRINCE Attack") - print("\t(10) YOLO Combinator Attack") - print("\t(11) Middle Combinator Attack") - print("\t(12) Thorough Combinator Attack") - print("\n\t(96) Export Output to Excel Format") - print("\t(97) Display Cracked Hashes") - print("\t(98) Display README") - print("\t(99) Quit") - options = {"1": quick_crack, - "2": extensive_crack, - "3": brute_force_crack, - "4": top_mask_crack, - "5": fingerprint_crack, - "6": combinator_crack, - "7": hybrid_crack, - "8": pathwell_crack, - "9": prince_attack, - "10": yolo_combination, - "96": export_excel, - "11": middle_combinator, - "12": thorough_combinator, - "97": show_results, - "98": show_readme, - "99": quit_hc - } - try: - task = input("\nSelect a task: ") - options[task]() - except KeyError: - pass + try: + while 1: + print("\n\t(1) Quick Crack") + print("\t(2) Extensive Pure_Hate Methodology Crack") + print("\t(3) Brute Force Attack") + print("\t(4) Top Mask Attack") + print("\t(5) Fingerprint Attack") + print("\t(6) Combinator Attack") + print("\t(7) Hybrid Attack") + print("\t(8) Pathwell Top 100 Mask Brute Force Crack") + print("\t(9) PRINCE Attack") + print("\t(10) YOLO Combinator Attack") + print("\n\t(96) Export Output to Excel Format") + print("\t(97) Display Cracked Hashes") + print("\t(98) Display README") + print("\t(99) Quit") + options = {"1": quick_crack, + "2": extensive_crack, + "3": brute_force_crack, + "4": top_mask_crack, + "5": fingerprint_crack, + "6": combinator_crack, + "7": hybrid_crack, + "8": pathwell_crack, + "9": prince_attack, + "10": yolo_combination, + "96": export_excel, + "97": show_results, + "98": show_readme, + "99": quit_hc + } + try: + task = input("\nSelect a task: ") + options[task]() + except KeyError: + pass + except KeyboardInterrupt: + quit_hc() + # Boilerplate if __name__ == '__main__': main() From 6d49d1d31376d31f3e939a460323983051e51f28 Mon Sep 17 00:00:00 2001 From: bandrel Date: Tue, 8 May 2018 09:46:53 -0400 Subject: [PATCH 41/42] Added missing menu items accidentally removed --- hate_crack.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hate_crack.py b/hate_crack.py index 645db87..100361c 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -998,6 +998,8 @@ def main(): print("\t(8) Pathwell Top 100 Mask Brute Force Crack") print("\t(9) PRINCE Attack") print("\t(10) YOLO Combinator Attack") + print("\t(11) Middle Combinator Attack") + print("\t(12) Thorough Combinator Attack") print("\n\t(96) Export Output to Excel Format") print("\t(97) Display Cracked Hashes") print("\t(98) Display README") @@ -1012,6 +1014,8 @@ def main(): "8": pathwell_crack, "9": prince_attack, "10": yolo_combination, + "11": middle_combinator, + "12": thorough_combinator, "96": export_excel, "97": show_results, "98": show_readme, From 4184b4f4132174ea5d62c4c8c8701df1d92c4c8a Mon Sep 17 00:00:00 2001 From: bandrel Date: Tue, 8 May 2018 10:58:04 -0400 Subject: [PATCH 42/42] Abstracted the wordlists and masks and put them in the configfile --- config.json | 6 +- hate_crack.py | 178 ++++++++++++++++++++++++++++++++------------------ 2 files changed, 119 insertions(+), 65 deletions(-) diff --git a/config.json b/config.json index 9c3c920..1313211 100644 --- a/config.json +++ b/config.json @@ -3,5 +3,9 @@ "hcatBin": "hashcat", "hcatTuning": "--force", "hcatWordlists": "/Passwords/wordlists", - "hcatOptimizedWordlists": "/Passwords/optimized_wordlists" + "hcatOptimizedWordlists": "/Passwords/optimized_wordlists", + "hcatMiddleCombinatorMasks": ["2","4"," ","-","_","+",",",".","&"], + "hcatMiddleBaseList": "rockyou.txt", + "hcatThoroughCombinatorMasks": ["0","1","2","3","4","5","6","7","8","9"," ","-","_","+",",","!","#","$","\"","%","&","'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"], + "hcatThoroughBaseList": "rockyou.txt" } \ No newline at end of file diff --git a/hate_crack.py b/hate_crack.py index 100361c..9fb26b2 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -28,6 +28,10 @@ with open(hate_path + '/config.json') as config: hcatTuning = config_parser['hcatTuning'] hcatWordlists = config_parser['hcatWordlists'] hcatOptimizedWordlists = config_parser['hcatOptimizedWordlists'] + hcatMiddleCombinatorMasks = config_parser['hcatMiddleCombinatorMasks'] + hcatMiddleBaseList = config_parser['hcatMiddleBaseList'] + hcatThoroughCombinatorMasks = config_parser['hcatThoroughCombinatorMasks'] + hcatThoroughBaseList = config_parser['hcatThoroughBaseList'] if sys.platform == 'darwin': hcatExpanderBin = "expander.app" @@ -48,6 +52,24 @@ else: print('Invalid path for hashcat binary. Please check configuration and try again.') quit(1) +if os.path.isfile(hcatMiddleBaseList): + pass +elif os.path.isfile(hcatWordlists+'/'+hcatMiddleBaseList): + hcatMiddleBaseList = hcatWordlists+'/'+hcatMiddleBaseList +else: + print('Invalid path for hcatMiddleBaseList. Please check configuration and try again.') + quit(1) + +if os.path.isfile(hcatThoroughBaseList): + pass +elif os.path.isfile(hcatWordlists+'/'+hcatThoroughBaseList): + hcatThoroughBaseList = hcatWordlists+'/'+hcatThoroughBaseList +else: + print('Invalid path for hcatThoroughBaseList. Please check configuration and try again.') + quit(1) + + + hcatHashCount = 0 hcatHashCracked = 0 hcatBruteCount = 0 @@ -440,83 +462,111 @@ def hcatYoloCombination(hcatHashType, hcatHashFile): # Middle fast Combinator Attack def hcatMiddleCombinator(hcatHashType, hcatHashFile): global hcatProcess - masks = ["2","4"," ","-","_","+",",",".","&"] - - for x in range(len(masks)): - hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " - "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( - hcatBin=hcatBin, - hash_type=hcatHashType, - hash_file=hcatHashFile, - session_name=os.path.basename(hcatHashFile), - word_lists=hcatWordlists, - tuning=hcatTuning, - middle_mask=masks[x], - hate_path=hate_path), - shell=True).wait() - + masks = hcatMiddleCombinatorMasks + try: + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {left} " + "{right} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatMiddleBaseList, + right=hcatMiddleBaseList, + tuning=hcatTuning, + middle_mask=masks[x], + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() # Middle thorough Combinator Attack def hcatThoroughCombinator(hcatHashType, hcatHashFile): global hcatProcess - masks = ["0","1","2","3","4","5","6","7","8","9"," ","-","_","+",",","!","#","$","\"","%","&","\'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"] - - hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {word_lists}/rockyou.txt " - "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( - hcatBin=hcatBin, - hash_type=hcatHashType, - hash_file=hcatHashFile, - word_lists=hcatWordlists, - tuning=hcatTuning, - hate_path=hate_path), - shell=True).wait() - - for x in range(len(masks)): + masks = hcatThoroughCombinatorMasks + try: hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 -j '${middle_mask}' {word_lists}/rockyou.txt " - "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {left} " + "{right} {tuning} --potfile-path={hate_path}/hashcat.pot".format( hcatBin=hcatBin, hash_type=hcatHashType, hash_file=hcatHashFile, session_name=os.path.basename(hcatHashFile), + left=hcatThoroughBaseList, + right=hcatThoroughBaseList, word_lists=hcatWordlists, tuning=hcatTuning, - middle_mask=masks[x], hate_path=hate_path), - shell=True).wait() - - for x in range(len(masks)): - hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 -k '${end_mask}' {word_lists}/rockyou.txt " - "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( - hcatBin=hcatBin, - hash_type=hcatHashType, - hash_file=hcatHashFile, - session_name=os.path.basename(hcatHashFile), - word_lists=hcatWordlists, - tuning=hcatTuning, - end_mask=masks[x], - hate_path=hate_path), - shell=True).wait() - - for x in range(len(masks)): - hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 " - "-j '${middle_mask}' -k '${end_mask}' {word_lists}/rockyou.txt " - "{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format( - hcatBin=hcatBin, - hash_type=hcatHashType, - hash_file=hcatHashFile, - session_name=os.path.basename(hcatHashFile), - word_lists=hcatWordlists, - tuning=hcatTuning, - middle_mask=masks[x], - end_mask=masks[x], - hate_path=hate_path), - shell=True).wait() + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + try: + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 " + "-j '${middle_mask}' {left} {right} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatThoroughBaseList, + right=hcatThoroughBaseList, + word_lists=hcatWordlists, + tuning=hcatTuning, + middle_mask=masks[x], + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + try: + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 " + "-k '${end_mask}' {left} {right} {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatThoroughBaseList, + right=hcatThoroughBaseList, + word_lists=hcatWordlists, + tuning=hcatTuning, + end_mask=masks[x], + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + try: + for x in range(len(masks)): + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 " + "-j '${middle_mask}' -k '${end_mask}' {left} {right} {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + left=hcatThoroughBaseList, + right=hcatThoroughBaseList, + word_lists=hcatWordlists, + tuning=hcatTuning, + middle_mask=masks[x], + end_mask=masks[x], + hate_path=hate_path), + shell=True) + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill()