From 3bb772bc0ccd4e96329b4e98e935e691211c1cee Mon Sep 17 00:00:00 2001 From: bandrel Date: Thu, 25 Oct 2018 16:32:01 -0400 Subject: [PATCH 01/14] New Attack Mode : Rules Introduces menu driven rule selection against optimized wordlists --- hate_crack.py | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/hate_crack.py b/hate_crack.py index f64dd83..6606a5b 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -35,6 +35,7 @@ hcatBin = config_parser['hcatBin'] hcatTuning = config_parser['hcatTuning'] hcatWordlists = config_parser['hcatWordlists'] hcatOptimizedWordlists = config_parser['hcatOptimizedWordlists'] +hcatRules = config_parser['hcatRules'] try: hcatDictionaryWordlist = config_parser['hcatDictionaryWordlist'] @@ -820,6 +821,27 @@ def hcatRecycle(hcatHashType, hcatHashFile, hcatNewPasswords): except KeyboardInterrupt: hcatProcess.kill() +def hcatRules_attack(hcatHashType, hcatHashFile, hcatRules): + global hcatProcess + for rule in hcatRules: + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hcatHashType} {hash_file} --session {session_name} --remove -o {hash_file}.out {optimized_wordlists}/* " + "-r {hcatPath}/rules/{current_rule} {tuning} --potfile-path={hate_path}/hashcat.pot".format( + hcatPath=hcatPath, + hcatBin=hcatBin, + hcatHashType=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + optimized_wordlists=hcatOptimizedWordlists, + tuning=hcatTuning, + current_rule=rule, + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + print('Killing PID {0}...'.format(str(hcatProcess.pid))) + hcatProcess.kill() + # creating the combined output for pwdformat + cleartext def combine_ntlm_output(): with open(hcatHashFileOrig + ".out", "w+") as hcatCombinedHashes: @@ -961,6 +983,30 @@ def yolo_combination(): def thorough_combinator(): hcatThoroughCombinator(hcatHashType, hcatHashFile) +# Rules Attack +def rules_crack(): + rule_choice = None + selected_hcatRules = [] + + print("\nWhich rule(s) would you like to run?") + rule_number = 1 + for rule in hcatRules: + print('({0}) {1}'.format(rule_number,rule)) + rule_number += 1 + print(('(99) YOLO...run all of the rules ')) + while rule_choice is None: + rule_choice = input('Enter Comma separated list of rules you would like to run: ').split(',') + + if '99' not in rule_choice: + for choice in rule_choice: + try: + selected_hcatRules.append(hcatRules[int(choice)-1]) + except IndexError: + continue + else: + selected_hcatRules = hcatRules + hcatRules_attack(hcatHashType, hcatHashFile, selected_hcatRules) + # Middle Combinator def middle_combinator(): hcatMiddleCombinator(hcatHashType, hcatHashFile) @@ -1124,6 +1170,7 @@ def main(): print("\t(10) YOLO Combinator Attack") print("\t(11) Middle Combinator Attack") print("\t(12) Thorough Combinator Attack") + print("\t(13) Rules Attack") print("\n\t(96) Export Output to Excel Format") print("\t(97) Display Cracked Hashes") print("\t(98) Display README") @@ -1140,6 +1187,7 @@ def main(): "10": yolo_combination, "11": middle_combinator, "12": thorough_combinator, + "13": rules_crack, "96": export_excel, "97": show_results, "98": show_readme, From 11bc0f934f70763caabe53f3f0b3211482f3dd85 Mon Sep 17 00:00:00 2001 From: bandrel Date: Thu, 25 Oct 2018 16:32:34 -0400 Subject: [PATCH 02/14] New Attack Mode : Rules Introduces menu driven rule selection against optimized wordlists --- config.json.example | 1 + 1 file changed, 1 insertion(+) diff --git a/config.json.example b/config.json.example index 6780e5c..86915f1 100644 --- a/config.json.example +++ b/config.json.example @@ -12,5 +12,6 @@ "hcatThoroughCombinatorMasks": ["0","1","2","3","4","5","6","7","8","9"," ","-","_","+",",","!","#","$","\"","%","&","'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"], "hcatThoroughBaseList": "rockyou.txt", "hcatGoodMeasureBaseList": "rockyou.txt", + "hcatRules": ["d3ad0ne.rule", "T0XlC.rule", "dive.rule"], "hcatPrinceBaseList": "rockyou.txt" } \ No newline at end of file From ab08af5a473be1bdf877d3fd7a059bdb2226e121 Mon Sep 17 00:00:00 2001 From: bandrel Date: Thu, 25 Oct 2018 16:40:29 -0400 Subject: [PATCH 03/14] New Attack Mode : Rules Introduces menu driven rule selection against optimized wordlists --- readme.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 0befcaf..f4c48bd 100644 --- a/readme.md +++ b/readme.md @@ -72,6 +72,7 @@ $ ./hate_crack.py 1000 (10) YOLO Combinator Attack (11) Middle Combinator Attack (12) Thorough Combinator Attack + (13) Rules Attack (96) Export Output to Excel Format (97) Display Cracked Hashes @@ -161,7 +162,10 @@ https://jeffh.net/2018/04/26/combinator_methods/ - Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n - Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s - +#### Rules Attack +* Runs one or more selected rules against the optimized wordlist directory. Can customize and add user created rules by +editing the hcatRules in the config file. Rules need to be in the rules directory of hcatPath. + ------------------------------------------------------------------- ### Version History Version 1.05 From 6f02fb92026645300d7d320def521b6661a6ec69 Mon Sep 17 00:00:00 2001 From: bandrel Date: Thu, 25 Oct 2018 17:02:35 -0400 Subject: [PATCH 04/14] New Attack Mode : Rules Introduces menu driven rule selection against optimized wordlists --- hate_crack.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 6606a5b..d8d8796 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -35,7 +35,12 @@ hcatBin = config_parser['hcatBin'] hcatTuning = config_parser['hcatTuning'] hcatWordlists = config_parser['hcatWordlists'] hcatOptimizedWordlists = config_parser['hcatOptimizedWordlists'] -hcatRules = config_parser['hcatRules'] + +try: + hcatRules = config_parser['hcatRules'] +except KeyError as e: + print('{0} is not defined in config.json using defaults from config.json.example'.format(e)) + hcatRules = default_config['hcatRules'] try: hcatDictionaryWordlist = config_parser['hcatDictionaryWordlist'] From 7917b4037a70a98af76bdcd3aebdff0b3be68491 Mon Sep 17 00:00:00 2001 From: bandrel Date: Thu, 25 Oct 2018 17:49:48 -0400 Subject: [PATCH 05/14] Removed Rules Attack and updated Quickcrack allow for additional rules other than best64 --- hate_crack.py | 69 +++++++++++++++++++++++++++------------------------ 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index d8d8796..64d7f8f 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -883,15 +883,44 @@ def cleanup(): #incase someone mashes the Control+C it will still cleanup cleanup() -# Quick Dictionary Attack with Optional Chained Best64 Rules +# Quick Dictionary Attack with Optional Chained Rules def quick_crack(): - hcatChainsInput = int(input("\nHow many times would you like to chain the best64.rule? (1): ") or 1) - hcatChains = '' - if hcatChainsInput > 0: - for n in range(1, hcatChainsInput): - hcatChains += "-r {hcatPath}/rules/best64.rule ".format(hcatPath=hcatPath) + # Rules Attack + rule_choice = None + selected_hcatRules = [] - hcatQuickDictionary(hcatHashType, hcatHashFile, hcatChains) + print("\nWhich rule(s) would you like to run?") + rule_number = 1 + for rule in hcatRules: + print('({0}) {1}'.format(rule_number, rule)) + rule_number += 1 + print(('(99) YOLO...run all of the rules')) + while rule_choice is None: + rule_choice = input('Enter Comma separated list of rules you would like to run.\n' + 'To run rules chained use the + symbol: ').split(',') + + if '99' not in rule_choice: + for choice in rule_choice: + if '+' in choice: + combined_choice = '' + choices = choice.split('+') + for rule in choices: + try: + combined_choice = '{0} {1}'.format(combined_choice, '-r {hcatPath}/rules/{selected_rule}'.format(selected_rule=hcatRules[int(rule) - 1], + hcatPath=hcatPath)) + except: + continue + selected_hcatRules.append(combined_choice) + else: + try: + selected_hcatRules.append(hcatPath + '/rules/' + hcatRules[int(choice) - 1]) + except IndexError: + continue + else: + selected_hcatRules = hcatRules + + for chain in selected_hcatRules: + hcatQuickDictionary(hcatHashType, hcatHashFile, chain) # Extensive Pure_Hate Methodology @@ -988,30 +1017,6 @@ def yolo_combination(): def thorough_combinator(): hcatThoroughCombinator(hcatHashType, hcatHashFile) -# Rules Attack -def rules_crack(): - rule_choice = None - selected_hcatRules = [] - - print("\nWhich rule(s) would you like to run?") - rule_number = 1 - for rule in hcatRules: - print('({0}) {1}'.format(rule_number,rule)) - rule_number += 1 - print(('(99) YOLO...run all of the rules ')) - while rule_choice is None: - rule_choice = input('Enter Comma separated list of rules you would like to run: ').split(',') - - if '99' not in rule_choice: - for choice in rule_choice: - try: - selected_hcatRules.append(hcatRules[int(choice)-1]) - except IndexError: - continue - else: - selected_hcatRules = hcatRules - hcatRules_attack(hcatHashType, hcatHashFile, selected_hcatRules) - # Middle Combinator def middle_combinator(): hcatMiddleCombinator(hcatHashType, hcatHashFile) @@ -1175,7 +1180,6 @@ def main(): print("\t(10) YOLO Combinator Attack") print("\t(11) Middle Combinator Attack") print("\t(12) Thorough Combinator Attack") - print("\t(13) Rules Attack") print("\n\t(96) Export Output to Excel Format") print("\t(97) Display Cracked Hashes") print("\t(98) Display README") @@ -1192,7 +1196,6 @@ def main(): "10": yolo_combination, "11": middle_combinator, "12": thorough_combinator, - "13": rules_crack, "96": export_excel, "97": show_results, "98": show_readme, From 6346513819cabf980be1facd158d7a967ec06490 Mon Sep 17 00:00:00 2001 From: bandrel Date: Thu, 25 Oct 2018 17:54:45 -0400 Subject: [PATCH 06/14] corrected logic if 99 is chosen for rules in quickcrack --- hate_crack.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index 64d7f8f..0a07c08 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -917,7 +917,8 @@ def quick_crack(): except IndexError: continue else: - selected_hcatRules = hcatRules + for rule in hcatRules: + selected_hcatRules.append('-r {hcatPath}/rules/{selected_rule}'.format(selected_rule=rule, hcatPath=hcatPath)) for chain in selected_hcatRules: hcatQuickDictionary(hcatHashType, hcatHashFile, chain) From 3f31304f44ff4f4dc19c49c720073bdf74f70b34 Mon Sep 17 00:00:00 2001 From: bandrel Date: Thu, 25 Oct 2018 18:05:12 -0400 Subject: [PATCH 07/14] Updated readme for updated quickcrack --- readme.md | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/readme.md b/readme.md index f4c48bd..35da75f 100644 --- a/readme.md +++ b/readme.md @@ -84,7 +84,23 @@ Select a task: ------------------------------------------------------------------- #### Quick Crack * Runs a dictionary attack using all wordlists configured in your "hcatOptimizedWordlists" path -and applies the "best64.rule", with the option of chaining the "best64.rule". +and optionally applies a rule that can be selected from a list by ID number. Multiple rules can be selected by using a +comma separated list, and chains can be created by using the '+' symbol. +Example: +```Which rule(s) would you like to run? +(1) best64.rule +(2) d3ad0ne.rule +(3) T0XlC.rule +(4) dive.rule +(99) YOLO...run all of the rules +Enter Comma separated list of rules you would like to run. +To run rules chained use the + symbol: +``` + +To run best64 twice you would enter `1+1` to run best64 and then d3ad0ne you would enter `1,2` + + + #### Extensive Pure_Hate Methodology Crack Runs several attack methods provided by Martin Bos (formerly known as pure_hate) @@ -162,10 +178,6 @@ https://jeffh.net/2018/04/26/combinator_methods/ - Hybrid middle/end attack: rockyou.txt + ?n + rockyou.txt + ?n - Hybrid middle/end attack: rockyou.txt + ?s + rockyou.txt + ?s -#### Rules Attack -* Runs one or more selected rules against the optimized wordlist directory. Can customize and add user created rules by -editing the hcatRules in the config file. Rules need to be in the rules directory of hcatPath. - ------------------------------------------------------------------- ### Version History Version 1.05 From a49f592aae144a96d87d1264af6684225b82230e Mon Sep 17 00:00:00 2001 From: bandrel Date: Thu, 25 Oct 2018 18:05:47 -0400 Subject: [PATCH 08/14] added best64 to default rules list --- config.json.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.json.example b/config.json.example index 86915f1..2df0992 100644 --- a/config.json.example +++ b/config.json.example @@ -12,6 +12,6 @@ "hcatThoroughCombinatorMasks": ["0","1","2","3","4","5","6","7","8","9"," ","-","_","+",",","!","#","$","\"","%","&","'","(",")","*",",",".","/",":",";","<","=",">","?","@","[","\\","]","^","`","{","|","}","~"], "hcatThoroughBaseList": "rockyou.txt", "hcatGoodMeasureBaseList": "rockyou.txt", - "hcatRules": ["d3ad0ne.rule", "T0XlC.rule", "dive.rule"], + "hcatRules": ["best64.rule","d3ad0ne.rule", "T0XlC.rule", "dive.rule"], "hcatPrinceBaseList": "rockyou.txt" } \ No newline at end of file From b0494a28b12dc6f28a73e4fce4de146875ea8613 Mon Sep 17 00:00:00 2001 From: bandrel Date: Fri, 26 Oct 2018 09:02:10 -0400 Subject: [PATCH 09/14] Updated rules example in quickcrack --- readme.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/readme.md b/readme.md index 35da75f..7c7b1d3 100644 --- a/readme.md +++ b/readme.md @@ -86,18 +86,18 @@ Select a task: * Runs a dictionary attack using all wordlists configured in your "hcatOptimizedWordlists" path and optionally applies a rule that can be selected from a list by ID number. Multiple rules can be selected by using a comma separated list, and chains can be created by using the '+' symbol. -Example: -```Which rule(s) would you like to run? + +``` +Which rule(s) would you like to run? (1) best64.rule (2) d3ad0ne.rule (3) T0XlC.rule (4) dive.rule (99) YOLO...run all of the rules -Enter Comma separated list of rules you would like to run. -To run rules chained use the + symbol: +Enter Comma separated list of rules you would like to run. To run rules chained use the + symbol. +For example 1+1 will run best64.rule chained twice and 1,2 would run best64.rule and then d3ad0ne.rule sequentially. +Choose wisely: ``` - -To run best64 twice you would enter `1+1` to run best64 and then d3ad0ne you would enter `1,2` From db11b7c5df845cd3b398e962fdfd0437014f6ed1 Mon Sep 17 00:00:00 2001 From: bandrel Date: Fri, 26 Oct 2018 09:04:18 -0400 Subject: [PATCH 10/14] updated examples in quickcrack rule selection and introduced all rules into the recycle function --- hate_crack.py | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/hate_crack.py b/hate_crack.py index 0a07c08..e766dde 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -810,21 +810,22 @@ def hcatRecycle(hcatHashType, hcatHashFile, hcatNewPasswords): # Overwrite working file with updated converted words with open(working_file, 'w') as f: f.write("\n".join(converted)) - - hcatProcess = subprocess.Popen( - "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out {hash_file}.working " - "-r {hcatPath}/rules/d3ad0ne.rule {tuning} --potfile-path={hate_path}/hashcat.pot".format( - hcatBin=hcatBin, - hash_type=hcatHashType, - hash_file=hcatHashFile, - session_name=os.path.basename(hcatHashFile), - hcatPath=hcatPath, - tuning=hcatTuning, - hate_path=hate_path), shell=True) - try: - hcatProcess.wait() - except KeyboardInterrupt: - hcatProcess.kill() + for rule in hcatRules: + hcatProcess = subprocess.Popen( + "{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out {hash_file}.working " + "-r {hcatPath}/rules/{rule} {tuning} --potfile-path={hate_path}/hashcat.pot".format( + rule=rule, + hcatBin=hcatBin, + hash_type=hcatHashType, + hash_file=hcatHashFile, + session_name=os.path.basename(hcatHashFile), + hcatPath=hcatPath, + tuning=hcatTuning, + hate_path=hate_path), shell=True) + try: + hcatProcess.wait() + except KeyboardInterrupt: + hcatProcess.kill() def hcatRules_attack(hcatHashType, hcatHashFile, hcatRules): global hcatProcess @@ -896,8 +897,9 @@ def quick_crack(): rule_number += 1 print(('(99) YOLO...run all of the rules')) while rule_choice is None: - rule_choice = input('Enter Comma separated list of rules you would like to run.\n' - 'To run rules chained use the + symbol: ').split(',') + rule_choice = input('Enter Comma separated list of rules you would like to run. To run rules chained use the + symbol.\n' + 'For example 1+1 will run {0} chained twice and 1,2 would run {0} and then {1} sequentially.\n' + 'Choose wisely: '.format(hcatRules[0], hcatRules[1])).split(',') if '99' not in rule_choice: for choice in rule_choice: @@ -921,7 +923,7 @@ def quick_crack(): selected_hcatRules.append('-r {hcatPath}/rules/{selected_rule}'.format(selected_rule=rule, hcatPath=hcatPath)) for chain in selected_hcatRules: - hcatQuickDictionary(hcatHashType, hcatHashFile, chain) + hcatQuickDictionary(hcatHashType, hcatHashFile, chain) # Extensive Pure_Hate Methodology From 088993043b2d2569f0b80cba05fea9613e282a7f Mon Sep 17 00:00:00 2001 From: bandrel Date: Fri, 26 Oct 2018 09:12:03 -0400 Subject: [PATCH 11/14] Updated version number --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 7c7b1d3..f705d8e 100644 --- a/readme.md +++ b/readme.md @@ -57,7 +57,7 @@ $ ./hate_crack.py 1000 \ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| < \___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \ \/ \/ \/_____/ \/ \/ \/ \/ - Version 1.05 + Version 1.06 (1) Quick Crack From d4fbecb570ca2728214fd454a40fa39b0145de47 Mon Sep 17 00:00:00 2001 From: bandrel Date: Fri, 26 Oct 2018 09:12:33 -0400 Subject: [PATCH 12/14] removed invalid rule attack from readme --- readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/readme.md b/readme.md index f705d8e..db743b7 100644 --- a/readme.md +++ b/readme.md @@ -72,7 +72,6 @@ $ ./hate_crack.py 1000 (10) YOLO Combinator Attack (11) Middle Combinator Attack (12) Thorough Combinator Attack - (13) Rules Attack (96) Export Output to Excel Format (97) Display Cracked Hashes From 690a2595b4b670273ec883dc915d0037559dc647 Mon Sep 17 00:00:00 2001 From: bandrel Date: Fri, 26 Oct 2018 09:22:08 -0400 Subject: [PATCH 13/14] Updated version information in readme --- readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/readme.md b/readme.md index db743b7..9b07a2c 100644 --- a/readme.md +++ b/readme.md @@ -179,6 +179,9 @@ https://jeffh.net/2018/04/26/combinator_methods/ ------------------------------------------------------------------- ### Version History +Version 1.06 + Updated the quick crack and recylcing functions to use user customizable rules. + Version 1.05 Abstraction of rockyou.txt so that you can use whatever dictionary that you would like to specified in the config.json Minor change the quickcrack that allows you to specify 0 for number of times best64 is chained From 3aff882d89af7f24a89d140e223ce0e353213353 Mon Sep 17 00:00:00 2001 From: bandrel Date: Fri, 26 Oct 2018 10:00:16 -0400 Subject: [PATCH 14/14] updated version number --- hate_crack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hate_crack.py b/hate_crack.py index e766dde..4ff4587 100755 --- a/hate_crack.py +++ b/hate_crack.py @@ -158,7 +158,7 @@ def ascii_art(): \ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| < \___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \ \/ \/ \/_____/ \/ \/ \/ \/ - Version 1.05 + Version 1.06 """)