mirror of
https://github.com/trustedsec/hate_crack.git
synced 2025-12-31 15:08:06 -08:00
914 lines
33 KiB
Python
Executable File
914 lines
33 KiB
Python
Executable File
#!/usr/bin/env python
|
|
|
|
# Methodology provided by Martin Bos (pure_hate) - https://www.trustedsec.com/team-members/martin-bos/
|
|
# Original script created by Larry Spohn (spoonman) - https://www.trustedsec.com/team-members/larry-spohn/
|
|
# Python refactoring and general fixing, Justin Bollinger (bandrel) - https://www.trustedsec.com/team-members/justin-bollinger/
|
|
|
|
import subprocess
|
|
import sys
|
|
import os
|
|
import random
|
|
import re
|
|
import json
|
|
import binascii
|
|
|
|
# python2/3 compatability
|
|
try:
|
|
input = raw_input
|
|
except NameError:
|
|
pass
|
|
|
|
|
|
hate_path = os.path.dirname(os.path.realpath(__file__))
|
|
with open(hate_path + '/config.json') as config:
|
|
config_parser = json.load(config)
|
|
|
|
hcatPath = config_parser['hcatPath']
|
|
hcatBin = config_parser['hcatBin']
|
|
hcatTuning = config_parser['hcatTuning']
|
|
hcatWordlists = config_parser['hcatWordlists']
|
|
hcatOptimizedWordlists = config_parser['hcatOptimizedWordlists']
|
|
|
|
if sys.platform == 'darwin':
|
|
hcatExpanderBin = "expander.app"
|
|
hcatCombinatorBin = "combinator.app"
|
|
hcatPrinceBin = "pp64.app"
|
|
else:
|
|
hcatExpanderBin = "expander.bin"
|
|
hcatCombinatorBin = "combinator.bin"
|
|
hcatPrinceBin = "pp64.bin"
|
|
|
|
|
|
# hashcat biniary checks for systems that install hashcat binary in different location than the rest of the hashcat files
|
|
if os.path.isfile(hcatBin):
|
|
pass
|
|
elif os.path.isfile(hcatPath.rstrip('/') + '/' + hcatBin):
|
|
hcatBin = hcatPath.rstrip('/') + '/' + hcatBin
|
|
else:
|
|
print('Invalid path for hashcat binary. Please check configuration and try again.')
|
|
quit(1)
|
|
|
|
hcatHashCount = 0
|
|
hcatHashCracked = 0
|
|
hcatBruteCount = 0
|
|
hcatDictionaryCount = 0
|
|
hcatMaskCount = 0
|
|
hcatFingerprintCount = 0
|
|
hcatCombinationCount = 0
|
|
hcatHybridCount = 0
|
|
hcatExtraCount = 0
|
|
hcatRecycleCount = 0
|
|
hcatProcess = 0
|
|
|
|
|
|
# Help
|
|
def usage():
|
|
print("usage: python hate_crack.py <hash_file> <hash_type>")
|
|
print("\nThe <hash_type> is attained by running \"{hcatBin} --help\"\n".format(hcatBin=hcatBin))
|
|
print("Example Hashes: http://hashcat.net/wiki/doku.php?id=example_hashes\n")
|
|
|
|
|
|
def ascii_art():
|
|
print(r"""
|
|
|
|
___ ___ __ _________ __
|
|
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
|
|
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
|
|
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
|
|
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
|
|
\/ \/ \/_____/ \/ \/ \/ \/
|
|
Public Release
|
|
Version 1.03
|
|
""")
|
|
|
|
|
|
# Counts the number of lines in a file
|
|
def lineCount(file):
|
|
try:
|
|
with open(file) as outFile:
|
|
count = 0
|
|
for line in outFile:
|
|
count = count + 1
|
|
return count
|
|
except:
|
|
return 0
|
|
|
|
# Brute Force Attack
|
|
def hcatBruteForce(hcatHashType, hcatHashFile, hcatMinLen, hcatMaxLen):
|
|
global hcatBruteCount
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcbin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out --increment --increment-min={min} "
|
|
"--increment-max={max} -a 3 ?a?a?a?a?a?a?a?a?a?a?a?a?a?a {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcbin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
min=hcatMinLen,
|
|
max=hcatMaxLen,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatBruteCount = lineCount(hcatHashFile + ".out")
|
|
|
|
|
|
# Dictionary Attack
|
|
def hcatDictionary(hcatHashType, hcatHashFile):
|
|
global hcatDictionaryCount
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hcatHashType} {hash_file} --session {session_name} --remove -o {hash_file}.out {optimized_wordlists}/* "
|
|
"-r {hcatPath}/rules/best64.rule {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatPath=hcatPath,
|
|
hcatBin=hcatBin,
|
|
hcatHashType=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
optimized_wordlists=hcatOptimizedWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hcatHashType} {hash_file} --session {session_name} --remove -o {hash_file}.out {hcatWordlists}/rockyou.txt "
|
|
"-r {hcatPath}/rules/d3ad0ne.rule {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatPath=hcatPath,
|
|
hcatBin=hcatBin,
|
|
hcatHashType=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
hcatWordlists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hcatHashType} {hash_file} --session {session_name} --remove -o {hash_file}.out {hcatWordlists}/rockyou.txt "
|
|
"-r {hcatPath}/rules/T0XlC.rule {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatPath=hcatPath,
|
|
hcatBin=hcatBin,
|
|
hcatHashType=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
hcatWordlists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatDictionaryCount = lineCount(hcatHashFile + ".out") - hcatBruteCount
|
|
|
|
|
|
# Quick Dictionary Attack (Optional Chained Rules)
|
|
def hcatQuickDictionary(hcatHashType, hcatHashFile, hcatChains):
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hcatHashType} {hash_file} --session {session_name} --remove -o {hash_file}.out "
|
|
"{optimized_wordlists}/* {chains} {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hcatHashType=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
optimized_wordlists=hcatOptimizedWordlists,
|
|
chains=hcatChains,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
|
|
|
|
# Top Mask Attack
|
|
def hcatTopMask(hcatHashType, hcatHashFile, hcatTargetTime):
|
|
global hcatMaskCount
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"cat {hash_file}.out | cut -d : -f 2 > {hash_file}.working".format(
|
|
hash_file=hcatHashFile), shell=True).wait()
|
|
hcatProcess = subprocess.Popen(
|
|
"{hate_path}/PACK/statsgen.py {hash_file}.working -o {hash_file}.masks".format(
|
|
hash_file=hcatHashFile,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hate_path}/PACK/maskgen.py {hash_file}.masks --targettime {target_time} --optindex -q --pps 14000000000 "
|
|
"--minlength=7 -o {hash_file}.hcmask".format(
|
|
hash_file=hcatHashFile,
|
|
target_time=hcatTargetTime,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 3 {hash_file}.hcmask {tuning} "
|
|
"--potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatMaskCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
|
|
|
|
|
|
# Fingerprint Attack
|
|
def hcatFingerprint(hcatHashType, hcatHashFile):
|
|
global hcatFingerprintCount
|
|
global hcatProcess
|
|
crackedBefore = lineCount(hcatHashFile + ".out")
|
|
crackedAfter = 0
|
|
while crackedBefore != crackedAfter:
|
|
crackedBefore = lineCount(hcatHashFile + ".out")
|
|
hcatProcess = subprocess.Popen("cat {hash_file}.out | cut -d : -f 2 > {hash_file}.working".format(
|
|
hash_file=hcatHashFile), shell=True).wait()
|
|
hcatProcess = subprocess.Popen(
|
|
"{hate_path}/hashcat-utils/bin/{expander_bin} < {hash_file}.working | sort -u > {hash_file}.expanded".format(
|
|
expander_bin=hcatExpanderBin,
|
|
hash_file=hcatHashFile,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {hash_file}.expanded "
|
|
"{hash_file}.expanded {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
crackedAfter = lineCount(hcatHashFile + ".out")
|
|
hcatFingerprintCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
|
|
|
|
|
|
# Combinator Attack
|
|
def hcatCombination(hcatHashType, hcatHashFile):
|
|
global hcatCombinationCount
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {word_lists}/rockyou.txt "
|
|
"{word_lists}/rockyou.txt {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path),
|
|
shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatCombinationCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
|
|
|
|
|
|
# Hybrid Attack
|
|
def hcatHybrid(hcatHashType, hcatHashFile):
|
|
global hcatHybridCount
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 6 -1 ?s?d {word_lists}/rockyou.txt ?1?1 "
|
|
"{tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 6 -1 ?s?d {word_lists}/rockyou.txt ?1?1?1 "
|
|
"{tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 6 -1 ?s?d {word_lists}/rockyou.txt "
|
|
"?1?1?1?1 {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 7 -1 ?s?d ?1?1 {word_lists}/rockyou.txt "
|
|
"{tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 7 -1 ?s?d ?1?1?1 {word_lists}/rockyou.txt "
|
|
"{tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --remove -o {hash_file}.out -a 7 -1 ?s?d ?1?1?1?1 {word_lists}/rockyou.txt "
|
|
"{tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatHybridCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
|
|
|
|
|
|
# YOLO Combination Attack
|
|
def hcatYoloCombination(hcatHashType, hcatHashFile):
|
|
global hcatProcess
|
|
try:
|
|
while 1:
|
|
hcatLeft = random.choice(os.listdir(hcatOptimizedWordlists))
|
|
hcatRight = random.choice(os.listdir(hcatOptimizedWordlists))
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 1 {optimized_lists}/{left} "
|
|
"{optimized_lists}/{right} {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
optimized_lists=hcatOptimizedWordlists,
|
|
tuning=hcatTuning,
|
|
left=hcatLeft,
|
|
right=hcatRight,
|
|
hate_path=hate_path), shell=True)
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
# Pathwell Mask Brute Force Attack
|
|
def hcatPathwellBruteForce(hcatHashType, hcatHashFile):
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -a 3 {hate_path}/masks/pathwell.hcmask "
|
|
"{tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
|
|
# PRINCE Attack
|
|
def hcatPrince(hcatHashType, hcatHashFile):
|
|
global hcatProcess
|
|
hcatHashCracked = lineCount(hcatHashFile + ".out")
|
|
hcatProcess = subprocess.Popen(
|
|
"{hate_path}/princeprocessor/{prince_bin} --case-permute --elem-cnt-min=1 --elem-cnt-max=16 -c < "
|
|
"{word_lists}/rockyou.txt | {hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out "
|
|
"-r {hate_path}/princeprocessor/rules/prince_optimized.rule {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
prince_bin=hcatPrinceBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
optimized_lists=hcatOptimizedWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
# Extra - Good Measure
|
|
def hcatGoodMeasure(hcatHashType, hcatHashFile):
|
|
global hcatExtraCount
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out -r {hcatPath}/rules/combinator.rule "
|
|
"-r {hcatPath}/rules/InsidePro-PasswordsPro.rule {word_lists}/rockyou.txt {tuning} "
|
|
"--potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatPath=hcatPath,
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
word_lists=hcatWordlists,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatExtraCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
|
|
|
|
|
|
# LanMan to NT Attack
|
|
def hcatLMtoNT():
|
|
global hcatProcess
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} --show --potfile-path={hate_path}/hashcat.pot -m 3000 {hash_file}.lm > {hash_file}.lm.cracked".format(
|
|
hcatBin=hcatBin,
|
|
hash_file=hcatHashFile,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m 3000 {hash_file}.lm --session {session_name} --remove -o {hash_file}.lm.cracked -1 ?u?d?s --increment -a 3 ?1?1?1?1?1?1?1 "
|
|
"{tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen("cat {hash_file}.lm.cracked | cut -d : -f 2 > {hash_file}.working".format(
|
|
hash_file=hcatHashFile), shell=True).wait()
|
|
hcatProcess = subprocess.Popen(
|
|
"{hate_path}/hashcat-utils/bin/{combine_bin} {hash_file}.working {hash_file}.working | sort -u > "
|
|
"{hash_file}.combined".format(
|
|
combine_bin=hcatCombinatorBin,
|
|
hcatBin=hcatBin,
|
|
hash_file=hcatHashFile,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} --show --potfile-path={hate_path}/hashcat.pot -m 1000 {hash_file}.nt > {hash_file}.nt.out".format(
|
|
hcatBin=hcatBin,
|
|
hash_file=hcatHashFile,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m 1000 {hash_file}.nt --session {session_name} --remove -o {hash_file}.nt.out {hash_file}.combined "
|
|
"-r {hate_path}/rules/toggles-lm-ntlm.rule {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
# toggle-lm-ntlm.rule by Didier Stevens https://blog.didierstevens.com/2016/07/16/tool-to-generate-hashcat-toggle-rules/
|
|
|
|
|
|
# Recycle Cracked Passwords
|
|
def hcatRecycle(hcatHashType, hcatHashFile, hcatNewPasswords):
|
|
global hcatProcess
|
|
working_file = hcatHashFile + '.working'
|
|
if hcatNewPasswords > 0:
|
|
hcatProcess = subprocess.Popen("cat {hash_file}.out | cut -d : -f 2 > {working_file}".format(
|
|
hash_file=hcatHashFile, working_file=working_file), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
converted = convert_hex(working_file)
|
|
|
|
# Overwrite working file with updated converted words
|
|
with open(working_file, 'w') as f:
|
|
f.write("\n".join(converted))
|
|
|
|
hcatProcess = subprocess.Popen(
|
|
"{hcatBin} -m {hash_type} {hash_file} --session {session_name} --remove -o {hash_file}.out {hash_file}.working "
|
|
"-r {hcatPath}/rules/d3ad0ne.rule {tuning} --potfile-path={hate_path}/hashcat.pot".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
session_name=os.path.basename(hcatHashFile),
|
|
hcatPath=hcatPath,
|
|
tuning=hcatTuning,
|
|
hate_path=hate_path), shell=True)
|
|
try:
|
|
hcatProcess.wait()
|
|
except KeyboardInterrupt:
|
|
hcatProcess.kill()
|
|
|
|
# creating the combined output for pwdformat + cleartext
|
|
def combine_ntlm_output():
|
|
with open(hcatHashFileOrig + ".out", "w+") as hcatCombinedHashes:
|
|
with open(hcatHashFile + ".out", "r") as hcatCrackedFile:
|
|
for crackedLine in hcatCrackedFile:
|
|
with open(hcatHashFileOrig, "r") as hcatOrigFile:
|
|
for origLine in hcatOrigFile:
|
|
if crackedLine.split(":")[0] == origLine.split(":")[3]:
|
|
hcatCombinedHashes.write(origLine.strip() + crackedLine.split(":")[1])
|
|
|
|
# Cleanup Temp Files
|
|
def cleanup():
|
|
try:
|
|
if hcatHashType == "1000":
|
|
print("\nComparing cracked hashes to original file...")
|
|
combine_ntlm_output()
|
|
print("\nCracked passwords combined with original hashes in %s" % (hcatHashFileOrig + ".out"))
|
|
print('\nCleaning up temporary files...')
|
|
if os.path.exists(hcatHashFile + ".masks"):
|
|
os.remove(hcatHashFile + ".masks")
|
|
if os.path.exists(hcatHashFile + ".working"):
|
|
os.remove(hcatHashFile + ".working")
|
|
if os.path.exists(hcatHashFile + ".expanded"):
|
|
os.remove(hcatHashFile + ".expanded")
|
|
if os.path.exists(hcatHashFileOrig + ".combined"):
|
|
os.remove(hcatHashFileOrig + ".combined")
|
|
if os.path.exists(hcatHashFileOrig + ".lm"):
|
|
os.remove(hcatHashFileOrig + ".lm")
|
|
if os.path.exists(hcatHashFileOrig + ".lm.cracked"):
|
|
os.remove(hcatHashFileOrig + ".lm.cracked")
|
|
if os.path.exists(hcatHashFileOrig + ".working"):
|
|
os.remove(hcatHashFileOrig + ".working")
|
|
except KeyboardInterrupt:
|
|
#incase someone mashes the Control+C it will still cleanup
|
|
cleanup()
|
|
|
|
# Quick Dictionary Attack with Optional Chained Best64 Rules
|
|
def quick_crack():
|
|
hcatChainsInput = int(input("\nHow many times would you like to chain the best64.rule? (0): ") or 0)
|
|
hcatChains = ''
|
|
if hcatChainsInput > 0:
|
|
for n in range(1, hcatChainsInput):
|
|
hcatChains += "-r {hcatPath}/rules/best64.rule ".format(hcatPath=hcatPath)
|
|
|
|
hcatQuickDictionary(hcatHashType, hcatHashFile, hcatChains)
|
|
|
|
|
|
# Extensive Pure_Hate Methodology
|
|
def extensive_crack():
|
|
# Brute Force Attack
|
|
hcatBruteForce(hcatHashType, hcatHashFile, "1", "7")
|
|
|
|
# Recycle Cracked Passwords
|
|
hcatRecycle(hcatHashType, hcatHashFile, hcatBruteCount)
|
|
|
|
# Dictionary Attack
|
|
hcatDictionary(hcatHashType, hcatHashFile)
|
|
|
|
# Recycle Cracked Passwords
|
|
hcatRecycle(hcatHashType, hcatHashFile, hcatDictionaryCount)
|
|
|
|
# Top Mask Attack
|
|
hcatTargetTime = 4 * 60 * 60 # 4 Hours
|
|
hcatTopMask(hcatHashType, hcatHashFile, hcatTargetTime)
|
|
|
|
# Recycle Cracked Passwords
|
|
hcatRecycle(hcatHashType, hcatHashFile, hcatMaskCount)
|
|
|
|
# Fingerprint Attack
|
|
hcatFingerprint(hcatHashType, hcatHashFile)
|
|
|
|
# Recycle Cracked Passwords
|
|
hcatRecycle(hcatHashType, hcatHashFile, hcatFingerprintCount)
|
|
|
|
# Combination Attack
|
|
hcatCombination(hcatHashType, hcatHashFile)
|
|
|
|
# Recycle Cracked Passwords
|
|
hcatRecycle(hcatHashType, hcatHashFile, hcatCombinationCount)
|
|
|
|
# Hybrid Attack
|
|
hcatHybrid(hcatHashType, hcatHashFile)
|
|
|
|
# Recycle Cracked Passwords
|
|
hcatRecycle(hcatHashType, hcatHashFile, hcatHybridCount)
|
|
|
|
# Extra - Just For Good Measure
|
|
hcatGoodMeasure(hcatHashType, hcatHashFile)
|
|
|
|
# Recycle Cracked Passwords
|
|
hcatRecycle(hcatHashType, hcatHashFile, hcatExtraCount)
|
|
|
|
|
|
# Brute Force
|
|
def brute_force_crack():
|
|
hcatMinLen = int(input("\nEnter the minimum password length to brute force (1): ") or 1)
|
|
hcatMaxLen = int(input("\nEnter the maximum password length to brute force (7): ") or 7)
|
|
hcatBruteForce(hcatHashType, hcatHashFile, hcatMinLen, hcatMaxLen)
|
|
|
|
|
|
# Top Mask
|
|
def top_mask_crack():
|
|
hcatTargetTime = int(input("\nEnter a target time for completion in hours (4): ") or 4)
|
|
hcatTargetTime = hcatTargetTime * 60 * 60
|
|
hcatTopMask(hcatHashType, hcatHashFile, hcatTargetTime)
|
|
|
|
|
|
# Fingerprint
|
|
def fingerprint_crack():
|
|
hcatFingerprint(hcatHashType, hcatHashFile)
|
|
|
|
|
|
# Combinator
|
|
def combinator_crack():
|
|
hcatCombination(hcatHashType, hcatHashFile)
|
|
|
|
|
|
# Hybrid
|
|
def hybrid_crack():
|
|
hcatHybrid(hcatHashType, hcatHashFile)
|
|
|
|
|
|
# Pathwell Top 100 Bruteforce Mask
|
|
def pathwell_crack():
|
|
# Bruteforce Mask Attack
|
|
hcatPathwellBruteForce(hcatHashType, hcatHashFile)
|
|
|
|
|
|
# PRINCE Attack
|
|
def prince_attack():
|
|
if not os.path.isfile(hcatWordlists + '/rockyou.txt'):
|
|
print("rockyou.txt not found in {0} Please verify and try again").format(hcatWordlists)
|
|
return
|
|
hcatPrince(hcatHashType, hcatHashFile)
|
|
|
|
|
|
# YOLO Combination
|
|
def yolo_combination():
|
|
hcatYoloCombination(hcatHashType, hcatHashFile)
|
|
|
|
|
|
# convert hex words for recycling
|
|
def convert_hex(working_file):
|
|
processed_words = []
|
|
regex = r'^\$HEX\[(\S+)\]'
|
|
with open(working_file, 'r') as f:
|
|
for line in f:
|
|
match = re.search(regex, line.rstrip('\n'))
|
|
if match:
|
|
processed_words.append(binascii.unhexlify(match.group(1)).decode('utf-8'))
|
|
else:
|
|
processed_words.append(line.rstrip('\n'))
|
|
|
|
return processed_words
|
|
|
|
# Display Cracked Hashes
|
|
def show_results():
|
|
if os.path.isfile(hcatHashFile + ".out"):
|
|
with open(hcatHashFile + ".out") as hcatOutput:
|
|
for cracked_hash in hcatOutput:
|
|
print(cracked_hash.strip())
|
|
else:
|
|
print("No hashes were cracked :(")
|
|
|
|
# Exports output to excel file
|
|
def export_excel():
|
|
|
|
# Check for openyxl dependancy for export
|
|
try:
|
|
import openpyxl
|
|
except:
|
|
sys.stderr.write('You must install openpyxl first using \'pip install openpyxl\' or \'pip3 install openpyxl\'\n')
|
|
return
|
|
|
|
if hcatHashType == "1000":
|
|
combine_ntlm_output()
|
|
output = openpyxl.Workbook()
|
|
current_ws = output.create_sheet(title='hate_crack output', index=0)
|
|
current_row = 2
|
|
current_ws['A1'] = 'Username'
|
|
current_ws['B1'] = 'SID'
|
|
current_ws['C1'] = 'LM Hash'
|
|
current_ws['D1'] = 'NTLM Hash'
|
|
current_ws['E1'] = 'Clear-Text Password'
|
|
with open(hcatHashFileOrig+'.out') as input_file:
|
|
for line in input_file:
|
|
matches = re.match(r'(^[^:]+):([0-9]+):([a-z0-9A-Z]{32}):([a-z0-9A-Z]{32}):::(.*)',line.rstrip('\r\n'))
|
|
username = matches.group(1)
|
|
sid = matches.group(2)
|
|
lm = matches.group(3)
|
|
ntlm = matches.group(4)
|
|
try:
|
|
clear_text = matches.group(5)
|
|
match = re.search(r'^\$HEX\[(\S+)\]', clear_text)
|
|
if match:
|
|
clear_text = binascii.unhexlify(match.group(1)).decode('utf-8')
|
|
except:
|
|
clear_text = ''
|
|
current_ws['A' + str(current_row)] = username
|
|
current_ws['B' + str(current_row)] = sid
|
|
current_ws['C' + str(current_row)] = lm
|
|
current_ws['D' + str(current_row)] = ntlm
|
|
current_ws['E' + str(current_row)] = clear_text
|
|
current_row += 1
|
|
output.save(hcatHashFile+'.xlsx')
|
|
print("Output exported succesfully to {0}".format(hcatHashFile+'.xlsx'))
|
|
else:
|
|
sys.stderr.write('Excel output only supported for pwdformat for NTLM hashes')
|
|
return
|
|
|
|
|
|
# Show README
|
|
def show_readme():
|
|
with open(hate_path + "/readme.md") as hcatReadme:
|
|
print(hcatReadme.read())
|
|
|
|
|
|
# Exit Program
|
|
def quit_hc():
|
|
cleanup()
|
|
sys.exit(0)
|
|
|
|
|
|
# The Main Guts
|
|
def main():
|
|
global hcatHashFile
|
|
global hcatHashType
|
|
global hcatHashFileOrig
|
|
global lmHashesFound
|
|
|
|
hcatHashFileOrig = ""
|
|
|
|
try:
|
|
hcatHashFile = sys.argv[1]
|
|
hcatHashType = sys.argv[2]
|
|
|
|
except IndexError:
|
|
usage()
|
|
sys.exit()
|
|
|
|
ascii_art()
|
|
|
|
# Get Initial Input Hash Count
|
|
hcatHashCount = lineCount(hcatHashFile)
|
|
|
|
# If LM or NT Mode Selected and pwdump Format Detected, Prompt For LM to NT Attack
|
|
if hcatHashType == "1000":
|
|
lmHashesFound = False
|
|
hcatHashFileLine = open(hcatHashFile, "r").readline()
|
|
if re.search(r"[a-z0-9A-Z]{32}:[a-z0-9A-Z]{32}:::$", hcatHashFileLine):
|
|
print("PWDUMP format detected...")
|
|
print("Parsing NT hashes...")
|
|
subprocess.Popen(
|
|
"cat {hash_file} | cut -d : -f 4 |sort -u > {hash_file}.nt".format(hash_file=hcatHashFile),
|
|
shell=True).wait()
|
|
print("Parsing LM hashes...")
|
|
subprocess.Popen("cat {hash_file} | cut -d : -f 3 |sort -u > {hash_file}.lm".format(hash_file=hcatHashFile),
|
|
shell=True).wait()
|
|
if ((lineCount(hcatHashFile + ".lm") == 1) and (
|
|
hcatHashFileLine.split(":")[2] != "aad3b435b51404eeaad3b435b51404ee")) or (
|
|
lineCount(hcatHashFile + ".lm") > 1):
|
|
lmHashesFound = True
|
|
lmChoice = input("LM hashes identified. Would you like to brute force the LM hashes first? (Y) ") or "Y"
|
|
if lmChoice.upper() == 'Y':
|
|
hcatLMtoNT()
|
|
hcatHashFileOrig = hcatHashFile
|
|
hcatHashFile = hcatHashFile + ".nt"
|
|
|
|
# Check POT File for Already Cracked Hashes
|
|
if not os.path.isfile(hcatHashFile + ".out"):
|
|
hcatOutput = open(hcatHashFile + ".out", "w+")
|
|
hcatOutput.close()
|
|
print("Checking POT file for already cracked hashes...")
|
|
subprocess.Popen(
|
|
"{hcatBin} --show --potfile-path={hate_path}/hashcat.pot -m {hash_type} {hash_file} > {hash_file}.out".format(
|
|
hcatBin=hcatBin,
|
|
hash_type=hcatHashType,
|
|
hash_file=hcatHashFile,
|
|
hate_path=hate_path), shell=True).wait()
|
|
hcatHashCracked = lineCount(hcatHashFile + ".out")
|
|
if hcatHashCracked > 0:
|
|
print("Found %d hashes already cracked.\nCopied hashes to %s.out" % (hcatHashCracked, hcatHashFile))
|
|
else:
|
|
print("No hashes found in POT file.")
|
|
|
|
# Display Options
|
|
try:
|
|
while 1:
|
|
print("\n\t(1) Quick Crack")
|
|
print("\t(2) Extensive Pure_Hate Methodology Crack")
|
|
print("\t(3) Brute Force Attack")
|
|
print("\t(4) Top Mask Attack")
|
|
print("\t(5) Fingerprint Attack")
|
|
print("\t(6) Combinator Attack")
|
|
print("\t(7) Hybrid Attack")
|
|
print("\t(8) Pathwell Top 100 Mask Brute Force Crack")
|
|
print("\t(9) PRINCE Attack")
|
|
print("\t(10) YOLO Combinator Attack")
|
|
print("\n\t(96) Export Output to Excel Format")
|
|
print("\t(97) Display Cracked Hashes")
|
|
print("\t(98) Display README")
|
|
print("\t(99) Quit")
|
|
options = {"1": quick_crack,
|
|
"2": extensive_crack,
|
|
"3": brute_force_crack,
|
|
"4": top_mask_crack,
|
|
"5": fingerprint_crack,
|
|
"6": combinator_crack,
|
|
"7": hybrid_crack,
|
|
"8": pathwell_crack,
|
|
"9": prince_attack,
|
|
"10": yolo_combination,
|
|
"96": export_excel,
|
|
"97": show_results,
|
|
"98": show_readme,
|
|
"99": quit_hc
|
|
}
|
|
try:
|
|
task = input("\nSelect a task: ")
|
|
options[task]()
|
|
except KeyError:
|
|
pass
|
|
except KeyboardInterrupt:
|
|
quit_hc()
|
|
|
|
# Boilerplate
|
|
if __name__ == '__main__':
|
|
main()
|