API tools faq
paste
Sweetening

Untitled

Sweetening
Aug 11th, 2023
31
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 53.92 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. import os
  3. import sys
  4. import time
  5. import difflib
  6. import copy
  7. import platform
  8. import traceback
  9. from threading import Thread
  10. import struct
  11. from collections import namedtuple, OrderedDict
  12. from Queue import Queue, Empty
  13. from subprocess import Popen,PIPE
  14. from pprint import pprint
  15. ON_POSIX = 'posix' in sys.builtin_module_names
  16.  
  17.  
  18. '''
  19. Wrapper Class for oclHashcat (GPU)
  20.  
  21. '''
  22. class oclHashcatWrapper(object):
  23.  
  24. hashcat = None # Main hashcat process once initiated by the start() function
  25. q = Queue() # Output queue for stdout collection. Allows for async (non-blocking) read from subprocess
  26. eq = Queue() # Output queue for stderr collection.
  27. stats = None # Stats from restore file and stdout collected in a dictionary
  28. stdout_thread = None # Thread to gather stdout from hashcat subprocess
  29. stderr_thread = None # Thread to gather stderr from hashcat subprocess
  30. initialized = False
  31. defaults_changed = []
  32. defaults = {}
  33.  
  34. hash_type_dict = {
  35.  
  36. 'MD5' : '0' ,
  37. 'md5($pass.$salt)' : '10' ,
  38. 'md5($salt.$pass)' : '20' ,
  39. 'md5(unicode($pass).$salt)' : '30' ,
  40. 'md5($salt.unicode($pass))' : '40' ,
  41. 'HMAC-MD5 (key = $pass)' : '50' ,
  42. 'HMAC-MD5 (key = $salt)' : '60' ,
  43. 'SHA1' : '100' ,
  44. 'sha1($pass.$salt)' : '110' ,
  45. 'sha1($salt.$pass)' : '120' ,
  46. 'sha1(unicode($pass).$salt)' : '130' ,
  47. 'sha1($salt.unicode($pass))' : '140' ,
  48. 'HMAC-SHA1 (key = $pass)' : '150' ,
  49. 'HMAC-SHA1 (key = $salt)' : '160' ,
  50. 'sha1(LinkedIn)' : '190' ,
  51. 'MySQL323' : '200' ,
  52. 'MySQL4.1' : '300' ,
  53. 'MySQL5' : '300' ,
  54. 'phpass' : '400' ,
  55. 'MD5(Wordpress)' : '400' ,
  56. 'MD5(phpBB3)' : '400' ,
  57. 'md5crypt' : '500' ,
  58. 'MD5(Unix)' : '500' ,
  59. 'FreeBSD MD5' : '500' ,
  60. 'Cisco-IOS MD5' : '500' ,
  61. 'MD4' : '900' ,
  62. 'NTLM' : '1000' ,
  63. 'Domain Cached Credentials:' : '1100',
  64. 'mscash' : '1100' ,
  65. 'SHA256' : '1400' ,
  66. 'sha256($pass.$salt)' : '1410' ,
  67. 'sha256($salt.$pass)' : '1420' ,
  68. 'sha256(unicode($pass).$salt)' : '1430' ,
  69. 'sha256($salt.unicode($pass))' : '1440' ,
  70. 'HMAC-SHA256 (key = $pass)' : '1450' ,
  71. 'HMAC-SHA256 (key = $salt)' : '1460' ,
  72. 'descrypt' : '1500' ,
  73. 'DES(Unix)' : '1500' ,
  74. 'Traditional DES' : '1500' ,
  75. 'md5apr1' : '1600' ,
  76. 'MD5(APR)' : '1600' ,
  77. 'Apache MD5' : '1600' ,
  78. 'SHA512' : '1700' ,
  79. 'sha512($pass.$salt)' : '1710' ,
  80. 'sha512($salt.$pass)' : '1720' ,
  81. 'sha512(unicode($pass).$salt)' : '1730' ,
  82. 'sha512($salt.unicode($pass))' : '1740' ,
  83. 'HMAC-SHA512 (key = $pass)' : '1750' ,
  84. 'HMAC-SHA512 (key = $salt)' : '1760' ,
  85. 'sha512crypt, SHA512(Unix)' : '1800' ,
  86. 'Domain Cached Credentials2': '2100' ,
  87. 'mscash2' : '2100' ,
  88. 'Cisco-PIX MD5' : '2400' ,
  89. 'Cisco-ASA MD5' : '2410' ,
  90. 'WPA/WPA2' : '2500' ,
  91. 'Double MD5' : '2600' ,
  92. 'LM' : '3000' ,
  93. 'Oracle 7-10g': '3100' ,
  94. 'DES(Oracle)' : '3100' ,
  95. 'bcrypt' : '3200' ,
  96. 'Blowfish(OpenBSD)' : '3200' ,
  97. 'md5($salt.md5($pass))' : '3710' ,
  98. 'md5(sha1($pass))' : '4400',
  99. 'Double SHA1' : '4500',
  100. 'sha1(md5($pass))' : '4700',
  101. 'MD5(Chap)': '4800',
  102. 'iSCSI CHAP authentication' : '4800',
  103. 'SHA-3(Keccak)' : '5000' ,
  104. 'Half MD5' : '5100' ,
  105. 'Password Safe SHA-256' : '5200' ,
  106. 'IKE-PSK MD5' : '5300' ,
  107. 'IKE-PSK SHA1' : '5400' ,
  108. 'NetNTLMv1-VANILLA': '5500' ,
  109. 'NetNTLMv1+ESS' : '5500' ,
  110. 'NetNTLMv2' : '5600' ,
  111. 'Cisco-IOS SHA256' : '5700' ,
  112. 'Samsung Android Password/PIN' : '5800' ,
  113. 'RipeMD160' : '6000' ,
  114. 'Whirlpool' : '6100' ,
  115. 'TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 (XTS AES)' : '6211' ,
  116. 'TrueCrypt 5.0+ PBKDF2-HMAC-SHA512 (XTS AES)' : '6221' ,
  117. 'TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool (XTS AES)' : '6231' ,
  118. 'TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + boot-mode (XTS AES)' : '6241' ,
  119. 'TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + hidden-volume (XTS AES)' : '6251' ,
  120. 'TrueCrypt 5.0+ PBKDF2-HMAC-SHA512 + hidden-volume (XTS AES)' : '6261' ,
  121. 'TrueCrypt 5.0+ PBKDF2-HMAC-Whirlpool + hidden-volume (XTS AES)' : '6271' ,
  122. 'TrueCrypt 5.0+ PBKDF2-HMAC-RipeMD160 + hidden-volume + boot-mode (XTS AES)' : '6281' ,
  123. 'AIX {smd5}' : '6300' ,
  124. 'AIX {ssha256}' : '6400' ,
  125. 'AIX {ssha512}' : '6500' ,
  126. '1Password, agilekeychain' : '6600' ,
  127. 'AIX {ssha1}' : '6700' ,
  128. 'Lastpass' : '6800' ,
  129. 'GOST R 34.11-94' : '6900' ,
  130. 'OSX v10.8 / v10.9' : '7100' ,
  131. 'GRUB 2' : '7200' ,
  132. 'IPMI2 RAKP HMAC-SHA1': '7300',
  133. 'sha256crypt' : '7400' ,
  134. 'SHA256(Unix)' : '7400' ,
  135. 'Kerberos 5 AS-REQ Pre-Auth etype 23' : '7500' ,
  136. 'Redmine Project Management Web App' : '7600' ,
  137. 'SAP CODVN B (BCODE)' : '7700',
  138. 'SAP CODVN F/G (PASSCODE)' : '7800' ,
  139. 'Drupal7' : '7900' ,
  140. 'Sybase ASE' : '8000',
  141. 'Citrix Netscaler': '8100',
  142. '1Password, cloudkeychain': '8200',
  143. 'DNSSEC (NSEC3)' : '8300' ,
  144. 'WBB3, Woltlab Burning Board 3' : '8400' ,
  145. 'RACF' : '8500' ,
  146. 'Lotus Notes/Domino 5' : '8600' ,
  147. 'Lotus Notes/Domino 6' : '8700' ,
  148. 'Android FDE' : '8800' ,
  149. 'scrypt' : '8900' ,
  150. 'Password Safe v2' : '9000' ,
  151. 'Lotus Notes/Domino 8' : '9100' ,
  152. 'Joomla' : '11' ,
  153. 'osCommerce, xt:Commerce' : '21' ,
  154. 'Juniper Netscreen/SSG (ScreenOS)' : '22' ,
  155. 'Skype' : '23' ,
  156. 'nsldap, SHA-1(Base64), Netscape LDAP SHA' : '101' ,
  157. 'nsldaps, SSHA-1(Base64), Netscape LDAP SSHA' : '111' ,
  158. 'Oracle 11g' : '112' ,
  159. 'SMF > v1.1' : '121' ,
  160. 'OSX v10.4, v10.5, v10.6' : '122' ,
  161. 'MSSQL(2000)' : '131' ,
  162. 'MSSQL(2005)' : '132' ,
  163. 'PeopleSoft' : '133' ,
  164. 'EPiServer 6.x < v4' : '141' ,
  165. 'hMailServer' : '1421' ,
  166. 'EPiServer 6.x > v4' : '1441' ,
  167. 'SSHA-512(Base64), LDAP {SSHA512}' : '1711' ,
  168. 'OSX v10.7' : '1722' ,
  169. 'MSSQL(2012)' : '1731' ,
  170. 'MSSQL(2014)' : '1731' ,
  171. 'vBulletin < v3.8.5' : '2611' ,
  172. 'PHPS' : '2612' ,
  173. 'vBulletin > v3.8.5' : '2711' ,
  174. 'IPB2+, MyBB1.2+' : '2811' ,
  175. 'Mediawiki B type' : '3711'
  176. }
  177.  
  178. cmd_short_switch = {
  179.  
  180. 'attack-mode' : 'a',
  181. 'hash-type' : 'm',
  182. 'version' : 'V',
  183. 'help' : 'h',
  184. 'benchmark' : 'b',
  185. 'markov-threshold' : 't',
  186. 'outfile' : 'o',
  187. 'separator' : 'p',
  188. 'segment-size' : 'c',
  189. 'gpu-devices' : 'd',
  190. 'workload-profile' : 'w',
  191. 'gpu-accel' : 'n',
  192. 'gpu-loops' : 'u',
  193. 'skip' : 's',
  194. 'limit' : 'l',
  195. 'rule-left' : 'j',
  196. 'rule-right' : 'k',
  197. 'rules-file' : 'r',
  198. 'generate-rules' : 'g',
  199. 'custom-charset1' : '1',
  200. 'custom-charset2' : '2',
  201. 'custom-charset3' : '3',
  202. 'custom-charset4' : '4',
  203. 'increment' : 'i'
  204. }
  205.  
  206. cmd_equal_required = [
  207. 'benchmark-mode',
  208. 'status-timer',
  209. 'markov-hcstat',
  210. 'markov-threshold',
  211. 'runtime',
  212. 'session',
  213. 'restore-timer',
  214. 'outfile-format',
  215. 'remove-time',
  216. 'debug-mode' ,
  217. 'debug-file' ,
  218. 'induction-dir',
  219. 'outfile-check-dir',
  220. 'cpu-affinity',
  221. 'gpu-temp-abort',
  222. 'gpu-temp-retain',
  223. 'generate-rules-func-min',
  224. 'generate-rules-func-max',
  225. 'generate-rules-seed',
  226. 'increment-min',
  227. 'increment-max'
  228. ]
  229.  
  230. ignore_vars = [
  231. 'defaults',
  232. 'hash_type',
  233. 'words_files',
  234. 'hash_file',
  235. 'rules_files',
  236. 'masks_file',
  237. 'charset_file',
  238. 'mask',
  239. 'safe_dict',
  240. 'bits'
  241. ]
  242.  
  243. def __init__(self, bin_dir=".", gcard_type="cuda", verbose=False):
  244.  
  245. self.verbose = verbose
  246. self.reset()
  247. self.bin_dir = bin_dir # Directory where oclHashcat is installed
  248. self.bits = "32"
  249.  
  250. if self.verbose: print "[*] Checking architecture:",
  251.  
  252. if sys.maxsize > 2**32:
  253. self.bits = "64"
  254.  
  255. else:
  256. self.bits = "32"
  257.  
  258. if self.verbose: print self.bits+" bit"
  259. if self.verbose: print "[*] Checking OS type:",
  260.  
  261. if "Win" in platform.system():
  262.  
  263. if self.verbose: print "Windows"
  264.  
  265. if gcard_type.lower() == "cuda":
  266. self.cmd = "cudaHashcat"+self.bits + " "
  267. if self.verbose: print "[*] Using CUDA version"
  268.  
  269. else:
  270. self.cmd = "oclHashcat"+self.bits + " "
  271. if self.verbose: print "[*] Using OCL version"
  272.  
  273. if self.verbose: print "[*] Using cmd: " + self.cmd
  274. else:
  275.  
  276. if self.verbose: print "Linux"
  277.  
  278. if gcard_type.lower() == "cuda":
  279. self.cmd = "./cudaHashcat"+self.bits + ".bin"
  280. if self.verbose: print "[*] Using CUDA version"
  281.  
  282. else:
  283. self.cmd = "./oclHashcat"+self.bits + ".bin"
  284. if self.verbose: print "[*] Using OCL version"
  285.  
  286. if self.verbose: print "[*] Using cmd: " + self.cmd
  287.  
  288. def __enter__(self):
  289. return self
  290.  
  291. def __exit__(self, type, value, traceback):
  292.  
  293. self.stop()
  294.  
  295. def __setattr__(self, name, value):
  296.  
  297. try:
  298. if not value == self.defaults[name] and name not in self.ignore_vars:
  299. self.defaults_changed.append(name)
  300.  
  301. except Exception as e:
  302. pass
  303.  
  304. finally:
  305. object.__setattr__(self,name,value)
  306.  
  307. def reset(self):
  308.  
  309. if self.is_running():
  310. self.stop()
  311. self.stdout_thread = None
  312. self.stderr_thread = None
  313.  
  314. self.hash_file = None # File with target hashes
  315. self.words_files = [] # List of dictionary files
  316. self.rules_files = [] # List of rules files
  317. self.masks_file = None
  318. self.charset_file = None
  319. self.eula = False
  320. self.help = False
  321. self.version = False
  322. self.quiet = False
  323. self.show = False
  324. self.left = False
  325. self.username = False
  326. self.remove = False
  327. self.force = False
  328. self.runtime = 0
  329. self.hex_salt = False
  330. self.hex_charset = False
  331. self.hex_wordlist = False
  332. self.segment_size = 1
  333. self.bitmap_max = None
  334. self.gpu_async = False
  335. self.gpu_devices = None
  336. self.gpu_accel = None
  337. self.gpu_loops = None
  338. self.gpu_temp_disable = False
  339. self.gpu_temp_abort = 90
  340. self.gpu_temp_retain = 80
  341. self.powertune_disable = False
  342. self.skip = None
  343. self.limit = None
  344. self.keyspace = False
  345. self.rule_left = ":"
  346. self.rule_right = ":"
  347. self.generate_rules = 0
  348. self.generate_rules_func_min = 1
  349. self.generate_rules_func_max = 4
  350. self.generate_rules_seed = None
  351. self.hash_type = 0
  352. self.increment = False
  353. self.increment_min = 1
  354. self.increment_max = 54
  355. self.benchmark = False
  356. self.benchmark_mode = 1
  357. self.status = False
  358. self.status_timer = 10
  359. self.status_automat = False
  360. self.loopback = False
  361. self.weak_hash_threshold = 100
  362. self.markov_hcstat = None
  363. self.markov_disable = False
  364. self.markov_classic = False
  365. self.markov_threshold = 0
  366. self.session = "default_session"
  367. self.restore = False
  368. self.restore_disable = False
  369. self.outfile = None
  370. self.outfile_format = 3
  371. self.outfile_autohex_disable = False
  372. self.outfile_check_timer = None
  373. self.separator = ":"
  374. self.disable_potfile = False
  375. self.remove_timer = None
  376. self.potfile_disable = False
  377. self.debug_mode = None
  378. self.debug_file = None
  379. self.induction_dir = None
  380. self.outfile_check_dir = None
  381. self.cpu_affinity = None
  382. self.cleanup_rules = False
  383. self.custom_charset1 = "?|?d?u"
  384. self.custom_charset2 = "?|?d"
  385. self.custom_charset3 = "?|?d*!$@_"
  386. self.custom_charset4 = None
  387. self.mask = None
  388.  
  389.  
  390. self.defaults = copy.deepcopy({key:vars(self)[key] for key in vars(self) if key != 'restore_struct'})
  391. self.defaults_changed = []
  392.  
  393. if self.verbose: print "[*] Variables reset to defaults"
  394.  
  395. def get_restore_stats(self, restore_file_path=None):
  396.  
  397. '''
  398. Now retrieving the restore file using struct, namedtuples and OrderedDict.
  399. There is a pointer to argv which differs in size between 32-/64 bit systems.
  400. With the current code you can't correctly parse a restore file created with
  401. the 32 bit version of oclHashcat on a 64 bit system (and vice versa).
  402. Any ideas/patches are welcome.
  403. '''
  404.  
  405. if not restore_file_path:
  406. restore_file_path = os.path.join(self.bin_dir, self.session + ".restore")
  407.  
  408.  
  409. try:
  410. # Get stats from restore file
  411. with open(restore_file_path, "r") as restore_file:
  412.  
  413. try:
  414.  
  415. self.restore_struct = restore_file.read()
  416.  
  417. except Exception as FileReadError:
  418.  
  419. if self.verbose: "[-] Error reading restore file"
  420. return
  421.  
  422. if self.bits == "64":
  423. fmt = 'I256sIIIQIQ%ds' % (len(self.restore_struct) - 296)
  424. else: # 32 bit system
  425. fmt = 'I256sIIIQII%ds' % (len(self.restore_struct) - 288)
  426. struct_tuple = namedtuple('struct_tuple', 'version_bin cwd pid dictpos maskpos pw_cur argc argv_pointer argv')
  427. struct_tuple = struct_tuple._make(struct.unpack(fmt, self.restore_struct))
  428. self.stats = OrderedDict(zip(struct_tuple._fields, struct_tuple))
  429. self.stats['cwd'] = self.stats['cwd'].rstrip('\0')
  430.  
  431. try:
  432. self.stats['argv'] = self.stats['argv'].split('\n')
  433. self.stats['argv'][0] = os.path.basename(self.stats['argv'][0]).split('.')[0]
  434.  
  435. except Exception as ValueError:
  436. self.stats['argv'][0] = "oclHashcat"
  437.  
  438. except IOError as FileError:
  439. if self.verbose: print "[-] Restore file not found!"
  440.  
  441. def get_hashes(self, output_file_path=None, fields=(), sep=None):
  442.  
  443. if output_file_path == None:
  444.  
  445. if self.outfile == None:
  446. return
  447.  
  448. else:
  449. output_file_path = self.outfile
  450.  
  451. if sep == None:
  452. sep = self.separator
  453.  
  454. try:
  455. # Get cracked hashes
  456. with open(output_file_path, "rb") as output_file:
  457.  
  458. if self.verbose: print "Reading output file: " + output_file_path
  459. results = [record.rstrip('\n\r').rsplit(sep) for record in output_file.readlines()]
  460.  
  461. if len(fields) == 0 and len(results) > 0 or len(results) > 0 and len(fields) != len(results[0]):
  462.  
  463. # Default field names are f1....fN where N is the number of items in the results line
  464. fields = tuple(["f"+str(i) for i in range(len(results[0]))])
  465.  
  466. if len(results) > 0:
  467.  
  468. if len(fields) == len(results[0]):
  469.  
  470. # Returns a list of dictionary objects with fields mapped to variables
  471. return [dict(zip(fields, record)) for record in results]
  472.  
  473. else:
  474.  
  475. return [{}]
  476.  
  477. except IOError as FileError:
  478.  
  479. return [{}]
  480.  
  481. def enqueue_output(self, out, queue):
  482.  
  483. for line in iter(out.readline, b''):
  484.  
  485. queue.put(line)
  486. out.flush()
  487.  
  488. out.close()
  489.  
  490. def stdout(self):
  491.  
  492. out = ""
  493. try:
  494. out = self.q.get_nowait()
  495.  
  496. except Empty:
  497. out = ""
  498.  
  499. return out.rstrip()
  500.  
  501. def stderr(self):
  502.  
  503. out = ""
  504. try:
  505. out = self.eq.get_nowait()
  506.  
  507. except Empty:
  508. out = ""
  509.  
  510. return out.rstrip()
  511.  
  512.  
  513. def start(self, cmd=None, argv=[]):
  514.  
  515. if cmd == None:
  516. cmd = self.cmd
  517.  
  518. if self.hashcat != None and self.is_running():
  519. self.stop()
  520.  
  521. run_cmd = [os.path.join(self.bin_dir,cmd)] + argv # Create full path to main binary
  522.  
  523. if self.verbose: print "[+] STDIN: " + ' '.join(run_cmd)
  524.  
  525. self.hashcat = Popen(run_cmd, stdout=PIPE, stdin=PIPE, stderr=PIPE, bufsize=1, close_fds=ON_POSIX)
  526.  
  527. # Start a new thread to queue async output from stdout
  528. stdout_thread = Thread(target=self.enqueue_output, args=(self.hashcat.stdout, self.q))
  529. stdout_thread.daemon = True
  530.  
  531. # Start a new thread to queue async output from stderr
  532. stderr_thread = Thread(target=self.enqueue_output, args=(self.hashcat.stderr, self.eq))
  533. stderr_thread.daemon = True
  534.  
  535. try:
  536. stdout_thread.start()
  537. if self.verbose: print "[*] STDOUT thread started"
  538.  
  539. except Exception as e:
  540. if self.verbose: print "[!] Could not start STDOUT thread"
  541.  
  542. try:
  543. stderr_thread.start()
  544. if self.verbose: print "[*] STDERR thread started"
  545.  
  546. except Exception as e:
  547. if self.verbose: print "[!] Could not start STDERR thread"
  548.  
  549. def test(self, cmd=None, argv=[]):
  550.  
  551. if cmd == None:
  552. cmd = self.cmd
  553.  
  554. run_cmd = [os.path.join(self.bin_dir,cmd)] + argv # Create full path to main binary
  555.  
  556. if run_cmd and not None in run_cmd:
  557.  
  558. print "--------- Hashcat CMD Test ---------"
  559. print ' '.join(run_cmd)
  560. print "------------------------------------"
  561.  
  562. else:
  563. if self.verbose: print "[-] None type in string. Required option missing"
  564.  
  565. def straight(self, TEST=False):
  566.  
  567. argv = self.build_args()
  568.  
  569. if self.hash_type not in self.hash_type_dict.values():
  570. hash_code = self.find_code()
  571.  
  572. else:
  573. hash_code = self.hash_type
  574.  
  575. try:
  576. argv.insert(0, self.words_files[0])
  577.  
  578. except IndexError as EmptyListError:
  579. return
  580.  
  581. argv.insert(0, self.hash_file)
  582. argv.insert(0, "0")
  583. argv.insert(0, "-a")
  584. argv.insert(0, str(hash_code))
  585. argv.insert(0, "-m")
  586.  
  587. # Add rules if specified
  588. if self.verbose: print "[*] (" + str(len(self.rules_files)) + ") Rules files specified. Verifying files..."
  589.  
  590. for rules in self.rules_files:
  591.  
  592. if not os.path.isabs(rules): rules = os.path.join(self.bin_dir,rules)
  593.  
  594. if os.path.isfile(rules):
  595.  
  596. if self.verbose: print "\t[+] " + rules + " Found!"
  597.  
  598. argv.append("-r")
  599. argv.append(rules)
  600.  
  601. else:
  602.  
  603. if self.verbose: print "\t[-] " + rules + " NOT Found!"
  604. pass
  605.  
  606.  
  607. if self.verbose: print "[*] Starting Straight (0) attack"
  608.  
  609. if TEST:
  610. self.test(argv=argv)
  611.  
  612. else:
  613. self.start(argv=argv)
  614.  
  615. return self.get_RTCODE()
  616.  
  617. def combinator(self, argv=[], TEST=False):
  618.  
  619. argv = self.build_args()
  620.  
  621. if self.hash_type not in self.hash_type_dict.values():
  622. hash_code = self.find_code()
  623.  
  624. else:
  625. hash_code = self.hash_type
  626.  
  627. try:
  628. argv.insert(0, self.words_files[1])
  629. argv.insert(0, self.words_files[0])
  630.  
  631. except IndexError as EmptyListError:
  632. return
  633.  
  634. argv.insert(0, self.hash_file)
  635. argv.insert(0, "1")
  636. argv.insert(0, "-a")
  637. argv.insert(0, str(hash_code))
  638. argv.insert(0, "-m")
  639.  
  640. if self.verbose: print "[*] Starting Combinator (1) attack"
  641.  
  642. if TEST:
  643. self.test(argv=argv)
  644.  
  645. else:
  646. self.start(argv=argv)
  647.  
  648. return self.get_RTCODE()
  649.  
  650. def brute_force(self, argv=[], TEST=False):
  651.  
  652. argv = self.build_args()
  653.  
  654. if self.hash_type not in self.hash_type_dict.values():
  655. hash_code = self.find_code()
  656.  
  657. else:
  658. hash_code = self.hash_type
  659.  
  660. try:
  661. argv.insert(0, self.words_files[0])
  662.  
  663. except IndexError as EmptyListError:
  664. return
  665.  
  666. argv.insert(0, self.hash_file)
  667. argv.insert(0, "3")
  668. argv.insert(0, "-a")
  669. argv.insert(0, str(hash_code))
  670. argv.insert(0, "-m")
  671.  
  672. if self.verbose: print "[*] Starting Brute-Force (3) attack"
  673.  
  674. if TEST:
  675. self.test(argv=argv)
  676.  
  677. else:
  678. self.start(argv=argv)
  679.  
  680. return self.get_RTCODE()
  681.  
  682. def hybrid_dict_mask(self, argv=[], TEST=False):
  683.  
  684. argv = self.build_args()
  685.  
  686. if self.hash_type not in self.hash_type_dict.values():
  687. hash_code = self.find_code()
  688.  
  689. else:
  690. hash_code = self.hash_type
  691.  
  692. if self.masks_file == None and self.mask == None:
  693. return
  694.  
  695. else:
  696. if self.masks_file:
  697. mask = self.masks_file
  698.  
  699. else:
  700. mask = self.mask
  701.  
  702. try:
  703. argv.insert(0, mask)
  704.  
  705. except IndexError as EmptyListError:
  706. return
  707.  
  708. argv.insert(0, self.words_files[0])
  709. argv.insert(0, self.hash_file)
  710. argv.insert(0, "6")
  711. argv.insert(0, "-a")
  712. argv.insert(0, str(hash_code))
  713. argv.insert(0, "-m")
  714.  
  715. if self.verbose: print "[*] Starting Hybrid dict + mask (6) attack"
  716.  
  717. if TEST:
  718. self.test(argv=argv)
  719.  
  720. else:
  721. self.start(argv=argv)
  722.  
  723. return self.get_RTCODE()
  724.  
  725. def hybrid_mask_dict(self, argv=[], TEST=False):
  726.  
  727. argv = self.build_args()
  728.  
  729. if self.hash_type not in self.hash_type_dict.values():
  730. hash_code = self.find_code()
  731.  
  732. else:
  733. hash_code = self.hash_type
  734.  
  735. try:
  736. argv.insert(0, self.words_files[0])
  737.  
  738. except IndexError as EmptyListError:
  739. return
  740.  
  741. if self.masks_file == None and self.mask == None:
  742. return
  743.  
  744. else:
  745. if self.masks_file:
  746. mask = self.masks_file
  747.  
  748. else:
  749. mask = self.mask
  750.  
  751. argv.insert(0, mask)
  752. argv.insert(0, self.hash_file)
  753. argv.insert(0, "7")
  754. argv.insert(0, "-a")
  755. argv.insert(0, str(hash_code))
  756. argv.insert(0, "-m")
  757.  
  758. if self.verbose: print "[*] Starting Hybrid mask + dict (7) attack"
  759.  
  760. if TEST:
  761. self.test(argv=argv)
  762.  
  763. else:
  764. self.start(argv=argv)
  765.  
  766. return self.get_RTCODE()
  767.  
  768. def stop(self):
  769.  
  770. RTCODE = self.get_RTCODE()
  771. if self.is_running():
  772.  
  773. if self.verbose: print "[*] Stopping background process...",
  774. try:
  775.  
  776. self.hashcat.kill()
  777.  
  778. if self.verbose: print "[Done]"
  779.  
  780. except Exception as ProcessException:
  781.  
  782. if not RTCODE in (-2,-1,0,2):
  783.  
  784. if self.verbose:
  785.  
  786. print "[PROCESS EXCEPTION]"
  787. print "\t** This could have happened for several reasons **"
  788. print "\t1. GOOD: Process successfully completed before stop call"
  789. print "\t2. BAD: Process failed to run initially (likely path or argv error)"
  790. print "\t3. UGLY: Unknown - Check your running processes for a zombie"
  791.  
  792. else:
  793. if self.verbose: print "[Done]"
  794.  
  795.  
  796. if self.verbose: print "[*] Program exited with code: " + str(RTCODE)
  797.  
  798. def is_running(self):
  799.  
  800. if self.get_RTCODE() == None: # Return value of None indicates process hasn't terminated
  801.  
  802. return True
  803.  
  804. else:
  805. return False
  806.  
  807.  
  808. def get_RTCODE(self):
  809.  
  810. '''
  811.  
  812. status codes on exit:
  813. =====================
  814. -2 = gpu-watchdog alarm
  815. -1 = error
  816. 0 = cracked
  817. 1 = exhausted
  818. 2 = aborted
  819.  
  820. '''
  821.  
  822. try:
  823. return self.hashcat.poll()
  824.  
  825. except Exception as e:
  826. return -99 # Hasn't been started
  827.  
  828.  
  829.  
  830. def find_code(self): # Find the hashcat hash code
  831.  
  832. try:
  833.  
  834. # Returns the first code that matches the type text
  835. return str(self.hash_type_dict[difflib.get_close_matches(self.hash_type, self.hash_type_dict.keys())[0]])
  836.  
  837. except Exception as CodeNotFoundError:
  838. return 0
  839.  
  840. return 0 # Return default MD5
  841.  
  842. def str_from_code(self, code): # Reverse lookup find code from string
  843.  
  844. for code_str in self.hash_type_dict:
  845.  
  846. if str(code).lower() == str(self.hash_type_dict[code_str]).lower():
  847.  
  848. if self.verbose: print "[*] " + str(code_str) + " = " + str(self.hash_type_dict[code_str])
  849. return code_str
  850.  
  851. else:
  852. return "UNKNOWN"
  853.  
  854.  
  855. def build_args(self):
  856.  
  857. if self.verbose: print "[*] Building argv"
  858.  
  859. # Check if any defaults are changed
  860. argv = []
  861.  
  862. for option in self.defaults_changed:
  863.  
  864. value = str(getattr(self, option)) # Get the value assigned to the option
  865. option = option.replace('_','-') # Convert Python snake_style var to cmd line dash format
  866.  
  867. if option in self.cmd_short_switch.keys(): # Use short switches if available
  868.  
  869. if self.verbose: print "[*] Checking for short options"
  870. option = "-" + self.cmd_short_switch[option]
  871. argv.append(option)
  872. argv.append(str(value))
  873.  
  874. else:
  875.  
  876. if option in self.cmd_equal_required:
  877. argv.append("--" + option + "=" + str(value))
  878.  
  879. else:
  880. argv.append("--" + option)
  881.  
  882. return argv
  883.  
  884.  
  885. def clear_rules(self):
  886.  
  887. self.rules_files = []
  888.  
  889. def clear_words(self):
  890.  
  891. self.words_files = []
  892.  
  893. '''
  894. Wrapper Class for Hashcat (CPU)
  895.  
  896. '''
  897. class HashcatWrapper(object):
  898.  
  899. hashcat = None # Main hashcat process once initiated by the start() function
  900. q = Queue() # Output queue for stdout collection. Allows for async (non-blocking) read from subprocess
  901. eq = Queue() # Output queue for stderr collection.
  902. stats = None # TODO: Determine best place to collect stats for hashcat
  903. stdout_thread = None # Thread to gather stdout from hashcat subprocess
  904. stderr_thread = None # Thread to gather stderr from hashcat subprocess
  905. initialized = False
  906. defaults_changed = []
  907. defaults = {}
  908.  
  909. hash_type_dict = {
  910.  
  911. 'MD5' : '0' ,
  912. 'md5($pass.$salt)' : '10' ,
  913. 'md5($salt.$pass)' : '20' ,
  914. 'md5(unicode($pass).$salt)' : '30' ,
  915. 'md5($salt.unicode($pass))' : '40' ,
  916. 'HMAC-MD5 (key = $pass)' : '50' ,
  917. 'HMAC-MD5 (key = $salt)' : '60' ,
  918. 'SHA1' : '100' ,
  919. 'sha1($pass.$salt)' : '110' ,
  920. 'sha1($salt.$pass)' : '120' ,
  921. 'sha1(unicode($pass).$salt)' : '130' ,
  922. 'sha1($salt.unicode($pass))' : '140' ,
  923. 'HMAC-SHA1 (key = $pass)' : '150' ,
  924. 'HMAC-SHA1 (key = $salt)' : '160' ,
  925. 'sha1(LinkedIn)' : '190' ,
  926. 'MySQL' : '300' ,
  927. 'phpass' : '400' ,
  928. 'MD5(Wordpress)' : '400' ,
  929. 'MD5(phpBB3)' : '400' ,
  930. 'md5crypt' : '500' ,
  931. 'MD5(Unix)' : '500' ,
  932. 'FreeBSD MD5' : '500' ,
  933. 'Cisco-IOS MD5' : '500' ,
  934. 'SHA-1 (Django)': '800',
  935. 'MD4' : '900' ,
  936. 'NTLM' : '1000' ,
  937. 'Domain Cached Credentials:' : '1100',
  938. 'mscash' : '1100' ,
  939. 'SHA256' : '1400' ,
  940. 'sha256($pass.$salt)' : '1410' ,
  941. 'sha256($salt.$pass)' : '1420' ,
  942. 'sha256(unicode($pass).$salt)' : '1430' ,
  943. 'sha256($salt.unicode($pass))' : '1440' ,
  944. 'HMAC-SHA256 (key = $pass)' : '1450' ,
  945. 'HMAC-SHA256 (key = $salt)' : '1460' ,
  946. 'md5apr1' : '1600' ,
  947. 'MD5(APR)' : '1600' ,
  948. 'Apache MD5' : '1600' ,
  949. 'SHA512' : '1700' ,
  950. 'sha512($pass.$salt)' : '1710' ,
  951. 'sha512($salt.$pass)' : '1720' ,
  952. 'sha512(unicode($pass).$salt)' : '1730' ,
  953. 'sha512($salt.unicode($pass))' : '1740' ,
  954. 'HMAC-SHA512 (key = $pass)' : '1750' ,
  955. 'HMAC-SHA512 (key = $salt)' : '1760' ,
  956. 'sha512crypt, SHA512(Unix)' : '1800' ,
  957. 'Cisco-PIX MD5' : '2400' ,
  958. 'WPA/WPA2' : '2500' ,
  959. 'Double MD5' : '2600' ,
  960. 'bcrypt' : '3200' ,
  961. 'Blowfish(OpenBSD)' : '3200' ,
  962. 'MD5(Sun)': '3300',
  963. 'md5(md5(md5($pass)))' : '3500',
  964. 'md5(md5($salt).$pass)' : '3610',
  965. 'md5($salt.md5($pass))' : '3710',
  966. 'md5($pass.md5($salt))' : '3720',
  967. 'md5($salt.$pass.$salt)' : '3810',
  968. 'md5(md5($pass).md5($salt))' : '3910',
  969. 'md5($salt.md5($salt.$pass))' : '4010',
  970. 'md5($salt.md5($pass.$salt))' : '4110',
  971. 'md5($username.0.$pass)' : '4210',
  972. 'md5(strtoupper(md5($pass)))' : '4300',
  973. 'md5(sha1($pass))' : '4400',
  974. 'Double SHA1' : '4500',
  975. 'sha1(sha1(sha1($pass)))' : '4600',
  976. 'sha1(md5($pass))' : '4700',
  977. 'MD5(Chap)': '4800',
  978. 'SHA-3(Keccak)' : '5000' ,
  979. 'Half MD5' : '5100' ,
  980. 'Password Safe SHA-256' : '5200' ,
  981. 'IKE-PSK MD5' : '5300' ,
  982. 'IKE-PSK SHA1' : '5400' ,
  983. 'NetNTLMv1-VANILLA': '5500' ,
  984. 'NetNTLMv1+ESS' : '5500' ,
  985. 'NetNTLMv2' : '5600' ,
  986. 'Cisco-IOS SHA256' : '5700' ,
  987. 'Samsung Android Password/PIN' : '5800' ,
  988. 'AIX {smd5}' : '6300' ,
  989. 'AIX {ssha256}' : '6400' ,
  990. 'AIX {ssha512}' : '6500' ,
  991. 'AIX {ssha1}' : '6700' ,
  992. 'Lastpass' : '6800' ,
  993. 'GOST R 34.11-94' : '6900' ,
  994. 'Fortigate (FortiOS)' : '7000',
  995. 'OSX v10.8 / v10.9' : '7100' ,
  996. 'GRUB 2' : '7200' ,
  997. 'IPMI2 RAKP HMAC-SHA1': '7300',
  998. 'sha256crypt' : '7400' ,
  999. 'SHA256(Unix)' : '7400' ,
  1000. 'Plaintext': '9999',
  1001. 'Joomla' : '11' ,
  1002. 'osCommerce, xt:Commerce' : '21' ,
  1003. 'nsldap, SHA-1(Base64), Netscape LDAP SHA' : '101' ,
  1004. 'nsldaps, SSHA-1(Base64), Netscape LDAP SSHA' : '111' ,
  1005. 'Oracle 11g' : '112' ,
  1006. 'SMF > v1.1' : '121' ,
  1007. 'OSX v10.4, v10.5, v10.6' : '122' ,
  1008. 'EPi' : '123',
  1009. 'MSSQL(2000)' : '131' ,
  1010. 'MSSQL(2005)' : '132' ,
  1011. 'EPiServer 6.x < v4' : '141' ,
  1012. 'EPiServer 6.x > v4' : '1441' ,
  1013. 'SSHA-512(Base64), LDAP {SSHA512}' : '1711' ,
  1014. 'OSX v10.7' : '1722' ,
  1015. 'MSSQL(2012)' : '1731' ,
  1016. 'vBulletin < v3.8.5' : '2611' ,
  1017. 'vBulletin > v3.8.5' : '2711' ,
  1018. 'IPB2+, MyBB1.2+' : '2811' ,
  1019. 'WebEdition CMD': '3721',
  1020. 'Redmine Project Management Web App': '7600'
  1021. }
  1022.  
  1023. cmd_short_switch = {
  1024.  
  1025. 'attack-mode' : 'a',
  1026. 'hash-type' : 'm',
  1027. 'version' : 'V',
  1028. 'help' : 'h',
  1029. 'outfile' : 'o',
  1030. 'separator' : 'p',
  1031. 'salt-file' : 'e',
  1032. 'segment-size' : 'c',
  1033. 'threads' : 'n',
  1034. 'words-skip' : 's',
  1035. 'words-limit': 'l',
  1036. 'rules-file' : 'r',
  1037. 'generate-rules' : 'g',
  1038. 'custom-charset1' : '1',
  1039. 'custom-charset2' : '2',
  1040. 'custom-charset3' : '3',
  1041. 'custom-charset4' : '4',
  1042. 'table-file' : 't'
  1043. }
  1044.  
  1045. cmd_equal_required = [
  1046.  
  1047. 'outfile-format',
  1048. 'debug-mode' ,
  1049. 'debug-file' ,
  1050. 'outfile-check-dir',
  1051. 'generate-rules-func-min',
  1052. 'generate-rules-func-max',
  1053. 'generate-rules-seed',
  1054. 'toggle-min',
  1055. 'toggle-max',
  1056. 'pw-min',
  1057. 'pw-max',
  1058. 'perm-min',
  1059. 'perm-max',
  1060. 'table-min',
  1061. 'table-max'
  1062. ]
  1063.  
  1064. ignore_vars = [
  1065. 'defaults',
  1066. 'hash_type',
  1067. 'words_files',
  1068. 'hash_file',
  1069. 'rules_files',
  1070. 'masks_file',
  1071. 'charset_file',
  1072. 'mask',
  1073. 'safe_dict'
  1074. ]
  1075.  
  1076. def __init__(self, bin_dir=".", cpu_type=None, verbose=False):
  1077.  
  1078. self.verbose = verbose
  1079. self.reset() # Reset all variables
  1080. self.bin_dir = bin_dir # Directory where Hashcat is installed
  1081. bits = "32"
  1082.  
  1083. if self.verbose: print "[*] Checking architecture:",
  1084.  
  1085. if sys.maxsize > 2**32:
  1086. bits = "64"
  1087.  
  1088. else:
  1089. bits = "32"
  1090.  
  1091. if bits == "32" and cpu_type != None:
  1092. print "[E] " + cpu_type + " is only supported on 64 bit!"
  1093. sys.exit()
  1094.  
  1095. if self.verbose: print bits+" bit"
  1096. if self.verbose: print "[*] Checking OS type:",
  1097.  
  1098. if "Win" in platform.system():
  1099.  
  1100. if self.verbose: print "Windows"
  1101.  
  1102. if cpu_type == None:
  1103. self.cmd = "hashcat-cli"+bits + " "
  1104. if self.verbose: print "[*] Using SSE2 version"
  1105.  
  1106. elif cpu_type.lower() == "avx":
  1107. self.cmd = "hashcat-cliAVX "
  1108. if self.verbose: print "[*] Using AVX version"
  1109.  
  1110. elif cpu_type.lower() == "xop":
  1111. self.cmd = "hashcat-cliXOP "
  1112. if self.verbose: print "[*] Using XOP version"
  1113.  
  1114. else:
  1115.  
  1116. if self.verbose: print "Linux"
  1117.  
  1118. if cpu_type == None:
  1119. self.cmd = "hashcat-cli"+bits + ".bin"
  1120. if self.verbose: print "[*] Using SSE2 version"
  1121.  
  1122. elif cpu_type.lower() == "avx":
  1123. self.cmd = "hashcat-cliAVX.bin"
  1124. if self.verbose: print "[*] Using AVX version"
  1125.  
  1126. elif cpu_type.lower() == "xop":
  1127. self.cmd = "hashcat-cliXOP.bin"
  1128. if self.verbose: print "[*] Using XOP version"
  1129.  
  1130. if self.verbose: print "[*] Using cmd: " + self.cmd
  1131.  
  1132. def __enter__(self):
  1133. return self
  1134.  
  1135. def __exit__(self, type, value, traceback):
  1136.  
  1137. self.stop()
  1138.  
  1139. def __setattr__(self, name, value):
  1140.  
  1141. try:
  1142. if not value == self.defaults[name] and name not in self.ignore_vars:
  1143. self.defaults_changed.append(name)
  1144.  
  1145. except Exception as e:
  1146. pass
  1147.  
  1148. finally:
  1149. object.__setattr__(self,name,value)
  1150.  
  1151. def reset(self):
  1152.  
  1153. if self.is_running():
  1154. self.stop()
  1155. self.stdout_thread = None
  1156. self.stderr_thread = None
  1157.  
  1158. self.hash_file = None # File with target hashes
  1159. self.words_files = [] # List of dictionary files
  1160. self.rules_files = [] # List of rules files
  1161. self.masks_file = None
  1162. self.charset_file = None
  1163. self.hash_type = 0
  1164. self.eula = False
  1165. self.help = False
  1166. self.version = False
  1167. self.quiet = False
  1168. self.hex_salt = False
  1169. self.hex_charset = False
  1170. self.outfile = None
  1171. self.outfile_format = 0
  1172. self.separator = ":"
  1173. self.show = False
  1174. self.left = False
  1175. self.username = False
  1176. self.remove = False
  1177. self.stdout = False
  1178. self.disable_potfile = False
  1179. self.debug_file = None
  1180. self.debug_mode = None
  1181. self.salt_file = None
  1182. self.segment_size = 32
  1183. self.threads = 8
  1184. self.words_skip = 0
  1185. self.words_limit = 0
  1186. self.generate_rules = 0
  1187. self.generate_rules_func_min = 1
  1188. self.generate_rules_func_max = 4
  1189. self.custom_charset1 = "?|?d?u"
  1190. self.custom_charset2 = "?|?d"
  1191. self.custom_charset3 = "?|?d*!$@_"
  1192. self.custom_charset4 = None
  1193. self.toggle_min = 1
  1194. self.toggle_max = 16
  1195. self.pw_min = 1
  1196. self.pw_max = 10
  1197. self.perm_min = 2
  1198. self.perm_max = 10
  1199. self.table_file = None
  1200. self.table_min = 2
  1201. self.table_max = 10
  1202. self.mask = None
  1203.  
  1204. self.default = None
  1205. self.defaults = copy.deepcopy({key:vars(self)[key] for key in vars(self) if key != 'stdout_thread' or 'sterr_thread'})
  1206. self.defaults_changed = []
  1207.  
  1208. if self.verbose: print "[*] Variables reset to defaults"
  1209.  
  1210. def get_hashes(self, output_file_path=None, fields=(), sep=None):
  1211.  
  1212. if output_file_path == None:
  1213.  
  1214. if self.outfile == None:
  1215. return
  1216.  
  1217. else:
  1218. output_file_path = self.outfile
  1219.  
  1220. if sep == None:
  1221. sep = self.separator
  1222.  
  1223. try:
  1224. # Get cracked hashes
  1225. with open(output_file_path, "rb") as output_file:
  1226.  
  1227. if self.verbose: print "Reading output file: " + output_file_path
  1228. results = [record.rstrip('\n\r').rsplit(sep) for record in output_file.readlines()]
  1229.  
  1230. if len(fields) == 0 and len(results) > 0 or len(results) > 0 and len(fields) != len(results[0]):
  1231.  
  1232. # Default field names are f1....fN where N is the number of items in the results line
  1233. fields = tuple(["f"+str(i) for i in range(len(results[0]))])
  1234.  
  1235. if len(results) > 0:
  1236.  
  1237. if len(fields) == len(results[0]):
  1238.  
  1239. # Returns a list of dictionary objects with fields mapped to variables
  1240. return [dict(zip(fields, record)) for record in results]
  1241.  
  1242. else:
  1243.  
  1244. return [{}]
  1245.  
  1246. except IOError as FileError:
  1247.  
  1248. return [{}]
  1249.  
  1250. def enqueue_output(self, out, queue):
  1251.  
  1252. for line in iter(out.readline, b''):
  1253.  
  1254. queue.put(line)
  1255. out.flush()
  1256.  
  1257. out.close()
  1258.  
  1259. def g_stdout(self): # Different than oclHashcatWrapper because hashcat has a "stdout" cmd switch
  1260.  
  1261. out = ""
  1262. try:
  1263. out = self.q.get_nowait()
  1264.  
  1265. except Empty:
  1266. out = ""
  1267.  
  1268. return out.rstrip()
  1269.  
  1270. def stderr(self):
  1271.  
  1272. out = ""
  1273. try:
  1274. out = self.eq.get_nowait()
  1275.  
  1276. except Empty:
  1277. out = ""
  1278.  
  1279. return out.rstrip()
  1280.  
  1281.  
  1282. def start(self, cmd=None, argv=[]):
  1283.  
  1284. if cmd == None:
  1285. cmd = self.cmd
  1286.  
  1287. if self.hashcat != None and self.is_running():
  1288. self.stop()
  1289.  
  1290. run_cmd = [os.path.join(self.bin_dir,cmd)] + argv # Create full path to main binary
  1291.  
  1292. if self.verbose: print "[+] STDIN: " + ' '.join(run_cmd)
  1293.  
  1294. self.hashcat = Popen(run_cmd, stdout=PIPE, stdin=PIPE, stderr=PIPE, bufsize=1, close_fds=ON_POSIX)
  1295.  
  1296. # Start a new thread to queue async output from stdout
  1297. stdout_thread = Thread(target=self.enqueue_output, args=(self.hashcat.stdout, self.q))
  1298. stdout_thread.daemon = True
  1299.  
  1300. # Start a new thread to queue async output from stderr
  1301. stderr_thread = Thread(target=self.enqueue_output, args=(self.hashcat.stderr, self.eq))
  1302. stderr_thread.daemon = True
  1303.  
  1304. try:
  1305. stdout_thread.start()
  1306. if self.verbose: print "[*] STDOUT thread started"
  1307.  
  1308. except Exception as e:
  1309. if self.verbose: print "[!] Could not start STDOUT thread"
  1310.  
  1311. try:
  1312. stderr_thread.start()
  1313. if self.verbose: print "[*] STDERR thread started"
  1314.  
  1315. except Exception as e:
  1316. if self.verbose: print "[!] Could not start STDERR thread"
  1317.  
  1318. def test(self, cmd=None, argv=[]):
  1319.  
  1320. if cmd == None:
  1321. cmd = self.cmd
  1322.  
  1323. run_cmd = [os.path.join(self.bin_dir,cmd)] + argv # Create full path to main binary
  1324.  
  1325. if run_cmd and not None in run_cmd:
  1326.  
  1327. print "--------- Hashcat CMD Test ---------"
  1328. print ' '.join(run_cmd)
  1329. print "------------------------------------"
  1330.  
  1331. else:
  1332. if self.verbose: print "[-] None type in string. Required option missing"
  1333.  
  1334. def straight(self, TEST=False):
  1335.  
  1336. argv = self.build_args()
  1337.  
  1338. if self.hash_type not in self.hash_type_dict.values():
  1339. hash_code = self.find_code()
  1340.  
  1341. else:
  1342. hash_code = self.hash_type
  1343.  
  1344. try:
  1345. argv.insert(0, self.words_files[0])
  1346.  
  1347. except IndexError as EmptyListError:
  1348. return
  1349.  
  1350. argv.insert(0, self.hash_file)
  1351. argv.insert(0, "0")
  1352. argv.insert(0, "-a")
  1353. argv.insert(0, str(hash_code))
  1354. argv.insert(0, "-m")
  1355.  
  1356. # Add rules if specified
  1357. if self.verbose: print "[*] (" + str(len(self.rules_files)) + ") Rules files specified. Verifying files..."
  1358.  
  1359. for rules in self.rules_files:
  1360.  
  1361. if not os.path.isabs(rules): rules = os.path.join(self.bin_dir,rules)
  1362.  
  1363. if os.path.isfile(rules):
  1364.  
  1365. if self.verbose: print "\t[+] " + rules + " Found!"
  1366.  
  1367. argv.append("-r")
  1368. argv.append(rules)
  1369.  
  1370. else:
  1371.  
  1372. if self.verbose: print "\t[-] " + rules + " NOT Found!"
  1373. pass
  1374.  
  1375.  
  1376. if self.verbose: print "[*] Starting Straight (0) attack"
  1377.  
  1378. if TEST:
  1379. self.test(argv=argv)
  1380.  
  1381. else:
  1382. self.start(argv=argv)
  1383.  
  1384. return self.get_RTCODE()
  1385.  
  1386. def combinator(self, argv=[], TEST=False):
  1387.  
  1388. argv = self.build_args()
  1389.  
  1390. if self.hash_type not in self.hash_type_dict.values():
  1391. hash_code = self.find_code()
  1392.  
  1393. else:
  1394. hash_code = self.hash_type
  1395.  
  1396. try:
  1397. argv.insert(0, self.words_files[1])
  1398. argv.insert(0, self.words_files[0])
  1399.  
  1400. except IndexError as EmptyListError:
  1401. return
  1402.  
  1403. argv.insert(0, self.hash_file)
  1404. argv.insert(0, "1")
  1405. argv.insert(0, "-a")
  1406. argv.insert(0, str(hash_code))
  1407. argv.insert(0, "-m")
  1408.  
  1409. if self.verbose: print "[*] Starting Combinator (1) attack"
  1410.  
  1411. if TEST:
  1412. self.test(argv=argv)
  1413.  
  1414. else:
  1415. self.start(argv=argv)
  1416.  
  1417. return self.get_RTCODE()
  1418.  
  1419. def toggle_case(self, argv=[], TEST=False):
  1420.  
  1421. argv = self.build_args()
  1422.  
  1423. if self.hash_type not in self.hash_type_dict.values():
  1424. hash_code = self.find_code()
  1425.  
  1426. else:
  1427. hash_code = self.hash_type
  1428.  
  1429. try:
  1430. argv.insert(0, self.words_files[0])
  1431.  
  1432. except IndexError as EmptyListError:
  1433. return
  1434.  
  1435. argv.insert(0, self.hash_file)
  1436. argv.insert(0, "2")
  1437. argv.insert(0, "-a")
  1438. argv.insert(0, str(hash_code))
  1439. argv.insert(0, "-m")
  1440.  
  1441. if self.verbose: print "[*] Starting Toggle-case (2) attack"
  1442.  
  1443. if TEST:
  1444. self.test(argv=argv)
  1445.  
  1446. else:
  1447. self.start(argv=argv)
  1448.  
  1449. return self.get_RTCODE()
  1450.  
  1451. def brute_force(self, argv=[], TEST=False):
  1452.  
  1453. argv = self.build_args()
  1454.  
  1455. if self.hash_type not in self.hash_type_dict.values():
  1456. hash_code = self.find_code()
  1457.  
  1458. else:
  1459. hash_code = self.hash_type
  1460.  
  1461. try:
  1462. argv.insert(0, self.words_files[0])
  1463.  
  1464. except IndexError as EmptyListError:
  1465. return
  1466.  
  1467. argv.insert(0, self.hash_file)
  1468. argv.insert(0, "3")
  1469. argv.insert(0, "-a")
  1470. argv.insert(0, str(hash_code))
  1471. argv.insert(0, "-m")
  1472.  
  1473. if self.verbose: print "[*] Starting Brute-Force (3) attack"
  1474.  
  1475. if TEST:
  1476. self.test(argv=argv)
  1477.  
  1478. else:
  1479. self.start(argv=argv)
  1480.  
  1481. return self.get_RTCODE()
  1482.  
  1483. def permutation(self, argv=[], TEST=False):
  1484.  
  1485. argv = self.build_args()
  1486.  
  1487. if self.hash_type not in self.hash_type_dict.values():
  1488. hash_code = self.find_code()
  1489.  
  1490. else:
  1491. hash_code = self.hash_type
  1492.  
  1493. try:
  1494. argv.insert(0, self.words_files[0])
  1495.  
  1496. except IndexError as EmptyListError:
  1497. return
  1498.  
  1499. argv.insert(0, self.hash_file)
  1500. argv.insert(0, "4")
  1501. argv.insert(0, "-a")
  1502. argv.insert(0, str(hash_code))
  1503. argv.insert(0, "-m")
  1504.  
  1505. if self.verbose: print "[*] Starting Permutation (4) attack"
  1506.  
  1507. if TEST:
  1508. self.test(argv=argv)
  1509.  
  1510. else:
  1511. self.start(argv=argv)
  1512.  
  1513. return self.get_RTCODE()
  1514.  
  1515. def table_lookup(self, argv=[], TEST=False):
  1516.  
  1517. argv = self.build_args()
  1518.  
  1519. if self.hash_type not in self.hash_type_dict.values():
  1520. hash_code = self.find_code()
  1521.  
  1522. else:
  1523. hash_code = self.hash_type
  1524.  
  1525. try:
  1526. argv.insert(0, self.words_files[0])
  1527.  
  1528. except IndexError as EmptyListError:
  1529. return
  1530.  
  1531. argv.insert(0, self.hash_file)
  1532. argv.insert(0, "4")
  1533. argv.insert(0, "-a")
  1534. argv.insert(0, str(hash_code))
  1535. argv.insert(0, "-m")
  1536.  
  1537. if self.verbose: print "[*] Starting Table-lookup (5) attack"
  1538.  
  1539. if TEST:
  1540. self.test(argv=argv)
  1541.  
  1542. else:
  1543. self.start(argv=argv)
  1544.  
  1545. return self.get_RTCODE()
  1546.  
  1547. def stop(self):
  1548.  
  1549. RTCODE = self.get_RTCODE()
  1550. if self.is_running():
  1551.  
  1552. if self.verbose: print "[*] Stopping background process...",
  1553. try:
  1554.  
  1555. self.hashcat.kill()
  1556.  
  1557. if self.verbose: print "[Done]"
  1558.  
  1559. except Exception as ProcessException:
  1560.  
  1561. if not RTCODE in (-2,-1,0,2):
  1562.  
  1563. if self.verbose:
  1564.  
  1565. print "[PROCESS EXCEPTION]"
  1566. print "\t** This could have happened for several reasons **"
  1567. print "\t1. GOOD: Process successfully completed before stop call"
  1568. print "\t2. BAD: Process failed to run initially (likely path or argv error)"
  1569. print "\t3. UGLY: Unknown - Check your running processes for a zombie"
  1570.  
  1571. else:
  1572. if self.verbose: print "[Done]"
  1573.  
  1574.  
  1575. if self.verbose: print "[*] Program exited with code: " + str(RTCODE)
  1576.  
  1577. def is_running(self):
  1578.  
  1579. if self.get_RTCODE() == None: # Return value of None indicates process hasn't terminated
  1580.  
  1581. return True
  1582.  
  1583. else:
  1584. return False
  1585.  
  1586.  
  1587. def get_RTCODE(self):
  1588.  
  1589. '''
  1590.  
  1591. status codes on exit:
  1592. =====================
  1593. -1 = error
  1594. 0 = cracked
  1595. 1 = exhausted
  1596. 2 = aborted
  1597.  
  1598. '''
  1599.  
  1600. try:
  1601. return self.hashcat.poll()
  1602.  
  1603. except Exception as e:
  1604. return -99 # Hasn't been started
  1605.  
  1606.  
  1607.  
  1608. def find_code(self): # Find the hashcat hash code
  1609.  
  1610. try:
  1611.  
  1612. # Returns the first code that matches the type text
  1613. return str(self.hash_type_dict[difflib.get_close_matches(self.hash_type, self.hash_type_dict.keys())[0]])
  1614.  
  1615. except Exception as CodeNotFoundError:
  1616. return 0
  1617.  
  1618. return 0 # Return default MD5
  1619.  
  1620. def str_from_code(self, code): # Reverse lookup find code from string
  1621.  
  1622. for code_str in self.hash_type_dict:
  1623.  
  1624. if str(code).lower() == str(self.hash_type_dict[code_str]).lower():
  1625.  
  1626. if self.verbose: print "[*] " + str(code_str) + " = " + str(self.hash_type_dict[code_str])
  1627. return code_str
  1628.  
  1629. else:
  1630. return "UNKNOWN"
  1631.  
  1632.  
  1633. def build_args(self):
  1634.  
  1635. if self.verbose: print "[*] Building argv"
  1636.  
  1637. # Check if any defaults are changed
  1638. argv = []
  1639.  
  1640. for option in self.defaults_changed:
  1641.  
  1642. value = str(getattr(self, option)) # Get the value assigned to the option
  1643. option = option.replace('_','-') # Convert Python snake_style var to cmd line dash format
  1644.  
  1645. if option in self.cmd_short_switch.keys(): # Use short switches if available
  1646.  
  1647. if self.verbose: print "[*] Checking for short options"
  1648. option = "-" + self.cmd_short_switch[option]
  1649. argv.append(option)
  1650. argv.append(str(value))
  1651.  
  1652. else:
  1653.  
  1654. if option in self.cmd_equal_required:
  1655. argv.append("--" + option + "=" + str(value))
  1656.  
  1657. else:
  1658. argv.append("--" + option)
  1659.  
  1660. return argv
  1661.  
  1662.  
  1663. def clear_rules(self):
  1664.  
  1665. self.rules_files = []
  1666.  
  1667. def clear_words(self):
  1668.  
  1669. self.words_files = []
  1670.  
  1671.  
  1672. if __name__ == "__main__":
  1673.  
  1674. pass
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!