def hashfiles(request):
context = {}
context["Section"] = "Hashes"
if request.method == 'POST':
if request.POST["action"] == "add":
hash_type = int(request.POST["hash_type"])
hashfile_name = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for _ in range(12)) + ".hashfile"
hashfile_path = os.path.join(os.path.dirname(__file__), "..",
"Files", "Hashfiles", hashfile_name)
hashes = request.POST["hashes"]
f = open(hashfile_path, 'w')
if len(hashes) == 0 and "hashfile" in request.FILES:
for chunk in request.FILES['hashfile'].chunks():
f.write(chunk.decode('UTF-8', 'backslashreplace'))
else:
f.write(hashes.strip())
f.close()
username_included = "username_included" in request.POST
hashfile = Hashfile(
name=request.POST['name'],
hashfile=hashfile_name,
hash_type=hash_type,
line_count=0,
cracked_count=0,
username_included=username_included,
)
hashfile.save()
init_hashfile_locks(hashfile)
# Update the new file with the potfile, this may take a while, but it is processed in a background task
import_hashfile_task.delay(hashfile.id)
if hash_type != -1: # if != plaintext
messages.success(request, "Hashfile successfully added")
else:
messages.success(request, "Plaintext file successfully added")
context["node_list"] = Node.objects.all()
context["hash_type_list"] = [{
'id': -1,
'name': 'Plaintext'
}] + sorted(list(Hashcat.get_hash_types().values()),
key=itemgetter('name'))
context["rule_list"] = [{
'name': None
}] + sorted(Hashcat.get_rules(detailed=False), key=itemgetter('name'))
context["mask_list"] = sorted(Hashcat.get_masks(detailed=False),
key=itemgetter('name'))
context["wordlist_list"] = sorted(Hashcat.get_wordlists(detailed=False),
key=itemgetter('name'))
template = loader.get_template('Hashcat/hashes.html')
return HttpResponse(template.render(context, request))
def api_upload_file(request):
auth_header = request.META.get('HTTP_AUTHORIZATION', '')
token_type, _, credentials = auth_header.partition(' ')
username, password = base64.b64decode(credentials).decode().split(':')
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return HttpResponse(status=401)
password_valid = user.check_password(password)
if token_type != 'Basic' or not password_valid:
return HttpResponse(status=401)
if request.method == "POST":
params = request.POST
else:
return HttpResponse(json.dumps({
"result": "error",
"value": "Only POST accepted"
}),
content_type="application/json")
if not 'name' in params:
return HttpResponse(json.dumps({
"result":
"error",
"value":
"Please specify the uploaded file name"
}),
content_type="application/json")
if not 'type' in params:
return HttpResponse(json.dumps({
"result":
"error",
"value":
"Please specify the uploaded file type"
}),
content_type="application/json")
if not 'file' in request.FILES:
return HttpResponse(json.dumps({
"result": "error",
"value": "Please upload a file"
}),
content_type="application/json")
print(params)
if params['type'] == 'hashfile':
if not 'hash_type' in params:
return HttpResponse(json.dumps({
"result":
"error",
"value":
"Please specify the hash type"
}),
content_type="application/json")
hash_type = int(params["hash_type"])
hashfile_name = ''.join(
random.choice(string.ascii_uppercase + string.digits)
for _ in range(12)) + ".hashfile"
hashfile_path = os.path.join(os.path.dirname(__file__), "..", "Files",
"Hashfiles", hashfile_name)
f = open(hashfile_path, 'w')
for chunk in request.FILES['file'].chunks():
f.write(chunk.decode('UTF-8', 'backslashreplace'))
f.close()
username_included = "username_included" in params
hashfile = Hashfile(
name=request.POST['name'],
hashfile=hashfile_name,
hash_type=hash_type,
line_count=0,
cracked_count=0,
username_included=username_included,
)
hashfile.save()
init_hashfile_locks(hashfile)
# Update the new file with the potfile, this may take a while, but it is processed in a background task
import_hashfile_task.delay(hashfile.id)
elif params['type'] == 'wordlist':
f = request.FILES["file"]
wordlist_file = f.read()
Hashcat.upload_wordlist(params['name'], wordlist_file)
elif params['type'] == 'rule':
f = request.FILES["file"]
rule_file = f.read()
Hashcat.upload_rule(params['name'], rule_file)
elif params['type'] == 'mask':
f = request.FILES["file"]
mask_file = f.read()
Hashcat.upload_mask(params['name'], mask_file)
return HttpResponse(json.dumps({"result": "success"}),
content_type="application/json")