Ejemplo n.º 1
0
def verify_hash_type(hash_to_verify, least_likely=False, verbose=False):
    """
      Attempt to verify a given hash by type (md5, sha1, etc..)

      >  :param hash_to_verify: hash string
      >  :param least_likely: show least likely options as well
      >  :return: likely options, least likely options, or none

      Example:
        >>> verify_hash_type("098f6bcd4621d373cade4e832627b4f6", least_likely=True)
        [('md5', 'md4', 'md2'), ('double md5', 'lm', ... )]
    """
    for regex, hash_types in HASH_TYPE_REGEX.items(
    ):  # iter is not available in Python 3.x
        if verbose:
            LOGGER.debug("Testing: {}".format(hash_types))
        if regex.match(hash_to_verify):
            return hash_types if least_likely else hash_types[0]
    error_msg = (
        "Unable to find any algorithms to match the given hash. If you "
        "feel this algorithm should be implemented make an issue here: {}")
    LOGGER.fatal(error_msg.format(DAGON_ISSUE_LINK))
    # hash_guarantee(hash_to_verify)
    LOGGER.warning("`hash_guarantee` has been turned off for the time being")
    shutdown(1)
Ejemplo n.º 2
0
def word_generator(length_min=7, length_max=15, perms=False):
    """
      Generate the words to be used for bruteforcing
      > :param length_min: minimum length for the word
      > :param length_max: max length for the word
      > :param perms: permutations, True or False
      > :return: a word

      Example:
      >>> word_generator()
      aaaaaa
      aaaaab
      aaaaac
      ...
    """
    chrs = 'abc'
    for n in range(length_min, length_max + 1):
        for xs in itertools.product(chrs, repeat=n):
            if perms is False:
                yield ''.join(xs)
            else:
                LOGGER.fatal("Permutations are not supported yet")
                break
Ejemplo n.º 3
0
def verify_hash_type(hash_to_verify, least_likely=False):
    """
      Attempt to verify a given hash by type (md5, sha1, etc..)

      >  :param hash_to_verify: hash string
      >  :param least_likely: show least likely options as well
      >  :return: likely options, least likely options, or none

      Example:
        >>> verify_hash_type("098f6bcd4621d373cade4e832627b4f6", least_likely=True)
        [('md5', 'md4', 'md2'), ('double md5', 'lm', ... )]
    """
    for regex in HASH_TYPE_REGEX:
        if regex.match(hash_to_verify) and least_likely:
            return HASH_TYPE_REGEX[regex]
        elif regex.match(hash_to_verify) and not least_likely:
            return HASH_TYPE_REGEX[regex][0]
        else:
            pass
    error_msg = "Unable to find any algorithms to match the given hash. "
    error_msg += "If you feel this algorithm should be implemented make "
    error_msg += "an issue here: {}"
    LOGGER.fatal(error_msg.format(DAGON_ISSUE_LINK))
    exit(1)
Ejemplo n.º 4
0
    # Pay no attention to the _ it's required..
    opt, _ = parser.parse_args()

    verify_python_version()

    required_args = [
        "-c", "--crack", "-l", "--hash-list", "-v", "--verify", "--download"
    ]
    args_in_params = 0

    show_banner() if opt.hideBanner is not True else show_hidden_banner()

    if len(sys.argv) <= 1:
        LOGGER.fatal(
            "You have failed to provide a flag for to the application and have been "
            "redirected to the help menu.")
        time.sleep(1.7)
        subprocess.call("python dagon.py --help")
    else:
        try:
            # Check that you provided a mandatory argument
            for i, _ in enumerate(sys.argv):
                if sys.argv[i] in required_args:
                    args_in_params += 1
            # If you provided an argument continue..
            if args_in_params > 0:

                if opt.downloadWordList is True:
                    download_rand_wordlist()
Ejemplo n.º 5
0
    verify_python_version(verbose=opt.runInVerbose)  # need this again :|

    required_args = [
        "-c", "--crack", "-l", "--hash-list", "-v", "--verify", "-V",
        "--verify-list"
    ]
    args_in_params = 0

    show_banner() if opt.hideBanner else show_hidden_banner()

    integrity_check()

    if len(sys.argv) <= 1:
        LOGGER.fatal(
            "You have failed to provide a flag to the application and have been redirected to the help menu."
        )
        time.sleep(1.7)
        subprocess.call("python dagon.py --help", shell=True)
    else:
        try:
            # Download a random wordlist
            if opt.downloadWordList or opt.downloadMultiple:
                download_rand_wordlist(verbose=opt.runInVerbose,
                                       multi=opt.downloadMultiple if
                                       opt.downloadMultiple is not None else 1)
                exit(0)

            # Output all supported algorithms
            if opt.showAvailableAlgorithms:
                show_available_algs(show_all=opt.showAllAlgorithms)
Ejemplo n.º 6
0
    # Pay no attention to the _ it's required..
    opt, _ = parser.parse_args()

    verify_python_version(verbose=opt.runInVerbose)  # need this again :|

    required_args = [
        "-c", "--crack", "-l", "--hash-list", "-v", "--verify", "-V",
        "--verify-list"
    ]
    args_in_params = 0

    show_banner() if opt.hideBanner else show_hidden_banner()

    if len(sys.argv) <= 1:
        LOGGER.fatal(
            "You have failed to provide a flag to the application and have been redirected to the help menu."
        )
        time.sleep(1.7)
        subprocess.call("python dagon.py --help", shell=True)
    else:
        try:
            if opt.testProgramIntegrity:
                status = integrity_check()
                if status:
                    LOGGER.info(
                        "Integrity check has passed successfully, there are no updates "
                        "available at the moment and you are running the latest version."
                    )
                    exit(0)

            # Download a random wordlist
Ejemplo n.º 7
0
def bruteforce_main(verf_hash,
                    algorithm=None,
                    wordlist=None,
                    salt=None,
                    placement=None,
                    all_algs=False,
                    posx="",
                    use_hex=False,
                    verbose=False,
                    batch=False,
                    rounds=10):
    """
      Main function to be used for bruteforcing a hash
    """
    wordlist_created = False
    if wordlist is None:
        create_dir("bf-dicts", verbose=verbose)
        for item in os.listdir(os.getcwd() + "/bf-dicts"):
            if WORDLIST_RE.match(item):
                wordlist_created = True
                wordlist = "{}/bf-dicts/{}".format(os.getcwd(), item)
        if not wordlist_created:
            LOGGER.info("Creating wordlist..")
            create_wordlist(verbose=verbose)
    else:
        LOGGER.info("Reading from, {}..".format(wordlist))

    if algorithm is None:
        hash_type = verify_hash_type(verf_hash, least_likely=all_algs)
        LOGGER.info(
            "Found {} possible hash type(s) to run against: {} ".format(
                len(hash_type) - 1 if hash_type[1] is None else len(hash_type),
                hash_type[0] if hash_type[1] is None else hash_type))
        for alg in hash_type:
            if alg is None:
                err_msg = (
                    "Ran out of algorithms to try. There are no more "
                    "algorithms currently available that match this hashes "
                    "length, and complexity.")
                LOGGER.fatal(err_msg.format(DAGON_ISSUE_LINK))
                break
            else:
                if ":::" in verf_hash:
                    LOGGER.debug(
                        "It appears that you are trying to crack an '{}' hash, "
                        "these hashes have a certain sequence to them that looks "
                        "like this 'USERNAME:SID:LM_HASH:NTLM_HASH:::'. What you're "
                        "wanting is the NTLM part, of the hash, fix your hash and try "
                        "again..".format(alg.upper()))
                    shutdown(1)
                LOGGER.info("Starting bruteforce with {}..".format(
                    alg.upper()))
                bruteforcing = hash_words(verf_hash,
                                          wordlist,
                                          alg,
                                          salt=salt,
                                          placement=placement,
                                          posx=posx,
                                          use_hex=use_hex,
                                          verbose=verbose,
                                          rounds=rounds)
                if bruteforcing is None:
                    LOGGER.warning(
                        "Unable to find a match for '{}', using {}..".format(
                            verf_hash, alg.upper()))
                else:
                    match_found(bruteforcing)
                    break
    else:
        LOGGER.info("Using algorithm, {}..".format(algorithm.upper()))
        results = hash_words(verf_hash,
                             wordlist,
                             algorithm,
                             salt=salt,
                             placement=placement,
                             posx=posx,
                             verbose=verbose)
        if results is None:
            LOGGER.warning("Unable to find a match using {}..".format(
                algorithm.upper()))
            if not batch:
                verify = prompt(
                    "Would you like to attempt to verify the hash type automatically and crack it",
                    "y/N")
            else:
                verify = "n"
            if verify.startswith(("y", "Y")):
                bruteforce_main(verf_hash,
                                wordlist=wordlist,
                                salt=salt,
                                placement=placement,
                                posx=posx,
                                use_hex=use_hex,
                                verbose=verbose)
            else:
                LOGGER.warning(
                    "Unable to produce a result for given hash '{}' using {}.."
                    .format(verf_hash, algorithm.upper()))
        else:
            match_found(results)
Ejemplo n.º 8
0
def bruteforce_main(verf_hash,
                    algorithm=None,
                    wordlist=None,
                    salt=None,
                    placement=None,
                    all_algs=False,
                    perms="",
                    posx="",
                    use_hex=False):
    """
      Main function to be used for bruteforcing a hash
    """
    wordlist_created = False
    if wordlist is None:
        for item in os.listdir(os.getcwd()):
            if WORDLIST_RE.match(item):
                wordlist_created = True
                wordlist = item
        if wordlist_created is True:
            pass
        else:
            LOGGER.info("Creating wordlist..")
            create_wordlist(perms=perms)
    else:
        LOGGER.info("Reading from, {}..".format(wordlist))

    if algorithm is None:
        hash_type = verify_hash_type(verf_hash, least_likely=all_algs)
        LOGGER.info("Found {} possible hash types to run against: {} ".format(
            len(hash_type) - 1 if hash_type[1] is None else len(hash_type),
            hash_type[0] if hash_type[1] is None else hash_type))
        for alg in hash_type:
            if alg is None:
                err_msg = "Ran out of algorithms to try. There are no more algorithms "
                err_msg += "currently available that match this hashes length, and complexity. "
                err_msg += "Please attempt to use your own wordlist (switch '--wordlist'), "
                err_msg += "download one (switch '--download'), use salt (switch '-S SALT'), "
                err_msg += "or find the algorithm type and create a issue here {}.. "
                LOGGER.fatal(err_msg.format(DAGON_ISSUE_LINK))
                break
            else:
                if ":" in verf_hash:
                    LOGGER.debug(
                        "It appears that you are trying to crack an '{}' hash, "
                        "these hashes have a certain sequence to them that looks "
                        "like this 'USERNAME:SID:LM_HASH:NTLM_HASH:::'. What you're "
                        "wanting is the NTLM part, of the hash, fix your hash and try "
                        "again..".format(alg.upper()))
                    shutdown(1)
                LOGGER.info("Starting bruteforce with {}..".format(
                    alg.upper()))
                bruteforcing = hash_words(verf_hash,
                                          wordlist,
                                          alg,
                                          salt=salt,
                                          placement=placement,
                                          posx=posx,
                                          use_hex=use_hex)
                if bruteforcing is None:
                    LOGGER.warning(
                        "Unable to find a match for '{}', using {}..".format(
                            verf_hash, alg.upper()))
                else:
                    match_found(bruteforcing)
                    break
    else:
        LOGGER.info("Using algorithm, {}..".format(algorithm.upper()))
        results = hash_words(verf_hash,
                             wordlist,
                             algorithm,
                             salt=salt,
                             placement=placement,
                             posx=posx)
        if results is None:
            LOGGER.warning("Unable to find a match using {}..".format(
                algorithm.upper()))
            verifiy = prompt(
                "Would you like to attempt to verify the hash type automatically and crack it",
                "y/N")
            if verifiy.lower().startswith("y"):
                bruteforce_main(verf_hash,
                                wordlist=wordlist,
                                salt=salt,
                                placement=placement,
                                posx=posx,
                                use_hex=use_hex)
            else:
                LOGGER.warning(
                    "Unable to produce a result for given hash '{}' using {}.. Exiting.."
                    .format(verf_hash, algorithm.upper()))
        else:
            match_found(results)