def main():
    args = get_args()

    hashes = parse_hashfile(args.hashfile)
    hmac_to_crack = hashes[0]
    sha512_to_crack = hashes[1]
    bc.info("Parsed {} HMAC and {} SHA512 Hashes from {}".format(
        len(hmac_to_crack), len(sha512_to_crack), args.hashfile))

    #Hashcat conversion operation
    if args.convert_hashcat:
        convert_hashcat(args, sha512_to_crack, hmac_to_crack)
        exit(0)

    # John conversion operation
    elif args.convert_john:
        convert_john(args, sha512_to_crack, hmac_to_crack)
        exit(0)

    with open(args.wordlist, 'r', encoding='latin-1') as w:
        for word in w:
            if not word: continue
            word = word.strip()
            if len(sha512_to_crack) == 0 and len(hmac_to_crack) == 0:
                bc.info("No more hashes to crack, exiting.")
                break

            # crack any straight 512s
            if len(sha512_to_crack) > 0:
                for h in sha512_to_crack:
                    this_hash = sha512(word.encode() + h[0]).digest()
                    if b64encode(this_hash).decode() == h[1]:
                        bc.success("{} : {}".format(h[2], word), strong=True)
                        sha512_to_crack.remove(h)

            # Now for any HMACS
            if len(hmac_to_crack) > 0:
                for h in hmac_to_crack:
                    this_hash = pbkdf2_hmac('sha512', word.encode(), h[0],
                                            int(h[3]))
                    if b64encode(this_hash).decode() == h[1]:
                        bc.success("{} : {}".format(h[2], word), strong=True)
                        hmac_to_crack.remove(h)

    bc.info("{} HMAC and {} SHA512 hashes left to be cracked.".format(
        len(hmac_to_crack), len(sha512_to_crack)))
Exemple #2
0
def main():
    #CLI Parsing - simple and dirty:
    if len(argv[1:]) != 1:
        app = basename(__file__)
        print("Usage: {} [number]".format(app))
        exit(0)

#Set up variables from CLI
    try:
        num = int(argv[1])
    except:
        bc.err('Cannot process argument. Is your input an integer?')
        exit(0)
    if is_prime(num):
        bc.success('Yes, {} is prime!'.format(num), True)
    else:
        bc.info('No, {} is not prime, sorry!'.format(num), True)
Exemple #3
0
def main():

    args = get_args()
    print_banner()
    check_root()

    #Set scan type, remove default TCP connect if Syn Scan
    #Also setup default protocols and TCP flags (if applicable)
    if args.syn:
        args.tcp_connect = False
    if args.udp:
        default_proto = "udp"
    else:
        default_proto = "tcp"

    #Format ports into list, check number of ports first
    if len(args.knock_ports.split(',')) < 2:
        bc.err("Error parsing knock ports!\t" + bc.UNDERLINE + \
                "Did you supply comma delimited ports?" + bc.ENDC)
        sys.exit(0)
    else:
        knock_ports = args.knock_ports.split(',')

#If not brute, knock
    if not args.brute:
        if args.verbose:
            bc.success("Starting knock against ports: {}".format(knock_ports))
        knock(args.host, knock_ports, args.syn, default_proto, args.delay,
              args.verbose)
    else:
        #BRUTE!
        bc.info("Bruting...")

    #If port to test - NOTE syn set to False, because we're looking for connection
    if args.target_port and knock(args.host, [args.target_port], False, \
            default_proto, args.delay, args.verbose) == 0:
        bc.success("Knock complete - {}, test port open!".format(
            bc.bold_format("success")))
    elif args.target_port:
        bc.err(
            "Knock complete - {} - test port filtered or closed... BEWARE UDP."
            .format(bc.bold_format("Failure")))
    else:
        bc.info("Knock complete.")
def guesser(url, fmt_str, hdr, login_q, sM, sX, kill_flag, struck_gold, done_q):
    while True:
        rd = None
        if kill_flag.is_set():
            return
        try:
            rd = login_q.get_nowait()
            if not rd: continue #Because sometimes the queue has null in it
            #bc.info("got {} from queue".format(rd))
            data = fmt_str.format(rd[0], rd[1])
            #bc.info("Sending request.\nurl = {}\ndata = {}\nheaders = {}".format(url, data, hdr))
            r = requests.post(url=url, data=data, headers=hdr)

            #Check success
            if (sM and sM in r.text) or (sX and sX not in r.text):
                struck_gold.set()
                bc.success("Credentials found!")
                print("\t[ {} ] = {} [ {} ] = [ {} ]".format( \
                        bc.bold_format('User'), bc.green_format(str(rd[0]), ''), \
                        bc.bold_format('Password'), bc.green_format(str(rd[1]), '')))

            #Tell main loop we guessed one
            done_q.put("One more thing tried!")

        except EmptyErr:
            pass
        except BrokenPipeError as e:
            if rd:
                bc.warn("Error when trying credentials : {}\n{}".format(rd, e))
            else:
                pass
        except ConnectionResetError as e:
            if rd:
                bc.warn("Error when trying credentials : {}\n{}".format(rd, e))
            else:
                pass
        except requests.exceptions.ConnectionError as e:
            bc.warn("Couldn't connect when trying credentials : {}\nCheck target host is up if error persists.\n{}".format(rd, e))
        except KeyboardInterrupt:
            return
def convert_hashcat(args, sha512_to_crack, hmac_to_crack):
    """Take a mosquitto_passwd file and convert it to hashcat format
    can handle both SHA512 and PBKDF2_HMAC_SHA512 output formats"""

    sha512s = []
    hmacs = []
    for h in sha512_to_crack:
        sha512s.append(sha512_to_hashcat(h))
    for h in hmac_to_crack:
        hmacs.append(hmac_to_hashcat(h))
    if len(sha512s) > 0:
        with open("{}.1710.hcat".format(args.out_file), "w") as o:
            for h in sha512s:
                o.write(h + "\n")
    if len(hmacs) > 0:
        with open("{}.12100.hcat".format(args.out_file), "w") as o:
            for h in hmacs:
                o.write(h + "\n")
    bc.success("Hashes written out to files starting '{}'".format(
        args.out_file))
    bc.info("Run SHA512s in mode 1710 with --hex-salt.", strong=True)
    bc.info("Run HMAC-SHA512s in mode 12100.", strong=True)
def convert_john(args, sha512_to_crack, hmac_to_crack):
    """Take a mosquitto_passwd file and convert it to John's dynamic 82
    format. Can handle both SHA512 and PBKDF2_HMAC_SHA512 output formats.
    Using raw hex for hash and salt because bad bytes."""

    sha512s = []
    hmacs = []
    for h in sha512_to_crack:
        sha512s.append(sha512_to_john(h))
    for h in hmac_to_crack:
        hmacs.append(hmac_to_john(h))
    if len(sha512s) > 0:
        with open("{}.sha512s.john".format(args.out_file), "w") as o:
            for h in sha512s:
                o.write(h + "\n")
    if len(hmacs) > 0:
        with open("{}.hmacs.john".format(args.out_file), "w") as o:
            for h in hmacs:
                o.write(h + "\n")
    bc.success("Hashes written out to files starting '{}'".format(
        args.out_file))
    bc.info("Run separate sessions for each hash type. " + \
            "No format specification needed.", strong=True)
def main():
    #Mega basic command line parsing will do fine for our purposes
    try:
        if len(sys.argv[1:]) == 1:
            addresses = scrape_emails(sys.argv[1])
            if addresses is not None:
                bc.success("Found addresses :")
                for a in addresses:
                    print("\t{}".format(a))
        elif len(sys.argv[1:]) == 2:
            addresses = scrape_emails(sys.argv[1])
            if addresses is not None and not exists(sys.argv[2]):
                with open(sys.argv[2], "w") as f:
                    for address in addresses:
                        f.write(address + '\n')
            elif addresses is not None and exists(sys.argv[2]):
                answer = 'placeholder'
                fmt_str = bc.blue_format(
                        "[!] ", "- {} exists, overwrite, append or cancel [o/a/c]? :".format(
                                sys.argv[2]))
                while answer.lower() not in ['o','a','c']:
                    answer = input(fmt_str)
                if answer == 'c':
                    bc.info("Exiting.")
                    sys.exit(0)
                else:
                    mode = 'w' if answer == 'o' else 'a'
                    with open(sys.argv[2], mode) as f:
                        for address in addanswerresses:
                            f.write(address + '\n')

        else:
            app = basename(__file__)
            print('Usage: {} [target_url] [outfile (optional)]'.format(app))
    except Exception as e:
        bc.err("Error parsing emails: {}".format(e))
def guesser(host, domain, port, login_q, timeout, kill_flag, struck_gold,
            done_q):
    """A Method to be the target of worker threads, will read creds from a Queue
    object and try them, telling another queue if it's successful"""

    while True:
        rd = None
        if kill_flag.is_set():
            return
        try:
            rd = login_q.get_nowait()
            if not rd: continue  #Because sometimes the queue has null in it
            #bc.info("got {} from queue".format(rd))
            direct_tcp = True if port == 445 else False
            #Now try and login
            smb = SMBConnection(username=rd[0],
                                password=rd[1],
                                my_name='',
                                remote_name='',
                                domain=domain,
                                use_ntlm_v2=True,
                                is_direct_tcp=direct_tcp)
            login = smb.connect(host, port, timeout=timeout)

            #Check success
            if login:
                struck_gold.set()
                bc.success("Credentials found!")
                print("\t[ {} ] = {} [ {} ] = [ {} ]".format( \
                        bc.bold_format('User'), bc.green_format(str(rd[0]), ''), \
                        bc.bold_format('Password'), bc.green_format(str(rd[1]), '')))

            #Tell main loop we guessed one
            #done_q.put("One more thing tried!")

        except EmptyErr:
            pass
        except BrokenPipeError as e:
            if rd:
                print()
                bc.warn("Pipe Error when trying credentials : {}\n{}".format(
                    rd, e))
            else:
                pass
        except SMBTimeout as e:
            if rd:
                print()
                bc.warn("SMB Timeout when trying credentials : {}\n{}".format(
                    rd, e))
            else:
                pass
        except ProtocolError as e:
            if rd:
                print()
                bc.warn(
                    "Protocol Error when trying credentials: {}\n{}".format(
                        rd, e))
            else:
                pass
        except KeyboardInterrupt:
            return
        finally:
            #Tell main loop we guessed one if rd
            if rd:
                done_q.put("One more thing tried!")