def verify_hash_type(hash_to_verify, least_likely=False, verbose=False): """ Attempt to verify a given hash by type (md5, sha1, etc..) > :param hash_to_verify: hash string > :param least_likely: show least likely options as well > :return: likely options, least likely options, or none Example: >>> verify_hash_type("098f6bcd4621d373cade4e832627b4f6", least_likely=True) [('md5', 'md4', 'md2'), ('double md5', 'lm', ... )] """ for regex, hash_types in HASH_TYPE_REGEX.items( ): # iter is not available in Python 3.x if verbose: LOGGER.debug("Testing: {}".format(hash_types)) if regex.match(hash_to_verify): return hash_types if least_likely else hash_types[0] error_msg = ( "Unable to find any algorithms to match the given hash. If you " "feel this algorithm should be implemented make an issue here: {}") LOGGER.fatal(error_msg.format(DAGON_ISSUE_LINK)) # hash_guarantee(hash_to_verify) LOGGER.warning("`hash_guarantee` has been turned off for the time being") shutdown(1)
def word_generator(length_min=7, length_max=15, perms=False): """ Generate the words to be used for bruteforcing > :param length_min: minimum length for the word > :param length_max: max length for the word > :param perms: permutations, True or False > :return: a word Example: >>> word_generator() aaaaaa aaaaab aaaaac ... """ chrs = 'abc' for n in range(length_min, length_max + 1): for xs in itertools.product(chrs, repeat=n): if perms is False: yield ''.join(xs) else: LOGGER.fatal("Permutations are not supported yet") break
def verify_hash_type(hash_to_verify, least_likely=False): """ Attempt to verify a given hash by type (md5, sha1, etc..) > :param hash_to_verify: hash string > :param least_likely: show least likely options as well > :return: likely options, least likely options, or none Example: >>> verify_hash_type("098f6bcd4621d373cade4e832627b4f6", least_likely=True) [('md5', 'md4', 'md2'), ('double md5', 'lm', ... )] """ for regex in HASH_TYPE_REGEX: if regex.match(hash_to_verify) and least_likely: return HASH_TYPE_REGEX[regex] elif regex.match(hash_to_verify) and not least_likely: return HASH_TYPE_REGEX[regex][0] else: pass error_msg = "Unable to find any algorithms to match the given hash. " error_msg += "If you feel this algorithm should be implemented make " error_msg += "an issue here: {}" LOGGER.fatal(error_msg.format(DAGON_ISSUE_LINK)) exit(1)
# Pay no attention to the _ it's required.. opt, _ = parser.parse_args() verify_python_version() required_args = [ "-c", "--crack", "-l", "--hash-list", "-v", "--verify", "--download" ] args_in_params = 0 show_banner() if opt.hideBanner is not True else show_hidden_banner() if len(sys.argv) <= 1: LOGGER.fatal( "You have failed to provide a flag for to the application and have been " "redirected to the help menu.") time.sleep(1.7) subprocess.call("python dagon.py --help") else: try: # Check that you provided a mandatory argument for i, _ in enumerate(sys.argv): if sys.argv[i] in required_args: args_in_params += 1 # If you provided an argument continue.. if args_in_params > 0: if opt.downloadWordList is True: download_rand_wordlist()
verify_python_version(verbose=opt.runInVerbose) # need this again :| required_args = [ "-c", "--crack", "-l", "--hash-list", "-v", "--verify", "-V", "--verify-list" ] args_in_params = 0 show_banner() if opt.hideBanner else show_hidden_banner() integrity_check() if len(sys.argv) <= 1: LOGGER.fatal( "You have failed to provide a flag to the application and have been redirected to the help menu." ) time.sleep(1.7) subprocess.call("python dagon.py --help", shell=True) else: try: # Download a random wordlist if opt.downloadWordList or opt.downloadMultiple: download_rand_wordlist(verbose=opt.runInVerbose, multi=opt.downloadMultiple if opt.downloadMultiple is not None else 1) exit(0) # Output all supported algorithms if opt.showAvailableAlgorithms: show_available_algs(show_all=opt.showAllAlgorithms)
# Pay no attention to the _ it's required.. opt, _ = parser.parse_args() verify_python_version(verbose=opt.runInVerbose) # need this again :| required_args = [ "-c", "--crack", "-l", "--hash-list", "-v", "--verify", "-V", "--verify-list" ] args_in_params = 0 show_banner() if opt.hideBanner else show_hidden_banner() if len(sys.argv) <= 1: LOGGER.fatal( "You have failed to provide a flag to the application and have been redirected to the help menu." ) time.sleep(1.7) subprocess.call("python dagon.py --help", shell=True) else: try: if opt.testProgramIntegrity: status = integrity_check() if status: LOGGER.info( "Integrity check has passed successfully, there are no updates " "available at the moment and you are running the latest version." ) exit(0) # Download a random wordlist
def bruteforce_main(verf_hash, algorithm=None, wordlist=None, salt=None, placement=None, all_algs=False, posx="", use_hex=False, verbose=False, batch=False, rounds=10): """ Main function to be used for bruteforcing a hash """ wordlist_created = False if wordlist is None: create_dir("bf-dicts", verbose=verbose) for item in os.listdir(os.getcwd() + "/bf-dicts"): if WORDLIST_RE.match(item): wordlist_created = True wordlist = "{}/bf-dicts/{}".format(os.getcwd(), item) if not wordlist_created: LOGGER.info("Creating wordlist..") create_wordlist(verbose=verbose) else: LOGGER.info("Reading from, {}..".format(wordlist)) if algorithm is None: hash_type = verify_hash_type(verf_hash, least_likely=all_algs) LOGGER.info( "Found {} possible hash type(s) to run against: {} ".format( len(hash_type) - 1 if hash_type[1] is None else len(hash_type), hash_type[0] if hash_type[1] is None else hash_type)) for alg in hash_type: if alg is None: err_msg = ( "Ran out of algorithms to try. There are no more " "algorithms currently available that match this hashes " "length, and complexity.") LOGGER.fatal(err_msg.format(DAGON_ISSUE_LINK)) break else: if ":::" in verf_hash: LOGGER.debug( "It appears that you are trying to crack an '{}' hash, " "these hashes have a certain sequence to them that looks " "like this 'USERNAME:SID:LM_HASH:NTLM_HASH:::'. What you're " "wanting is the NTLM part, of the hash, fix your hash and try " "again..".format(alg.upper())) shutdown(1) LOGGER.info("Starting bruteforce with {}..".format( alg.upper())) bruteforcing = hash_words(verf_hash, wordlist, alg, salt=salt, placement=placement, posx=posx, use_hex=use_hex, verbose=verbose, rounds=rounds) if bruteforcing is None: LOGGER.warning( "Unable to find a match for '{}', using {}..".format( verf_hash, alg.upper())) else: match_found(bruteforcing) break else: LOGGER.info("Using algorithm, {}..".format(algorithm.upper())) results = hash_words(verf_hash, wordlist, algorithm, salt=salt, placement=placement, posx=posx, verbose=verbose) if results is None: LOGGER.warning("Unable to find a match using {}..".format( algorithm.upper())) if not batch: verify = prompt( "Would you like to attempt to verify the hash type automatically and crack it", "y/N") else: verify = "n" if verify.startswith(("y", "Y")): bruteforce_main(verf_hash, wordlist=wordlist, salt=salt, placement=placement, posx=posx, use_hex=use_hex, verbose=verbose) else: LOGGER.warning( "Unable to produce a result for given hash '{}' using {}.." .format(verf_hash, algorithm.upper())) else: match_found(results)
def bruteforce_main(verf_hash, algorithm=None, wordlist=None, salt=None, placement=None, all_algs=False, perms="", posx="", use_hex=False): """ Main function to be used for bruteforcing a hash """ wordlist_created = False if wordlist is None: for item in os.listdir(os.getcwd()): if WORDLIST_RE.match(item): wordlist_created = True wordlist = item if wordlist_created is True: pass else: LOGGER.info("Creating wordlist..") create_wordlist(perms=perms) else: LOGGER.info("Reading from, {}..".format(wordlist)) if algorithm is None: hash_type = verify_hash_type(verf_hash, least_likely=all_algs) LOGGER.info("Found {} possible hash types to run against: {} ".format( len(hash_type) - 1 if hash_type[1] is None else len(hash_type), hash_type[0] if hash_type[1] is None else hash_type)) for alg in hash_type: if alg is None: err_msg = "Ran out of algorithms to try. There are no more algorithms " err_msg += "currently available that match this hashes length, and complexity. " err_msg += "Please attempt to use your own wordlist (switch '--wordlist'), " err_msg += "download one (switch '--download'), use salt (switch '-S SALT'), " err_msg += "or find the algorithm type and create a issue here {}.. " LOGGER.fatal(err_msg.format(DAGON_ISSUE_LINK)) break else: if ":" in verf_hash: LOGGER.debug( "It appears that you are trying to crack an '{}' hash, " "these hashes have a certain sequence to them that looks " "like this 'USERNAME:SID:LM_HASH:NTLM_HASH:::'. What you're " "wanting is the NTLM part, of the hash, fix your hash and try " "again..".format(alg.upper())) shutdown(1) LOGGER.info("Starting bruteforce with {}..".format( alg.upper())) bruteforcing = hash_words(verf_hash, wordlist, alg, salt=salt, placement=placement, posx=posx, use_hex=use_hex) if bruteforcing is None: LOGGER.warning( "Unable to find a match for '{}', using {}..".format( verf_hash, alg.upper())) else: match_found(bruteforcing) break else: LOGGER.info("Using algorithm, {}..".format(algorithm.upper())) results = hash_words(verf_hash, wordlist, algorithm, salt=salt, placement=placement, posx=posx) if results is None: LOGGER.warning("Unable to find a match using {}..".format( algorithm.upper())) verifiy = prompt( "Would you like to attempt to verify the hash type automatically and crack it", "y/N") if verifiy.lower().startswith("y"): bruteforce_main(verf_hash, wordlist=wordlist, salt=salt, placement=placement, posx=posx, use_hex=use_hex) else: LOGGER.warning( "Unable to produce a result for given hash '{}' using {}.. Exiting.." .format(verf_hash, algorithm.upper())) else: match_found(results)