def bruteforce_m(characters, salt, target, maximum, sentinel, result,
boundaries):
cartesian = itertools.product(characters, repeat=maximum)
print(len(characters), salt, target, maximum, sentinel.value, boundaries)
if boundaries[0] > 0:
start = int_to_base_x_by_idx(characters, boundaries[0])
if len(start) < maximum:
start_tuple = tuple([0] * (maximum - len(start)) + start)
else:
start_tuple = tuple(start)
cartesian.__setstate__(start_tuple)
for cidx in range(boundaries[0], boundaries[1] - 1):
if sentinel.value:
print(
f"In a sub-process and noticed that it is set to 1 {os.getpid()}"
)
return
guess = next(cartesian)
h = md5_crypt.using(salt=salt, salt_size=4).hash(
"".join(guess)).strip().split("$")[3]
if h == target:
print(f"Found a match in {os.getpid()}")
sentinel.value = True
result.put("".join(guess))
#"".join(guess).encode("utf-8")
return cidx, guess
def bruteforce_o(characters, salt, target, maximum):
for idx, guess in enumerate(itertools.product(characters, repeat=maximum)):
h = md5_crypt.using(salt=salt, salt_size=4).hash(
"".join(guess)).strip().split("$")[3]
if h == target:
return guess
def run(self):
"""
Try every password from the list until it finds one with the same hash as
hash
"""
logger.info('worker %d started', self._id)
while True:
try:
user = password_t(*self._queue.get(block=False))
except Empty:
break
counter = 0
start = time.time()
for password in self._passwords:
hashed = md5_crypt.using(salt=user.salt).hash(password)
# logger.debug('worker %d generated %s for %s', self._id, hashed, password)
if hashed.split('$')[-1] == user.password:
logger.info('found password %s for user %s',
password, user.username)
self._results[user.username] = password
break
counter += 1
if (counter % 10000) == 0:
logger.debug("worker %d has tried %d passwords "
"(avg rate = %d passwords/s)", self._id, counter,
counter / (time.time() - start))
self._queue.task_done()
logger.info('worker %d done', self._id)
def _anonymize_value(raw_val, lookup, reserved_words):
"""Generate an anonymized replacement for the input value.
This function tries to determine what type of value was passed in and
returns an anonymized value of the same format. If the source value has
already been anonymized in the provided lookup, then the previous anon
value will be used.
"""
# Separate enclosing text (e.g. quotes) from the underlying value
sens_head, val, sens_tail = _extract_enclosing_text(raw_val)
if val in reserved_words:
logging.debug('Skipping anonymization of reserved word: "%s"', val)
return raw_val
if not val:
logging.debug('Nothing to anonymize after removing special characters')
return raw_val
if val in lookup:
anon_val = lookup[val]
logging.debug('Anonymized input "%s" to "%s" (via lookup)', val,
anon_val)
return sens_head + anon_val + sens_tail
anon_val = 'netconanRemoved{}'.format(len(lookup))
item_format = _check_sensitive_item_format(val)
if item_format == _sensitive_item_formats.cisco_type7:
# Not salting sensitive data, using static salt here to more easily
# identify anonymized lines
anon_val = cisco_type7.using(salt=9).hash(anon_val)
if item_format == _sensitive_item_formats.numeric:
# These are the ASCII character values for anon_val converted to decimal
anon_val = str(int(b2a_hex(b(anon_val)), 16))
if item_format == _sensitive_item_formats.hexadecimal:
# These are the ASCII character values for anon_val in hexadecimal
anon_val = b2a_hex(b(anon_val)).decode()
if item_format == _sensitive_item_formats.md5:
old_salt_size = len(val.split('$')[2])
# Not salting sensitive data, using static salt here to more easily
# identify anonymized lines
anon_val = md5_crypt.using(salt='0' * old_salt_size).hash(anon_val)
if item_format == _sensitive_item_formats.sha512:
# Hash anon_val w/standard rounds=5000 to omit rounds parameter from hash output
anon_val = sha512_crypt.using(rounds=5000).hash(anon_val)
if item_format == _sensitive_item_formats.juniper_type9:
# TODO(https://github.com/intentionet/netconan/issues/16)
# Encode base anon_val instead of just returning a constant here
# This value corresponds to encoding: Conan812183
anon_val = '$9$0000IRc-dsJGirewg4JDj9At0RhSreK8Xhc'
lookup[val] = anon_val
logging.debug('Anonymized input "%s" to "%s"', val, anon_val)
return sens_head + anon_val + sens_tail
def dictionaryAttack(passwordList, listOfUsers):
resultsFile = open("Results1.txt", "w")
for user in listOfUsers:
for password in passwordList[:
10000]: # I put this limitation on the program so that the runtime wouldnt be as long. We can extend the range or remove it to raise teh chances of finding a password hidden deeper in the file
attempt = md5_crypt.using(salt=user[1]).hash(
password
) # using the salt to encrypt the password from the passwordlist to attempt and match to user password
if (attempt == user[2]):
resultsFile.write("Username: "******" Password:"******"\n")
break
def type5():
valid_pwd = False
while not valid_pwd:
try:
pwd = pwd_input()
except KeyboardInterrupt:
sys.exit(0)
else:
if (pwd_check(pwd)):
# Create the hash
hash = md5_crypt.using(salt_size=4).hash(pwd)
# Print the hash in Cisco Syntax
print( '\n' + f"Your Cisco Type 5 password hash is: {hash}")
valid_pwd = True
def crackPass(fullHash, algo, salt, wordList):
dictFile = open(wordList, 'r')
for word in dictFile.readlines():
word = word.strip('\n')
if algo == hashTypes['MD5']:
if md5_crypt.using(salt=salt, rounds=5000).verify(word, fullHash):
print("[+] Found Password: "******"\n")
return
if algo == hashTypes['SHA-256']:
if sha256_crypt.using(salt=salt,
rounds=5000).verify(word, fullHash):
print("[+] Found Password: "******"\n")
return
if algo == hashTypes['SHA-512']:
if sha512_crypt.using(salt=salt,
rounds=5000).verify(word, fullHash):
print("[+] Found Password: "******"\n")
return
print("[-] Password Not Found.\n")
return
# MacchiaroliM 5-17-2020
# Question F1
#############
#Create the hash for the word “hello” for the
#different methods (you only have to give the
#first six hex characters for the hash):MD5, SHA-1, SHA-256, SHA-512, DES
#MD5 SHA1 SHA256 SHA512 DES
#Also note the number hex characters that the hashed value uses:MD5, Sun MD5, SHA-1, SHA-256, SHA-512
#############
from passlib.hash import md5_crypt, sun_md5_crypt, sha1_crypt, sha256_crypt, sha512_crypt, des_crypt
words = ["hello"]
salt = "ZDzPE45C"
for x in words:
print("Hashes for \"" + x + "\":")
md5 = md5_crypt.using(salt=salt).hash(x)
print("MD5: " + md5)
sha1 = sha1_crypt.using(salt=salt).hash(
x) # .encrypt deprecatyed, using hash instead
print("SHA1: " + sha1)
sha256 = sha256_crypt.using(salt=salt).hash(x)
print("SHA256: " + sha256)
sha512 = sha512_crypt.using(salt=salt).hash(x)
print("SHA512: " + sha512_crypt.using(salt=salt).hash(x))
des = des_crypt.using(salt=salt[:2]).hash(x) # first 2 chars of salt
print("DES: " + des)
print("")
print("Hex length for \"" + x + "\":")
print("MD5: " + str(len(md5)))
print("Sun MD5: " + str(len(sun_md5_crypt.using(salt=salt).hash(x))))
filePath = 'bb_data/L/LBB2'
vars = None
with open(filePath + '.json') as inFile:
vars = json.load(inFile)
# Unix crypt(3) password hashes, using SHA-256
# Result: '$5$salt$encrypted_hash'
root_salt = pwd.genword(
length=8,
chars='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')
admin_salt = pwd.genword(
length=8,
chars='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')
root_password = md5_crypt.using(salt=root_salt).hash("stiksCDPA")
admin_password = md5_crypt.using(salt=admin_salt).hash("stiksCDPA")
vars['root_password'] = root_password
vars['admin_password'] = admin_password
vars['snmp_contact'] = input('YourID:')
env = Environment(loader=FileSystemLoader('.'), trim_blocks=True)
print('------------------' + filePath + '------------------')
print(env.get_template('backbone.conf.template').render(vars))
print('--------------------------------------------')
print('')
ip = '192.168.1.12'
print('connecting to ' + ip + '...')
dev = Device(host=ip, user='******', password='******')
from passlib.hash import md5_crypt
h = md5_crypt.hash("password")
print h
md5_crypt.verify("password", h)
md5_crypt.verify("secret", h)
md5_crypt.using(salt_size=4).hash("password")
def hash(salt, msg):
h = md5_crypt.using(salt=salt, salt_size=8)
return h.hash(msg)
def hashPassword(password): from passlib.hash import md5_crypt return md5_crypt.using(salt_size=8).hash(password)
from passlib.hash import md5_crypt
if __name__ == '__main__':
#give your Hashed MD5+salt password
codefull = "$1$.rquYmlo$yFWfaSKplZmp1Id2VZ6iT1"
#give the salt value
salt = ".rquYmlo"
#give the path of your wordlist
file = open('Wordlist.txt', 'r', -1, 'ISO-8859-1')
with file as fp:
line = fp.readline()
cnt = 2
while line:
line = (fp.readline()).rstrip("\n")
line2 = (md5_crypt.using(salt=".rquYmlo").hash(line))
cnt += 1
print("{}: {}".format(cnt, line2))
if line2 == codefull:
print("GOTTCHA!!! \n the password is: " + line)
break
print(pretty(channel.recv(65535).decode()))
print('-' * 20)
time.sleep(1)
channel.send('ps\n')
time.sleep(1)
ps = pretty(channel.recv(65535).decode())
print(ps)
m = re.search('.* ps', ps, flags=re.M)
pid = m[0].split(' ')[0]
pid = f'{int(pid) + 1}'
salt = 'awesome'
h = md5.using(salt=salt).hash(pid.encode())
h = h.replace('$', '\\$')
print(h)
comm = f'./ch21 {h}\n'
channel.send(comm)
print(pretty(channel.recv(65535).decode()))
time.sleep(1)
channel.send('cat ./.passwd\n')
print(pretty(channel.recv(65535).decode()))
time.sleep(1)
channel.send('cat ./.passwd\n')
print(pretty(channel.recv(65535).decode()))