Esempio n. 1
0
def bruteforce_m(characters, salt, target, maximum, sentinel, result,
                 boundaries):
    cartesian = itertools.product(characters, repeat=maximum)
    print(len(characters), salt, target, maximum, sentinel.value, boundaries)

    if boundaries[0] > 0:
        start = int_to_base_x_by_idx(characters, boundaries[0])
        if len(start) < maximum:
            start_tuple = tuple([0] * (maximum - len(start)) + start)
        else:
            start_tuple = tuple(start)
        cartesian.__setstate__(start_tuple)

    for cidx in range(boundaries[0], boundaries[1] - 1):
        if sentinel.value:
            print(
                f"In a sub-process and noticed that it is set to 1 {os.getpid()}"
            )
            return

        guess = next(cartesian)
        h = md5_crypt.using(salt=salt, salt_size=4).hash(
            "".join(guess)).strip().split("$")[3]

        if h == target:
            print(f"Found a match in {os.getpid()}")
            sentinel.value = True
            result.put("".join(guess))
            #"".join(guess).encode("utf-8")
            return cidx, guess
Esempio n. 2
0
def bruteforce_o(characters, salt, target, maximum):
    for idx, guess in enumerate(itertools.product(characters, repeat=maximum)):
        h = md5_crypt.using(salt=salt, salt_size=4).hash(
            "".join(guess)).strip().split("$")[3]

        if h == target:
            return guess
Esempio n. 3
0
 def run(self):
     """
     Try every password from the list until it finds one with the same hash as
     hash
     """
     logger.info('worker %d started', self._id)
     while True:
         try:
             user = password_t(*self._queue.get(block=False))
         except Empty:
             break
         counter = 0
         start = time.time()
         for password in self._passwords:
             hashed = md5_crypt.using(salt=user.salt).hash(password)
             # logger.debug('worker %d generated %s for %s', self._id, hashed, password)
             if hashed.split('$')[-1] == user.password:
                 logger.info('found password %s for user %s',
                             password, user.username)
                 self._results[user.username] = password
                 break
             counter += 1
             if (counter % 10000) == 0:
                 logger.debug("worker %d has tried %d passwords "
                              "(avg rate = %d passwords/s)", self._id, counter,
                              counter / (time.time() - start))
         self._queue.task_done()
     logger.info('worker %d done', self._id)
def _anonymize_value(raw_val, lookup, reserved_words):
    """Generate an anonymized replacement for the input value.

    This function tries to determine what type of value was passed in and
    returns an anonymized value of the same format.  If the source value has
    already been anonymized in the provided lookup, then the previous anon
    value will be used.
    """
    # Separate enclosing text (e.g. quotes) from the underlying value
    sens_head, val, sens_tail = _extract_enclosing_text(raw_val)
    if val in reserved_words:
        logging.debug('Skipping anonymization of reserved word: "%s"', val)
        return raw_val
    if not val:
        logging.debug('Nothing to anonymize after removing special characters')
        return raw_val

    if val in lookup:
        anon_val = lookup[val]
        logging.debug('Anonymized input "%s" to "%s" (via lookup)', val,
                      anon_val)
        return sens_head + anon_val + sens_tail

    anon_val = 'netconanRemoved{}'.format(len(lookup))
    item_format = _check_sensitive_item_format(val)
    if item_format == _sensitive_item_formats.cisco_type7:
        # Not salting sensitive data, using static salt here to more easily
        # identify anonymized lines
        anon_val = cisco_type7.using(salt=9).hash(anon_val)

    if item_format == _sensitive_item_formats.numeric:
        # These are the ASCII character values for anon_val converted to decimal
        anon_val = str(int(b2a_hex(b(anon_val)), 16))

    if item_format == _sensitive_item_formats.hexadecimal:
        # These are the ASCII character values for anon_val in hexadecimal
        anon_val = b2a_hex(b(anon_val)).decode()

    if item_format == _sensitive_item_formats.md5:
        old_salt_size = len(val.split('$')[2])
        # Not salting sensitive data, using static salt here to more easily
        # identify anonymized lines
        anon_val = md5_crypt.using(salt='0' * old_salt_size).hash(anon_val)

    if item_format == _sensitive_item_formats.sha512:
        # Hash anon_val w/standard rounds=5000 to omit rounds parameter from hash output
        anon_val = sha512_crypt.using(rounds=5000).hash(anon_val)

    if item_format == _sensitive_item_formats.juniper_type9:
        # TODO(https://github.com/intentionet/netconan/issues/16)
        # Encode base anon_val instead of just returning a constant here
        # This value corresponds to encoding: Conan812183
        anon_val = '$9$0000IRc-dsJGirewg4JDj9At0RhSreK8Xhc'

    lookup[val] = anon_val
    logging.debug('Anonymized input "%s" to "%s"', val, anon_val)
    return sens_head + anon_val + sens_tail
def dictionaryAttack(passwordList, listOfUsers):
    resultsFile = open("Results1.txt", "w")

    for user in listOfUsers:
        for password in passwordList[:
                                     10000]:  # I put this limitation on the program so that the runtime wouldnt be as long. We can extend the range or remove it to raise teh chances of finding a password hidden deeper in the file
            attempt = md5_crypt.using(salt=user[1]).hash(
                password
            )  # using the salt to encrypt the password from the passwordlist to attempt and match to user password
            if (attempt == user[2]):
                resultsFile.write("Username: "******"  Password:"******"\n")
                break
def type5():
    valid_pwd = False
    while not valid_pwd:
        try:
            pwd = pwd_input()
        except KeyboardInterrupt:
                sys.exit(0)
        else:
                if (pwd_check(pwd)):
                    # Create the hash
                    hash = md5_crypt.using(salt_size=4).hash(pwd)
                    # Print the hash in Cisco Syntax
                    print( '\n' + f"Your Cisco Type 5 password hash is: {hash}")
                    valid_pwd = True
Esempio n. 7
0
def crackPass(fullHash, algo, salt, wordList):
    dictFile = open(wordList, 'r')

    for word in dictFile.readlines():
        word = word.strip('\n')
        if algo == hashTypes['MD5']:
            if md5_crypt.using(salt=salt, rounds=5000).verify(word, fullHash):
                print("[+] Found Password: "******"\n")
                return
        if algo == hashTypes['SHA-256']:
            if sha256_crypt.using(salt=salt,
                                  rounds=5000).verify(word, fullHash):
                print("[+] Found Password: "******"\n")
                return
        if algo == hashTypes['SHA-512']:
            if sha512_crypt.using(salt=salt,
                                  rounds=5000).verify(word, fullHash):
                print("[+] Found Password: "******"\n")
                return
    print("[-] Password Not Found.\n")
    return
Esempio n. 8
0
# MacchiaroliM 5-17-2020
# Question F1
#############
#Create the hash for the word “hello” for the
#different methods (you only have to give the
#first six hex characters for the hash):MD5, SHA-1, SHA-256, SHA-512, DES
#MD5 SHA1 SHA256 SHA512 DES
#Also note the number hex characters that the hashed value uses:MD5, Sun MD5, SHA-1, SHA-256, SHA-512
#############
from passlib.hash import md5_crypt, sun_md5_crypt, sha1_crypt, sha256_crypt, sha512_crypt, des_crypt
words = ["hello"]
salt = "ZDzPE45C"

for x in words:
    print("Hashes for \"" + x + "\":")
    md5 = md5_crypt.using(salt=salt).hash(x)
    print("MD5: " + md5)
    sha1 = sha1_crypt.using(salt=salt).hash(
        x)  # .encrypt deprecatyed, using hash instead
    print("SHA1: " + sha1)
    sha256 = sha256_crypt.using(salt=salt).hash(x)
    print("SHA256: " + sha256)
    sha512 = sha512_crypt.using(salt=salt).hash(x)
    print("SHA512: " + sha512_crypt.using(salt=salt).hash(x))

    des = des_crypt.using(salt=salt[:2]).hash(x)  # first 2 chars of salt
    print("DES: " + des)
    print("")
    print("Hex length for \"" + x + "\":")
    print("MD5: " + str(len(md5)))
    print("Sun MD5: " + str(len(sun_md5_crypt.using(salt=salt).hash(x))))
filePath = 'bb_data/L/LBB2'

vars = None

with open(filePath + '.json') as inFile:
    vars = json.load(inFile)

# Unix crypt(3) password hashes, using SHA-256
# Result: '$5$salt$encrypted_hash'
root_salt = pwd.genword(
    length=8,
    chars='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')
admin_salt = pwd.genword(
    length=8,
    chars='./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')
root_password = md5_crypt.using(salt=root_salt).hash("stiksCDPA")
admin_password = md5_crypt.using(salt=admin_salt).hash("stiksCDPA")

vars['root_password'] = root_password
vars['admin_password'] = admin_password
vars['snmp_contact'] = input('YourID:')

env = Environment(loader=FileSystemLoader('.'), trim_blocks=True)
print('------------------' + filePath + '------------------')
print(env.get_template('backbone.conf.template').render(vars))
print('--------------------------------------------')
print('')

ip = '192.168.1.12'
print('connecting to ' + ip + '...')
dev = Device(host=ip, user='******', password='******')
Esempio n. 10
0
from passlib.hash import md5_crypt

h = md5_crypt.hash("password")
print h

md5_crypt.verify("password", h)

md5_crypt.verify("secret", h)

md5_crypt.using(salt_size=4).hash("password")
Esempio n. 11
0
def hash(salt, msg):
    h = md5_crypt.using(salt=salt, salt_size=8)
    return h.hash(msg)
 def hashPassword(password):
   from passlib.hash import md5_crypt
   return md5_crypt.using(salt_size=8).hash(password)
Esempio n. 13
0
from passlib.hash import md5_crypt

if __name__ == '__main__':

    #give your Hashed MD5+salt password
    codefull = "$1$.rquYmlo$yFWfaSKplZmp1Id2VZ6iT1"
    #give the salt value
    salt = ".rquYmlo"
    #give the path of your wordlist
    file = open('Wordlist.txt', 'r', -1, 'ISO-8859-1')

    with file as fp:
        line = fp.readline()
        cnt = 2
        while line:
            line = (fp.readline()).rstrip("\n")
            line2 = (md5_crypt.using(salt=".rquYmlo").hash(line))
            cnt += 1
            print("{}: {}".format(cnt, line2))
            if line2 == codefull:
                print("GOTTCHA!!! \n the password is: " + line)
                break
Esempio n. 14
0
File: solve.py Progetto: tjoloi/CTF
    print(pretty(channel.recv(65535).decode()))
    print('-' * 20)
    time.sleep(1)

channel.send('ps\n')
time.sleep(1)

ps = pretty(channel.recv(65535).decode())

print(ps)
m = re.search('.* ps', ps, flags=re.M)
pid = m[0].split(' ')[0]
pid = f'{int(pid) + 1}'

salt = 'awesome'
h = md5.using(salt=salt).hash(pid.encode())
h = h.replace('$', '\\$')
print(h)

comm = f'./ch21 {h}\n'
channel.send(comm)
print(pretty(channel.recv(65535).decode()))
time.sleep(1)

channel.send('cat ./.passwd\n')
print(pretty(channel.recv(65535).decode()))
time.sleep(1)

channel.send('cat ./.passwd\n')
print(pretty(channel.recv(65535).decode()))