def setup_hashcat(session_id): provider = Provider() sessions = provider.sessions() hashcat = provider.hashcat() system = provider.system() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) user_id = 0 if current_user.admin else current_user.id session = sessions.get(user_id=user_id, session_id=session_id)[0] supported_hashes = hashcat.get_supported_hashes() # We need to process the array in a way to make it easy for JSON usage. supported_hashes = hashcat.compact_hashes(supported_hashes) if len(supported_hashes) == 0: home_directory = system.get_system_user_home_directory() flash('Could not get the supported hashes from hashcat', 'error') flash( 'If you have compiled hashcat from source, make sure %s/.hashcat directory exists and is writable' % home_directory, 'error') return render_template('sessions/setup/hashcat.html', session=session, hashes_json=json.dumps(supported_hashes, indent=4, sort_keys=True, default=str))
def set_remote(self, user_id, session_id): required_fields = ['file'] data = self.get_json(required_fields) if data is False: return self.send_error_response( 5000, 'Missing fields', 'Required fields are: ' + ', '.join(required_fields)) provider = Provider() sessions = provider.sessions() hashes = provider.hashes() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() elif not hashes.is_valid_uploaded_hashfile(data['file']): return self.send_error_response(5002, 'Invalid file selected', '') save_as = sessions.session_filesystem.get_hashfile_path( user_id, session_id) local_path = hashes.get_uploaded_hashes_path(data['file']) if not hashes.copy_file(local_path, save_as): return self.send_error_response( 5003, 'Could not copy hashes file to data directory', '') return self.send_success_response()
def settings_save(session_id): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) termination_date = request.form['termination_date'].strip() termination_time = request.form['termination_time'].strip() notifications_enabled = int(request.form.get('notifications_enabled', 0)) if len(termination_date) == 0: flash('Please enter a termination date', 'error') return redirect(url_for('sessions.settings', session_id=session_id)) if len(termination_time) == 0: # Default to 23:59. termination_time = '23:59' if not sessions.set_termination_datetime(session_id, termination_date, termination_time): flash('Invalid termination date/time entered', 'error') return redirect(url_for('sessions.settings', session_id=session_id)) sessions.set_notifications(session_id, notifications_enabled) flash('Settings saved', 'success') return redirect(url_for('sessions.view', session_id=session_id))
def set_type(self, user_id, session_id): required_fields = ['type'] data = self.get_json(required_fields) if data is False: return self.send_error_response(5000, 'Missing fields', 'Required fields are: ' + ', '.join(required_fields)) provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() elif not data['type'] in ['global', 'custom', 'cracked']: return self.send_error_response(5010, 'Invalid wordlist type', '') type = 0 if data['type'] == 'global': type = 0 elif data['type'] == 'custom': type = 1 elif data['type'] == 'cracked': type = 2 sessions.set_hashcat_setting(session_id, 'wordlist_type', type) return self.send_success_response()
def set_mode(self, user_id, session_id): required_fields = ['mode'] data = self.get_json(required_fields) if data is False: return self.send_error_response( 5000, 'Missing fields', 'Required fields are: ' + ', '.join(required_fields)) provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() mode = 0 if data['mode'] == 'wordlist': mode = 0 elif data['mode'] == 'mask': mode = 3 else: return self.send_error_response(5004, 'Invalid mode selected', '') sessions.set_hashcat_setting(session_id, 'mode', mode) return self.send_success_response()
def setup_hashes_save(session_id): provider = Provider() sessions = provider.sessions() uploaded_hashes = provider.hashes() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) mode = int(request.form['mode'].strip()) save_as = sessions.session_filesystem.get_hashfile_path( current_user.id, session_id) if mode == 0: # Upload file. if len(request.files) != 1: flash('Uploaded file could not be found', 'error') return redirect( url_for('sessions.setup_hashes', session_id=session_id)) file = request.files['hashfile'] if file.filename == '': flash('No hashes uploaded', 'error') return redirect( url_for('sessions.setup_hashes', session_id=session_id)) file.save(save_as) elif mode == 1: # Enter hashes manually. hashes = request.form['hashes'].strip() if len(hashes) > 0: sessions.session_filesystem.save_hashes(current_user.id, session_id, hashes) else: flash('No hashes entered', 'error') return redirect( url_for('sessions.setup_hashes', session_id=session_id)) elif mode == 2: # Select already uploaded file. remotefile = request.form['remotefile'].strip() if not uploaded_hashes.is_valid_uploaded_hashfile(remotefile): flash('Invalid uploaded file selected', 'error') return redirect( url_for('sessions.setup_hashes', session_id=session_id)) remotefile_location = uploaded_hashes.get_uploaded_hashes_path( remotefile) if not uploaded_hashes.copy_file(remotefile_location, save_as): flash('Could not copy file', 'error') return redirect( url_for('sessions.setup_hashes', session_id=session_id)) else: flash('Invalid mode selected', 'error') return redirect(url_for('sessions.setup_hashes', session_id=session_id)) return redirect(url_for('sessions.setup_hashcat', session_id=session_id))
def download_file(session_id, which_file): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) return sessions.download_file(session_id, which_file)
def get(self, user_id, session_id): provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() api_session = self.__get_api_session(session[0]) return self.send_valid_response(api_session)
def settings(session_id): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) user_id = 0 if current_user.admin else current_user.id session = sessions.get(user_id=user_id, session_id=session_id)[0] return render_template('sessions/settings.html', session=session)
def get_all(self, user_id): provider = Provider() sessions = provider.sessions() sessions = sessions.get(user_id=user_id) data = [] for session in sessions: api_session = self.__get_api_session(session) data.append(api_session) return self.send_valid_response(data)
def action(self, user_id, session_id): required_fields = ['action'] data = self.get_json(required_fields) if data is False: return self.send_error_response( 5000, 'Missing fields', 'Required fields are: ' + ', '.join(required_fields)) provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() elif not data['action'] in [ 'start', 'stop', 'pause', 'rebuild', 'restore' ]: return self.send_error_response(5007, 'Invalid action to execute', '') # This is the current state. state = session[0].hashcat.state result = False if data['action'] == 'start': result = sessions.hashcat_action(session_id, 'start') elif data['action'] == 'stop': # Execute only if session is currently running or is paused. if state == 1 or state == 4: result = sessions.hashcat_action(session_id, 'stop') elif data['action'] == 'pause': # Execute only if session is running. if state == 1: result = sessions.hashcat_action(session_id, 'pause') elif data['action'] == 'resume': # Execute only if session is paused. if state == 4: result = sessions.hashcat_action(session_id, 'resume') elif data['action'] == 'rebuild': # Execute only if session is not running or is paused. if state != 1 and state != 4: result = sessions.hashcat_action(session_id, 'reset') elif data['action'] == 'restore': # Execute only if session is not running or is paused. if state != 1 and state != 4: result = sessions.hashcat_action(session_id, 'restore') if result is False: return self.send_error_response(5008, 'Could not execute action', '') return self.state(user_id, session_id)
def set_cracked(self, user_id, session_id): provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() save_as = sessions.session_filesystem.get_custom_file_path(user_id, session_id, prefix='pwd_wordlist') sessions.export_cracked_passwords(session_id, save_as) sessions.set_hashcat_setting(session_id, 'wordlist', save_as) return self.send_success_response()
def delete(session_id): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) if not sessions.delete(session_id): flash('Could not delete session', 'error') return redirect(url_for('home.index')) flash('Session deleted', 'success') return redirect(url_for('home.index'))
def status(session_id): provider = Provider() sessions = provider.sessions() response = {'success': False, 'status': -1} if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return json.dumps(response) user_id = 0 if current_user.admin else current_user.id session = sessions.get(user_id=user_id, session_id=session_id)[0] return json.dumps({'result': True, 'status': session.hashcat.state})
def create(): provider = Provider() sessions = provider.sessions() description = request.form['description'].strip() if len(description) == 0: flash('Please enter a session description', 'error') return redirect(url_for('home.index')) session = sessions.create(current_user.id, description, current_user.username) if session is None: flash('Could not create session', 'error') return redirect(url_for('home.index')) return redirect(url_for('sessions.setup_hashes', session_id=session.id))
def setup_hashcat_save(session_id): provider = Provider() sessions = provider.sessions() hashcat = provider.hashcat() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) hash_type = request.form['hash-type'].strip() optimised_kernel = int(request.form.get('optimised_kernel', 0)) workload = int(request.form.get('workload', 2)) mode = int(request.form['mode'].strip()) if mode != 0 and mode != 3 and mode != 6: # As all the conditions below depend on the mode, if it's wrong return to the previous page immediately. flash('Invalid attack mode selected', 'error') return redirect( url_for('sessions.setup_hashcat', session_id=session_id)) elif workload not in [1, 2, 3, 4]: flash('Invalid workload selected', 'error') return redirect( url_for('sessions.setup_hashcat', session_id=session_id)) has_errors = False if not hashcat.is_valid_hash_type(hash_type): has_errors = True flash('Invalid hash type selected', 'error') if has_errors: return redirect( url_for('sessions.setup_hashcat', session_id=session_id)) sessions.set_hashcat_setting(session_id, 'mode', mode) sessions.set_hashcat_setting(session_id, 'hashtype', hash_type) sessions.set_hashcat_setting(session_id, 'optimised_kernel', optimised_kernel) sessions.set_hashcat_setting(session_id, 'workload', workload) if mode == 0: redirect_to = 'wordlist' elif mode == 3: redirect_to = 'mask' elif mode == 6: redirect_to = 'hybrid' return redirect( url_for('sessions.setup_' + redirect_to, session_id=session_id))
def state(self, user_id, session_id): provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() api_session = self.__get_api_session(session[0]) session_state = SessionState() session_state.state = api_session.hashcat.state session_state.description = api_session.hashcat.state_description session_state.progress = api_session.hashcat.progress return self.send_valid_response(session_state)
def view(session_id): provider = Provider() sessions = provider.sessions() hashcat = provider.hashcat() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) user_id = 0 if current_user.admin else current_user.id session = sessions.get(user_id=user_id, session_id=session_id)[0] supported_hashes = hashcat.get_supported_hashes() # We need to process the array in a way to make it easy for JSON usage. supported_hashes = hashcat.compact_hashes(supported_hashes) return render_template('sessions/view.html', session=session, supported_hashes=supported_hashes)
def setup_wordlist_save(session_id): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) result = __setup_wordlist(session_id, request) if not isinstance(result, bool): return result result = __setup_rules(session_id, request) if not isinstance(result, bool): return result return redirect(url_for('sessions.settings', session_id=session_id))
def history_apply(session_id, history_id): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) elif not sessions.can_access_history(current_user, session_id, history_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) if not sessions.restore_hashcat_history(session_id, history_id): flash('Could not apply historical settings to the current session', 'error') else: flash('Historical settings applied', 'success') return redirect(url_for('sessions.view', session_id=session_id))
def setup_mask_save(session_id): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) mask = request.form['compiled-mask'].strip() enable_increments = int(request.form.get('enable_increments', 0)) if enable_increments == 1: increment_min = int(request.form['increment-min'].strip()) increment_max = int(request.form['increment-max'].strip()) else: increment_min = 0 increment_max = 0 has_errors = False if len(mask) == 0: flash('No mask set', 'error') has_errors = True if enable_increments == 1: if increment_min <= 0: has_errors = True flash('Min Increment is invalid', 'error') if increment_max <= 0: has_errors = True flash('Max Increment is invalid', 'error') if increment_min > increment_max: has_errors = True flash('Min Increment cannot be bigger than Max Increment', 'error') else: increment_min = 0 increment_max = 0 if has_errors: return redirect(url_for('sessions.setup_mask', session_id=session_id)) sessions.set_hashcat_setting(session_id, 'mask', mask) sessions.set_hashcat_setting(session_id, 'increment_min', increment_min) sessions.set_hashcat_setting(session_id, 'increment_max', increment_max) return redirect(url_for('sessions.settings', session_id=session_id))
def active_action(session_id, action): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) if action not in ['show', 'hide']: flash('Invalid Action', 'error') return redirect(url_for('home.index')) active = True if action == 'show' else False sessions.set_active(session_id, active) flash('Session updated', 'success') return redirect(url_for('home.index'))
def setup_wordlist(session_id): provider = Provider() sessions = provider.sessions() wordlists = provider.wordlists() rules = provider.rules() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) user_id = 0 if current_user.admin else current_user.id session = sessions.get(user_id=user_id, session_id=session_id)[0] return render_template('sessions/setup/wordlist.html', session=session, wordlists=wordlists.get_wordlists(), rules=rules.get_rules())
def set_mask(self, user_id, session_id): required_fields = ['mask'] data = self.get_json(required_fields) if data is False: return self.send_error_response( 5000, 'Missing fields', 'Required fields are: ' + ', '.join(required_fields)) provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() sessions.set_hashcat_setting(session_id, 'mask', data['mask']) return self.send_success_response()
def download(self, user_id, session_id): required_fields = ['type'] data = self.get_json(required_fields) if data is False: return self.send_error_response( 5000, 'Missing fields', 'Required fields are: ' + ', '.join(required_fields)) provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() elif not data['type'] in ['all', 'plain', 'cracked']: return self.send_error_response(5009, 'Invalid download type', '') return sessions.download_file(session_id, data['type'])
def setup_hashes(session_id): provider = Provider() sessions = provider.sessions() uploaded_hashes = provider.hashes() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) user_id = 0 if current_user.admin else current_user.id session = sessions.get(user_id=user_id, session_id=session_id)[0] uploaded_hashfiles = uploaded_hashes.get_uploaded_hashes() return render_template( 'sessions/setup/hashes.html', session=session, uploaded_hashfiles_json=json.dumps(uploaded_hashfiles, indent=4, sort_keys=True, default=str), )
def set_custom(self, user_id, session_id): required_fields = ['data'] data = self.get_json(required_fields) if data is False: return self.send_error_response(5000, 'Missing fields', 'Required fields are: ' + ', '.join(required_fields)) provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() save_as = sessions.session_filesystem.get_custom_file_path(user_id, session_id, prefix='custom_wordlist_', random=True) sessions.session_filesystem.write_to_file(save_as, data['data']) sessions.set_hashcat_setting(session_id, 'wordlist', save_as) return self.send_success_response()
def upload(self, user_id, session_id): required_fields = ['data'] data = self.get_json(required_fields) if data is False: return self.send_error_response( 5000, 'Missing fields', 'Required fields are: ' + ', '.join(required_fields)) provider = Provider() sessions = provider.sessions() session = sessions.get(user_id=user_id, session_id=session_id) if not session: return self.send_access_denied_response() sessions.session_filesystem.save_hashes(user_id, session_id, data['data']) return self.send_success_response()
def browse(session_id): provider = Provider() sessions = provider.sessions() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) user_id = 0 if current_user.admin else current_user.id session = sessions.get(user_id=user_id, session_id=session_id)[0] if not session.hashcat.contains_usernames: return redirect(url_for('sessions.view', session_id=session_id)) cracked = sessions.get_cracked_passwords(session_id).split("\n") return render_template( 'sessions/browse.html', session=session, cracked=json.dumps(cracked, indent=4, sort_keys=True, default=str) )
def setup_mask(session_id): provider = Provider() sessions = provider.sessions() masks = provider.masks() if not sessions.can_access(current_user, session_id): flash('Access Denied', 'error') return redirect(url_for('home.index')) user_id = 0 if current_user.admin else current_user.id session = sessions.get(user_id=user_id, session_id=session_id)[0] has_custom_masklist = sessions.session_filesystem.custom_file_exists(sessions.session_filesystem.get_custom_file_path(current_user.id, session_id, prefix='custom_masklist', random=False, extension='.hcmask')) return render_template( 'sessions/setup/mask.html', session=session, masks=masks.get_masks(), has_custom_masklist=has_custom_masklist )