def check(self, value, initial_check=True):
"""
"""
valid = True
# check if it's malformed
try:
ntlm = value.split(':')[4]
if len(ntlm) != 32:
valid = false
except:
valid = False
# check header
if valid and not self.checktype()[0]:
valid = False
if not initial_check and valid and ntlm not in self.cracked_hashes:
tmp = util.check_doozer(ntlm, self.type)
if tmp:
self.cracked(ntlm, tmp)
valid = False
if not initial_check and valid:
# write out the entire line, because we need it
util.msg("Appending hash %s" % value.upper())
self.hashes.append(value.upper())
self.clean_hash += 1
if not initial_check:
self.start_hash += 1
return valid
def check(self, value, initial_check=True):
"""
"""
valid = True
# check if it's malformed
try:
ntlm = value.split(':')[4]
if len(ntlm) != 32:
valid = false
except:
valid = False
# check header
if valid and not self.checktype()[0]:
valid = False
if not initial_check and valid and ntlm not in self.cracked_hashes:
tmp = util.check_doozer(ntlm, self.type)
if tmp:
self.cracked(ntlm, tmp)
valid = False
if not initial_check and valid:
# write out the entire line, because we need it
util.msg("Appending hash %s" % value.upper())
self.hashes.append(value.upper())
self.clean_hash += 1
if not initial_check:
self.start_hash += 1
return valid
def readData():
""" Reads in the supplied hash file and builds a list, one line per
"""
master_input = None
try:
with open(settings.hash_file, "r") as f:
master_input = [x.strip() for x in f.readlines()]
except Exception, e:
msg("FATAL: %s" % e, ERROR)
sys.exit(1)
def readData():
""" Reads in the supplied hash file and builds a list, one line per
"""
master_input = None
try:
with open(settings.hash_file, "r") as f:
master_input = [x.strip() for x in f.readlines()]
except Exception, e:
msg("FATAL: %s" % e, ERROR)
sys.exit(1)
def _path_check(self):
""" Validates file/folder locations defined in main
"""
bpath = None
if not os.path.exists(sethor.OPHCRACK_TABLES):
bpath = sethor.OPHCRACK_TABLES
elif not os.path.exists(sethor.WORDLIST_DIR):
bpath = sethor.WORDLIST_DIR
elif not os.path.exists(sethor.HASHCAT_BINARY):
bpath = sethor.HASHCAT_BINARY
elif not os.path.exists(sethor.HASHCAT_DIR):
bpath = sethor.HASHCAT_DIR
if bpath:
msg("%s is an invalid path." % bpath, ERROR)
sys.exit(1)
def _path_check(self):
""" Validates file/folder locations defined in main
"""
bpath = None
if not os.path.exists(sethor.OPHCRACK_TABLES):
bpath = sethor.OPHCRACK_TABLES
elif not os.path.exists(sethor.WORDLIST_DIR):
bpath = sethor.WORDLIST_DIR
elif not os.path.exists(sethor.HASHCAT_BINARY):
bpath = sethor.HASHCAT_BINARY
elif not os.path.exists(sethor.HASHCAT_DIR):
bpath = sethor.HASHCAT_DIR
if bpath:
msg("%s is an invalid path." % bpath, ERROR)
sys.exit(1)
def main():
"""
"""
# load all of our hash modules and read data
attacks = loadAttacks()
data = readData()
if len(data) <= 0:
# why?
return
for attack in attacks:
# our attack needs to know about its potential session first
attack.session = settings.session
attack.session_home = settings.session_home
attack.hash_file = settings.hash_file
#
# Iterate over each attack until check returns True; this means
# that we've identified the hash type and are ready to start cracking
#
if attack.check(data[0]):
for entry in data:
# iterate over each value and let the attack module
# determine if the hash is acceptable or not
attack.check(entry, False)
msg("Starting attack on type %s" % attack.type)
# set our pot file
settings.pot_file = "%s/%s/%s.pot" % (sethor.WORKING_DIR,
settings.session,
attack.type)
# go go gadget hashcat
attack.run()
break
# update doozer database with cracked hashes
util.update_doozer(settings)
msg("Cracked %d passwords" % len(attack.cracked_hashes))
def run(self):
"""
"""
rules = self.getRules()
for rule in rules:
# write out our current to-crack hashes
self.dump()
# run the rule
try:
util.msg("Running %s" % rule)
os.system(rules[rule])
except Exception, e:
util.msg("rule '%s' failed: %s" % (rule, e))
continue
# check if we cracked any and, if we did, remove them from our
# list of hashes and update the pot file
if os.path.exists("%s/%s.cracked" %
(self.session_home, self.type)):
with open("%s/%s.cracked" %
(self.session_home, self.type)) as f:
lines = []
for line in f.readlines():
try:
# parse the cracked line out as per attack spec
(hsh, p) = self.parseCracked(line)
fdata = '%s:%s:%s' % (hsh, p, self.type)
# remove hash from local structure and add to cracked list
lines.append(fdata)
self.hashes.remove(hsh)
self.cracked_hashes.append(fdata)
except:
pass
os.system("rm %s/%s.cracked" % (self.session_home, self.type))
os.system("rm %s/%s.list" % (self.session_home, self.type))
def main():
"""
"""
# load all of our hash modules and read data
attacks = loadAttacks()
data = readData()
if len(data) <= 0:
# why?
return
for attack in attacks:
# our attack needs to know about its potential session first
attack.session = settings.session
attack.session_home = settings.session_home
attack.hash_file = settings.hash_file
#
# Iterate over each attack until check returns True; this means
# that we've identified the hash type and are ready to start cracking
#
if attack.check(data[0]):
for entry in data:
# iterate over each value and let the attack module
# determine if the hash is acceptable or not
attack.check(entry, False)
msg("Starting attack on type %s" % attack.type)
# set our pot file
settings.pot_file = "%s/%s/%s.pot" % (
sethor.WORKING_DIR, settings.session, attack.type)
# go go gadget hashcat
attack.run()
break
# update doozer database with cracked hashes
util.update_doozer(settings)
msg("Cracked %d passwords" % len(attack.cracked_hashes))
def run(self):
"""
"""
rules = self.getRules()
for rule in rules:
# write out our current to-crack hashes
self.dump()
# run the rule
try:
util.msg("Running %s" % rule)
os.system(rules[rule])
except Exception, e:
util.msg("rule '%s' failed: %s" % (rule, e))
continue
# check if we cracked any and, if we did, remove them from our
# list of hashes and update the pot file
if os.path.exists("%s/%s.cracked" % (self.session_home, self.type)):
with open("%s/%s.cracked" % ( self.session_home, self.type)) as f:
lines = []
for line in f.readlines():
try:
# parse the cracked line out as per attack spec
(hsh, p) = self.parseCracked(line)
fdata = '%s:%s:%s' % (hsh, p, self.type)
# remove hash from local structure and add to cracked list
lines.append(fdata)
self.hashes.remove(hsh)
self.cracked_hashes.append(fdata)
except:
pass
os.system("rm %s/%s.cracked" % (self.session_home, self.type))
os.system("rm %s/%s.list" % (self.session_home, self.type))
def run(self):
""" Override default behavior because the way we crack and store NTLMv2 hashes
is different than the base case.
"""
rules = self.getRules()
for rule in rules:
# write out current to-crack hashes
self.dump()
try:
util.msg("Running %s" % rule)
os.system(rules[rule])
except Exception, e:
util.msg("rule '%s' failed: %s" % (rule, e))
continue
if os.path.exists("%s/%s.cracked" %
(self.session_home, self.type)):
with open("%s/%s.cracked" %
(self.session_home, self.type)) as f:
for line in f.readlines():
try:
(hsh, p) = self.parseCracked(line)
fdata = "%s:%s:%s" % (hsh, p, self.type)
util.msg("Created fdata %s from line %s" %
(fdata, line))
# remove hash from local struct; hashcat appends the pwd
# to the end, so we need to rebuild
self.hashes.remove(':'.join(
line.split(':')[:-1]).upper())
self.cracked_hashes.append(fdata)
except Exception, e:
util.msg("Failed to format cracked line '%s': %s" %
(line, e))
os.system("rm %s/%s.cracked" % (self.session_home, self.type))
def run(self):
""" Override default behavior because the way we crack and store NTLMv2 hashes
is different than the base case.
"""
rules = self.getRules()
for rule in rules:
# write out current to-crack hashes
self.dump()
try:
util.msg("Running %s" % rule)
os.system(rules[rule])
except Exception, e:
util.msg("rule '%s' failed: %s" % (rule, e))
continue
if os.path.exists("%s/%s.cracked" % (self.session_home, self.type)):
with open("%s/%s.cracked" % (self.session_home, self.type)) as f:
for line in f.readlines():
try:
(hsh, p) = self.parseCracked(line)
fdata = "%s:%s:%s" % (hsh, p, self.type)
util.msg("Created fdata %s from line %s" % (fdata, line))
# remove hash from local struct; hashcat appends the pwd
# to the end, so we need to rebuild
self.hashes.remove(':'.join(line.split(':')[:-1]).upper())
self.cracked_hashes.append(fdata)
except Exception, e:
util.msg("Failed to format cracked line '%s': %s" % (line, e))
os.system("rm %s/%s.cracked" % (self.session_home, self.type))
""" Parse arguments to doozer
"""
parser = ArgumentParser(usage="[options]")
parser.add_argument("-p", help="pwdump file", action='store', dest='pwdump',
required=True)
parser.add_argument("-s", help="Session name", action='store', dest='session')
options = parser.parse_args()
return options
if __name__ == "__main__":
"""
"""
if platform.system() == 'Windows':
sys.exit(0)
if os.geteuid() is not 0:
sys.exit(0)
options = parse_args()
settings = Settings()
settings.configure(options)
# run
main()
msg("Session %s successfully completed." % settings.session)
action='store',
dest='pwdump',
required=True)
parser.add_argument("-s",
help="Session name",
action='store',
dest='session')
options = parser.parse_args()
return options
if __name__ == "__main__":
"""
"""
if platform.system() == 'Windows':
sys.exit(0)
if os.geteuid() is not 0:
sys.exit(0)
options = parse_args()
settings = Settings()
settings.configure(options)
# run
main()
msg("Session %s successfully completed." % settings.session)