def main():
args = get_args()
hashes = parse_hashfile(args.hashfile)
hmac_to_crack = hashes[0]
sha512_to_crack = hashes[1]
bc.info("Parsed {} HMAC and {} SHA512 Hashes from {}".format(
len(hmac_to_crack), len(sha512_to_crack), args.hashfile))
#Hashcat conversion operation
if args.convert_hashcat:
convert_hashcat(args, sha512_to_crack, hmac_to_crack)
exit(0)
# John conversion operation
elif args.convert_john:
convert_john(args, sha512_to_crack, hmac_to_crack)
exit(0)
with open(args.wordlist, 'r', encoding='latin-1') as w:
for word in w:
if not word: continue
word = word.strip()
if len(sha512_to_crack) == 0 and len(hmac_to_crack) == 0:
bc.info("No more hashes to crack, exiting.")
break
# crack any straight 512s
if len(sha512_to_crack) > 0:
for h in sha512_to_crack:
this_hash = sha512(word.encode() + h[0]).digest()
if b64encode(this_hash).decode() == h[1]:
bc.success("{} : {}".format(h[2], word), strong=True)
sha512_to_crack.remove(h)
# Now for any HMACS
if len(hmac_to_crack) > 0:
for h in hmac_to_crack:
this_hash = pbkdf2_hmac('sha512', word.encode(), h[0],
int(h[3]))
if b64encode(this_hash).decode() == h[1]:
bc.success("{} : {}".format(h[2], word), strong=True)
hmac_to_crack.remove(h)
bc.info("{} HMAC and {} SHA512 hashes left to be cracked.".format(
len(hmac_to_crack), len(sha512_to_crack)))
def main():
#CLI Parsing - simple and dirty:
if len(argv[1:]) != 1:
app = basename(__file__)
print("Usage: {} [number]".format(app))
exit(0)
#Set up variables from CLI
try:
num = int(argv[1])
except:
bc.err('Cannot process argument. Is your input an integer?')
exit(0)
if is_prime(num):
bc.success('Yes, {} is prime!'.format(num), True)
else:
bc.info('No, {} is not prime, sorry!'.format(num), True)
def main():
args = get_args()
print_banner()
check_root()
#Set scan type, remove default TCP connect if Syn Scan
#Also setup default protocols and TCP flags (if applicable)
if args.syn:
args.tcp_connect = False
if args.udp:
default_proto = "udp"
else:
default_proto = "tcp"
#Format ports into list, check number of ports first
if len(args.knock_ports.split(',')) < 2:
bc.err("Error parsing knock ports!\t" + bc.UNDERLINE + \
"Did you supply comma delimited ports?" + bc.ENDC)
sys.exit(0)
else:
knock_ports = args.knock_ports.split(',')
#If not brute, knock
if not args.brute:
if args.verbose:
bc.success("Starting knock against ports: {}".format(knock_ports))
knock(args.host, knock_ports, args.syn, default_proto, args.delay,
args.verbose)
else:
#BRUTE!
bc.info("Bruting...")
#If port to test - NOTE syn set to False, because we're looking for connection
if args.target_port and knock(args.host, [args.target_port], False, \
default_proto, args.delay, args.verbose) == 0:
bc.success("Knock complete - {}, test port open!".format(
bc.bold_format("success")))
elif args.target_port:
bc.err(
"Knock complete - {} - test port filtered or closed... BEWARE UDP."
.format(bc.bold_format("Failure")))
else:
bc.info("Knock complete.")
def guesser(url, fmt_str, hdr, login_q, sM, sX, kill_flag, struck_gold, done_q):
while True:
rd = None
if kill_flag.is_set():
return
try:
rd = login_q.get_nowait()
if not rd: continue #Because sometimes the queue has null in it
#bc.info("got {} from queue".format(rd))
data = fmt_str.format(rd[0], rd[1])
#bc.info("Sending request.\nurl = {}\ndata = {}\nheaders = {}".format(url, data, hdr))
r = requests.post(url=url, data=data, headers=hdr)
#Check success
if (sM and sM in r.text) or (sX and sX not in r.text):
struck_gold.set()
bc.success("Credentials found!")
print("\t[ {} ] = {} [ {} ] = [ {} ]".format( \
bc.bold_format('User'), bc.green_format(str(rd[0]), ''), \
bc.bold_format('Password'), bc.green_format(str(rd[1]), '')))
#Tell main loop we guessed one
done_q.put("One more thing tried!")
except EmptyErr:
pass
except BrokenPipeError as e:
if rd:
bc.warn("Error when trying credentials : {}\n{}".format(rd, e))
else:
pass
except ConnectionResetError as e:
if rd:
bc.warn("Error when trying credentials : {}\n{}".format(rd, e))
else:
pass
except requests.exceptions.ConnectionError as e:
bc.warn("Couldn't connect when trying credentials : {}\nCheck target host is up if error persists.\n{}".format(rd, e))
except KeyboardInterrupt:
return
def convert_hashcat(args, sha512_to_crack, hmac_to_crack):
"""Take a mosquitto_passwd file and convert it to hashcat format
can handle both SHA512 and PBKDF2_HMAC_SHA512 output formats"""
sha512s = []
hmacs = []
for h in sha512_to_crack:
sha512s.append(sha512_to_hashcat(h))
for h in hmac_to_crack:
hmacs.append(hmac_to_hashcat(h))
if len(sha512s) > 0:
with open("{}.1710.hcat".format(args.out_file), "w") as o:
for h in sha512s:
o.write(h + "\n")
if len(hmacs) > 0:
with open("{}.12100.hcat".format(args.out_file), "w") as o:
for h in hmacs:
o.write(h + "\n")
bc.success("Hashes written out to files starting '{}'".format(
args.out_file))
bc.info("Run SHA512s in mode 1710 with --hex-salt.", strong=True)
bc.info("Run HMAC-SHA512s in mode 12100.", strong=True)
def convert_john(args, sha512_to_crack, hmac_to_crack):
"""Take a mosquitto_passwd file and convert it to John's dynamic 82
format. Can handle both SHA512 and PBKDF2_HMAC_SHA512 output formats.
Using raw hex for hash and salt because bad bytes."""
sha512s = []
hmacs = []
for h in sha512_to_crack:
sha512s.append(sha512_to_john(h))
for h in hmac_to_crack:
hmacs.append(hmac_to_john(h))
if len(sha512s) > 0:
with open("{}.sha512s.john".format(args.out_file), "w") as o:
for h in sha512s:
o.write(h + "\n")
if len(hmacs) > 0:
with open("{}.hmacs.john".format(args.out_file), "w") as o:
for h in hmacs:
o.write(h + "\n")
bc.success("Hashes written out to files starting '{}'".format(
args.out_file))
bc.info("Run separate sessions for each hash type. " + \
"No format specification needed.", strong=True)
def main():
#Mega basic command line parsing will do fine for our purposes
try:
if len(sys.argv[1:]) == 1:
addresses = scrape_emails(sys.argv[1])
if addresses is not None:
bc.success("Found addresses :")
for a in addresses:
print("\t{}".format(a))
elif len(sys.argv[1:]) == 2:
addresses = scrape_emails(sys.argv[1])
if addresses is not None and not exists(sys.argv[2]):
with open(sys.argv[2], "w") as f:
for address in addresses:
f.write(address + '\n')
elif addresses is not None and exists(sys.argv[2]):
answer = 'placeholder'
fmt_str = bc.blue_format(
"[!] ", "- {} exists, overwrite, append or cancel [o/a/c]? :".format(
sys.argv[2]))
while answer.lower() not in ['o','a','c']:
answer = input(fmt_str)
if answer == 'c':
bc.info("Exiting.")
sys.exit(0)
else:
mode = 'w' if answer == 'o' else 'a'
with open(sys.argv[2], mode) as f:
for address in addanswerresses:
f.write(address + '\n')
else:
app = basename(__file__)
print('Usage: {} [target_url] [outfile (optional)]'.format(app))
except Exception as e:
bc.err("Error parsing emails: {}".format(e))
def guesser(host, domain, port, login_q, timeout, kill_flag, struck_gold,
done_q):
"""A Method to be the target of worker threads, will read creds from a Queue
object and try them, telling another queue if it's successful"""
while True:
rd = None
if kill_flag.is_set():
return
try:
rd = login_q.get_nowait()
if not rd: continue #Because sometimes the queue has null in it
#bc.info("got {} from queue".format(rd))
direct_tcp = True if port == 445 else False
#Now try and login
smb = SMBConnection(username=rd[0],
password=rd[1],
my_name='',
remote_name='',
domain=domain,
use_ntlm_v2=True,
is_direct_tcp=direct_tcp)
login = smb.connect(host, port, timeout=timeout)
#Check success
if login:
struck_gold.set()
bc.success("Credentials found!")
print("\t[ {} ] = {} [ {} ] = [ {} ]".format( \
bc.bold_format('User'), bc.green_format(str(rd[0]), ''), \
bc.bold_format('Password'), bc.green_format(str(rd[1]), '')))
#Tell main loop we guessed one
#done_q.put("One more thing tried!")
except EmptyErr:
pass
except BrokenPipeError as e:
if rd:
print()
bc.warn("Pipe Error when trying credentials : {}\n{}".format(
rd, e))
else:
pass
except SMBTimeout as e:
if rd:
print()
bc.warn("SMB Timeout when trying credentials : {}\n{}".format(
rd, e))
else:
pass
except ProtocolError as e:
if rd:
print()
bc.warn(
"Protocol Error when trying credentials: {}\n{}".format(
rd, e))
else:
pass
except KeyboardInterrupt:
return
finally:
#Tell main loop we guessed one if rd
if rd:
done_q.put("One more thing tried!")