def NLTM_salt(self, i, data, salt):
start_time = time.time()
key = data + salt
lmhash.hash(key)
end_time = time.time()
print("NTLM:", end_time - start_time, "s")
self.fast_time_salt[i].append(end_time - start_time)
def encode_secret(attribute=settings.FREERADIUS_DEFAULT_SECRET_FORMAT,
new_value=None):
if attribute == 'Cleartext-Password':
password_renewed = new_value
elif attribute == 'NT-Password':
password_renewed = nthash.hash(new_value)
elif attribute == 'LM-Password':
password_renewed = lmhash.hash(new_value)
elif attribute == 'MD5-Password':
password_renewed = md5(new_value.encode('utf-8')).hexdigest()
elif attribute == 'SMD5-Password':
salt = urandom(4)
hash = md5(new_value.encode('utf-8'))
hash.update(salt)
hash_encoded = encodestring(hash.digest() + salt)
password_renewed = hash_encoded.decode('utf-8')[:-1]
elif attribute == 'SHA-Password':
password_renewed = sha1(new_value.encode('utf-8')).hexdigest()
elif attribute == 'SSHA-Password':
salt = urandom(4)
hash = sha1(new_value.encode('utf-8'))
hash.update(salt)
hash_encoded = encodestring(hash.digest() + salt)
password_renewed = hash_encoded.decode('utf-8')[:-1]
elif attribute == 'Crypt-Password':
password_renewed = sha512_crypt.hash(new_value)
return password_renewed
def _encode_secret(attribute, new_value=None):
if attribute == 'NT-Password':
attribute_value = nthash.hash(new_value)
elif attribute == 'LM-Password':
attribute_value = lmhash.hash(new_value)
elif attribute == 'MD5-Password':
attribute_value = md5(new_value.encode('utf-8')).hexdigest()
elif attribute == 'SMD5-Password':
salt = urandom(4)
hash = md5(new_value.encode('utf-8'))
hash.update(salt)
hash_encoded = encodestring(hash.digest() + salt)
attribute_value = hash_encoded.decode('utf-8')[:-1]
elif attribute == 'SHA-Password':
attribute_value = sha1(new_value.encode('utf-8')).hexdigest()
elif attribute == 'SSHA-Password':
salt = urandom(4)
hash = sha1(new_value.encode('utf-8'))
hash.update(salt)
hash_encoded = encodestring(hash.digest() + salt)
attribute_value = hash_encoded.decode('utf-8')[:-1]
elif attribute == 'Crypt-Password':
attribute_value = sha512_crypt.hash(new_value)
else:
attribute_value = new_value
return attribute_value
def run(self):
'''
Worker thread
@param none
@return none
'''
for word in self.words:
word = word.rstrip('\n')
if not res_queue.empty():
break
else:
if hashlib.md5(
word.encode('utf-8')).hexdigest() == self.target:
res_queue.put(('MD5', str(word)))
elif hashlib.sha224(
word.encode('utf-8')).hexdigest() == self.target:
res_queue.put(('SHA224', str(word)))
elif hashlib.sha384(
word.encode('utf-8')).hexdigest() == self.target:
res_queue.put(('SHA384', str(word)))
elif hashlib.sha512(
word.encode('utf-8')).hexdigest() == self.target:
res_queue.put(('SHA512', str(word)))
elif hashlib.sha1(
word.encode('utf-8')).hexdigest() == self.target:
res_queue.put(('SHA1', str(word)))
elif hashlib.sha256(
word.encode('utf-8')).hexdigest() == self.target:
res_queue.put(('SHA256', str(word)))
elif lmhash.hash(word.encode('utf-8')) == self.target:
res_queue.put(('LM', str(word)))
elif base64.b64encode(word.encode('utf-8')) == self.target:
res_queue.put(('BASE64', str(word)))
def _encode_secret(attribute, new_value=None):
if attribute == 'Cleartext-Password':
password_renewed = new_value
elif attribute == 'NT-Password':
password_renewed = nthash.hash(new_value)
elif attribute == 'LM-Password':
password_renewed = lmhash.hash(new_value)
return password_renewed
def make_password_lanman(password):
"""Password implementation for LANMAN
Args:
password (string): the plain password
Returns:
string: the hashed password with prefix.
"""
return "{{LANMAN}}{}".format(lmhash.hash(password))
def calculateLM(text):
try:
hashed = lmhash.hash("hello").upper()
print("[+] The LM hash of '{0}' is: \n{1}\n".format(text, hashed))
try:
clipboard.copy(hashed)
print("[+] Hash successfully copied to the clipboard")
except:
print("[!] Warning: Cannot access the clipboard")
except:
print("[-] Error: LM hash calculating is not supported")
def lmhash(password=b''):
"""
Generates lanman password hash for a given password.
Note that the author thinks LanMan hashes should be banished from
the face of the earth.
"""
if not config.useLMhash():
return lmhash_locked()
return passlib_lmhash.hash(password).encode('ascii').upper()
def bf(h, dictionary):
f = open(dictionary, 'r')
lines = f.readlines()
print('\033[1;34m[*]\033[0m Starting Brute Force - hash = ' + h)
for i in lines:
h2 = lmhash.hash(i[:-1])
if h == h2:
print('\033[1;32m[+]\033[0m Hash Cracked! - Password = ' + i)
def ossec_win_deploy(sensor_ip, agent_name, windows_ip, windows_username, windows_domain, windows_password):
"""
@param sensor_ip: The sensor IP from where to deploy the ossec agent
@agent_name:
@windows_ip:
@windows_username:
@windows_domain:
@windows_password:
@return: A tuple (success, data).
"""
response = None
try:
# Create temporary files outside playbook
auth_file_samba = NamedTemporaryFile(delete=False)
agent_config_file = NamedTemporaryFile(delete=False)
agent_key_file = NamedTemporaryFile(delete=False)
# Auth string for `wmiexec` tool: e.g. domain/username or username
domain_str = "%s/" % windows_domain if windows_domain else ""
windows_auth_sting = "%s%s" % (domain_str, windows_username)
evars = {"target": "%s" % sensor_ip,
"auth_file_samba": "%s" % auth_file_samba.name,
"agent_config_file": "%s" % agent_config_file.name,
"agent_key_file": "%s" % agent_key_file.name,
"agent_name": "%s" % agent_name,
"windows_ip": "%s" % windows_ip,
"windows_domain": "%s" % windows_domain,
"windows_username": "******" % windows_username,
"windows_password": "******" % windows_password,
"auth_str": "%s" % windows_auth_sting,
"hashes": "%s:%s" % (lmhash.hash(windows_password), nthash.hash(windows_password))}
response = _ansible.run_playbook(playbook=PLAYBOOKS['OSSEC_WIN_DEPLOY'],
host_list=[sensor_ip],
extra_vars=evars)
# Remove temporary files
os.remove(auth_file_samba.name)
os.remove(agent_config_file.name)
os.remove(agent_key_file.name)
except Exception, exc:
trace = traceback.format_exc()
api_log.error("Ansible Error: An error occurred while running an windows OSSEC agent deployment:"
"%s \n trace: %s" % (exc, trace))
def save_model(self, request, obj, form, change):
password_renewed = form.data['new_value']
password_format = form.data['attribute']
if password_format in app_settings.DISABLED_SECRET_FORMAT:
messages.add_message(
request, messages.ERROR,
'{} is not currently enabled. The password'
' was not changed'.format(password_format))
return
if password_renewed:
if password_format == 'Cleartext-Password':
obj.value = password_renewed
elif password_format == 'NT-Password':
obj.value = nthash.hash(password_renewed)
elif password_format == 'LM-Password':
obj.value = lmhash.hash(password_renewed)
obj.save()
def setUp(self):
self.win_username = '******'
self.win_password = '******'
self.system_ip = '10.11.12.15'
self.sensor_ip = '10.11.12.14'
self.win_ip = '10.11.12.13'
self.win_domain = ''
self.agent_name = 'Host-{}'.format(self.win_ip)
self.agent_id = '001'
self.extra_vars = {
"target": "{}".format(self.sensor_ip),
"agent_name": "{}".format(self.agent_name),
"windows_ip": "{}".format(self.win_ip),
"windows_domain": "{}".format(self.win_domain),
"windows_username": "******".format(self.win_username),
"windows_password": "******".format(self.win_password),
"auth_str": "{}".format(self.win_username),
"hashes": "%s:%s" % (lmhash.hash(self.win_password), nthash.hash(self.win_password))
}
def Crypter(args):
if args.encrypt == 'pbkdf2_sha256':
return pbkdf2_sha256.hash(args.text)
elif args.encrypt == 'oracle11':
return oracle11.hash(args.text)
elif args.encrypt == 'argon2':
return argon2.hash(args.text)
elif args.encrypt == 'bcrypt':
return bcrypt.hash(args.text)
elif args.encrypt == 'bcrypt_sha256':
return bcrypt_sha256.hash(args.text)
elif args.encrypt == 'cisco_asa':
return cisco_asa.hash(args.text)
elif args.encrypt == 'cisco_pix':
return cisco_pix.hash(args.text)
elif args.encrypt == 'cisco_type7':
return cisco_type7.hash(args.text)
elif args.encrypt == 'bigcrypt':
return bigcrypt.hash(args.text)
elif args.encrypt == 'bsdi_crypt':
return bsdi_crypt.hash(args.text)
elif args.encrypt == 'des_crypt':
return des_crypt.hash(args.text)
elif args.encrypt == 'hex_md4':
return hex_md4.hash(args.text)
elif args.encrypt == 'hex_md5':
return hex_md5.hash(args.text)
elif args.encrypt == 'hex_sha1':
return hex_sha1.hash(args.text)
elif args.encrypt == 'hex_sha256':
return hex_sha256.hash(args.text)
elif args.encrypt == 'hex_sha512':
return hex_sha512.hash(args.text)
elif args.encrypt == 'django_bcrypt':
return django_bcrypt.hash(args.text)
elif args.encrypt == 'django_disabled':
return django_disabled.hash(args.text)
elif args.encrypt == 'django_bcrypt_sha256':
return django_bcrypt_sha256.hash(args.text)
elif args.encrypt == 'django_des_crypt':
return django_des_crypt.hash(args.text)
elif args.encrypt == 'django_pbkdf2_sha1':
return django_pbkdf2_sha1.hash(args.text)
elif args.encrypt == 'django_pbkdf2_sha256':
return django_pbkdf2_sha256.hash(args.text)
elif args.encrypt == 'django_salted_md5':
return django_salted_md5.hash(args.text)
elif args.encrypt == 'django_salted_sha1':
return django_salted_sha1.hash(args.text)
elif args.encrypt == 'fshp':
return fshp.hash(args.text)
elif args.encrypt == 'ldap_bcrypt':
return ldap_bcrypt.hash(args.text)
elif args.encrypt == 'ldap_md5':
return ldap_md5.hash(args.text)
elif args.encrypt == 'ldap_plaintext':
return ldap_plaintext.hash(args.text)
elif args.encrypt == 'ldap_sha1':
return ldap_sha1.hash(args.text)
elif args.encrypt == 'ldap_bsdi_crypt':
return ldap_bsdi_crypt.hash(args.text)
elif args.encrypt == 'ldap_hex_md5':
return ldap_hex_md5.hash(args.text)
elif args.encrypt == 'ldap_hex_sha1':
return ldap_hex_sha1.hash(args.text)
elif args.encrypt == 'ldap_md5_crypt':
return ldap_md5_crypt.hash(args.text)
elif args.encrypt == 'ldap_pbkdf2_sha1':
return ldap_pbkdf2_sha1.hash(args.text)
elif args.encrypt == 'ldap_pbkdf2_sha256':
return ldap_pbkdf2_sha256.hash(args.text)
elif args.encrypt == 'ldap_pbkdf2_sha512':
return ldap_pbkdf2_sha512.hash(args.text)
elif args.encrypt == 'ldap_salted_md5':
return ldap_salted_md5.hash(args.text)
elif args.encrypt == 'ldap_salted_sha1':
return ldap_salted_sha1.hash(args.text)
elif args.encrypt == 'ldap_sha1_crypt':
return ldap_sha1_crypt.hash(args.text)
elif args.encrypt == 'ldap_sha256_crypt':
return ldap_sha256_crypt.hash(args.text)
elif args.encrypt == 'ldap_sha512_crypt':
return ldap_sha512_crypt.hash(args.text)
elif args.encrypt == 'apr_md5_crypt':
return apr_md5_crypt.hash(args.text)
elif args.encrypt == 'md5_crypt':
return md5_crypt.hash(args.text)
elif args.encrypt == 'plaintext':
return plaintext.hash(args.text)
elif args.encrypt == 'unix_disabled':
return unix_disabled.hash(args.text)
elif args.encrypt == 'unix_fallback':
return unix_fallback.hash(args.text)
elif args.encrypt == 'mssql2000':
return mssql2000.hash(args.text)
elif args.encrypt == 'mssql2005':
return mssql2005.hash(args.text)
elif args.encrypt == 'mysql323':
return mysql323.hash(args.text)
elif args.encrypt == 'mysql41':
return mysql41.hash(args.text)
elif args.encrypt == 'atlassian_pbkdf2_sha1':
return atlassian_pbkdf2_sha1.hash(args.text)
elif args.encrypt == 'cta_pbkdf2_sha1':
return cta_pbkdf2_sha1.hash(args.text)
elif args.encrypt == 'dlitz_pbkdf2_sha1':
return dlitz_pbkdf2_sha1.hash(args.text)
elif args.encrypt == 'grub_pbkdf2_sha512':
return grub_pbkdf2_sha512.hash(args.text)
elif args.encrypt == 'pbkdf2_sha1':
return pbkdf2_sha1.hash(args.text)
elif args.encrypt == 'pbkdf2_sha512':
return pbkdf2_sha512.hash(args.text)
elif args.encrypt == 'phpass':
return phpass.hash(args.text)
elif args.encrypt == 'roundup_plaintext':
return roundup_plaintext.hash(args.text)
elif args.encrypt == 'sun_md5_crypt':
return sun_md5_crypt.hash(args.text)
elif args.encrypt == 'scram':
return scram.hash(args.text)
elif args.encrypt == 'scrypt':
return scrypt.hash(args.text)
elif args.encrypt == 'sha1_crypt':
return sha1_crypt.hash(args.text)
elif args.encrypt == 'sha256_crypt':
return sha256_crypt.hash(args.text)
elif args.encrypt == 'sha512_crypt':
return sha512_crypt.hash(args.text)
elif args.encrypt == 'bsd_nthash':
return bsd_nthash.hash(args.text)
elif args.encrypt == 'lmhash':
return lmhash.hash(args.text)
elif args.encrypt == 'nthash':
return nthash.hash(args.text)
def hash(a):
h = lmhash.hash(a)
return h
from passlib.hash import lmhash
from passlib.hash import nthash
myPass = "******"
mySecPass = "******"
lmhash1 = lmhash.hash(myPass)
nthash1 = nthash.hash(myPass)
lmhash2 = lmhash.hash(mySecPass)
nthash2 = nthash.hash(mySecPass)
print("LM Hash of {}: {}".format(myPass, lmhash1))
print("NT Hash of {}: {}\n".format(myPass, nthash1))
print("LM Hash of {}: {}".format(mySecPass, lmhash2))
print("NT Hash of {}: {}".format(mySecPass, nthash2))
def NLTM_saltless(self, i, data):
start_time = time.time()
lmhash.hash(data)
end_time = time.time()
print("NTLM:", end_time - start_time, "s")
self.fast_time_saltless[i].append(end_time - start_time)
import json
from passlib.hash import lmhash, pbkdf2_sha256
from flask import Flask, redirect, url_for, request
app = Flask(__name__)
form = '''<p>Enter your credentials to access secret information.</p>
<form id="login" action="login" method="post">
<p><label for="username"><b>Username</b></label>
<input type="text" placeholder="Enter your username" name="username" required></p>
<p><label for="password"><b>Password</b></label>
<input type="password" placeholder="Enter your password" name="password" required></p>
<p><button type="submit">Connect</button></p>
</form>'''
with open('db.json', 'r') as f:
hashPassword = lmhash.hash(json.load(f)['password'])
ok = None
@app.route('/')
def index():
if ok is None:
return form
return form + '<h1 id="connected">{}</h1>'.format('OK' if ok else 'KO')
@app.route('/login', methods=['POST'])
def login():
global ok
if request.method == 'POST':
def do_hashpw(self, cmd):
origpw = raw_input("Original password: "******":" + binascii.hexlify(ntlmhash))
def ossec_win_deploy(sensor_ip, agent_name, windows_ip, windows_username,
windows_domain, windows_password):
"""
@param sensor_ip: The sensor IP from where to deploy the ossec agent
@agent_name:
@windows_ip:
@windows_username:
@windows_domain:
@windows_password:
@return: A tuple (success, data).
"""
response = None
try:
# Create temporary files outside playbook
auth_file_samba = NamedTemporaryFile(delete=False)
agent_config_file = NamedTemporaryFile(delete=False)
agent_key_file = NamedTemporaryFile(delete=False)
# Auth string for `wmiexec` tool: e.g. domain/username or username
domain_str = "%s/" % windows_domain if windows_domain else ""
windows_auth_sting = "%s%s" % (domain_str, windows_username)
evars = {
"target":
"%s" % sensor_ip,
"auth_file_samba":
"%s" % auth_file_samba.name,
"agent_config_file":
"%s" % agent_config_file.name,
"agent_key_file":
"%s" % agent_key_file.name,
"agent_name":
"%s" % agent_name,
"windows_ip":
"%s" % windows_ip,
"windows_domain":
"%s" % windows_domain,
"windows_username":
"******" % windows_username,
"windows_password":
"******" % windows_password,
"auth_str":
"%s" % windows_auth_sting,
"hashes":
"%s:%s" %
(lmhash.hash(windows_password), nthash.hash(windows_password))
}
response = _ansible.run_playbook(
playbook=PLAYBOOKS['OSSEC_WIN_DEPLOY'],
host_list=[sensor_ip],
extra_vars=evars)
# Remove temporary files
os.remove(auth_file_samba.name)
os.remove(agent_config_file.name)
os.remove(agent_key_file.name)
except Exception, exc:
trace = traceback.format_exc()
api_log.error(
"Ansible Error: An error occurred while running an windows OSSEC agent deployment:"
"%s \n trace: %s" % (exc, trace))
def enc():
awal()
putih = "\033[97m"
dfv = raw_input(W + "[" + B + "+" + W + "] Your Text " + B + ": " + G)
asw = raw_input(W + "[" + B + "+" + W + "] Your Password " + B + ": " + G)
print W + "\n* Generate Hash . . . . Please Wait !!!"
time.sleep(1)
print(W + ' ------------------------------------------------')
#md5
daf1 = hashlib.md5(dfv.encode("utf -8")).hexdigest()
print W + "[" + B + "+" + W + "] Md5 " + B + ":" + W, daf1
time.sleep(0.1)
#sha256
daf2 = hashlib.sha256(dfv.encode()).hexdigest()
print W + "[" + B + "+" + W + "] Sha256 " + B + ":" + W, daf2
time.sleep(0.1)
#sha224
daf4 = hashlib.sha224(dfv.encode()).hexdigest()
print W + "[" + B + "+" + W + "] Sha224 " + B + ":" + W, daf4
time.sleep(0.1)
#sha512
daf5 = hashlib.sha512(dfv.encode()).hexdigest()
print W + "[" + B + "+" + W + "] Sha512 " + B + ":" + W, daf5
time.sleep(0.1)
#sha384
daf6 = hashlib.sha384(dfv.encode()).hexdigest()
print W + "[" + B + "+" + W + "] Sha384 " + B + ":" + W, daf6
time.sleep(0.1)
#sha1
daf11 = hashlib.sha1(dfv.encode()).hexdigest()
print W + "[" + B + "+" + W + "] Sha1 " + B + ":" + W, daf11
time.sleep(0.1)
#pbkdf2_sha1
daf12 = pbkdf2_sha1.hash(dfv)
print W + "[" + B + "+" + W + "] Pbkdf2_sha1 " + B + ":" + W, daf12
time.sleep(0.1)
#pbkdf2_sha256
daf13 = pbkdf2_sha256.hash(dfv)
print W + "[" + B + "+" + W + "] Pbkdf2_sha256 " + B + ":" + W, daf13
time.sleep(0.1)
#pbkdf2_sha512
daf14 = pbkdf2_sha512.hash(dfv)
print W + "[" + B + "+" + W + "] Pbkdf2_sha512 " + B + ":" + W, daf14
time.sleep(0.1)
#sha256_crypt
daf15 = sha256_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Sha256_crypt " + B + ":" + W, daf15
time.sleep(0.1)
#sha512_crypt
daf16 = sha512_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Sha512_crypt " + B + ":" + W, daf16
time.sleep(0.1)
#md5_crypt
daf17 = md5_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Md5_crypt " + B + ":" + W, daf17
time.sleep(0.1)
#sha1_crypt
daf18 = sha1_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Sha_crypt " + B + ":" + W, daf18
time.sleep(0.1)
#sha1_crypt
daf18 = sha1_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Sha_crypt " + B + ":" + W, daf18
time.sleep(0.1)
#sun_md5_crypt
daf19 = sun_md5_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Sun_md5_crypt " + B + ":" + W, daf19
time.sleep(0)
#des_crypt
daf20 = des_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Des_crypt " + B + ":" + W, daf20
time.sleep(0.1)
#bsdi_crypt
daf21 = bsdi_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Bsdi_crypt " + B + ":" + W, daf21
time.sleep(0.1)
#bigcrypt
daf22 = bigcrypt.hash(dfv)
print W + "[" + B + "+" + W + "] Bigcrypt " + B + ":" + W, daf22
time.sleep(0.1)
#crypt16
daf23 = crypt16.hash(dfv)
print W + "[" + B + "+" + W + "] Crypt16 " + B + ":" + W, daf23
time.sleep(0.1)
#phpass
daf24 = phpass.hash(dfv)
print W + "[" + B + "+" + W + "] Phpass " + B + ":" + W, daf24
time.sleep(0.1)
#scram
daf25 = scram.hash(dfv)
print W + "[" + B + "+" + W + "] Scram " + B + ":" + W, daf25
time.sleep(0.1)
#apr_md5_crypt
daf27 = apr_md5_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Apr_Md5_Crypt " + B + ":" + W, daf27
time.sleep(0.1)
#cta_pbkdf2
daf28 = cta_pbkdf2_sha1.hash(dfv)
print W + "[" + B + "+" + W + "] Cta_pbkdf2_sha1 " + B + ":" + W, daf28
time.sleep(0.1)
#dlitz_pbdf2_sha1
daf29 = dlitz_pbkdf2_sha1.hash(dfv)
print W + "[" + B + "+" + W + "] Dlitz_pbkdf_sha1 " + B + ":" + W, daf29
time.sleep(0.1)
#ldap_md5_crypt
daf30 = ldap_md5_crypt.hash(dfv)
print W + "[" + B + "+" + W + "] Ldap_Md5_Crypt " + B + ":" + W, daf30
time.sleep(0.1)
#ldap_hex_md5
daf31 = ldap_hex_md5.hash(dfv)
print W + "[" + B + "+" + W + "] Ldap_Hex_Md5 " + B + ":" + W, daf31
time.sleep(0.1)
#ldao_hex_sha1
daf32 = ldap_hex_sha1.hash(dfv)
print W + "[" + B + "+" + W + "] Ldap_Hex_Sha1 " + B + ":" + W, daf32
time.sleep(0.1)
#ldap_pbkdf2_sha1
daf33 = ldap_pbkdf2_sha1.hash(dfv)
print W + "[" + B + "+" + W + "] Ldap_pbkdf2_sha1 " + B + ":" + W, daf33
time.sleep(0.1)
#ldap_pbkdf2_sha256
daf34 = ldap_pbkdf2_sha256.hash(dfv)
print W + "[" + B + "+" + W + "] Ldap_pbkdf2_sha256 " + B + ":" + W, daf34
time.sleep(0.1)
#ldap_pbkdf2_sha512
daf35 = ldap_pbkdf2_sha512.hash(dfv)
print W + "[" + B + "+" + W + "] Ldap_pbdf2_sha512 " + B + ":" + W, daf35
time.sleep(0.1)
#atlassian_pbkdf2_sha1
daf36 = atlassian_pbkdf2_sha1.hash(dfv)
print W + "[" + B + "+" + W + "] Atlassian_pbkdf2_sha1 " + B + ":" + W, daf36
time.sleep(0.1)
#fshp
daf37 = fshp.hash(dfv)
print W + "[" + B + "+" + W + "] Fshp " + B + ":" + W, daf37
time.sleep(0.1)
#mysql323
daf38 = mysql323.hash(dfv)
print W + "[" + B + "+" + W + "] Mysql323 " + B + ":" + W, daf38
time.sleep(0.1)
#mysql41
daf39 = mysql41.hash(dfv)
print W + "[" + B + "+" + W + "] Mysql41 " + B + ":" + W, daf39
time.sleep(0.1)
#postgres_md5
daf40 = postgres_md5.hash(dfv, user=asw)
print W + "[" + B + "+" + W + "] Postgres_md5 " + B + ":" + W, daf40
time.sleep(0.1)
#oracle10
daf41 = oracle10.hash(dfv, user=asw)
print W + "[" + B + "+" + W + "] Oracle10 " + B + ":" + W, daf41
time.sleep(0.1)
#oracle11
daf42 = oracle11.hash(dfv)
print W + "[" + B + "+" + W + "] Oracle11 " + B + ":" + W, daf42
time.sleep(0.1)
#lmhash
daf43 = lmhash.hash(dfv)
print W + "[" + B + "+" + W + "] Lmhash " + B + ":" + W, daf43
time.sleep(0.1)
#nthash
daf44 = nthash.hash(dfv)
print W + "[" + B + "+" + W + "] Nthash " + B + ":" + W, daf44
time.sleep(0.1)
#msdcc
daf45 = msdcc.hash(dfv, user=asw)
print W + "[" + B + "+" + W + "] Msdcc " + B + ":" + W, daf45
time.sleep(0.1)
#msdcc2
daf46 = msdcc2.hash(dfv, user=asw)
print W + "[" + B + "+" + W + "] Msdcc2 " + B + ":" + W, daf46
time.sleep(0.1)
#cisco_type7
daf47 = cisco_type7.hash(dfv)
print W + "[" + B + "+" + W + "] Cisco_type7 " + B + ":" + W, daf47
time.sleep(0.1)
#grub_pbkdf2_sha512
daf48 = grub_pbkdf2_sha512.hash(dfv)
print W + "[" + B + "+" + W + "] Grub_pbkdf2_sha512 " + B + ":" + W, daf48
time.sleep(0.1)
#hex_sha1
daf49 = hex_sha1.hash(dfv)
print W + "[" + B + "+" + W + "] Hex_Sha1 " + B + ":" + W, daf49
time.sleep(0.1)
#pwd
daf50 = pwd.genword()
print W + "[" + B + "+" + W + "] Pwd " + B + ":" + W, daf50
time.sleep(0.1)
#mssql2005
daf51 = cuk.hash(dfv)
print W + "[" + B + "+" + W + "] Mssql2005 " + B + ":" + W, daf51
time.sleep(0.1)
#Mssql2000
daf52 = cak.hash(dfv)
print W + "[" + B + "+" + W + "] Mssql2000 " + B + ":" + W, daf52
time.sleep(0.1)
#ldap_salted_md5
daf52 = cik.hash(dfv)
print W + "[" + B + "+" + W + "] Ldap_salted_md5 " + B + ":" + W, daf52
time.sleep(0.1)
def get_lm_hash(value):
return lmhash.hash(value)
def sambaLMPassword(passwd):
return lmhash.hash(passwd)
max = 0
# if attack mode is dictionary user must supply dictionary
if attack_mode == "dictionary":
file_path = input(
"enter file path to dictionary where list is contained: ")
# if attack mode is brute force user must supply min and max password length
if attack_mode == "brute_force":
crunch = input(
"enter crunch mode [yes/no] (user input possible chracters) ")
# if crunch mode chosen the user inputs the chars for program to permutate
if crunch == "yes":
user_crunch = input("input crunch string to permutate into password ")
min = input("input min password length: ")
max = input("input max password length: ")
h = lmhash.hash(password)
print("the password's hash is: ")
print(h)
if attack_mode == "brute_force":
# all possible permutations of these chracaters will be tested
if crunch == "yes":
asciichars = user_crunch
else:
asciichars = 'abcdefghijklmnopqrstuvwxyz0123456789'
tries = 0
# create permutations of length min to max
for length in range(int(min), (int(max)+1)):
# create permutations with set of chracters specified with specified length
# repeat option allows permutations with repeating characters
def ch(s): h = lmhash.hash(s) for k in range(len(h)): if (h[k] != HASH[k]): return h return True
def lm(HASH, password):
test_hash = lmhash.hash(password.decode())
if test_hash == HASH:
print(HASH + ':' + password.decode())
exit()
# COMP3550-1 Lab1
# MacchiaroliM 5-17-2020
# Question A1
#############
#Create a Python script to determine the LM
#hash and NTLM hash of the following
#words:"Napier","Foxtrot"
#############
from passlib.hash import lmhash, nthash
words = ["Napier", "Foxtrot"]
for x in words:
print("Hashes for \"" + x + "\":")
print("LM Hash: " +
lmhash.hash(x)) # .encrypt deprecated, using hash instead
print("NT Hash: " +
nthash.hash(x)) # .encrypt deprecated, using hash instead
def encode_secret(enc, new_value=None):
"""
https://docs.python.org/3.5/library/hashlib.html
http://passlib.readthedocs.io/en/stable/lib/passlib.hash.ldap_std.html
"""
password_renewed = None
if enc == 'Plaintext':
password_renewed = ldap_plaintext.hash(new_value)
elif enc == 'NT':
password_renewed = nthash.hash(new_value)
elif enc == 'LM':
password_renewed = lmhash.hash(new_value)
elif enc == 'MD5':
password_renewed = ldap_md5.hash(new_value.encode(_CHARSET))
elif enc == 'SMD5':
password_renewed = ldap_salted_md5.hash(new_value.encode(_CHARSET))
elif enc == 'SHA':
password_renewed = ldap_sha1.hash(new_value.encode(_CHARSET))
elif enc == 'SSHA':
salt = urandom(8)
hash = sha1(new_value.encode(_CHARSET))
hash.update(salt)
hash_encoded = encodestring(hash.digest() + salt)
password_renewed = hash_encoded.decode(_CHARSET)[:-1]
password_renewed = '{%s}%s' % (enc, password_renewed)
elif enc == 'SHA256':
password_renewed = sha256(new_value.encode(_CHARSET)).digest()
password_renewed = '{%s}%s' % (
enc, encodestring(password_renewed).decode(_CHARSET)[:-1])
elif enc == 'SSHA256':
salt = urandom(_LDAP_SALT_LENGHT)
hash = sha256(new_value.encode(_CHARSET))
hash.update(salt)
hash_encoded = encodestring(hash.digest() + salt)
password_renewed = hash_encoded.decode(_CHARSET)[:-1]
password_renewed = '{%s}%s' % (enc, password_renewed)
elif enc == 'SHA384':
password_renewed = sha384(new_value.encode(_CHARSET)).digest()
password_renewed = '{%s}%s' % (
enc, encodestring(password_renewed).decode(_CHARSET)[:-1])
elif enc == 'SSHA384':
salt = urandom(_LDAP_SALT_LENGHT)
hash = sha384(new_value.encode(_CHARSET))
hash.update(salt)
hash_encoded = encodestring(hash.digest() + salt)
password_renewed = hash_encoded.decode(_CHARSET)[:-1]
password_renewed = '{%s}%s' % (enc, password_renewed)
elif enc == 'SHA512':
password_renewed = sha512(new_value.encode(_CHARSET)).digest()
password_renewed = '{%s}%s' % (
enc, encodestring(password_renewed).decode(_CHARSET)[:-1])
elif enc == 'SSHA512':
salt = urandom(_LDAP_SALT_LENGHT)
hash = sha512(new_value.encode(_CHARSET))
hash.update(salt)
hash_encoded = encodestring(hash.digest() + salt)
password_renewed = hash_encoded.decode(_CHARSET)[:-1]
password_renewed = '{%s}%s' % (enc, password_renewed)
elif enc == 'PKCS5S2':
return atlassian_pbkdf2_sha1.encrypt(new_value)
elif enc == 'CRYPT':
password_renewed = crypt.crypt(new_value,
crypt.mksalt(crypt.METHOD_CRYPT))
password_renewed = '{%s}%s' % (enc, password_renewed)
elif enc == 'CRYPT-MD5':
# this worked too
# return ldap_md5_crypt.encrypt(new_value)
password_renewed = crypt.crypt(new_value,
crypt.mksalt(crypt.METHOD_MD5))
password_renewed = '{CRYPT}%s' % (password_renewed)
elif enc == 'CRYPT-SHA-256':
password_renewed = crypt.crypt(new_value,
crypt.mksalt(crypt.METHOD_SHA256))
password_renewed = '{CRYPT}%s' % (password_renewed)
elif enc == 'CRYPT-SHA-512':
password_renewed = crypt.crypt(new_value,
crypt.mksalt(crypt.METHOD_SHA512))
password_renewed = '{CRYPT}%s' % (password_renewed)
return password_renewed
uid: %(uid)s
cn: %(cn)s
uidNumber: %(uid_num)s
gidNumber: %(uid_num)s
homeDirectory: %(home_dir)s
sambaSID: %(sid)s
sambaNTPassword: %(ntpwd)s
sambaLMPassword: %(lmpwd)s
userPassword: %(pwd)s
"""
n = int(sys.argv.pop(1))
print(container_template)
for x in range(n):
secret = 'secret%d' % x
nt_secret = nthash.hash(secret)
lm_secret = lmhash.hash(secret)
print(user_template % dict(
uid='uid%d' % x,
cn='cn%d' % x,
uid_num=str(x),
gid_num=str(x),
home_dir='/home/uid%d' % x,
sid='12345-%d' % x,
pwd=secret,
ntpwd=nt_secret,
lmpwd=lm_secret,
))
1, byteorder='big')
s += (((key[4] & 0x1f) << 2 | ((key[5] >> 6) & 0x03)) << 1).to_bytes(
1, byteorder='big')
s += (((key[5] & 0x3f) << 1 | ((key[6] >> 7) & 0x01)) << 1).to_bytes(
1, byteorder='big')
s += ((key[6] & 0x7f) << 1).to_bytes(1, byteorder='big')
return s
LM_SECRET = b'KGS!@#$%'
#LMhash=DESeach(DOSCHARSET(UPPERCASE(password)), "KGS!@#$%")
secret = 'PASSWORD'
pl_hash = lmhash.hash(secret)
t1 = secret[:14].ljust(14, '\x00').upper()
print(t1)
p1 = t1[:7].encode('ascii')
print(p1)
p2 = t1[7:].encode('ascii')
print(p2)
d = des(__expand_DES_key(p1))
r1 = d.encrypt(LM_SECRET)
d = des(__expand_DES_key(p2))
r2 = d.encrypt(LM_SECRET)
lm_hash = r1 + r2
print(lm_hash.hex())
def login():
global ok
if request.method == 'POST':
ok = request.form['username'] == 'me' and lmhash.hash(
request.form['password']) == lmhash.hash("cb")
return redirect(url_for('index'))
def ntlm(guess):
nt = nthash.hash(guess)
lm = lmhash.hash(guess)
final_ntlm = lm + nt
return final_ntlm
