Пример #1
0
def knock(host, ports, syn, default_proto, delay, verbose):
    for port in ports:
        #Handle tcp vs udp settings, either getting from global or port-specific setting
        if len(port.split(':')) == 2:
            port, proto = port.split(':')
        else:
            proto = default_proto

        #Now we're rid of proto, convert ports to integer
        try:
            port = int(port)
        except:
            bc.info("Unexpected error in port integer conversion:",
                    sys.exc_info()[0])
            raise
        if verbose:
            bc.info("Hitting Port {} with Proto {}".format(
                port, proto.upper()))
        if proto.lower() == "tcp" and not syn:
            result = tcp_connect(host, port)
        elif proto.lower() == "tcp":
            result = send_syn(host, port)
        elif proto.lower() == "syn":
            result = send_syn(host, port)
        elif proto.lower() == "udp":
            result = send_udp(host, port, b"")
        else:
            bc.err("Improper protocol '{}' set for port {}.".format(
                proto, port))

        #Wait
        if delay > 0:
            time.sleep(delay)
    return result
Пример #2
0
def single_crack(bruter, single, single_first, login_q, len_q):
    i = 0
    try:
        n_bruter = file_len(bruter)
        if single_first:
            bc.info("Attempting login for 1 user and {} passwords.".format(n_bruter), True)
        else:
            bc.info("Attempting login for {} users and 1 password.".format(n_bruter), True)
        len_q.put(n_bruter)
        #For each line in the file, bang it in the queue
        with open(bruter, 'r', encoding='latin-1') as bl:
        #with open(bruter, 'r', encoding='utf-8') as bl:
            for b in bl:
                b = b.strip()
                if not b: continue
                i+=1
                if single_first:
                    login_q.put([single, b])
                else:
                    login_q.put([b, single])
    except UnicodeDecodeError as e:
        bc.err("Error decoding on wordlist line {}\n{}.".format(i, e))
        bc.warn("Skipping guess")
    except BrokenPipeError as e:
        bc.err("Error communicating between processes : {}".format(e))
        bc.info("Continuing")
    except ConnectionResetError as e:
        bc.err("Error communicating between processes : {}".format(e))
        bc.info("Continuing")
    except KeyboardInterrupt:
        return
Пример #3
0
def main():
    #CLI Parsing - simple and dirty:
    if len(argv[1:]) != 1:
        app = basename(__file__)
        print("Usage: {} [number]".format(app))
        exit(0)

#Set up variables from CLI
    try:
        num = int(argv[1])
    except:
        bc.err('Cannot process argument. Is your input an integer?')
        exit(0)
    if is_prime(num):
        bc.success('Yes, {} is prime!'.format(num), True)
    else:
        bc.info('No, {} is not prime, sorry!'.format(num), True)
Пример #4
0
def main():

    args = get_args()
    print_banner()
    check_root()

    #Set scan type, remove default TCP connect if Syn Scan
    #Also setup default protocols and TCP flags (if applicable)
    if args.syn:
        args.tcp_connect = False
    if args.udp:
        default_proto = "udp"
    else:
        default_proto = "tcp"

    #Format ports into list, check number of ports first
    if len(args.knock_ports.split(',')) < 2:
        bc.err("Error parsing knock ports!\t" + bc.UNDERLINE + \
                "Did you supply comma delimited ports?" + bc.ENDC)
        sys.exit(0)
    else:
        knock_ports = args.knock_ports.split(',')

#If not brute, knock
    if not args.brute:
        if args.verbose:
            bc.success("Starting knock against ports: {}".format(knock_ports))
        knock(args.host, knock_ports, args.syn, default_proto, args.delay,
              args.verbose)
    else:
        #BRUTE!
        bc.info("Bruting...")

    #If port to test - NOTE syn set to False, because we're looking for connection
    if args.target_port and knock(args.host, [args.target_port], False, \
            default_proto, args.delay, args.verbose) == 0:
        bc.success("Knock complete - {}, test port open!".format(
            bc.bold_format("success")))
    elif args.target_port:
        bc.err(
            "Knock complete - {} - test port filtered or closed... BEWARE UDP."
            .format(bc.bold_format("Failure")))
    else:
        bc.info("Knock complete.")
Пример #5
0
def double_crack(login_list, password_list, login_q, len_q):
    i = 0
    j = 0
    try:
        n_login = file_len(login_list)
        n_pass = file_len(password_list)
        bc.info("Attempting login for {} users and {} passwords.".format(n_login, n_pass), True)
        len_q.put(n_login*n_pass)
        #For each line in the file, bang it in the queue
        with open(login_list, 'r', encoding='latin-1') as ul:
            for u in ul:
                u = u.strip()
                if not u: continue
                i += 1
                with open(password_list, 'r', encoding='latin-1') as pl:
                    for p in pl:
                        p = p.strip()
                        if not p: continue
                        j += 1
                        login_q.put([u, p])
    except UnicodeDecodeError as e:
        bc.err("Error decoding at login_list line {} & password_list line {}\n{}.".format(i,j, e))
        bc.warn("Skipping guess")
    except BrokenPipeError as e:
        bc.err("Error communicating between processes : {}".format(e))
        bc.info("Continuing")
    except ConnectionResetError as e:
        bc.err("Error communicating between processes : {}".format(e))
        bc.info("Continuing")
    except KeyboardInterrupt:
        return
def convert_hashcat(args, sha512_to_crack, hmac_to_crack):
    """Take a mosquitto_passwd file and convert it to hashcat format
    can handle both SHA512 and PBKDF2_HMAC_SHA512 output formats"""

    sha512s = []
    hmacs = []
    for h in sha512_to_crack:
        sha512s.append(sha512_to_hashcat(h))
    for h in hmac_to_crack:
        hmacs.append(hmac_to_hashcat(h))
    if len(sha512s) > 0:
        with open("{}.1710.hcat".format(args.out_file), "w") as o:
            for h in sha512s:
                o.write(h + "\n")
    if len(hmacs) > 0:
        with open("{}.12100.hcat".format(args.out_file), "w") as o:
            for h in hmacs:
                o.write(h + "\n")
    bc.success("Hashes written out to files starting '{}'".format(
        args.out_file))
    bc.info("Run SHA512s in mode 1710 with --hex-salt.", strong=True)
    bc.info("Run HMAC-SHA512s in mode 12100.", strong=True)
def convert_john(args, sha512_to_crack, hmac_to_crack):
    """Take a mosquitto_passwd file and convert it to John's dynamic 82
    format. Can handle both SHA512 and PBKDF2_HMAC_SHA512 output formats.
    Using raw hex for hash and salt because bad bytes."""

    sha512s = []
    hmacs = []
    for h in sha512_to_crack:
        sha512s.append(sha512_to_john(h))
    for h in hmac_to_crack:
        hmacs.append(hmac_to_john(h))
    if len(sha512s) > 0:
        with open("{}.sha512s.john".format(args.out_file), "w") as o:
            for h in sha512s:
                o.write(h + "\n")
    if len(hmacs) > 0:
        with open("{}.hmacs.john".format(args.out_file), "w") as o:
            for h in hmacs:
                o.write(h + "\n")
    bc.success("Hashes written out to files starting '{}'".format(
        args.out_file))
    bc.info("Run separate sessions for each hash type. " + \
            "No format specification needed.", strong=True)
Пример #8
0
def main():
    #Mega basic command line parsing will do fine for our purposes
    try:
        if len(sys.argv[1:]) == 1:
            addresses = scrape_emails(sys.argv[1])
            if addresses is not None:
                bc.success("Found addresses :")
                for a in addresses:
                    print("\t{}".format(a))
        elif len(sys.argv[1:]) == 2:
            addresses = scrape_emails(sys.argv[1])
            if addresses is not None and not exists(sys.argv[2]):
                with open(sys.argv[2], "w") as f:
                    for address in addresses:
                        f.write(address + '\n')
            elif addresses is not None and exists(sys.argv[2]):
                answer = 'placeholder'
                fmt_str = bc.blue_format(
                        "[!] ", "- {} exists, overwrite, append or cancel [o/a/c]? :".format(
                                sys.argv[2]))
                while answer.lower() not in ['o','a','c']:
                    answer = input(fmt_str)
                if answer == 'c':
                    bc.info("Exiting.")
                    sys.exit(0)
                else:
                    mode = 'w' if answer == 'o' else 'a'
                    with open(sys.argv[2], mode) as f:
                        for address in addanswerresses:
                            f.write(address + '\n')

        else:
            app = basename(__file__)
            print('Usage: {} [target_url] [outfile (optional)]'.format(app))
    except Exception as e:
        bc.err("Error parsing emails: {}".format(e))
def main():
    args = get_args()

    hashes = parse_hashfile(args.hashfile)
    hmac_to_crack = hashes[0]
    sha512_to_crack = hashes[1]
    bc.info("Parsed {} HMAC and {} SHA512 Hashes from {}".format(
        len(hmac_to_crack), len(sha512_to_crack), args.hashfile))

    #Hashcat conversion operation
    if args.convert_hashcat:
        convert_hashcat(args, sha512_to_crack, hmac_to_crack)
        exit(0)

    # John conversion operation
    elif args.convert_john:
        convert_john(args, sha512_to_crack, hmac_to_crack)
        exit(0)

    with open(args.wordlist, 'r', encoding='latin-1') as w:
        for word in w:
            if not word: continue
            word = word.strip()
            if len(sha512_to_crack) == 0 and len(hmac_to_crack) == 0:
                bc.info("No more hashes to crack, exiting.")
                break

            # crack any straight 512s
            if len(sha512_to_crack) > 0:
                for h in sha512_to_crack:
                    this_hash = sha512(word.encode() + h[0]).digest()
                    if b64encode(this_hash).decode() == h[1]:
                        bc.success("{} : {}".format(h[2], word), strong=True)
                        sha512_to_crack.remove(h)

            # Now for any HMACS
            if len(hmac_to_crack) > 0:
                for h in hmac_to_crack:
                    this_hash = pbkdf2_hmac('sha512', word.encode(), h[0],
                                            int(h[3]))
                    if b64encode(this_hash).decode() == h[1]:
                        bc.success("{} : {}".format(h[2], word), strong=True)
                        hmac_to_crack.remove(h)

    bc.info("{} HMAC and {} SHA512 hashes left to be cracked.".format(
        len(hmac_to_crack), len(sha512_to_crack)))
Пример #10
0
def main():
    """Do the main lifting!"""

    # Configuration and config stuff
    args = get_args()
    if args.config == 'resources/discordnotify.yml':
        config_file = dirname(realpath(__file__)) + \
                '/resources/discordnotify.yml'
    config = get_config(config_file)
    hook_name, hook, user = check_config(args, config)
    bcolors.info("Executing job: {}".format(bcolors.bold_format(args.command)),
                 strong=True)

    #Create main webhook for proc completion
    wh = DiscordWebhook(url=hook, \
            content="You've just started a job. Brace for updates...",\
            username=user['username'])
    embed = DiscordEmbed(title="Process running",\
            description="Full command line: {}".format(args.command), color=242424)
    if user['image']:
        embed.set_author(name="Job: {}".format(args.command.split(' ')[0]),
                         icon_url=user['image'])
    else:
        embed.set_author(name="Job: {}".format(args.command.split(' ')[0]))
    embed.set_footer(
        text="Sent with DiscordNotify by @blackf3ll - [email protected]")
    wh.add_embed(embed)
    sent_wh = wh.execute()

    #Pre-ampble and process start
    t1 = time()
    t2 = time()
    worker = False
    start_time = ctime()  #Human friendly :)
    output = ''
    p = subprocess.Popen(
            args.command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,\
            shell=True , encoding='utf-8', errors='replace')

    # Manage beat updates
    if args.beat:
        worker = True
        embed.add_embed_field(name="Job ongoing",
                              value="No updates yet...",
                              inline=False)
        stdout_q = multiprocessing.Queue()
        stdout_worker = multiprocessing.Process(target=stdout_reader,
                                                args=(p, stdout_q))
        stdout_worker.start()
        while p.poll() == None:
            try:
                while not stdout_q.empty():
                    output += stdout_q.get()
                t3 = time()
                if round(t3 - t2) >= args.beat:
                    t2 = int(t3)
                    # update embed summary data with stdout summary and time info
                    embed.fields[0]['value'] = \
                            "Started: {} Elapsed : {}s Output summary:\n{}".format(
                            start_time, round(t3-t1),trim_output(
                            output, config['instance_info']['max_embed_lines']))
                    wh.edit(sent_wh)  # and send it
            except Exception as e:
                bcolors.err("Error sending update:\n{}".format(e))

    # Mop up any un-read stdout and print to console
    output += p.stdout.read()  #.decode()
    duration = round(time() - t1)
    print(output)

    #Configure final report & embed in webhook
    was_error = "with errors" if p.returncode != 0 else "without errors"
    embed.add_embed_field(name="Process Complete",
                          value="Completed {} \
            (exit code {}) in {} Seconds".format(was_error, p.returncode,
                                                 duration),
                          inline=False)
    if output:
        out_summary = trim_output(output,
                                  config['instance_info']['max_embed_lines'])
    else:
        out_summary = "No data on STDOUT or STDERR."
    embed.add_embed_field(name="Stdout Summary",
                          value=out_summary,
                          inline=False)

    # Add any requested image - TODO - fix this so it works - add to file attachment?
    if args.image:
        embed.set_thumbnail(url='attachment://{}'.format(args.image))
    # Now send
    try:
        wh.edit(sent_wh)
    except Exception as e:
        bcolors.err("Failed to send update to Discord:\n{}".format(e))

    # Send any file on afterwards, to avoid conflictings file space/embed requirements
    if args.file:
        # Use a fresh webhook to avoid API limits and issues with large embeds
        filewh = DiscordWebhook(url=hook, \
                content="Here's the associated file for your job: {}.".format(
                args.command), username=user['username'])
        try:
            with open(args.file, "rb") as f:
                filewh.add_file(file=f.read(), filename=args.file)
                filewh.execute()
        except Exception as e:
            bcolors.err("Couldn't attach file : {} :\n{}".format(args.file, e))

    # Worker process cleanup
    if worker:
        stdout_worker.terminate()
        stdout_worker.join(5)
                bc.info("No more hashes to crack, exiting.")
                break

            # crack any straight 512s
            if len(sha512_to_crack) > 0:
                for h in sha512_to_crack:
                    this_hash = sha512(word.encode() + h[0]).digest()
                    if b64encode(this_hash).decode() == h[1]:
                        bc.success("{} : {}".format(h[2], word), strong=True)
                        sha512_to_crack.remove(h)

            # Now for any HMACS
            if len(hmac_to_crack) > 0:
                for h in hmac_to_crack:
                    this_hash = pbkdf2_hmac('sha512', word.encode(), h[0],
                                            int(h[3]))
                    if b64encode(this_hash).decode() == h[1]:
                        bc.success("{} : {}".format(h[2], word), strong=True)
                        hmac_to_crack.remove(h)

    bc.info("{} HMAC and {} SHA512 hashes left to be cracked.".format(
        len(hmac_to_crack), len(sha512_to_crack)))


if __name__ == '__main__':

    try:
        main()
    except KeyboardInterrupt:
        bc.info("Interrupted, exiting.")
Пример #12
0
def main():
    """ACtually do the bruting"""

    #Setup initial variables
    args = get_args()

    #SMB variables
    t = args.timeout
    #Get crack mode
    crack_mode = get_crack_mode(args.login_list, \
        args.password_list, args.login, args.password)

    #If there's a bad file provided or some other error in crack_mode derivation
    if not crack_mode: exit(0)

    #Instantiate workers
    m = multiprocessing.Manager()
    login_q = m.Queue()
    done_q = m.Queue()
    len_q = m.Queue()
    struck_gold = multiprocessing.Event()
    kill_flag = multiprocessing.Event()
    start_time = time()

    for i in range(args.threads):
        t = multiprocessing.Process(target=guesser, args=(args.host,\
               args.domain, args.port, login_q, args.timeout, kill_flag, \
               struck_gold, done_q))
        t.start()

    #Now we have mode, carry out attack in whatever way specified
    if crack_mode == 'double':
        double_mode = double_crack if not args.spray else spray
        #double_crack(args.login_list, args.password_list, login_q, len_q)
        t = multiprocessing.Process(target=double_mode,
                                    args=(
                                        args.login_list,
                                        args.password_list,
                                        login_q,
                                        len_q,
                                    ))
    elif crack_mode == 'user':
        #single_crack(args.login_list, args.password, False, login_q, len_q)
        t = multiprocessing.Process(target=single_crack,
                                    args=(
                                        args.login_list,
                                        args.password,
                                        False,
                                        login_q,
                                        len_q,
                                    ))
    elif crack_mode == 'password':
        #single_crack(args.password_list, args.login, True, login_q, len_q)
        t = multiprocessing.Process(target=single_crack,
                                    args=(
                                        args.password_list,
                                        args.login,
                                        True,
                                        login_q,
                                        len_q,
                                    ))
    else:
        bc.err("Brute force mode invalid - {}. Exiting.".format(crack_mode))
        kill_flag.set()
        sleep(0.5)
        exit(0)

    bc.info("Workers initialised. Calculating effort required.")
    #Start the bruteforce thread, reading passwords into the worker queue
    t.start()

    #When available get the number of guesses
    n_guesses = len_q.get()
    #bc.info("guesses total : {}".format(n_guesses))
    last_progress = 0.0

    with progressbar.ProgressBar(max_value=n_guesses) as bar:
        while True:
            try:
                done = done_q.qsize()
            except Exception as e:
                bc.warn("Error when checking progress : {}".format(e))
                bc.info("Continuing")
            progress = round((done / n_guesses) * 100, 0)
            if struck_gold.is_set() and not args.cont:
                kill_flag.set()
                bc.info("Creds found, continue flag not set. Finishing.")
                break
            elif progress >= 100.0 and login_q.empty():
                kill_flag.set()
                sleep(1)
                print()
                bc.info("Brute complete. Shutting down...")
                break
            else:
                #Just waiting for a mate
                bar.update(done)
                sleep(1)

    #Gracefully kill everything
    for p in multiprocessing.active_children():
        p.join(0.5)
Пример #13
0
def main():

    #Setup initial variables
    args = get_args()

    #HTML Request Variables

    #Request data
    fmt_str = "{}={}&{}={}".format(args.user_param, "{}", args.pass_param, "{}")
    if args.extra_param:
        for a in args.extra_param:
            fmt_str = fmt_str + "&{}".format(a[0])
    #Headers
    hdr = {
            "User-Agent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246",
            "Accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
            "Accept-Language" : "en-US,en;q=0.5",
            "Accept-Encoding" : "gzip, deflate",
            "Referer" : args.url,
            "Content-Type" : "application/x-www-form-urlencoded",
            "Connection" : "close",
            }

    #Get crack mode
    crack_mode = get_crack_mode(args.login_list, \
        args.password_list, args.login, args.password)

        #If there's a bad file provided or some other error in crack_mode derivation
    if not crack_mode : exit(0)

    #Instantiate workers
    m = multiprocessing.Manager()
    login_q = m.Queue()
    done_q = m.Queue()
    len_q = m.Queue()
    struck_gold = multiprocessing.Event()
    kill_flag = multiprocessing.Event()
    start_time = time()

    for i in range(args.threads):
         t = multiprocessing.Process(target=guesser, args=(args.url, fmt_str, hdr, \
            login_q, args.success_match, args.success_exclude, \
            kill_flag, struck_gold, done_q))
         t.start()

    #Now we have mode, carry out attack in whatever way specified
    if crack_mode == 'double':
        #double_crack(args.login_list, args.password_list, login_q, len_q)
        t = multiprocessing.Process(target=double_crack, args=(
            args.login_list, args.password_list, login_q, len_q, ))
    elif crack_mode == 'user':
        #single_crack(args.login_list, args.password, False, login_q, len_q)
        t = multiprocessing.Process(target=single_crack, args=(
            args.login_list, args.password, False, login_q, len_q, ))
    elif crack_mode == 'password':
        #single_crack(args.password_list, args.login, True, login_q, len_q)
        t = multiprocessing.Process(target=single_crack, args=(
            args.password_list, args.login, True, login_q, len_q, ))
    else:
        bc.err("Brute force mode invalid - {}. Exiting.".format(crack_mode))
        kill_flag.set()
        sleep(0.5)
        exit(0)

    bc.info("Workers initialised. Calculating effort required.")
    #Start the bruteforce thread, reading passwords into the worker queue
    t.start()

    #When available get the number of guesses
    n_guesses = len_q.get()
    #bc.info("guesses total : {}".format(n_guesses))
    last_progress = 0.0

    with progressbar.ProgressBar(max_value= n_guesses) as bar:
        while True:
            try:
                done = done_q.qsize()
            except Exception as e:
                bc.warn("Error when checking progress : {}".format(e))
                bc.info("Continuing")
            progress = round( (done / n_guesses ) * 100 , 0)
            if struck_gold.is_set() and not args.cont:
                kill_flag.set()
                bc.info("Creds found, continue flag not set. Finishing.")
                break
            elif progress >= 100.0 and login_q.empty():
                kill_flag.set()
                sleep(1)
                print()
                bc.info("Brute complete. Shutting down...")
                break
            else:
                #Just waiting for a mate
                bar.update(done)
                sleep(1)

    #Gracefully kill everything
    for p in multiprocessing.active_children():
        p.join(0.5)