gitea-mirror/hate_crack
1
0
Fork 0
mirror of https://github.com/trustedsec/hate_crack.git synced 2025-12-12 07:40:27 -08:00
Code Issues Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Justin Bollinger
2018-01-26 13:14:00 -05:00
parent ce3dbf1e2d
commit 65ed6604e4
9 changed files with 780 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.gitmodules vendored Normal file
View File

@@ -0,0 +1,12 @@
[submodule "PACK"]
path = PACK
url = https://github.com/iphelix/pack.git
[submodule "hashcat-utils"]
path = hashcat-utils
url = https://github.com/hashcat/hashcat-utils.git
[submodule "princeprocessor"]
path = princeprocessor
url = https://github.com/hashcat/princeprocessor.git
[submodule "pack"]
path = pack
url = https://github.com/iphelix/pack.git

11
config.ini Normal file
View File

@@ -0,0 +1,11 @@
[Default Paths]
hcatPath=/Passwords/hashcat
hcatBin=hashcat
hcatTuning=--force
hcatWordlists=/Passwords/wordlists
hcatOptimizedWordlists=/Passwords/optimized_wordlists
# Change extension to .bin for Linux and .app for OSX
hcatExpanderBin=expander.app
hcatCombinatorBin=combinator.app
hcatPrinceBin=pp64.app

1
hashcat-utils Submodule

Submodule hashcat-utils added at 4cdb116022

424
hate_crack.py Executable file
View File

@@ -0,0 +1,424 @@
#!/usr/bin/env python
# Methodology provided by Martin Bos (pure_hate)
# Original script provided by Larry Spohn (spoonman)
import subprocess
import sys
import os
import signal
import time
import ConfigParser
import random
import re
hate_path = os.path.dirname(os.path.realpath(__file__))
hcatConfig = ConfigParser.ConfigParser()
hcatConfig.readfp(open(hate_path + '/config.ini'))
hcatPath = hcatConfig.get('Default Paths', 'hcatPath')
hcatBin = hcatConfig.get('Default Paths', 'hcatBin')
hcatTuning = hcatConfig.get('Default Paths', 'hcatTuning')
hcatWordlists = hcatConfig.get('Default Paths', 'hcatWordlists')
hcatOptimizedWordlists = hcatConfig.get('Default Paths', 'hcatOptimizedWordlists')
hcatExpanderBin = hcatConfig.get('Default Paths', 'hcatExpanderBin')
hcatCombinatorBin = hcatConfig.get('Default Paths', 'hcatCombinatorBin')
hcatPrinceBin = hcatConfig.get('Default Paths', 'hcatPrinceBin')
hcatHashCount = 0
hcatHashCracked = 0
hcatBruteCount = 0
hcatDictionaryCount = 0
hcatMaskCount = 0
hcatFingerprintCount = 0
hcatCombinationCount = 0
hcatHybridCount = 0
hcatExtraCount = 0
hcatRecycleCount = 0
hcatProcess = 0
# Help
def usage():
print "usage: python hate_crack.py <hash_file> <hash_type>"
print "\nThe <hash_type> is attained by running \"%s/%s --help\"\n" % (hcatPath, hcatBin)
print "Example Hashes: http://hashcat.net/wiki/doku.php?id=example_hashes\n"
def ascii_art():
print r"""
___ ___ __ _________ __
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
\/ \/ \/_____/ \/ \/ \/ \/
Public Release
Version 1.00
"""
# Counts the number of lines in a file
def lineCount(file):
try:
outFile = open(file)
except:
return 0
count = 0
for line in outFile:
count = count + 1
return count
# Brute Force Attack
def hcatBruteForce(hcatHashType, hcatHashFile, hcatMinLen, hcatMaxLen):
global hcatBruteCount
global hcatProcess
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out --increment --increment-min=%s --increment-max=%s -a 3 ?a?a?a?a?a?a?a?a?a?a?a?a?a?a %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatMinLen, hcatMaxLen, hcatTuning, hate_path), shell=True).wait()
hcatBruteCount = lineCount(hcatHashFile + ".out")
# Dictionary Attack
def hcatDictionary(hcatHashType, hcatHashFile):
global hcatDictionaryCount
global hcatProcess
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out %s/* -r %s/rules/best64.rule %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatOptimizedWordlists, hcatPath, hcatTuning, hate_path), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out %s/rockyou.txt -r %s/rules/d3ad0ne.rule %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatPath, hcatTuning, hate_path), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out %s/rockyou.txt -r %s/rules/T0XlC.rule %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatPath, hcatTuning, hate_path), shell=True).wait()
hcatDictionaryCount = lineCount(hcatHashFile + ".out") - hcatBruteCount
# Quick Dictionary Attack (Optional Chained Rules)
def hcatQuickDictionary(hcatHashType, hcatHashFile, hcatChains):
global hcatProcess
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out %s/* %s %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatOptimizedWordlists, hcatChains, hcatTuning, hate_path), shell=True).wait()
# Top Mask Attack
def hcatTopMask(hcatHashType, hcatHashFile, hcatTargetTime):
global hcatMaskCount
global hcatProcess
hcatProcess = subprocess.Popen("cat %s.out | cut -d : -f 2 > %s.working" % (hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/PACK/statsgen.py %s.working -o %s.masks" % (hate_path, hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/PACK/maskgen.py %s.masks --targettime %s --optindex -q --pps 14000000000 --minlength=7 -o %s.hcmask" % (hate_path, hcatHashFile, hcatTargetTime, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 3 %s.hcmask %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatHashFile, hcatTuning, hate_path), shell=True).wait()
hcatMaskCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
# Fingerprint Attack
def hcatFingerprint(hcatHashType, hcatHashFile):
global hcatFingerprintCount
global hcatProcess
crackedBefore = lineCount(hcatHashFile + ".out")
crackedAfter = 0
while (crackedBefore != crackedAfter):
crackedBefore = lineCount(hcatHashFile + ".out")
hcatProcess = subprocess.Popen("cat %s.out | cut -d : -f 2 > %s.working" % (hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/hashcat-utils/bin/%s < %s.working | sort -u > %s.expanded" % (hate_path, hcatExpanderBin, hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 1 %s.expanded %s.expanded %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatHashFile, hcatHashFile, hcatTuning, hate_path), shell=True).wait()
crackedAfter = lineCount(hcatHashFile + ".out")
hcatFingerprintCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
# Combinator Attack
def hcatCombination(hcatHashType, hcatHashFile):
global hcatCombinationCount
global hcatProcess
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 1 %s/rockyou.txt %s/rockyou.txt %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatWordlists, hcatTuning, hate_path), shell=True).wait()
hcatCombinationCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
# Hybrid Attack
def hcatHybrid(hcatHashType, hcatHashFile):
global hcatHybridCount
global hcatProcess
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 6 -1 ?s?d %s/rockyou.txt ?1?1 %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatTuning, hate_path), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 6 -1 ?s?d %s/rockyou.txt ?1?1?1 %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatTuning, hate_path), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 6 -1 ?s?d %s/rockyou.txt ?1?1?1?1 %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatTuning, hate_path), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 7 -1 ?s?d ?1?1 %s/rockyou.txt %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatTuning, hate_path), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 7 -1 ?s?d ?1?1?1 %s/rockyou.txt %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatTuning, hate_path), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 7 -1 ?s?d ?1?1?1?1 %s/rockyou.txt %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatWordlists, hcatTuning, hate_path), shell=True).wait()
hcatHybridCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
# YOLO Combination Attack
def hcatYoloCombination(hcatHashType, hcatHashFile):
global hcatProcess
while(1):
hcatLeft = random.choice(os.listdir(hcatOptimizedWordlists))
hcatRight = random.choice(os.listdir(hcatOptimizedWordlists))
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 1 %s/%s %s/%s %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatOptimizedWordlists, hcatLeft, hcatOptimizedWordlists, hcatRight, hcatTuning, hate_path), shell=True).wait()
# Pathwell Mask Brute Force Attack
def hcatPathwellBruteForce(hcatHashType, hcatHashFile):
global hcatProcess
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -a 3 %s/masks/pathwell.hcmask %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hate_path, hcatTuning, hate_path), shell=True).wait()
# PRINCE Attack
def hcatPrince(hcatHashType, hcatHashFile):
global hcatProcess
hcatHashCracked = lineCount(hcatHashFile + ".out")
hcatProcess = subprocess.Popen("%s/princeprocessor/%s --case-permute --elem-cnt-min=1 --elem-cnt-max=16 -c < %s/rockyou.txt |%s/%s -m %s %s --remove -o %s.out -r %s/princeprocessor/rules/prince_optimized.rule %s --potfile-path=%s/hashcat.pot" % (hate_path, hcatPrinceBin, hcatWordlists, hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hate_path, hcatTuning, hate_path), shell=True).wait()
# Extra - Good Measure
def hcatGoodMeasure(hcatHashType, hcatHashFile):
global hcatExtraCount
global hcatProcess
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out -r %s/rules/combinator.rule -r %s/rules/InsidePro-PasswordsPro.rule %s/rockyou.txt %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatPath, hcatPath, hcatWordlists, hcatTuning, hate_path), shell=True).wait()
hcatExtraCount = lineCount(hcatHashFile + ".out") - hcatHashCracked
# LanMan to NT Attack
def hcatLMtoNT():
global hcatProcess
hcatProcess = subprocess.Popen("%s/%s --show --potfile-path=%s/hashcat.pot -m 3000 %s.lm >%s.lm.cracked" % (hcatPath, hcatBin, hate_path, hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m 3000 %s.lm --remove -o %s.lm.cracked -1 ?u?d?s --increment -a 3 ?1?1?1?1?1?1?1 %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashFile, hcatHashFile, hcatTuning, hate_path), shell=True).wait()
hcatProcess = subprocess.Popen("cat %s.lm.cracked | cut -d : -f 2 > %s.working" % (hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/hashcat-utils/bin/%s %s.working %s.working | sort -u > %s.combined" % (hate_path, hcatCombinatorBin, hcatHashFile, hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s --show --potfile-path=%s/hashcat.pot -m 1000 %s.nt >%s.nt.out" % (hcatPath, hcatBin, hate_path, hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m 1000 %s.nt --remove -o %s.nt.out %s.combined -r %s/rules/toggles-lm-ntlm.rule %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashFile, hcatHashFile, hcatHashFile, hate_path, hcatTuning, hate_path), shell=True).wait()
#toggle-lm-ntlm.rule by Didier Stevens https://blog.didierstevens.com/2016/07/16/tool-to-generate-hashcat-toggle-rules/
# Recycle Cracked Passwords
def hcatRecycle(hcatHashType, hcatHashFile, hcatNewPasswords):
global hcatProcess
if (hcatNewPasswords > 0):
hcatProcess = subprocess.Popen("cat %s.out | cut -d : -f 2 > %s.working" % (hcatHashFile, hcatHashFile), shell=True).wait()
hcatProcess = subprocess.Popen("%s/%s -m %s %s --remove -o %s.out %s.working -r %s/rules/d3ad0ne.rule %s --potfile-path=%s/hashcat.pot" % (hcatPath, hcatBin, hcatHashType, hcatHashFile, hcatHashFile, hcatHashFile, hcatPath, hcatTuning, hate_path), shell=True).wait()
# Cleanup Temp Files
def cleanup():
if hcatHashType == "1000":
print "\nComparing cracked hashes to original file..."
hcatCombinedHashes = open(hcatHashFileOrig + ".out", "w+")
with open(hcatHashFile + ".out", "r") as hcatCrackedFile:
for crackedLine in hcatCrackedFile:
with open(hcatHashFileOrig, "r") as hcatOrigFile:
for origLine in hcatOrigFile:
if crackedLine.split(":")[0] == origLine.split(":")[3]:
hcatCombinedHashes.write(origLine.strip() + crackedLine.split(":")[1])
hcatCombinedHashes.close()
hcatCrackedFile.close()
hcatOrigFile.close()
print "\nCracked passwords combined with original hashes in %s." % (hcatHashFileOrig + ".out")
print '\nCleaning up temporary files...'
if os.path.exists(hcatHashFile + ".masks"):
os.remove(hcatHashFile + ".masks")
if os.path.exists(hcatHashFile + ".working"):
os.remove(hcatHashFile + ".working")
if os.path.exists(hcatHashFile + ".expanded"):
os.remove(hcatHashFile + ".expanded")
if os.path.exists(hcatHashFileOrig + ".combined"):
os.remove(hcatHashFileOrig + ".combined")
if os.path.exists(hcatHashFileOrig + ".lm"):
os.remove(hcatHashFileOrig + ".lm")
if os.path.exists(hcatHashFileOrig + ".lm.cracked"):
os.remove(hcatHashFileOrig + ".lm.cracked")
if os.path.exists(hcatHashFileOrig + ".working"):
os.remove(hcatHashFileOrig + ".working")
# CTRL-C Function
def signal_handler(signal, frame):
global hcatHashFile
global hcatBin
global hcatProcess
print "Killing %s..." % hcatBin
processGroup = os.getpgid(hcatProcess)
hcatProcess = subprocess.Popen("kill -%d" % (processGroup), shell=True).wait()
time.sleep(5)
# Quick Dictionary Attack with Optional Chained Best64 Rules
def quick_crack():
hcatChainsInput = int(raw_input("\nHow many times would you like to chain the best64.rule? (1): ") or 1)
hcatChains = "-r %s/rules/best64.rule " % hcatPath
if hcatChainsInput > 1:
for n in range (1, hcatChainsInput):
hcatChains += "-r %s/rules/best64.rule " % hcatPath
hcatQuickDictionary(hcatHashType, hcatHashFile, hcatChains)
# Extensive Pure_Hate Methodology
def extensive_crack():
# Brute Force Attack
hcatBruteForce(hcatHashType, hcatHashFile, "1", "7")
# Recycle Cracked Passwords
hcatRecycle(hcatHashType, hcatHashFile, hcatBruteCount)
# Dictionary Attack
hcatDictionary(hcatHashType, hcatHashFile)
# Recycle Cracked Passwords
hcatRecycle(hcatHashType, hcatHashFile, hcatDictionaryCount)
# Top Mask Attack
hcatTargetTime = 4 * 60 * 60 # 4 Hours
hcatTopMask(hcatHashType, hcatHashFile, hcatTargetTime)
# Recycle Cracked Passwords
hcatRecycle(hcatHashType, hcatHashFile, hcatMaskCount)
# Fingerprint Attack
hcatFingerprint(hcatHashType, hcatHashFile)
# Recycle Cracked Passwords
hcatRecycle(hcatHashType, hcatHashFile, hcatFingerprintCount)
# Combination Attack
hcatCombination(hcatHashType, hcatHashFile)
# Recycle Cracked Passwords
hcatRecycle(hcatHashType, hcatHashFile, hcatCombinationCount)
# Hybrid Attack
hcatHybrid(hcatHashType, hcatHashFile)
# Recycle Cracked Passwords
hcatRecycle(hcatHashType, hcatHashFile, hcatHybridCount)
# Extra - Just For Good Measure
hcatGoodMeasure(hcatHashType, hcatHashFile)
# Recycle Cracked Passwords
hcatRecycle(hcatHashType, hcatHashFile, hcatExtraCount)
# Brute Force
def brute_force_crack():
hcatMinLen = int(raw_input("\nEnter the minimum password length to brute force (1): ") or 1)
hcatMaxLen = int(raw_input("\nEnter the maximum password length to brute force (7): ") or 7)
hcatBruteForce(hcatHashType, hcatHashFile, hcatMinLen, hcatMaxLen)
# Top Mask
def top_mask_crack():
hcatTargetTime = int(raw_input("\nEnter a target time for completion in hours (4): ") or 4)
hcatTargetTime = hcatTargetTime * 60 * 60
hcatTopMask(hcatHashType, hcatHashFile, hcatTargetTime)
# Fingerprint
def fingerprint_crack():
hcatFingerprint(hcatHashType, hcatHashFile)
# Combinator
def combinator_crack():
hcatCombination(hcatHashType, hcatHashFile)
# Hybrid
def hybrid_crack():
hcatHybrid(hcatHashType, hcatHashFile)
# Pathwell Top 100 Bruteforce Mask
def pathwell_crack():
# Bruteforce Mask Attack
hcatPathwellBruteForce(hcatHashType, hcatHashFile)
# PRINCE Attack
def prince_attack():
hcatPrince(hcatHashType, hcatHashFile)
# YOLO Combination
def yolo_combination():
hcatYoloCombination(hcatHashType, hcatHashFile)
# Display Cracked Hashes
def show_results():
if os.path.isfile(hcatHashFile + ".out"):
hcatOutput = file(hcatHashFile + ".out")
print
for hash in hcatOutput:
print hash.strip()
else:
print "No hashes were cracked :("
# Show README
def show_readme():
hcatReadme = file(hate_path + "/readme.md")
print hcatReadme.read()
# Exit Program
def quit():
cleanup()
sys.exit(0)
# The Main Guts
def main():
global hcatHashFile
global hcatHashType
global hcatHashFileOrig
global lmHashesFound
hcatHashFileOrig = ""
try:
hcatHashFile = sys.argv[1]
hcatHashType = sys.argv[2]
except IndexError:
usage()
sys.exit()
ascii_art()
# Catch CTRL-C
signal.signal(signal.SIGINT, signal_handler)
# Get Initial Input Hash Count
hcatHashCount = lineCount(hcatHashFile)
# If LM or NT Mode Selected and pwdump Format Detected, Prompt For LM to NT Attack
if hcatHashType == "1000":
lmHashesFound = False
hcatHashFileLine = open(hcatHashFile, "r").readline()
if re.search(r"[a-z0-9]{32}:[a-z0-9]{32}:::$", hcatHashFileLine):
print "PWDUMP format detected..."
print "Parsing NT hashes..."
hcatProcess = subprocess.Popen("cat %s | cut -d : -f 4 |sort -u > %s.nt" % (hcatHashFile, hcatHashFile), shell=True).wait()
print "Parsing LM hashes..."
hcatProcess = subprocess.Popen("cat %s | cut -d : -f 3 |sort -u > %s.lm" % (hcatHashFile, hcatHashFile), shell=True).wait()
if ((lineCount(hcatHashFile + ".lm") == 1) and (hcatHashFileLine.split(":")[2] != "aad3b435b51404eeaad3b435b51404ee")) or (lineCount(hcatHashFile + ".lm") > 1):
lmHashesFound = True
lmChoice = raw_input("LM hashes identified. Would you like to brute force the LM hashes first? (Y) ") or "Y"
if (lmChoice == "y" or lmChoice == "Y"):
hcatLMtoNT()
hcatHashFileOrig = hcatHashFile
hcatHashFile = hcatHashFile + ".nt"
# Check POT File for Already Cracked Hashes
if not os.path.isfile(hcatHashFile + ".out"):
hcatOutput = open(hcatHashFile + ".out", "w+")
hcatOutput.close()
print "Checking POT file for already cracked hashes..."
hcatProcess = subprocess.Popen("%s/%s --show --potfile-path=%s/hashcat.pot -m %s %s >%s.out" % (hcatPath, hcatBin, hate_path, hcatHashType, hcatHashFile, hcatHashFile), shell=True).wait()
hcatHashCracked = lineCount(hcatHashFile + ".out")
if hcatHashCracked > 0:
print "Found %d hashes already cracked.\nCopied hashes to %s.out" % (hcatHashCracked, hcatHashFile)
else:
print "No hashes found in POT file."
# Display Options
while(1):
print "\n\t(1) Quick Crack"
print "\t(2) Extensive Pure_Hate Methodology Crack"
print "\t(3) Brute Force Attack"
print "\t(4) Top Mask Attack"
print "\t(5) Fingerprint Attack"
print "\t(6) Combinator Attack"
print "\t(7) Hybrid Attack"
print "\t(8) Pathwell Top 100 Mask Brute Force Crack"
print "\t(9) PRINCE Attack"
print "\t(10) YOLO Combinator Attack"
print "\n\t(97) Display Cracked Hashes"
print "\t(98) Display README"
print "\t(99) Quit"
options = {1:quick_crack,
2:extensive_crack,
3:brute_force_crack,
4:top_mask_crack,
5:fingerprint_crack,
6:combinator_crack,
7:hybrid_crack,
8:pathwell_crack,
9:prince_attack,
10:yolo_combination,
97:show_results,
98:show_readme,
99:quit
}
try:
task = input("\nSelect a task: ")
options[task]()
except:
quit()
# Boilerplate
if __name__ == '__main__':
main()

100
masks/pathwell.hcmask Normal file
View File

@@ -0,0 +1,100 @@
?u?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?d?d
?u?l?l?l?d?d?d?d
?l?l?l?l?l?l?l?d
?u?l?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?d
?u?l?l?l?l?l?d?d?d?d
?u?l?l?l?l?d?d?d?d
?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?l?d
?u?l?l?l?l?d?d?d
?u?l?l?d?d?d?d?s
?l?l?l?l?l?l?l?l
?u?l?l?l?l?l?d?d?d
?l?l?l?l?l?l?l?d?d
?l?l?s?d?d?l?d?d?l
?l?l?l?l?l?l?l?l?d
?u?l?l?l?l?l?d?d?s
?u?l?l?l?l?l?l?d?d?d?d
?u?l?l?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?d?s
?u?l?l?l?l?l?l?l?l?d
?u?l?l?l?l?l?d?d?d?d?s
?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?d?d?d
?l?l?l?l?l?d?d?d
?u?l?l?l?d?d?d?d?s
?u?l?l?l?l?l?l?l?d?d?d?d
?u?l?l?l?l?l?s?d?d
?u?u?u?u?u?u?d?l
?l?l?l?l?d?d?d?d
?d?d?u?l?l?l?l?l?l?l
?u?l?l?s?d?d?d?d
?u?l?l?l?l?d?d?s
?u?l?l?l?l?l?l?d?s
?d?d?u?l?l?l?l?l?l
?l?l?l?l?s?d?d?d
?l?l?l?l?l?l?l?l?l?d
?l?l?l?l?l?d?d?d?d
?l?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?d?d?d
?u?l?l?l?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?l?l?l?d
?d?d?d?d?d?d?u?l
?u?l?l?l?l?l?l?l?d?d?d
?u?l?l?l?l?l?l?d?d?s
?u?u?u?u?u?u?d?s
?u?u?d?l?l?l?d?d?d?u
?u?l?l?l?l?s?d?d
?u?l?l?l?l?l?s?d
?l?l?l?s?d?d?d?d
?l?l?l?l?l?l?d?d?d?d
?u?l?l?l?l?l?l?l?d?d?s
?d?d?u?l?l?l?l?l
?u?l?l?l?l?l?l?l?d?s
?u?l?l?l?l?d?d?d?s
?u?l?l?l?l?d?d?d?d?s
?u?l?l?l?s?d?d?d?d
?u?l?l?l?l?s?d?d?d
?u?l?l?l?l?l?l?d?d?d?d?s
?u?l?l?l?d?d?d?s
?l?l?l?l?s?d?d?d?d
?l?l?l?l?l?l?s?d?d
?l?l?l?l?l?l?d?d?s
?d?d?d?d?u?l?l?l
?d?d?d?d?d?d?d?d
?u?l?l?l?l?l?l?s?d
?u?l?d?d?d?d?d?d
?l?l?l?l?l?l?s?d
?u?d?l?l?l?l?l?l?l?d
?l?l?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l?l?d
?l?l?l?l?l?d?d?s
?l?l?l?l?d?d?d?s
?u?l?l?l?l?l?l?l?l?d?d?d?d
?u?u?u?u?u?u?u?u
?u?l?l?l?s?d?d?d
?u?l?l?l?l?l?l?s?d?d
?u?l?l?l?l?l?d?d?d?s
?l?l?l?l?l?s?d?d
?u?l?l?l?l?s?d?d?d?d
?u?l?l?l?d?d?d?d?d
?u?l?l?d?d?d?d?d?d
?u?l?l?d?d?d?d?d
?l?l?l?l?l?l?l?l?l?d?d
?l?l?l?l?l?l?l?d?d?s
?l?l?l?l?l?l?l?d?d?d
?l?l?l?l?l?l?d?s
?l?l?l?d?d?d?d?s
?u?u?u?l?l?l?d?d?d?d
?u?l?l?l?l?l?s?d?d?d
?u?l?l?l?l?l?l?l?s?d
?l?l?l?l?l?l?l?l?s?d
?l?l?l?l?l?l?l?d?d?d?d
?u?l?l?l?l?l?s?d?d?d?d
?l?l?l?l?l?l?l?d?s
?l?l?l?l?d?d?d?d?s
?d?d?d?d?u?l?l?l?l
?u?u?d?l?l?l?d?d?d?d

1
pack Submodule

Submodule pack added at 5311d5cbb1

1
princeprocessor Submodule

Submodule princeprocessor added at f0c101d81b

160
readme.md Normal file
View File

@@ -0,0 +1,160 @@
```
___ ___ __ _________ __
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
\/ \/ \/_____/ \/ \/ \/ \/
```
Installation
-------------------------------------------------
Get the latest hashcat binaries (https://hashcat.net/hashcat/)
OSX Install (https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/)
```git clone https://github.com/hashcat/hashcat.git
mkdir -p hashcat/deps
git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL
cd hashcat/
make
make install
```
-------------------------------------------------
* Customize binary and wordlist paths in "config.ini"
* Make sure that at least "rockyou.txt" is within your "wordlists" path
Usage
-------------------------------------------------
`$ ./hate_crack.py
usage: python hate_crack.py <hash_file> <hash_type>`
The <hash_type> is attained by running `hashcat --help`
Example Hashes: http://hashcat.net/wiki/doku.php?id=example_hashes
```
$ hashcat --help |grep -i ntlm
5500 | NetNTLMv1 | Network protocols
5500 | NetNTLMv1 + ESS | Network protocols
5600 | NetNTLMv2 | Network protocols
1000 | NTLM | Operating-Systems
```
```
$ ./hate_crack.py <hash file> 1000
___ ___ __ _________ __
/ | \_____ _/ |_ ____ \_ ___ \____________ ____ | | __
/ ~ \__ \\ __\/ __ \ / \ \/\_ __ \__ \ _/ ___\| |/ /
\ Y // __ \| | \ ___/ \ \____| | \// __ \\ \___| <
\___|_ /(____ /__| \___ >____\______ /|__| (____ /\___ >__|_ \
\/ \/ \/_____/ \/ \/ \/ \/
Public Release
Version 1.00
(1) Quick Crack
(2) Extensive Pure_Hate Methodology Crack
(3) Brute Force Attack
(4) Top Mask Attack
(5) Fingerprint Attack
(6) Combinator Attack
(7) Hybrid Attack
(8) Pathwell Top 100 Mask Brute Force Crack
(9) PRINCE Attack
(10) YOLO Combinator Attack
(97) Display Cracked Hashes
(98) Display README
(99) Quit
Select a task:
```
-------------------------------------------------
####Quick Crack
* Runs a dictionary attack using all wordlists configured in your "hcatOptimizedWordlists" path
and applies the "best64.rule", with the option of chaining the "best64.rule".
####Extensive Pure_Hate Methodology Crack
* Runs several attack methods provided by Martin Bos (formerly known as pure_hate)
####Brute Force Attack (7 characters)
####Dictionary Attack
* All wordlists in "hcatOptimizedWordlists" with "best64.rule"
* wordlists/rockyou.txt with "d3ad0ne.rule"
* wordlists/rockyou.txt with "T0XlC.rule"
####Top Mask Attack (Target Time = 4 Hours)
####Fingerprint Attack
####Combinator Attack
####Hybrid Attack
Extra - Just For Good Measure
-------------------------------------------------
Runs a dictionary attack using wordlists/rockyou.txt with chained "combinator.rule" and "InsidePro-PasswordsPro.rule" rules
-------------------------------------------------
####Brute Force Attack
Brute forces all characters with the choice of a minimum and maximum password length.
-------------------------------------------------
####Top Mask Attack
Runs a top mask attack using passwords already cracked for the current session.
Presents the user a choice of target cracking time to spend (default 4 hours).
-------------------------------------------------
####Fingerprint Attack
https://hashcat.net/wiki/doku.php?id=fingerprint_attack
Runs a fingerprint attack using passwords already cracked for the current session.
-------------------------------------------------
####Combinator Attack
https://hashcat.net/wiki/doku.php?id=combinator_attack
Runs a combinator attack using the "rockyou.txt" wordlist.
-------------------------------------------------
####Hybrid Attack
https://hashcat.net/wiki/doku.php?id=hybrid_attack
* Runs several hybrid attacks using the "rockyou.txt" wordlists.
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1
- Hybrid Wordlist + Mask - ?s?d wordlists/rockyou.txt ?1?1?1?1
- Hybrid Mask + Wordlist - ?s?d ?1?1 wordlists/rockyou.txt
- Hybrid Mask + Wordlist - ?s?d ?1?1?1 wordlists/rockyou.txt
- Hybrid Mask + Wordlist - ?s?d ?1?1?1?1 wordlists/rockyou.txt
-------------------------------------------------
####Pathwell Top 100 Mask Brute Force Crack
Runs a brute force attack using the top 100 masks from KoreLogic:
https://blog.korelogic.com/blog/2014/04/04/pathwell_topologies
-------------------------------------------------
####PRINCE Attack
https://hashcat.net/events/p14-trondheim/prince-attack.pdf
Runs a PRINCE attack using wordlists/rockyou.txt
-------------------------------------------------
####YOLO Combinator Attack
Runs a continuous combinator attack using random wordlists from the
optimized wordlists for the left and right sides.
-------------------------------------------------
####Add-on Tools
wordlist_optimizer.py - parses all wordlists from `<input file list>`, sorts
them by length and de-duplicates into `<output directory>`
```$ python wordlist_optimizer.py
usage: python wordlist_optimizer.py <input file list> <output directory>
$ python wordlist_optimizer.py wordlists.txt ../optimized_wordlists
```
###Version History
Version 1.00
Initial public release

70
wordlist_optimizer.py Executable file
View File

@@ -0,0 +1,70 @@
#!/usr/bin/env python
import sys
import os
import subprocess
import shutil
splitlen_bin = "hashcat-utils/bin/splitlen.app"
rli_bin = "hashcat-utils/bin/rli.app"
# Help
def usage():
print "usage: python %s <input file list> <output directory>" % sys.argv[0]
def lineCount(file):
try:
outFile = open(file)
except:
return 0
count = 0
for line in outFile:
count = count + 1
return count
# Main guts
def main():
try:
input_list = open(sys.argv[1], "r")
destination = sys.argv[2]
except IndexError:
usage()
sys.exit()
# Get list of wordlists from <input file list> argument
for wordlist in input_list:
print wordlist.strip()
# Parse wordlists by password length into "optimized" <output directory>
if len(os.listdir(destination)) == 0:
splitlenProcess = subprocess.Popen("%s %s < %s" % (splitlen_bin, destination, wordlist), shell=True).wait()
else:
if not os.path.isdir("/tmp/splitlen"):
os.mkdir("/tmp/splitlen")
splitlenProcess = subprocess.Popen("%s /tmp/splitlen < %s" % (splitlen_bin, wordlist), shell=True).wait()
# Copy unique passwords into "optimized" <output directory>
for file in os.listdir("/tmp/splitlen"):
if not os.path.isfile(destination + "/" + file):
shutil.copyfile(file, destination)
else:
rliProcess = subprocess.Popen("%s /tmp/splitlen/%s /tmp/splitlen.out %s/%s" % (rli_bin, file, destination, file), shell=True).wait()
if lineCount("/tmp/splitlen.out") > 0:
destination_file = open(destination + "/" + file, "a")
splitlen_file = open("/tmp/splitlen.out", "r")
destination_file.write(splitlen_file.read())
destination_file.close()
splitlen_file.close()
# Clean Up
if os.path.isdir("/tmp/splitlen"):
shutil.rmtree('/tmp/splitlen')
if os.path.isfile("/tmp/splitlen.out"):
os.remove("/tmp/splitlen.out")
# Standard boilerplate to call the main() function
if __name__ == '__main__':
main()