metasploit-framework/modules/auxiliary/analyze/jtr_mysql_fast.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


require 'msf/core'
require 'msf/core/auxiliary/jtr'

class Metasploit3 < Msf::Auxiliary

  include Msf::Auxiliary::JohnTheRipper

  def initialize
    super(
      'Name'          => 'John the Ripper MySQL Password Cracker (Fast Mode)',
      'Description'   => %Q{
          This module uses John the Ripper to identify weak passwords that have been
        acquired from the mysql_hashdump module. Passwords that have been successfully
        cracked are then saved as proper credentials
      },
      'Author'         =>
        [
          'theLightCosine',
          'hdm'
        ] ,
      'License'        => MSF_LICENSE  # JtR itself is GPLv2, but this wrapper is MSF (BSD)
    )
  end

  def run
    cracker = new_john_cracker

    #generate our wordlist and close the file handle
    wordlist = wordlist_file
    wordlist.close
    print_status "Wordlist file written out to #{wordlist.path}"
    cracker.wordlist = wordlist.path
    cracker.hash_path = hash_file

    ['mysql','mysql-sha1'].each do |format|
      cracker_instance = cracker.dup
      cracker_instance.format = format
      print_status "Cracking #{format} hashes in normal wordlist mode..."
      cracker_instance.crack do |line|
        print_status line.chomp
      end

      print_status "Cracking #{format} hashes in single mode..."
      cracker_instance.rules = 'single'
      cracker_instance.crack do |line|
        print_status line.chomp
      end

      print_status "Cracking #{format} hashes in incremental mode (Digits)..."
      cracker_instance.incremental = 'Digits'
      cracker_instance.crack do |line|
        print_status line.chomp
      end

      print_status "Cracked Passwords this run:"
      cracker_instance.each_cracked_password do |password_line|
        password_line.chomp!
        next if password_line.blank?
        fields = password_line.split(":")
        # If we don't have an expected minimum number of fields, this is probably not a hash line
        next unless fields.count >=3
        username = fields.shift
        core_id  = fields.pop
        password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
        print_good password_line
        create_cracked_credential( username: username, password: password, core_id: core_id)
      end
    end
  end

  def hash_file
    hashlist = Rex::Quickfile.new("hashes_tmp")
    Metasploit::Credential::NonreplayableHash.joins(:cores).where(metasploit_credential_cores: { workspace_id: myworkspace.id }, jtr_format: 'mysql,mysql-sha1').each do |hash|
      hash.cores.each do |core|
        user = core.public.username
        hash_string = "#{hash.data}"
        id = core.id
        hashlist.puts "#{user}:#{hash_string}:#{id}:"
      end
    end
    hashlist.close
    print_status "Hashes Written out to #{hashlist.path}"
    hashlist.path
  end


end
Added MySQL John the Ripper module. See #5408 git-svn-id: file:///home/svn/framework3/trunk@14078 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-26 22:33:12 +00:00			`##`
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in 2014-10-17 16:47:33 +00:00			`# This module requires Metasploit: http://metasploit.com/download`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Added MySQL John the Ripper module. See #5408 git-svn-id: file:///home/svn/framework3/trunk@14078 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-26 22:33:12 +00:00			`##`


			`require 'msf/core'`
missing require 2014-06-20 20:22:37 +00:00			`require 'msf/core/auxiliary/jtr'`
Added MySQL John the Ripper module. See #5408 git-svn-id: file:///home/svn/framework3/trunk@14078 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-26 22:33:12 +00:00
			`class Metasploit3 < Msf::Auxiliary`

Retab modules 2013-08-30 21:28:54 +00:00			`include Msf::Auxiliary::JohnTheRipper`

			`def initialize`
			`super(`
			`'Name' => 'John the Ripper MySQL Password Cracker (Fast Mode)',`
			`'Description' => %Q{`
			`This module uses John the Ripper to identify weak passwords that have been`
			`acquired from the mysql_hashdump module. Passwords that have been successfully`
			`cracked are then saved as proper credentials`
			`},`
			`'Author' =>`
			`[`
			`'theLightCosine',`
			`'hdm'`
			`] ,`
			`'License' => MSF_LICENSE # JtR itself is GPLv2, but this wrapper is MSF (BSD)`
			`)`
			`end`

			`def run`
refactor jtr_mysql_fast and mysql_hashdump have mysql_hashdump report the cred it logged in with refactor jtr_mysql to use the new jtr cracker 2014-06-20 20:21:35 +00:00			`cracker = new_john_cracker`
Retab modules 2013-08-30 21:28:54 +00:00
refactor jtr_mysql_fast and mysql_hashdump have mysql_hashdump report the cred it logged in with refactor jtr_mysql to use the new jtr cracker 2014-06-20 20:21:35 +00:00			`#generate our wordlist and close the file handle`
			`wordlist = wordlist_file`
Retab modules 2013-08-30 21:28:54 +00:00			`wordlist.close`
refactor jtr_mysql_fast and mysql_hashdump have mysql_hashdump report the cred it logged in with refactor jtr_mysql to use the new jtr cracker 2014-06-20 20:21:35 +00:00			`print_status "Wordlist file written out to #{wordlist.path}"`
			`cracker.wordlist = wordlist.path`
			`cracker.hash_path = hash_file`

			`['mysql','mysql-sha1'].each do \|format\|`
			`cracker_instance = cracker.dup`
			`cracker_instance.format = format`
			`print_status "Cracking #{format} hashes in normal wordlist mode..."`
			`cracker_instance.crack do \|line\|`
			`print_status line.chomp`
Retab modules 2013-08-30 21:28:54 +00:00			`end`

refactor jtr_mysql_fast and mysql_hashdump have mysql_hashdump report the cred it logged in with refactor jtr_mysql to use the new jtr cracker 2014-06-20 20:21:35 +00:00			`print_status "Cracking #{format} hashes in single mode..."`
			`cracker_instance.rules = 'single'`
			`cracker_instance.crack do \|line\|`
			`print_status line.chomp`
Retab modules 2013-08-30 21:28:54 +00:00			`end`

fix up incremental modes those incrmenetal rules don't exist in all versions. All and Alnum are too long for a 'fast-mode' crack. We wwill do Digits though which does all digits 0-8 and gets us blank passwords for free. 2014-06-23 20:36:17 +00:00			`print_status "Cracking #{format} hashes in incremental mode (Digits)..."`
			`cracker_instance.incremental = 'Digits'`
refactor jtr_mysql_fast and mysql_hashdump have mysql_hashdump report the cred it logged in with refactor jtr_mysql to use the new jtr cracker 2014-06-20 20:21:35 +00:00			`cracker_instance.crack do \|line\|`
			`print_status line.chomp`
Retab modules 2013-08-30 21:28:54 +00:00			`end`

refactor jtr_mysql_fast and mysql_hashdump have mysql_hashdump report the cred it logged in with refactor jtr_mysql to use the new jtr cracker 2014-06-20 20:21:35 +00:00			`print_status "Cracked Passwords this run:"`
			`cracker_instance.each_cracked_password do \|password_line\|`
			`password_line.chomp!`
			`next if password_line.blank?`
			`fields = password_line.split(":")`
			`# If we don't have an expected minimum number of fields, this is probably not a hash line`
			`next unless fields.count >=3`
			`username = fields.shift`
			`core_id = fields.pop`
			`password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them`
			`print_good password_line`
			`create_cracked_credential( username: username, password: password, core_id: core_id)`
			`end`
Retab modules 2013-08-30 21:28:54 +00:00			`end`
refactor jtr_mysql_fast and mysql_hashdump have mysql_hashdump report the cred it logged in with refactor jtr_mysql to use the new jtr cracker 2014-06-20 20:21:35 +00:00			`end`
Retab modules 2013-08-30 21:28:54 +00:00
refactor jtr_mysql_fast and mysql_hashdump have mysql_hashdump report the cred it logged in with refactor jtr_mysql to use the new jtr cracker 2014-06-20 20:21:35 +00:00			`def hash_file`
			`hashlist = Rex::Quickfile.new("hashes_tmp")`
			`Metasploit::Credential::NonreplayableHash.joins(:cores).where(metasploit_credential_cores: { workspace_id: myworkspace.id }, jtr_format: 'mysql,mysql-sha1').each do \|hash\|`
			`hash.cores.each do \|core\|`
			`user = core.public.username`
			`hash_string = "#{hash.data}"`
			`id = core.id`
			`hashlist.puts "#{user}:#{hash_string}:#{id}:"`
			`end`
			`end`
			`hashlist.close`
			`print_status "Hashes Written out to #{hashlist.path}"`
			`hashlist.path`
Retab modules 2013-08-30 21:28:54 +00:00			`end`
Watch out, the style police is in da house git-svn-id: file:///home/svn/framework3/trunk@14083 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-26 23:31:12 +00:00

Added MySQL John the Ripper module. See #5408 git-svn-id: file:///home/svn/framework3/trunk@14078 4d416f70-5f16-0410-b530-b9f4589650da 2011-10-26 22:33:12 +00:00			`end`