jtr modernizations
parent
f04c2537f6
commit
9930edf704
2022
data/john.conf
2022
data/john.conf
File diff suppressed because it is too large
Load Diff
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,525 @@
|
||||||
|
# the set of dynamics was not disabled due to not working, but due to simply
|
||||||
|
# being academic formats, and test cases, and not ITW formats
|
||||||
|
dynamic_51 = Y
|
||||||
|
dynamic_52 = Y
|
||||||
|
dynamic_53 = Y
|
||||||
|
dynamic_54 = Y
|
||||||
|
dynamic_55 = Y
|
||||||
|
dynamic_56 = Y
|
||||||
|
dynamic_57 = Y
|
||||||
|
dynamic_58 = Y
|
||||||
|
# dyna-61 used by formspring and should not be disabled.
|
||||||
|
dynamic_61 = N
|
||||||
|
dynamic_62 = Y
|
||||||
|
dynamic_63 = Y
|
||||||
|
dynamic_64 = Y
|
||||||
|
dynamic_65 = Y
|
||||||
|
dynamic_66 = Y
|
||||||
|
dynamic_67 = Y
|
||||||
|
dynamic_68 = Y
|
||||||
|
dynamic_71 = Y
|
||||||
|
dynamic_72 = Y
|
||||||
|
dynamic_73 = Y
|
||||||
|
dynamic_74 = Y
|
||||||
|
dynamic_75 = Y
|
||||||
|
dynamic_76 = Y
|
||||||
|
dynamic_77 = Y
|
||||||
|
dynamic_78 = Y
|
||||||
|
dynamic_81 = Y
|
||||||
|
dynamic_82 = Y
|
||||||
|
dynamic_83 = Y
|
||||||
|
dynamic_84 = Y
|
||||||
|
dynamic_85 = Y
|
||||||
|
dynamic_86 = Y
|
||||||
|
dynamic_87 = Y
|
||||||
|
dynamic_88 = Y
|
||||||
|
dynamic_91 = Y
|
||||||
|
dynamic_92 = Y
|
||||||
|
dynamic_93 = Y
|
||||||
|
dynamic_94 = Y
|
||||||
|
dynamic_95 = Y
|
||||||
|
dynamic_96 = Y
|
||||||
|
dynamic_97 = Y
|
||||||
|
dynamic_98 = Y
|
||||||
|
dynamic_101 = Y
|
||||||
|
dynamic_102 = Y
|
||||||
|
dynamic_103 = Y
|
||||||
|
dynamic_104 = Y
|
||||||
|
dynamic_105 = Y
|
||||||
|
dynamic_106 = Y
|
||||||
|
dynamic_107 = Y
|
||||||
|
dynamic_108 = Y
|
||||||
|
dynamic_111 = Y
|
||||||
|
dynamic_112 = Y
|
||||||
|
dynamic_113 = Y
|
||||||
|
dynamic_114 = Y
|
||||||
|
dynamic_115 = Y
|
||||||
|
dynamic_116 = Y
|
||||||
|
dynamic_117 = Y
|
||||||
|
dynamic_118 = Y
|
||||||
|
dynamic_121 = Y
|
||||||
|
dynamic_122 = Y
|
||||||
|
dynamic_123 = Y
|
||||||
|
dynamic_124 = Y
|
||||||
|
dynamic_125 = Y
|
||||||
|
dynamic_126 = Y
|
||||||
|
dynamic_127 = Y
|
||||||
|
dynamic_128 = Y
|
||||||
|
dynamic_131 = Y
|
||||||
|
dynamic_132 = Y
|
||||||
|
dynamic_133 = Y
|
||||||
|
dynamic_134 = Y
|
||||||
|
dynamic_135 = Y
|
||||||
|
dynamic_136 = Y
|
||||||
|
dynamic_137 = Y
|
||||||
|
dynamic_138 = Y
|
||||||
|
dynamic_141 = Y
|
||||||
|
dynamic_142 = Y
|
||||||
|
dynamic_143 = Y
|
||||||
|
dynamic_144 = Y
|
||||||
|
dynamic_145 = Y
|
||||||
|
dynamic_146 = Y
|
||||||
|
dynamic_147 = Y
|
||||||
|
dynamic_148 = Y
|
||||||
|
dynamic_151 = Y
|
||||||
|
dynamic_152 = Y
|
||||||
|
dynamic_153 = Y
|
||||||
|
dynamic_154 = Y
|
||||||
|
dynamic_155 = Y
|
||||||
|
dynamic_156 = Y
|
||||||
|
dynamic_157 = Y
|
||||||
|
dynamic_158 = Y
|
||||||
|
dynamic_161 = Y
|
||||||
|
dynamic_162 = Y
|
||||||
|
dynamic_163 = Y
|
||||||
|
dynamic_164 = Y
|
||||||
|
dynamic_165 = Y
|
||||||
|
dynamic_166 = Y
|
||||||
|
dynamic_167 = Y
|
||||||
|
dynamic_168 = Y
|
||||||
|
dynamic_171 = Y
|
||||||
|
dynamic_172 = Y
|
||||||
|
dynamic_173 = Y
|
||||||
|
dynamic_174 = Y
|
||||||
|
dynamic_175 = Y
|
||||||
|
dynamic_176 = Y
|
||||||
|
dynamic_177 = Y
|
||||||
|
dynamic_178 = Y
|
||||||
|
dynamic_181 = Y
|
||||||
|
dynamic_182 = Y
|
||||||
|
dynamic_183 = Y
|
||||||
|
dynamic_184 = Y
|
||||||
|
dynamic_185 = Y
|
||||||
|
dynamic_186 = Y
|
||||||
|
dynamic_187 = Y
|
||||||
|
dynamic_188 = Y
|
||||||
|
dynamic_191 = Y
|
||||||
|
dynamic_192 = Y
|
||||||
|
dynamic_193 = Y
|
||||||
|
dynamic_194 = Y
|
||||||
|
dynamic_195 = Y
|
||||||
|
dynamic_196 = Y
|
||||||
|
dynamic_197 = Y
|
||||||
|
dynamic_198 = Y
|
||||||
|
dynamic_201 = Y
|
||||||
|
dynamic_202 = Y
|
||||||
|
dynamic_203 = Y
|
||||||
|
dynamic_204 = Y
|
||||||
|
dynamic_205 = Y
|
||||||
|
dynamic_206 = Y
|
||||||
|
dynamic_207 = Y
|
||||||
|
dynamic_208 = Y
|
||||||
|
dynamic_211 = Y
|
||||||
|
dynamic_212 = Y
|
||||||
|
dynamic_213 = Y
|
||||||
|
dynamic_214 = Y
|
||||||
|
dynamic_215 = Y
|
||||||
|
dynamic_216 = Y
|
||||||
|
dynamic_217 = Y
|
||||||
|
dynamic_218 = Y
|
||||||
|
dynamic_221 = Y
|
||||||
|
dynamic_222 = Y
|
||||||
|
dynamic_223 = Y
|
||||||
|
dynamic_224 = Y
|
||||||
|
dynamic_225 = Y
|
||||||
|
dynamic_226 = Y
|
||||||
|
dynamic_227 = Y
|
||||||
|
dynamic_228 = Y
|
||||||
|
dynamic_231 = Y
|
||||||
|
dynamic_232 = Y
|
||||||
|
dynamic_233 = Y
|
||||||
|
dynamic_234 = Y
|
||||||
|
dynamic_235 = Y
|
||||||
|
dynamic_236 = Y
|
||||||
|
dynamic_237 = Y
|
||||||
|
dynamic_238 = Y
|
||||||
|
dynamic_241 = Y
|
||||||
|
dynamic_242 = Y
|
||||||
|
dynamic_243 = Y
|
||||||
|
dynamic_244 = Y
|
||||||
|
dynamic_245 = Y
|
||||||
|
dynamic_246 = Y
|
||||||
|
dynamic_247 = Y
|
||||||
|
dynamic_248 = Y
|
||||||
|
dynamic_251 = Y
|
||||||
|
dynamic_252 = Y
|
||||||
|
dynamic_253 = Y
|
||||||
|
dynamic_254 = Y
|
||||||
|
dynamic_255 = Y
|
||||||
|
dynamic_256 = Y
|
||||||
|
dynamic_257 = Y
|
||||||
|
dynamic_258 = Y
|
||||||
|
dynamic_261 = Y
|
||||||
|
dynamic_262 = Y
|
||||||
|
dynamic_263 = Y
|
||||||
|
dynamic_264 = Y
|
||||||
|
dynamic_265 = Y
|
||||||
|
dynamic_266 = Y
|
||||||
|
dynamic_267 = Y
|
||||||
|
dynamic_268 = Y
|
||||||
|
dynamic_271 = Y
|
||||||
|
dynamic_272 = Y
|
||||||
|
dynamic_273 = Y
|
||||||
|
dynamic_274 = Y
|
||||||
|
dynamic_275 = Y
|
||||||
|
dynamic_276 = Y
|
||||||
|
dynamic_277 = Y
|
||||||
|
dynamic_278 = Y
|
||||||
|
dynamic_281 = Y
|
||||||
|
dynamic_282 = Y
|
||||||
|
dynamic_283 = Y
|
||||||
|
dynamic_284 = Y
|
||||||
|
dynamic_285 = Y
|
||||||
|
dynamic_286 = Y
|
||||||
|
dynamic_287 = Y
|
||||||
|
dynamic_288 = Y
|
||||||
|
dynamic_291 = Y
|
||||||
|
dynamic_292 = Y
|
||||||
|
dynamic_293 = Y
|
||||||
|
dynamic_294 = Y
|
||||||
|
dynamic_295 = Y
|
||||||
|
dynamic_296 = Y
|
||||||
|
dynamic_297 = Y
|
||||||
|
dynamic_298 = Y
|
||||||
|
dynamic_301 = Y
|
||||||
|
dynamic_302 = Y
|
||||||
|
dynamic_303 = Y
|
||||||
|
dynamic_304 = Y
|
||||||
|
dynamic_305 = Y
|
||||||
|
dynamic_306 = Y
|
||||||
|
dynamic_307 = Y
|
||||||
|
dynamic_308 = Y
|
||||||
|
dynamic_311 = Y
|
||||||
|
dynamic_312 = Y
|
||||||
|
dynamic_313 = Y
|
||||||
|
dynamic_314 = Y
|
||||||
|
dynamic_315 = Y
|
||||||
|
dynamic_316 = Y
|
||||||
|
dynamic_317 = Y
|
||||||
|
dynamic_318 = Y
|
||||||
|
dynamic_321 = Y
|
||||||
|
dynamic_322 = Y
|
||||||
|
dynamic_323 = Y
|
||||||
|
dynamic_324 = Y
|
||||||
|
dynamic_325 = Y
|
||||||
|
dynamic_326 = Y
|
||||||
|
dynamic_327 = Y
|
||||||
|
dynamic_328 = Y
|
||||||
|
dynamic_331 = Y
|
||||||
|
dynamic_332 = Y
|
||||||
|
dynamic_333 = Y
|
||||||
|
dynamic_334 = Y
|
||||||
|
dynamic_335 = Y
|
||||||
|
dynamic_336 = Y
|
||||||
|
dynamic_337 = Y
|
||||||
|
dynamic_338 = Y
|
||||||
|
dynamic_341 = Y
|
||||||
|
dynamic_342 = Y
|
||||||
|
dynamic_343 = Y
|
||||||
|
dynamic_344 = Y
|
||||||
|
dynamic_345 = Y
|
||||||
|
dynamic_346 = Y
|
||||||
|
dynamic_347 = Y
|
||||||
|
dynamic_348 = Y
|
||||||
|
dynamic_351 = Y
|
||||||
|
dynamic_352 = Y
|
||||||
|
dynamic_353 = Y
|
||||||
|
dynamic_354 = Y
|
||||||
|
dynamic_355 = Y
|
||||||
|
dynamic_356 = Y
|
||||||
|
dynamic_357 = Y
|
||||||
|
dynamic_358 = Y
|
||||||
|
dynamic_361 = Y
|
||||||
|
dynamic_362 = Y
|
||||||
|
dynamic_363 = Y
|
||||||
|
dynamic_364 = Y
|
||||||
|
dynamic_365 = Y
|
||||||
|
dynamic_366 = Y
|
||||||
|
dynamic_367 = Y
|
||||||
|
dynamic_368 = Y
|
||||||
|
dynamic_371 = Y
|
||||||
|
dynamic_372 = Y
|
||||||
|
dynamic_373 = Y
|
||||||
|
dynamic_374 = Y
|
||||||
|
dynamic_375 = Y
|
||||||
|
dynamic_376 = Y
|
||||||
|
dynamic_377 = Y
|
||||||
|
dynamic_378 = Y
|
||||||
|
dynamic_381 = Y
|
||||||
|
dynamic_382 = Y
|
||||||
|
dynamic_383 = Y
|
||||||
|
dynamic_384 = Y
|
||||||
|
dynamic_385 = Y
|
||||||
|
dynamic_386 = Y
|
||||||
|
dynamic_387 = Y
|
||||||
|
dynamic_388 = Y
|
||||||
|
dynamic_391 = Y
|
||||||
|
dynamic_392 = Y
|
||||||
|
dynamic_393 = Y
|
||||||
|
dynamic_394 = Y
|
||||||
|
dynamic_395 = Y
|
||||||
|
dynamic_396 = Y
|
||||||
|
dynamic_397 = Y
|
||||||
|
dynamic_398 = Y
|
||||||
|
dynamic_401 = Y
|
||||||
|
dynamic_402 = Y
|
||||||
|
dynamic_403 = Y
|
||||||
|
dynamic_404 = Y
|
||||||
|
dynamic_405 = Y
|
||||||
|
dynamic_406 = Y
|
||||||
|
dynamic_407 = Y
|
||||||
|
dynamic_408 = Y
|
||||||
|
dynamic_411 = Y
|
||||||
|
dynamic_412 = Y
|
||||||
|
dynamic_413 = Y
|
||||||
|
dynamic_414 = Y
|
||||||
|
dynamic_415 = Y
|
||||||
|
dynamic_416 = Y
|
||||||
|
dynamic_417 = Y
|
||||||
|
dynamic_418 = Y
|
||||||
|
dynamic_421 = Y
|
||||||
|
dynamic_422 = Y
|
||||||
|
dynamic_423 = Y
|
||||||
|
dynamic_424 = Y
|
||||||
|
dynamic_425 = Y
|
||||||
|
dynamic_426 = Y
|
||||||
|
dynamic_427 = Y
|
||||||
|
dynamic_428 = Y
|
||||||
|
dynamic_431 = Y
|
||||||
|
dynamic_432 = Y
|
||||||
|
dynamic_433 = Y
|
||||||
|
dynamic_434 = Y
|
||||||
|
dynamic_435 = Y
|
||||||
|
dynamic_436 = Y
|
||||||
|
dynamic_437 = Y
|
||||||
|
dynamic_438 = Y
|
||||||
|
dynamic_441 = Y
|
||||||
|
dynamic_442 = Y
|
||||||
|
dynamic_443 = Y
|
||||||
|
dynamic_444 = Y
|
||||||
|
dynamic_445 = Y
|
||||||
|
dynamic_446 = Y
|
||||||
|
dynamic_447 = Y
|
||||||
|
dynamic_448 = Y
|
||||||
|
dynamic_451 = Y
|
||||||
|
dynamic_452 = Y
|
||||||
|
dynamic_453 = Y
|
||||||
|
dynamic_454 = Y
|
||||||
|
dynamic_455 = Y
|
||||||
|
dynamic_456 = Y
|
||||||
|
dynamic_457 = Y
|
||||||
|
dynamic_458 = Y
|
||||||
|
dynamic_461 = Y
|
||||||
|
dynamic_462 = Y
|
||||||
|
dynamic_463 = Y
|
||||||
|
dynamic_464 = Y
|
||||||
|
dynamic_465 = Y
|
||||||
|
dynamic_466 = Y
|
||||||
|
dynamic_467 = Y
|
||||||
|
dynamic_468 = Y
|
||||||
|
dynamic_471 = Y
|
||||||
|
dynamic_472 = Y
|
||||||
|
dynamic_473 = Y
|
||||||
|
dynamic_474 = Y
|
||||||
|
dynamic_475 = Y
|
||||||
|
dynamic_476 = Y
|
||||||
|
dynamic_477 = Y
|
||||||
|
dynamic_478 = Y
|
||||||
|
dynamic_481 = Y
|
||||||
|
dynamic_482 = Y
|
||||||
|
dynamic_483 = Y
|
||||||
|
dynamic_484 = Y
|
||||||
|
dynamic_485 = Y
|
||||||
|
dynamic_486 = Y
|
||||||
|
dynamic_487 = Y
|
||||||
|
dynamic_488 = Y
|
||||||
|
dynamic_491 = Y
|
||||||
|
dynamic_492 = Y
|
||||||
|
dynamic_493 = Y
|
||||||
|
dynamic_494 = Y
|
||||||
|
dynamic_495 = Y
|
||||||
|
dynamic_496 = Y
|
||||||
|
dynamic_497 = Y
|
||||||
|
dynamic_498 = Y
|
||||||
|
dynamic_501 = Y
|
||||||
|
dynamic_502 = Y
|
||||||
|
dynamic_503 = Y
|
||||||
|
dynamic_504 = Y
|
||||||
|
dynamic_505 = Y
|
||||||
|
dynamic_506 = Y
|
||||||
|
dynamic_507 = Y
|
||||||
|
dynamic_508 = Y
|
||||||
|
dynamic_511 = Y
|
||||||
|
dynamic_512 = Y
|
||||||
|
dynamic_513 = Y
|
||||||
|
dynamic_514 = Y
|
||||||
|
dynamic_515 = Y
|
||||||
|
dynamic_516 = Y
|
||||||
|
dynamic_517 = Y
|
||||||
|
dynamic_518 = Y
|
||||||
|
dynamic_521 = Y
|
||||||
|
dynamic_522 = Y
|
||||||
|
dynamic_523 = Y
|
||||||
|
dynamic_524 = Y
|
||||||
|
dynamic_525 = Y
|
||||||
|
dynamic_526 = Y
|
||||||
|
dynamic_527 = Y
|
||||||
|
dynamic_528 = Y
|
||||||
|
dynamic_531 = Y
|
||||||
|
dynamic_532 = Y
|
||||||
|
dynamic_533 = Y
|
||||||
|
dynamic_534 = Y
|
||||||
|
dynamic_535 = Y
|
||||||
|
dynamic_536 = Y
|
||||||
|
dynamic_537 = Y
|
||||||
|
dynamic_538 = Y
|
||||||
|
dynamic_541 = Y
|
||||||
|
dynamic_542 = Y
|
||||||
|
dynamic_543 = Y
|
||||||
|
dynamic_544 = Y
|
||||||
|
dynamic_545 = Y
|
||||||
|
dynamic_546 = Y
|
||||||
|
dynamic_547 = Y
|
||||||
|
dynamic_548 = Y
|
||||||
|
dynamic_551 = Y
|
||||||
|
dynamic_552 = Y
|
||||||
|
dynamic_553 = Y
|
||||||
|
dynamic_554 = Y
|
||||||
|
dynamic_555 = Y
|
||||||
|
dynamic_556 = Y
|
||||||
|
dynamic_557 = Y
|
||||||
|
dynamic_558 = Y
|
||||||
|
dynamic_561 = Y
|
||||||
|
dynamic_562 = Y
|
||||||
|
dynamic_563 = Y
|
||||||
|
dynamic_564 = Y
|
||||||
|
dynamic_565 = Y
|
||||||
|
dynamic_566 = Y
|
||||||
|
dynamic_567 = Y
|
||||||
|
dynamic_568 = Y
|
||||||
|
dynamic_571 = Y
|
||||||
|
dynamic_572 = Y
|
||||||
|
dynamic_573 = Y
|
||||||
|
dynamic_574 = Y
|
||||||
|
dynamic_575 = Y
|
||||||
|
dynamic_576 = Y
|
||||||
|
dynamic_577 = Y
|
||||||
|
dynamic_578 = Y
|
||||||
|
dynamic_581 = Y
|
||||||
|
dynamic_582 = Y
|
||||||
|
dynamic_583 = Y
|
||||||
|
dynamic_584 = Y
|
||||||
|
dynamic_585 = Y
|
||||||
|
dynamic_586 = Y
|
||||||
|
dynamic_587 = Y
|
||||||
|
dynamic_588 = Y
|
||||||
|
dynamic_591 = Y
|
||||||
|
dynamic_592 = Y
|
||||||
|
dynamic_593 = Y
|
||||||
|
dynamic_594 = Y
|
||||||
|
dynamic_595 = Y
|
||||||
|
dynamic_596 = Y
|
||||||
|
dynamic_597 = Y
|
||||||
|
dynamic_598 = Y
|
||||||
|
dynamic_601 = Y
|
||||||
|
dynamic_602 = Y
|
||||||
|
dynamic_603 = Y
|
||||||
|
dynamic_604 = Y
|
||||||
|
dynamic_605 = Y
|
||||||
|
dynamic_606 = Y
|
||||||
|
dynamic_607 = Y
|
||||||
|
dynamic_608 = Y
|
||||||
|
dynamic_611 = Y
|
||||||
|
dynamic_612 = Y
|
||||||
|
dynamic_613 = Y
|
||||||
|
dynamic_614 = Y
|
||||||
|
dynamic_615 = Y
|
||||||
|
dynamic_616 = Y
|
||||||
|
dynamic_617 = Y
|
||||||
|
dynamic_618 = Y
|
||||||
|
dynamic_621 = Y
|
||||||
|
dynamic_622 = Y
|
||||||
|
dynamic_623 = Y
|
||||||
|
dynamic_624 = Y
|
||||||
|
dynamic_625 = Y
|
||||||
|
dynamic_626 = Y
|
||||||
|
dynamic_627 = Y
|
||||||
|
dynamic_628 = Y
|
||||||
|
dynamic_631 = Y
|
||||||
|
dynamic_632 = Y
|
||||||
|
dynamic_633 = Y
|
||||||
|
dynamic_634 = Y
|
||||||
|
dynamic_635 = Y
|
||||||
|
dynamic_636 = Y
|
||||||
|
dynamic_637 = Y
|
||||||
|
dynamic_638 = Y
|
||||||
|
dynamic_641 = Y
|
||||||
|
dynamic_642 = Y
|
||||||
|
dynamic_643 = Y
|
||||||
|
dynamic_644 = Y
|
||||||
|
dynamic_645 = Y
|
||||||
|
dynamic_646 = Y
|
||||||
|
dynamic_647 = Y
|
||||||
|
dynamic_648 = Y
|
||||||
|
dynamic_651 = Y
|
||||||
|
dynamic_652 = Y
|
||||||
|
dynamic_653 = Y
|
||||||
|
dynamic_654 = Y
|
||||||
|
dynamic_655 = Y
|
||||||
|
dynamic_656 = Y
|
||||||
|
dynamic_657 = Y
|
||||||
|
dynamic_658 = Y
|
||||||
|
dynamic_661 = Y
|
||||||
|
dynamic_662 = Y
|
||||||
|
dynamic_663 = Y
|
||||||
|
dynamic_664 = Y
|
||||||
|
dynamic_665 = Y
|
||||||
|
dynamic_666 = Y
|
||||||
|
dynamic_667 = Y
|
||||||
|
dynamic_668 = Y
|
||||||
|
dynamic_671 = Y
|
||||||
|
dynamic_672 = Y
|
||||||
|
dynamic_673 = Y
|
||||||
|
dynamic_674 = Y
|
||||||
|
dynamic_675 = Y
|
||||||
|
dynamic_676 = Y
|
||||||
|
dynamic_677 = Y
|
||||||
|
dynamic_678 = Y
|
||||||
|
dynamic_681 = Y
|
||||||
|
dynamic_682 = Y
|
||||||
|
dynamic_683 = Y
|
||||||
|
dynamic_684 = Y
|
||||||
|
dynamic_685 = Y
|
||||||
|
dynamic_686 = Y
|
||||||
|
dynamic_687 = Y
|
||||||
|
dynamic_688 = Y
|
||||||
|
dynamic_691 = Y
|
||||||
|
dynamic_692 = Y
|
||||||
|
dynamic_693 = Y
|
||||||
|
dynamic_694 = Y
|
||||||
|
dynamic_695 = Y
|
||||||
|
dynamic_696 = Y
|
||||||
|
dynamic_697 = Y
|
||||||
|
dynamic_698 = Y
|
||||||
|
|
||||||
|
dynamic_1033 = Y
|
|
@ -0,0 +1,212 @@
|
||||||
|
# NOTE, same format as dynamic_0 It is slower (50% slower, or more). But it is not limited to 55 byte passwords.
|
||||||
|
# This should work for passwords up to 110 bytes long (max length dynamic will currently allow). It should not be
|
||||||
|
# used for shorter passwords (under 55 bytes). Use dyna_0 for those.
|
||||||
|
[List.Generic:dynamic_2000]
|
||||||
|
Expression=md5($p) (PW > 55 bytes)
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
Flag=MGF_KEYS_INPUT
|
||||||
|
Flag=MGF_SOURCE
|
||||||
|
Flag=MGF_POOR_OMP
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
|
||||||
|
Test=$dynamic_2000$5a105e8b9d40e1329780d62ea2265d8a:test1
|
||||||
|
Test=$dynamic_2000$378e2c4a07968da2eca692320136433d:thatsworking
|
||||||
|
Test=$dynamic_2000$8ad8757baa8564dc136c1e07507f4a98:test3
|
||||||
|
TestD=$dynamic_2000$a4b3933521a38111eb597dd8dbc47614:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2001]
|
||||||
|
Expression=md5($p.$s) (joomla) (PW > 23 bytes)
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
SaltLen=-64
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__clean_input_kwik
|
||||||
|
Func=DynamicFunc__append_keys
|
||||||
|
Func=DynamicFunc__append_salt
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
|
||||||
|
Test=$dynamic_2001$ed52af63d8ecf0c682442dfef5f36391$1aDNNojYGSc7pSzcdxKxhbqvLtEe4deG:test1
|
||||||
|
Test=$dynamic_2001$4fa1e9d54d89bfbe48b4c0f0ca0a3756$laxcaXPjgcdKdKEbkX1SIjHKm0gfYt1c:thatsworking
|
||||||
|
Test=$dynamic_2001$82568eeaa1fcf299662ccd59d8a12f54$BdWwFsbGtXPGc0H1TBxCrn0GasyAlJBJ:test3
|
||||||
|
TestD=$dynamic_2001$a4d4ce08d9dec5336d2a137cdab28624$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2002]
|
||||||
|
Expression=md5(md5($p)) (e107) (PW > 55 bytes)
|
||||||
|
Flag=MGF_KEYS_INPUT
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_overwrite_input2
|
||||||
|
Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
|
||||||
|
Test=$dynamic_2002$418d89a45edadb8ce4da17e07f72536c:test1
|
||||||
|
Test=$dynamic_2002$ccd3c4231a072b5e13856a2059d04fad:thatsworking
|
||||||
|
Test=$dynamic_2002$9992295627e7e7162bdf77f14734acf8:test3
|
||||||
|
TestD=$dynamic_2002$827b31e7fae2cdb3af70be9560162500:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2003]
|
||||||
|
Expression=md5(md5(md5($p))) (PW > 55 bytes)
|
||||||
|
Flag=MGF_KEYS_INPUT
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_overwrite_input2
|
||||||
|
Func=DynamicFunc__MD5_crypt_input2_overwrite_input2
|
||||||
|
Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
|
||||||
|
Test=$dynamic_2003$964c02612b2a1013ed26d46ba9a73e74:test1
|
||||||
|
Test=$dynamic_2003$5d7e6330f69548797c07d97c915690fe:thatsworking
|
||||||
|
Test=$dynamic_2003$2e54db8c72b312007f3f228d9d4dd34d:test3
|
||||||
|
TestD=$dynamic_2003$35297f9d34baa8e3ca3e5b23155be26f:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2004]
|
||||||
|
Expression=md5($s.$p) (OSC) (PW > 31 bytes)
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
SaltLen=-64
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__clean_input_kwik
|
||||||
|
Func=DynamicFunc__append_salt
|
||||||
|
Func=DynamicFunc__append_keys
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
|
||||||
|
Test=$dynamic_2004$c02e8eef3eaa1a813c2ff87c1780f9ed$123456:test1
|
||||||
|
Test=$dynamic_2004$4a2a1b013da3cda7f7e0625cf3dc3f4c$1234:thatsworking
|
||||||
|
Test=$dynamic_2004$3a032e36a9609df6411b8004070431d3$aaaaa:test3
|
||||||
|
TestD=$dynamic_2004$d75040e824c1f9e4efd67c19961ddf4d$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2005]
|
||||||
|
Expression=md5($s.$p.$s) (PW > 31 bytes)
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
SaltLen=-40
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__clean_input_kwik
|
||||||
|
Func=DynamicFunc__append_salt
|
||||||
|
Func=DynamicFunc__append_keys
|
||||||
|
Func=DynamicFunc__append_salt
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
|
||||||
|
Test=$dynamic_2005$c1003cd39cb5523dd0923a94ab15a3c7$123456:test1
|
||||||
|
Test=$dynamic_2005$c1c8618abfc7bdbc4a3c49c2c2c48f82$1234:thatsworking
|
||||||
|
Test=$dynamic_2005$e7222e806a8ce5efa6d48acb3aa56dc2$aaaaa:test3
|
||||||
|
TestD=$dynamic_2005$ba5528ac65c20213e105bb02e6aaf6a2$1234567890123456789012345678901234567890:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2006]
|
||||||
|
Expression=md5(md5($p).$s) (PW > 55 bytes)
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
Flag=MGF_KEYS_BASE16_IN1
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
SaltLen=-64
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__set_input_len_32
|
||||||
|
Func=DynamicFunc__append_salt
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
|
||||||
|
Test=$dynamic_2006$3a9ae23758f05da1fe539e55a096b03b$S111XB:test1
|
||||||
|
Test=$dynamic_2006$9694d706d1992abf04344c1e7da1c5d3$T &222:thatsworking
|
||||||
|
Test=$dynamic_2006$b7a7f0c374d73fac422bb01f07f5a9d4$lxxxl:test3
|
||||||
|
Test=$dynamic_2006$9164fe53be481f811f15efd769aaf0f7$aReallyLongSaltHere:test3
|
||||||
|
TestD=$dynamic_2006$7308f7ca156d77564a5dab25d4be0f34$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2008]
|
||||||
|
Expression=md5(md5($s).$p) (PW > 23 bytes)
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
Flag=MGF_SALT_AS_HEX
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
SaltLen=-64
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__clean_input_kwik
|
||||||
|
Func=DynamicFunc__append_salt
|
||||||
|
Func=DynamicFunc__append_keys
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_to_output1_FINAL
|
||||||
|
Test=$dynamic_2008$534c2fb38e757d9448315abb9822db00$aaaSXB:test1
|
||||||
|
Test=$dynamic_2008$02547864bed278658e8f54dd6dfd69b7$123456:thatsworking
|
||||||
|
Test=$dynamic_2008$2f6f3881972653ebcf86e5ad3071a4ca$5555hh:test3
|
||||||
|
TestD=$dynamic_2008$a96d6ab818950bafc6baeaa80df5ec5c$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2009]
|
||||||
|
Expression=md5($s.md5($p)) (salt > 23 bytes)
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
Flag=MGF_KEYS_BASE16_IN1
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
SaltLen=-200
|
||||||
|
MaxInputLenX86=40
|
||||||
|
MaxInputLen=40
|
||||||
|
Func=DynamicFunc__clean_input2_kwik
|
||||||
|
Func=DynamicFunc__append_salt2
|
||||||
|
Func=DynamicFunc__append_input2_from_input
|
||||||
|
Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
|
||||||
|
Test=$dynamic_2009$b38c18b5e5b676e211442bd41000b2ec$aaaSXB:test1
|
||||||
|
Test=$dynamic_2009$4dde7cd4cbf0dc4c59b255ae77352914$123456:thatsworking
|
||||||
|
Test=$dynamic_2009$899af20e3ebdd77aaecb0d9bc5fbbb66$5555hh:test3
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2010]
|
||||||
|
Expression=md5($s.md5($s.$p)) (PW > 32 or salt > 23 bytes)
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
#Flag=MGF_KEYS_BASE16_IN1
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
SaltLen=-64
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__clean_input_kwik
|
||||||
|
Func=DynamicFunc__clean_input2_kwik
|
||||||
|
Func=DynamicFunc__append_salt2
|
||||||
|
Func=DynamicFunc__append_salt
|
||||||
|
Func=DynamicFunc__append_keys
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_append_input2
|
||||||
|
Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
|
||||||
|
Test=$dynamic_2010$781f83a676f45169dcfc7f36dfcdc3d5$aaaSXB:test1
|
||||||
|
Test=$dynamic_2010$f385748e67a2dc1f6379b9124fabc0df$123456:thatsworking
|
||||||
|
Test=$dynamic_2010$9e3702bb13386270cd4b0bd4dbdd489e$5555hh:test3
|
||||||
|
TestD=$dynamic_2010$74fe90a89e9e6ee5ea28d4a92640eda5$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2011]
|
||||||
|
Expression=md5($s.md5($p.$s)) (PW > 32 or salt > 23 bytes)
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
#Flag=MGF_KEYS_BASE16_IN1
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
SaltLen=-64
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__clean_input_kwik
|
||||||
|
Func=DynamicFunc__append_keys
|
||||||
|
Func=DynamicFunc__clean_input2_kwik
|
||||||
|
Func=DynamicFunc__append_salt2
|
||||||
|
Func=DynamicFunc__append_salt
|
||||||
|
Func=DynamicFunc__MD5_crypt_input1_append_input2
|
||||||
|
Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
|
||||||
|
Test=$dynamic_2011$f809a64cbd0d23e099cd5b544c8501ac$aaaSXB:test1
|
||||||
|
Test=$dynamic_2011$979e6671535cda6db95357d8a0afd9ac$123456:thatsworking
|
||||||
|
Test=$dynamic_2011$78a61ea73806ebf27bef2ab6a9bf5412$5555hh:test3
|
||||||
|
TestD=$dynamic_2011$d5acc2492e19cbf252d54942b4c7620b$1234567890123456789012345678901234567890123456789012345678901234:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
#[List.Generic:dynamic_2012]
|
||||||
|
#dynamic_12 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2012
|
||||||
|
|
||||||
|
#[List.Generic:dynamic_2013]
|
||||||
|
#dynamic_13 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2013
|
||||||
|
|
||||||
|
[List.Generic:dynamic_2014]
|
||||||
|
Expression=md5($s.md5($p).$s) (PW > 55 or salt > 11 bytes)
|
||||||
|
Flag=MGF_SALTED
|
||||||
|
Flag=MGF_KEYS_BASE16_IN1
|
||||||
|
Flag=MGF_FLAT_BUFFERS
|
||||||
|
SaltLen=-40
|
||||||
|
MaxInputLenX86=110
|
||||||
|
MaxInputLen=110
|
||||||
|
Func=DynamicFunc__clean_input2_kwik
|
||||||
|
Func=DynamicFunc__append_salt2
|
||||||
|
Func=DynamicFunc__append_input2_from_input
|
||||||
|
Func=DynamicFunc__append_salt2
|
||||||
|
Func=DynamicFunc__MD5_crypt_input2_to_output1_FINAL
|
||||||
|
Test=$dynamic_2014$778e40e10d82a08f5377992330008cbe$aaaSXB:test1
|
||||||
|
Test=$dynamic_2014$d6321956964b2d27768df71d139eabd2$123456:thatsworking
|
||||||
|
Test=$dynamic_2014$1b3c72e16427a2f4f0819243877f7967$5555hh:test3
|
||||||
|
TestD=$dynamic_2014$6f20299d2e889eea146d141e92e91da1$1234567890123456789012345678901234567890:12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
|
#[List.Generic:dynamic_2015]
|
||||||
|
#dynamic_15 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2015
|
||||||
|
|
||||||
|
#[List.Generic:dynamic_2016]
|
||||||
|
#dynamic_16 already in MGF_FLAT_BUFFERS, so no reason for dynamic_2016
|
|
@ -0,0 +1,344 @@
|
||||||
|
[List.HybridLeet:new]
|
||||||
|
int i, j;
|
||||||
|
int c, p;
|
||||||
|
int totrots;
|
||||||
|
int length;
|
||||||
|
|
||||||
|
/* Get the word length */
|
||||||
|
length = 0; while (word[length++]) ; --length;
|
||||||
|
|
||||||
|
/* Skip if this word length is out of bounds
|
||||||
|
This should not be necessary, but we'll leave it here to be defensive */
|
||||||
|
if (req_minlen > length || (req_maxlen && req_maxlen < length ))
|
||||||
|
{
|
||||||
|
hybrid_total = 0;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Calculate word rotations */
|
||||||
|
|
||||||
|
word_rot_count=0; /* Number of letter positions we are rotating for this word */
|
||||||
|
totrots = 1; /* Number of total rotation iterations */
|
||||||
|
|
||||||
|
i=0;
|
||||||
|
while (i < length)
|
||||||
|
{
|
||||||
|
/* is this letter one of our rotators? a,A, b,B etc*/
|
||||||
|
c = word[i];
|
||||||
|
j = 0;
|
||||||
|
while (j < rot_poslen)
|
||||||
|
{
|
||||||
|
p = rot_pos[j];
|
||||||
|
if (c == rot_chars[p] || c == rot_chars[p+1]) /* Is 'a' or 'A' for example */
|
||||||
|
{
|
||||||
|
word_rot_idx[word_rot_count] = i; /* Save off which letter position in the word we are rotating */
|
||||||
|
word_rot_pos[word_rot_count] = j; /* Save off the rotation position for this slot */
|
||||||
|
word_rotchars_pos[word_rot_count] = p; /* Save off the first letter position in the rotation */
|
||||||
|
word_rot_count++;
|
||||||
|
|
||||||
|
/* Also, set the word to the first letter in the rotation so we ensure to go through all of them */
|
||||||
|
word[i] = rot_chars[p];
|
||||||
|
|
||||||
|
/* And multiple number of total rotations by the number of rotations for this position */
|
||||||
|
totrots = totrots * rot_len[j];
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
j++;
|
||||||
|
}
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
|
||||||
|
hybrid_total = totrots;
|
||||||
|
|
||||||
|
/* Reset or counter for THIS word. */
|
||||||
|
word_rot_current = 0;
|
||||||
|
|
||||||
|
[List.External:HybridLeet]
|
||||||
|
|
||||||
|
/*
|
||||||
|
Static context
|
||||||
|
String lengths here are arbitrary, increase them if you increase the
|
||||||
|
size of the stuff in the init() procedure
|
||||||
|
*/
|
||||||
|
|
||||||
|
int rot_chars[256]; /* All characters to rotate */
|
||||||
|
int rot_charslen; /* The length of the rot_chars buffer */
|
||||||
|
|
||||||
|
int rot_len[26]; /* The number of characters to rotate through per letter */
|
||||||
|
int rot_pos[26]; /* The starting position of each letter group in the rot_chars string */
|
||||||
|
int rot_poslen; /* Length of rot_pos and rot_len arrays (both same size) */
|
||||||
|
|
||||||
|
int word_rot_idx[128]; /* The positions in the current word that require rotations (index into word)*/
|
||||||
|
int word_rot_pos[128]; /* The rot_pos index for each letter position in the current word that we are rotating (index into rot_pos)*/
|
||||||
|
int word_rotchars_pos[128]; /* The current rot_chars index for each letter position in the current word that we are rotating (state of rotation, index into rot_chars)*/
|
||||||
|
int word_rot_count; /* The number of letters that we are rotating in the current word (size of word_rot_idx, word_rot_pos, and word_rotchars_pos) */
|
||||||
|
|
||||||
|
int word_rot_current; /* The rotation number of the current word */
|
||||||
|
|
||||||
|
void init()
|
||||||
|
{
|
||||||
|
int rci;
|
||||||
|
int ri;
|
||||||
|
|
||||||
|
rot_charslen=0;
|
||||||
|
rci=0;
|
||||||
|
ri=0;
|
||||||
|
|
||||||
|
/* a */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'a'; /* The first two chars are always the lower */
|
||||||
|
rot_chars[rci++] = 'A'; /* and upper case letters to rotate on */
|
||||||
|
rot_chars[rci++] = '4';
|
||||||
|
rot_chars[rci++] = '@';
|
||||||
|
rot_chars[rci++] = '8';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
/* b */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'b';
|
||||||
|
rot_chars[rci++] = 'B';
|
||||||
|
rot_chars[rci++] = '8';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'c';
|
||||||
|
rot_chars[rci++] = 'C';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'd';
|
||||||
|
rot_chars[rci++] = 'D';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
/* e */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'e';
|
||||||
|
rot_chars[rci++] = 'E';
|
||||||
|
rot_chars[rci++] = '3';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'f';
|
||||||
|
rot_chars[rci++] = 'F';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'g';
|
||||||
|
rot_chars[rci++] = 'G';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
/* h */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'h';
|
||||||
|
rot_chars[rci++] = 'H';
|
||||||
|
rot_chars[rci++] = '#';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
/* i */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'i';
|
||||||
|
rot_chars[rci++] = 'I';
|
||||||
|
rot_chars[rci++] = '1';
|
||||||
|
rot_chars[rci++] = '!';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'j';
|
||||||
|
rot_chars[rci++] = 'J';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'k';
|
||||||
|
rot_chars[rci++] = 'K';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
/* l */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'l';
|
||||||
|
rot_chars[rci++] = 'L';
|
||||||
|
rot_chars[rci++] = '1';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'm';
|
||||||
|
rot_chars[rci++] = 'M';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'n';
|
||||||
|
rot_chars[rci++] = 'N';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
/* o */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'o';
|
||||||
|
rot_chars[rci++] = 'O';
|
||||||
|
rot_chars[rci++] = '0';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'p';
|
||||||
|
rot_chars[rci++] = 'P';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'q';
|
||||||
|
rot_chars[rci++] = 'Q';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'r';
|
||||||
|
rot_chars[rci++] = 'R';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
/* s */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 's';
|
||||||
|
rot_chars[rci++] = 'S';
|
||||||
|
rot_chars[rci++] = '$';
|
||||||
|
rot_chars[rci++] = '5';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
/* t */
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 't';
|
||||||
|
rot_chars[rci++] = 'T';
|
||||||
|
rot_chars[rci++] = '+';
|
||||||
|
rot_chars[rci++] = '7';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'u';
|
||||||
|
rot_chars[rci++] = 'U';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'v';
|
||||||
|
rot_chars[rci++] = 'V';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'w';
|
||||||
|
rot_chars[rci++] = 'W';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'x';
|
||||||
|
rot_chars[rci++] = 'X';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'y';
|
||||||
|
rot_chars[rci++] = 'Y';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_pos[ri] = rci;
|
||||||
|
rot_chars[rci++] = 'z';
|
||||||
|
rot_chars[rci++] = 'Z';
|
||||||
|
rot_len[ri] = (rci - rot_pos[ri]);
|
||||||
|
ri++;
|
||||||
|
|
||||||
|
rot_charslen = rci;
|
||||||
|
rot_poslen = ri;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/* new word */
|
||||||
|
void new()
|
||||||
|
{
|
||||||
|
.include [List.HybridLeet:new]
|
||||||
|
}
|
||||||
|
|
||||||
|
void next()
|
||||||
|
{
|
||||||
|
int i, j;
|
||||||
|
|
||||||
|
/* If we have reached the maximum number of rotations, we're done */
|
||||||
|
if (word_rot_current == hybrid_total)
|
||||||
|
{
|
||||||
|
word[0] = 0;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* set word[] to the next candidate */
|
||||||
|
i=0;
|
||||||
|
while (i < word_rot_count)
|
||||||
|
{
|
||||||
|
/* Replace letter in word with appropriate rotated letter fom rot_chars */
|
||||||
|
word[word_rot_idx[i]] = rot_chars[word_rotchars_pos[i]];
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Rotate the word_rotchars_pos */
|
||||||
|
i=0;
|
||||||
|
while (i < word_rot_count)
|
||||||
|
{
|
||||||
|
word_rotchars_pos[i]++;
|
||||||
|
|
||||||
|
j = word_rot_pos[i];
|
||||||
|
if (word_rotchars_pos[i] != (rot_pos[j] + rot_len[j]))
|
||||||
|
{
|
||||||
|
/* No carry */
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Rotation overflow, carry to next rotation */
|
||||||
|
word_rotchars_pos[i] = rot_pos[j];
|
||||||
|
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
|
||||||
|
word_rot_current++;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Called when restoring an interrupted session */
|
||||||
|
void restore()
|
||||||
|
{
|
||||||
|
int wrc;
|
||||||
|
|
||||||
|
.include [List.HybridLeet:new]
|
||||||
|
|
||||||
|
/* Pick up the current iteration */
|
||||||
|
word_rot_current = hybrid_resume;
|
||||||
|
|
||||||
|
/* Zoom the word_rotchars_pos to the hybrid_resume iteration */
|
||||||
|
i=0;
|
||||||
|
wrc = word_rot_current;
|
||||||
|
|
||||||
|
while (i < word_rot_count)
|
||||||
|
{
|
||||||
|
j = word_rot_pos[i];
|
||||||
|
|
||||||
|
/* Rotate this position */
|
||||||
|
word_rotchars_pos[i] = rot_pos[j] + (wrc % rot_len[j]);
|
||||||
|
wrc = wrc / rot_len[j];
|
||||||
|
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,522 @@
|
||||||
|
####################################################################
|
||||||
|
# KoreLogic Custom John the Ripper Rules:
|
||||||
|
####################################################################
|
||||||
|
|
||||||
|
# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
|
||||||
|
[List.Rules:PrependSeason]
|
||||||
|
a6 A0"[Ss$][uU][mM][mM][eE3][rR]"
|
||||||
|
a6 A0"[Ww][iI|][nN][tT+][eE3][rR]"
|
||||||
|
a4 A0"[Ff][aA][lL][lL]"
|
||||||
|
a6 A0"[Ss][pP][rR][iI][nN][gG]"
|
||||||
|
a6 A0"[Aa][uU][tT][uU][mM][nN]"
|
||||||
|
|
||||||
|
# Use this rule with 2EVERYTHING.dic or 3EVERYTHING.dic
|
||||||
|
[List.Rules:AppendSeason]
|
||||||
|
a6 Az"[Ss$][uU][mM][mM][eE3][rR]"
|
||||||
|
a6 Az"[Ww][iI|][nN][tT+][eE3][rR]"
|
||||||
|
a6 Az"[Ff][aA][lL][lL]"
|
||||||
|
a6 Az"[Ss][pP][rR][iI][nN][gG]"
|
||||||
|
a6 Az"[Aa][uU][tT][uU][mM][nN]"
|
||||||
|
|
||||||
|
[List.Rules:PrependHello]
|
||||||
|
a5 A0"[hH][eE][lL][lL][oO0]"
|
||||||
|
|
||||||
|
[List.Rules:PrependYears]
|
||||||
|
a4 A0"20[0-1][0-9]"
|
||||||
|
a4 A0"19[3-9][0-9]"
|
||||||
|
|
||||||
|
# Notice: Your wordlist should likely be all lowercase - or you are wasting work
|
||||||
|
[List.Rules:AppendYears]
|
||||||
|
-[c:] a4 \p[c:] Az"19[0-9][0-9]"
|
||||||
|
-[c:] a4 \p[c:] Az"20[01][0-9]"
|
||||||
|
|
||||||
|
# Notice how we
|
||||||
|
# 1) do caps first b/c they are more common in 'complex' environments
|
||||||
|
# 2) Do !$@#%. first b/c they are the most common special chars
|
||||||
|
[List.Rules:AppendCurrentYearSpecial]
|
||||||
|
-[c:] a5 \p[c:] Az"201[0-9][!$@#%.]"
|
||||||
|
-[c:] a5 \p[c:] Azq201[0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:Append4Num]
|
||||||
|
-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:Append5Num]
|
||||||
|
-[c:] a5 \p[c:] Az"[0-9][0-9][0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:Append6Num]
|
||||||
|
-[c:] a6 \p[c:] Az"[0-9][0-9][0-9][0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:AppendSpecial3num]
|
||||||
|
-[c:] a4 \p[c:] Az"[!$@#%.][0-9][0-9][0-9]"
|
||||||
|
-[c:] a4 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q
|
||||||
|
|
||||||
|
[List.Rules:AppendSpecial4num]
|
||||||
|
-[c:] a5 \p[c:] Az"[!$@#%.][0-9][0-9][0-9][0-9]"
|
||||||
|
-[c:] a5 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9][0-9]q
|
||||||
|
|
||||||
|
[List.Rules:PrependCAPCAPAppendSpecial]
|
||||||
|
a3 A0"[A-Z][A-Z]" $[!$@#%.]
|
||||||
|
a3 A0"[A-Z][A-Z]" $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
|
||||||
|
|
||||||
|
[List.Rules:PrependNumNumAppendSpecial]
|
||||||
|
-[c:] a3 \p[c:] A0"[0-9][0-9]" $[!$@#%.]
|
||||||
|
-[c:] a3 \p[c:] A0"[0-9][0-9]" $[^&()_+\-={}|[\]\\;'":,/<>?`~*]
|
||||||
|
|
||||||
|
[List.Rules:PrependNumNum]
|
||||||
|
-[c:] a2 \p[c:] A0"[0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:PrependNumNumNum]
|
||||||
|
-[c:] a3 \p[c:] A0"[0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:PrependNumNumNumNum]
|
||||||
|
-[c:] a4 \p[c:] A0"[0-9][0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:PrependNumNumSpecial]
|
||||||
|
-[c:] a3 \p[c:] A0"[0-9][0-9][!$@#%.]"
|
||||||
|
-[c:] a3 \p[c:] A0q[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:Prepend2NumbersAppend2Numbers]
|
||||||
|
-[c:] a4 \p[c:] A0"[0-9][0-9]" Az"[0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:PrependSpecialSpecial]
|
||||||
|
-[c:] a2 \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:AppendSpecialNumberNumber]
|
||||||
|
-[c:] a3 \p[c:] Az"[!$@#%.][0-9][0-9]"
|
||||||
|
-[c:] a3 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
|
||||||
|
|
||||||
|
[List.Rules:AppendSpecialNumberNumberNumber]
|
||||||
|
-[c:] a4 \p[c:] Az"[!$@#%.][0-9][0-9][0-9]"
|
||||||
|
-[c:] a4 \p[c:] Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9][0-9]q
|
||||||
|
|
||||||
|
[List.Rules:PrependSpecialSpecialAppendNumber]
|
||||||
|
-[c:] a3 \p[c:] A0"[!$@#%.][!$@#%.]" $[0-9]
|
||||||
|
-[c:] a3 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q $[0-9]
|
||||||
|
|
||||||
|
[List.Rules:PrependSpecialSpecialAppendNumbersNumber]
|
||||||
|
-[c:] a4 \p[c:] A0"[!$@#%.][!$@#%.]" Az"[0-9][0-9]"
|
||||||
|
-[c:] a4 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q Az"[0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:PrependSpecialSpecialAppendNumbersNumberNumber]
|
||||||
|
-[c:] a5 \p[c:] A0"[!$@#%.][!$@#%.]" Az"[0-9][0-9][0-9]"
|
||||||
|
-[c:] a5 \p[c:] A0q[^&()_+\-={}|[\]\\;'":,/<>?`~*][^&()_+\-={}|[\]\\;'":,/<>?`~*]q Az"[0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:Append2Letters]
|
||||||
|
a2 Az"[a-z][a-z]"
|
||||||
|
-c a2 Az"[A-Z][A-Z]"
|
||||||
|
-c a2 Az"[a-z][A-Z]"
|
||||||
|
-c a2 Az"[A-Z][a-z]"
|
||||||
|
|
||||||
|
[List.Rules:Prepend4NumAppendSpecial]
|
||||||
|
-[c:] a5 \p[c:] A0"[0-9][0-9][0-9][0-9]" $[!$@#%.]
|
||||||
|
-[c:] a5 \p[c:] A0"[0-9][0-9][0-9][0-9]" Azq[^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:Append4NumSpecial]
|
||||||
|
-[c:] a5 \p[c:] Az"[0-9][0-9][0-9][0-9][!$@#%.]"
|
||||||
|
-[c:] a5 \p[c:] Azq[0-9][0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:Append3NumSpecial]
|
||||||
|
-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][!$@#%.]"
|
||||||
|
-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:Append2NumSpecial]
|
||||||
|
-[c:] a3 \p[c:] Az"[0-9][0-9][!$@#%.]"
|
||||||
|
-[c:] a3 \p[c:] Azq[0-9][0-9][^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
# Append numbers - but limit the total length.
|
||||||
|
[List.Rules:AddJustNumbers]
|
||||||
|
-[c:] <* >1 \p[c:] $[0-9]
|
||||||
|
-[c:] <* >1 \p[c:] ^[0-9]
|
||||||
|
-[c:] <- >1 \p[c:] Az"[0-9][0-9]"
|
||||||
|
-[c:] <- >1 \p[c:] A0"[0-9][0-9]"
|
||||||
|
-[c:] a3 >1 \p[c:] Az"[0-9][0-9][0-9]"
|
||||||
|
-[c:] a4 >1 \p[c:] Az"[0-9][0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:DevProdTestUAT]
|
||||||
|
-\r[::cc] a3 A\p\r[0l0l]"dev" \p\r[::TT]\p\r[::0l]
|
||||||
|
-\r[::cc] a3 A\p\r[0l0l]"uat" \p\r[::TT]\p\r[::0l]
|
||||||
|
-\r[::cc] a4 A\p\r[0l0l]"prod" \p\r[::TT]\p\r[::0l]
|
||||||
|
-\r[::cc] a4 A\p\r[0l0l]"test" \p\r[::TT]\p\r[::0l]
|
||||||
|
|
||||||
|
[List.Rules:PrependAndAppendSpecial]
|
||||||
|
-[c:] a2 \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
|
||||||
|
|
||||||
|
[List.Rules:AppendJustNumbers]
|
||||||
|
-[c:] <* \p[c:] $[0-9]
|
||||||
|
-[c:] <- \p[c:] Az"[0-9][0-9]"
|
||||||
|
-[c:] a3 \p[c:] Az"[0-9][0-9][0-9]"
|
||||||
|
-[c:] a4 \p[c:] Az"[0-9][0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:AppendNumbers_and_Specials_Simple]
|
||||||
|
# cap first letter then add a 0 2 6 9 ! * to the end
|
||||||
|
-[c:] a1 \p[c:] $[0-9]
|
||||||
|
-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
|
||||||
|
# cap first letter then add a special char - THEN a number !0 %9 !9 etc
|
||||||
|
-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
|
||||||
|
# Cap the first letter - then add 0? 0! 5_ .. 9!
|
||||||
|
## add NUMBER then SPECIAL 1! .. 9?
|
||||||
|
-[c:] a2 \p[c:] Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
## Add Number Number Special
|
||||||
|
-[c:] a3 \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
## Add Special Number Number
|
||||||
|
-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
|
||||||
|
# Add 100! ... 999! to the end
|
||||||
|
-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:AppendJustSpecials]
|
||||||
|
-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
|
||||||
|
-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:MonthsFullPreface]
|
||||||
|
-[:c] a7 A0"\p[jJ]anuary"
|
||||||
|
-[:c] a8 A0"\p[fF]ebruary"
|
||||||
|
-[:c] a5 A0"\p[mM]arch"
|
||||||
|
-[:c] a5 A0"\p[aA]pril"
|
||||||
|
-[:c] a3 A0"\p[mM]ay"
|
||||||
|
-[:c] a4 A0"\p[jJ]une"
|
||||||
|
-[:c] a4 A0"\p[jJ]uly"
|
||||||
|
-[:c] a6 A0"\p[aA]ugust"
|
||||||
|
-[:c] a9 A0"\p[sS]eptember"
|
||||||
|
-[:c] a7 A0"\p[oO]ctober"
|
||||||
|
-[:c] a8 A0"\p[nN]ovember"
|
||||||
|
-[:c] a8 A0"\p[dD]ecember"
|
||||||
|
|
||||||
|
[List.Rules:AddShortMonthsEverywhere]
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[jJ][aA][nN]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[fF][eE][bB]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[mM][aA][rRyY]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[aA][pP][rR]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[jJ][uU][nNlL]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[aA][uU][gG]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[sS][eE][pP]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[oO][cC][tT]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[nN][oO][vV]"
|
||||||
|
a3 >\r[00123456789] A\p[z0-9]"[dD][eE][cC]"
|
||||||
|
|
||||||
|
[List.Rules:Prepend4LetterMonths]
|
||||||
|
## Preface each dictionary with Janu janu Febr febr
|
||||||
|
-[:c] a4 A0"\p[jJ]anu"
|
||||||
|
-[:c] a4 A0"\p[fF]ebr"
|
||||||
|
-[:c] a4 A0"\p[mM]arc"
|
||||||
|
-[:c] a3 A0"\p[aA]pr"
|
||||||
|
-[:c] a3 A0"\p[mM]ay"
|
||||||
|
-[:c] a4 A0"\p[jJ]une"
|
||||||
|
-[:c] a4 A0"\p[jJ]uly"
|
||||||
|
-[:c] a4 A0"\p[Aa]ugu"
|
||||||
|
-[:c] a4 A0"\p[sS]ept"
|
||||||
|
-[:c] a4 A0"\p[oO]cto"
|
||||||
|
-[:c] a4 A0"\p[nN]ove"
|
||||||
|
-[:c] a4 A0"\p[Dd]ece"
|
||||||
|
|
||||||
|
# this will add the string '2010' at all places in the word:
|
||||||
|
# USE this with a 4 or 5 char dictionary file with ALL characters
|
||||||
|
# soo abcde will become
|
||||||
|
# 2010abcde a2010bcde ab2010cde acd2010de abcd2010e abcde2010
|
||||||
|
[List.Rules:Add2010Everywhere]
|
||||||
|
a4 >\r[00123456789] A\p[z0-9]"201[0-9]"
|
||||||
|
|
||||||
|
[List.Rules:PrependDaysWeek]
|
||||||
|
a6 A0"[Mm][oO0][nN][dD][aA4@][yY]"
|
||||||
|
a7 A0"[Tt][uU][eE3][sS$][dD][aA4@][yY]"
|
||||||
|
a9 A0"[Ww][eE3][dD][nN][eE3][sS$][dD][aA4@][yY]"
|
||||||
|
a8 A0"[Tt][hH][uU][rR][sS$][dD][aA4@][yY]"
|
||||||
|
a6 A0"[Ff][rR][iI1!][dD][aA4@][yY]"
|
||||||
|
a8 A0"[Ss][aA4@][tT+][uU][rR][dD][aA4@][yY]"
|
||||||
|
a6 A0"[Ss][uU][nN][dD][aA4@][yY]"
|
||||||
|
|
||||||
|
[List.Rules:Add1234_Everywhere]
|
||||||
|
a4 >\r[00123456789] A\p[z0-9]"1234"
|
||||||
|
|
||||||
|
[List.Rules:AppendMonthDay]
|
||||||
|
-[:c] <* Az"\p[jJ]anuary"
|
||||||
|
-[:c] a8 Az"\p[jJ]anuary[0-9]"
|
||||||
|
-[:c] a9 Az"\p[jJ]anuary[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[fF]ebruary"
|
||||||
|
-[:c] a9 Az"\p[fF]ebruary[0-9]"
|
||||||
|
-[:c] aA Az"\p[fF]ebruary[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[mM]arch"
|
||||||
|
-[:c] a6 Az"\p[mM]arch[0-9]"
|
||||||
|
-[:c] a7 Az"\p[mM]arch[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[aA]pril"
|
||||||
|
-[:c] a6 Az"\p[aA]pril[0-9]"
|
||||||
|
-[:c] a7 Az"\p[aA]pril[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[mM]ay"
|
||||||
|
-[:c] a4 Az"\p[mM]ay[0-9]"
|
||||||
|
-[:c] a5 Az"\p[mM]ay[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[jJ]une"
|
||||||
|
-[:c] a5 Az"\p[jJ]une[0-9]"
|
||||||
|
# There was a typo in Kore's original revision of this rule
|
||||||
|
-[:c] a6 Az"\p[jJ]une[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[jJ]uly"
|
||||||
|
-[:c] a5 Az"\p[jJ]uly[0-9]"
|
||||||
|
-[:c] a6 Az"\p[jJ]uly[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[aA]ugust"
|
||||||
|
-[:c] Az"\p[aA]ugust[0-9]"
|
||||||
|
-[:c] Az"\p[aA]ugust[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[sS]eptember"
|
||||||
|
-[:c] aA Az"\p[sS]eptember[0-9]"
|
||||||
|
# There was a typo in Kore's original revision of this rule
|
||||||
|
-[:c] aB Az"\p[sS]eptember[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[oO]ctober"
|
||||||
|
-[:c] a8 Az"\p[oO]ctober[0-9]"
|
||||||
|
-[:c] a9 Az"\p[oO]ctober[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[nN]ovember"
|
||||||
|
-[:c] a9 Az"\p[nN]ovember[0-9]"
|
||||||
|
-[:c] aA Az"\p[nN]ovember[0-9][0-9]"
|
||||||
|
-[:c] <* Az"\p[dD]ecember"
|
||||||
|
-[:c] a9 Az"\p[dD]ecember[0-9]"
|
||||||
|
-[:c] aA Az"\p[dD]ecember[0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:AppendMonthCurrentYear]
|
||||||
|
-[:c] a7 Az"\p[jJ]an201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[fF]eb201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[mM]ar201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[aA]pr201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[mM]ay201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[jJ]un201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[jJ]ul201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[Aa]ug201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[sS]ep201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[oO]ct201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[nN]ov201[0-9]"
|
||||||
|
-[:c] a7 Az"\p[Dd]ec201[0-9]"
|
||||||
|
|
||||||
|
[List.Rules:ReplaceNumbers2Special]
|
||||||
|
a0 /[1-90] s\0\p[!@#$%^&*()]
|
||||||
|
a0 /1 /[2-90] s1! s\0\p[@#$%^&*()]
|
||||||
|
a0 /2 /[3-90] s2@ s\0\p[#$%^&*()]
|
||||||
|
a0 /3 /[4-90] s3# s\0\p[$%^&*()]
|
||||||
|
a0 /4 /[5-90] s4$ s\0\p[%^&*()]
|
||||||
|
a0 /5 /[6-90] s5% s\0\p[^&*()]
|
||||||
|
a0 /6 /[7-90] s6^ s\0\p[&*()]
|
||||||
|
a0 /7 /[890] s7& s\0\p[*()]
|
||||||
|
a0 /8 /[90] s8* s\0\p[()]
|
||||||
|
a0 /9 /0 s9( s0)
|
||||||
|
|
||||||
|
[List.Rules:ReplaceNumbers]
|
||||||
|
a0 /0 s0[1-9]
|
||||||
|
a0 /1 s1[02-9]
|
||||||
|
a0 /2 s2[013-9]
|
||||||
|
a0 /3 s3[0-24-9]
|
||||||
|
a0 /4 s4[0-35-9]
|
||||||
|
a0 /5 s5[0-46-9]
|
||||||
|
a0 /6 s6[0-57-9]
|
||||||
|
a0 /7 s7[0-68-9]
|
||||||
|
a0 /8 s8[0-79]
|
||||||
|
a0 /9 s9[0-8]
|
||||||
|
# 10 lines above can be replaced with just one:
|
||||||
|
# /[0-9] s\0[0-9] Q
|
||||||
|
# but it's slower (generates, then rejects some duplicates).
|
||||||
|
|
||||||
|
# This is a lamer/faster version of --rules:nt
|
||||||
|
[List.Rules:ReplaceLettersCaps]
|
||||||
|
-c a0 /[a-z] s\0\p[A-Z]
|
||||||
|
|
||||||
|
[List.Rules:AddDotCom]
|
||||||
|
-[c:] a4 \p[c:] Az".com"
|
||||||
|
-[c:] a4 \p[c:] Az".net"
|
||||||
|
-[c:] a4 \p[c:] Az".org"
|
||||||
|
|
||||||
|
[List.Rules:AppendCap-Num_or_Special-Twice]
|
||||||
|
-[c:] a3 \p[c:] Az"[A-Z][0-9][0-9]"
|
||||||
|
-[c:] a3 \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
|
||||||
|
-[c:] a3 \p[c:] Azq[A-Z][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
-[c:] a3 \p[c:] Azq[A-Z][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:AppendSpecialLowerLower]
|
||||||
|
-[c:] a3 \p[c:] AzQ[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][a-z][a-z]Q
|
||||||
|
|
||||||
|
[List.Rules:AppendJustSpecials3Times]
|
||||||
|
-[c:] a3 \p[c:] Az"[!$@#%.][!$@#%.][!$@#%.]"
|
||||||
|
-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:PrependJustSpecials]
|
||||||
|
-[c:] a1 \p[c:] ^[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
|
||||||
|
-[c:] a2 \p[c:] A0q[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:Append1_AddSpecialEverywhere]
|
||||||
|
-[c:] >4 a2 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
|
||||||
|
-[c:] >[5-8] a2 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $1
|
||||||
|
|
||||||
|
[List.Rules:PrependNumNum_AppendNumSpecial]
|
||||||
|
-[c:] a4 \p[c:] A0"[0-9][0-9]" Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
|
||||||
|
[List.Rules:AppendNum_AddSpecialEverywhere]
|
||||||
|
# This should probably use $[02-9] since we try $1 in
|
||||||
|
# Append1_AddSpecialEverywhere
|
||||||
|
-[c:] >4 a2 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[02-9]
|
||||||
|
-[c:] >[5-8] a2 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] $[02-9]
|
||||||
|
|
||||||
|
[List.Rules:AppendNumNum_AddSpecialEverywhere]
|
||||||
|
-[c:] >4 a3 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]"
|
||||||
|
-[c:] >[5-8] a3 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:AppendNumNumNum_AddSpecialEverywhere]
|
||||||
|
-[c:] >4 a4 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]"
|
||||||
|
-[c:] >[5-8] a4 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"[0-9][0-9][0-9]"
|
||||||
|
|
||||||
|
[List.Rules:AppendYears_AddSpecialEverywhere]
|
||||||
|
-[c:] >4 a5 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]"
|
||||||
|
-[c:] >4 a5 \p[c:] i[0-5][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]"
|
||||||
|
-[c:] >[5-8] a5 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"19[4-9][0-9]"
|
||||||
|
-[c:] >[5-8] a5 \p1[c:] i\p2[6-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*] Az"20[0-1][0-9]"
|
||||||
|
|
||||||
|
# This rule needs work actually --- you have to 'sort -u' its output rick
|
||||||
|
# /a = reject if it doesnt have an 'a'
|
||||||
|
# the [:c] does waste some effort - and generate dupes. This is wasteful,
|
||||||
|
# but I want to keep it in b/c the original crack/JtR rules use it.
|
||||||
|
[List.Rules:L33t]
|
||||||
|
-[:c] a0 /\r[aaAAbBeEiiiIIIllll] s\0\r\p[@44@88331!|1!|17|!] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# The following line differs from Kore's erroneous 4 lines:
|
||||||
|
-[:c] a0 /\r[LLLL] s\0\r\p[17|!] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
#/Lsl1[:c]
|
||||||
|
#/Lsl7[:c]
|
||||||
|
#/Lsl|[:c]
|
||||||
|
#/Lsl![:c]
|
||||||
|
-[:c] a0 /\r[oOssSStT1111003344557788] s\0\r\p[00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# Full set (same as above, but on one line):
|
||||||
|
#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# Double substitutions start here.
|
||||||
|
# Compared to Kore's, we check for both chars first, then replace both.
|
||||||
|
# This produces different results from Kore's, which would replace all
|
||||||
|
# instances of the first char before checking for the second.
|
||||||
|
# Kore's behavior may be restored by moving "sa[@4]" to be right after "/a"
|
||||||
|
# on the line below, and ditto for further lines.
|
||||||
|
-[:c] a0 /a /\r[AAbBeEiiiIIIllllLLLLoOssSStT111100334@557788] sa[@4] s\2\r\p2[4@88331!|1!|17|!17|!00$5$5++!iI|oOeE@4sSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# Kore had these (probably unintentionally, so we don't duplicate them):
|
||||||
|
#/asa4/4s4a[:c]
|
||||||
|
#/asa4/4s4A[:c]
|
||||||
|
-[:c] a0 /A /\r[aabBeEiiiIIIllllLLLLoOssSStT1111003344557788] sA4 s\0\r\p[@488331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# Kore also had these, but (intentionally?) missed sb8 on this set (after sA4)
|
||||||
|
#/AsA4/4s4a[:c]
|
||||||
|
#/AsA4/4s4A[:c]
|
||||||
|
-[:c] a0 /b /\r[aaAABeEiiiIIIllllLLLLoOssSStT1111003344557788] sb8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /B /\r[aaAAbeEiiiIIIllllLLLLoOssSStT1111003344557788] sB8 s\0\r\p[@44@8331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /e /\r[aaAAbBEiiiIIIllllLLLLoOssSStT1111003344557788] se3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /E /\r[aaAAbBeiiiIIIllllLLLLoOssSStT1111003344557788] sE3 s\0\r\p[@44@8831!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /i /\r[aaAAbBeEIIIllllLLLLoOssSStT1111003344557788] si[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /I /\r[aaAAbBeEiiillllLLLLoOssSStT1111003344557788] sI[1!|] s\2\r\p2[@44@88331!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# Kore's rules only included sl[17|], but not sl!
|
||||||
|
-[:c] a0 /l /\r[aaAAbBeEiiiIIILLLLoOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# All "/L" rules (171 lines) were buggy
|
||||||
|
-[:c] a0 /L /\r[aaAAbBeEiiiIIIlllloOssSStT1111003344557788] sl[17|!] s\2\r\p2[@44@88331|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /o /\r[aaAAbBeEiiiIIIllllLLLLOssSStT1111003344557788] so0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /O /\r[aaAAbBeEiiiIIIllllLLLLossSStT1111003344557788] sO0 s\0\r\p[@44@88331!|1!|17|!17|!0$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /s /\r[aaAAbBeEiiiIIIllllLLLLoOSStT1111003344557788] ss[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /S /\r[aaAAbBeEiiiIIIllllLLLLoOsstT1111003344557788] sS[$5] s\2\r\p2[@44@88331!|1!|17|!17|!00$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /t /\r[aaAAbBeEiiiIIIllllLLLLoOssSST1111003344557788] st+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /T /\r[aaAAbBeEiiiIIIllllLLLLoOssSSt1111003344557788] sT+ s\0\r\p[@44@88331!|1!|17|!17|!00$5$5+!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# are these 100% redundant from above rules? !!!!
|
||||||
|
-[:c] a0 /1 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT003344557788] s1[!iI|] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /0 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11113344557788] s0[oO] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|eEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /3 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110044557788] s3[eE] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
#-[:c] /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT1111003344557788] s\0\r\p[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /4 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033557788] s4[aA] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEsSlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /5 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033447788] s5[sS] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAlLbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /7 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445588] s7[lL] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSbB] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /8 /\r[aaAAbBeEiiiIIIllllLLLLoOssSStT11110033445577] s8[bB] s\2\r\p2[@44@88331!|1!|17|!17|!00$5$5++!iI|oOeEaAsSlL] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
# These are some popular triple/quad l33t rules
|
||||||
|
-[:c] a0 /a /e /[los] sa4 se3 s\0\p[10$] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /[ae] /l /[os] s\2\p2[43] sl1 s\3\p3[0$] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /[ae] /o /s s\2\p2[43] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /l /o /s sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /a /e /l /[os] sa4 se3 sl1 s\0\p[0$] \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /a /[el] /o /s sa4 s\0\p[31] so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /e /l /o /s se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
-[:c] a0 /a /e /l /o /s sa4 se3 sl1 so0 ss$ \p1[:M] \p1[:c] \p1[:Q]
|
||||||
|
|
||||||
|
[List.Rules:ReplaceSpecial2Special]
|
||||||
|
# Kore's rules were missing "*"
|
||||||
|
# Kore's rules were missing ?[]{}`~
|
||||||
|
# Now converted into just a SINGLE rule (well 2 since ? must use class syntax)
|
||||||
|
# The rules do add a Q to avoid no-op, but it is now 2 'working' rules
|
||||||
|
# NOTE, there were numerous rules which also had problems, which were fixed
|
||||||
|
# (in commented out rules), and are 'right' in the 2 new replacement rules.
|
||||||
|
# Now thru some pre-processor jiu jitsu, this was reduced to a single rule line
|
||||||
|
a0 /[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~?]\p\r[:::::::::::::::::::::::::::::::?] \p\r[:::::::::::::::::::::::::::::::s]\p\r[sssssssssssssssssssssssssssssss?]\1[!@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~] Q
|
||||||
|
#these 2 are replaced by the equivalent above 1 rule.
|
||||||
|
# /[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~] s\0[!@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~] Q
|
||||||
|
# /?? s??[!@#$%^&*()\-=_+\\|;:'",./><\[\]{}`~]
|
||||||
|
#these are replaced by the equivalent above 2 rule lines.
|
||||||
|
# /! s![@#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~]
|
||||||
|
# /@ s@[!#$%^&*()\-=_+\\|;:'",./?><\[\]{}`~]
|
||||||
|
#others replacing #$%^&*()-=_+\|;:'",./?><[]{}`~ cut out, and not shown.
|
||||||
|
|
||||||
|
[List.Rules:ReplaceLetters]
|
||||||
|
a0 /[a-z] s\0[a-z] Q
|
||||||
|
-c a0 /[a-z] s\0[A-Z]
|
||||||
|
|
||||||
|
####################################################################
|
||||||
|
# This ruleset contains ALL of the above, for a total
|
||||||
|
# of 7,074,074 rules after dupe removal
|
||||||
|
[List.Rules:KoreLogic]
|
||||||
|
.include [List.Rules:PrependNumNum]
|
||||||
|
.include [List.Rules:PrependYears]
|
||||||
|
.include [List.Rules:AppendYears]
|
||||||
|
.include [List.Rules:PrependNumNumNum]
|
||||||
|
.include [List.Rules:MonthsFullPreface]
|
||||||
|
.include [List.Rules:Prepend4LetterMonths]
|
||||||
|
.include [List.Rules:PrependSeason]
|
||||||
|
.include [List.Rules:AppendSeason]
|
||||||
|
.include [List.Rules:PrependHello]
|
||||||
|
.include [List.Rules:AppendCurrentYearSpecial]
|
||||||
|
.include [List.Rules:PrependSpecialSpecial]
|
||||||
|
.include [List.Rules:Append2Letters]
|
||||||
|
.include [List.Rules:AddJustNumbers]
|
||||||
|
.include [List.Rules:DevProdTestUAT]
|
||||||
|
.include [List.Rules:PrependAndAppendSpecial]
|
||||||
|
.include [List.Rules:AppendJustNumbers]
|
||||||
|
# This is split for better order:
|
||||||
|
# First part of AppendNumbers_and_Specials_Simple
|
||||||
|
-[c:] a1 \p[c:] $[0-9]
|
||||||
|
-[c:] a1 \p[c:] $[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]
|
||||||
|
-[c:] a2 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9]q
|
||||||
|
-[c:] a2 \p[c:] Azq[0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
.include [List.Rules:AppendJustSpecials]
|
||||||
|
.include [List.Rules:AddShortMonthsEverywhere]
|
||||||
|
.include [List.Rules:Add2010Everywhere]
|
||||||
|
.include [List.Rules:Add1234_Everywhere]
|
||||||
|
.include [List.Rules:AppendMonthDay]
|
||||||
|
.include [List.Rules:AppendMonthCurrentYear]
|
||||||
|
.include [List.Rules:ReplaceNumbers2Special]
|
||||||
|
.include [List.Rules:ReplaceNumbers]
|
||||||
|
.include [List.Rules:ReplaceLettersCaps]
|
||||||
|
.include [List.Rules:AddDotCom]
|
||||||
|
.include [List.Rules:PrependJustSpecials]
|
||||||
|
.include [List.Rules:Append1_AddSpecialEverywhere]
|
||||||
|
.include [List.Rules:AppendNum_AddSpecialEverywhere]
|
||||||
|
.include [List.Rules:AppendNumNum_AddSpecialEverywhere]
|
||||||
|
.include [List.Rules:AppendNumNumNum_AddSpecialEverywhere]
|
||||||
|
.include [List.Rules:AppendYears_AddSpecialEverywhere]
|
||||||
|
.include [List.Rules:L33t]
|
||||||
|
.include [List.Rules:ReplaceSpecial2Special]
|
||||||
|
.include [List.Rules:ReplaceLetters]
|
||||||
|
.include [List.Rules:AppendSpecialNumberNumber]
|
||||||
|
.include [List.Rules:PrependNumNumAppendSpecial]
|
||||||
|
.include [List.Rules:PrependNumNumSpecial]
|
||||||
|
.include [List.Rules:Append2NumSpecial]
|
||||||
|
.include [List.Rules:PrependDaysWeek]
|
||||||
|
# Second part of AppendNumbers_and_Specials_Simple
|
||||||
|
-[c:] a3 \p[c:] Azq[0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
-[c:] a3 \p[c:] Azq[!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*][0-9][0-9]q
|
||||||
|
.include [List.Rules:PrependSpecialSpecialAppendNumber]
|
||||||
|
.include [List.Rules:Append4Num]
|
||||||
|
.include [List.Rules:PrependNumNumNumNum]
|
||||||
|
.include [List.Rules:Prepend2NumbersAppend2Numbers]
|
||||||
|
.include [List.Rules:PrependCAPCAPAppendSpecial]
|
||||||
|
.include [List.Rules:AppendSpecialLowerLower]
|
||||||
|
# Last part of AppendNumbers_and_Specials_Simple
|
||||||
|
-[c:] a4 \p[c:] Azq[0-9][0-9][0-9][!$@#%.^&()_+\-={}|[\]\\;'":,/<>?`~*]q
|
||||||
|
.include [List.Rules:AppendSpecial3num]
|
||||||
|
.include [List.Rules:AppendSpecialNumberNumberNumber]
|
||||||
|
.include [List.Rules:Append3NumSpecial]
|
||||||
|
.include [List.Rules:PrependNumNum_AppendNumSpecial]
|
||||||
|
.include [List.Rules:AppendJustSpecials3Times]
|
||||||
|
.include [List.Rules:AppendCap-Num_or_Special-Twice]
|
||||||
|
.include [List.Rules:PrependSpecialSpecialAppendNumbersNumber]
|
||||||
|
.include [List.Rules:Append5Num]
|
||||||
|
.include [List.Rules:AppendSpecial4num]
|
||||||
|
.include [List.Rules:Prepend4NumAppendSpecial]
|
||||||
|
.include [List.Rules:Append4NumSpecial]
|
||||||
|
.include [List.Rules:PrependSpecialSpecialAppendNumbersNumberNumber]
|
||||||
|
.include [List.Rules:Append6Num]
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,375 @@
|
||||||
|
# regex_alphabets.conf
|
||||||
|
#
|
||||||
|
# This is the multiple alphabest usable by rexgen function.
|
||||||
|
|
||||||
|
# this is the 'default'
|
||||||
|
[List.Rexgen.Alpha]
|
||||||
|
|
||||||
|
# can also use -i mode rexgen (TBD)
|
||||||
|
[List.Rexgen.Alpha:cased]
|
||||||
|
a=[aA]
|
||||||
|
b=[bB]
|
||||||
|
c=[cC]
|
||||||
|
d=[dD]
|
||||||
|
e=[eE]
|
||||||
|
f=[fF]
|
||||||
|
g=[gG]
|
||||||
|
h=[hH]
|
||||||
|
i=[iI]
|
||||||
|
j=[jJ]
|
||||||
|
k=[kK]
|
||||||
|
l=[lL]
|
||||||
|
m=[mM]
|
||||||
|
n=[nN]
|
||||||
|
o=[oO]
|
||||||
|
p=[pP]
|
||||||
|
q=[qQ]
|
||||||
|
r=[rR]
|
||||||
|
s=[sS]
|
||||||
|
t=[tT]
|
||||||
|
u=[uU]
|
||||||
|
v=[vV]
|
||||||
|
w=[wW]
|
||||||
|
x=[xX]
|
||||||
|
y=[yY]
|
||||||
|
z=[zZ]
|
||||||
|
A=[aA]
|
||||||
|
B=[bB]
|
||||||
|
C=[cC]
|
||||||
|
D=[dD]
|
||||||
|
E=[eE]
|
||||||
|
F=[fF]
|
||||||
|
G=[gG]
|
||||||
|
H=[hH]
|
||||||
|
I=[iI]
|
||||||
|
J=[jJ]
|
||||||
|
K=[kK]
|
||||||
|
L=[lL]
|
||||||
|
M=[mM]
|
||||||
|
N=[nN]
|
||||||
|
O=[oO]
|
||||||
|
P=[pP]
|
||||||
|
Q=[qQ]
|
||||||
|
R=[rR]
|
||||||
|
S=[sS]
|
||||||
|
T=[tT]
|
||||||
|
U=[uU]
|
||||||
|
V=[vV]
|
||||||
|
W=[wW]
|
||||||
|
X=[xX]
|
||||||
|
Y=[yY]
|
||||||
|
Z=[zZ]
|
||||||
|
|
||||||
|
# simple 1337 mode. ONLY leet's lower case letters, and smallish alphabet. But VERY fast.
|
||||||
|
[List.Rexgen.Alpha:leet]
|
||||||
|
a=[a4@]
|
||||||
|
b=[b8]
|
||||||
|
e=[e3]
|
||||||
|
g=[g9]
|
||||||
|
i=[i!]
|
||||||
|
l=[l17]
|
||||||
|
o=[o0]
|
||||||
|
s=[s$5]
|
||||||
|
t=[t+7]
|
||||||
|
|
||||||
|
# simple 1337 mode with mixed case
|
||||||
|
[List.Rexgen.Alpha:leet+c]
|
||||||
|
a=[aA4@]
|
||||||
|
b=[bB8]
|
||||||
|
c=[cC]
|
||||||
|
d=[dD]
|
||||||
|
e=[eE3]
|
||||||
|
f=[fF]
|
||||||
|
g=[gG9]
|
||||||
|
h=[hH]
|
||||||
|
i=[iI!]
|
||||||
|
j=[jJ]
|
||||||
|
k=[kK]
|
||||||
|
l=[lL1]
|
||||||
|
m=[mM]
|
||||||
|
n=[nN]
|
||||||
|
o=[oO0]
|
||||||
|
p=[pP]
|
||||||
|
q=[qQ]
|
||||||
|
r=[rR]
|
||||||
|
s=[sS$5]
|
||||||
|
t=[tT+7]
|
||||||
|
u=[uU]
|
||||||
|
v=[vV]
|
||||||
|
w=[wW]
|
||||||
|
x=[xX]
|
||||||
|
y=[yY]
|
||||||
|
z=[zZ]
|
||||||
|
A=[aA]
|
||||||
|
B=[bB]
|
||||||
|
C=[cC]
|
||||||
|
D=[dD]
|
||||||
|
E=[eE]
|
||||||
|
F=[fF]
|
||||||
|
G=[gG]
|
||||||
|
H=[hH]
|
||||||
|
I=[iI]
|
||||||
|
J=[jJ]
|
||||||
|
K=[kK]
|
||||||
|
L=[lL]
|
||||||
|
M=[mM]
|
||||||
|
N=[nN]
|
||||||
|
O=[oO]
|
||||||
|
P=[pP]
|
||||||
|
Q=[qQ]
|
||||||
|
R=[rR]
|
||||||
|
S=[sS]
|
||||||
|
T=[tT]
|
||||||
|
U=[uU]
|
||||||
|
V=[vV]
|
||||||
|
W=[wW]
|
||||||
|
X=[xX]
|
||||||
|
Y=[yY]
|
||||||
|
Z=[zZ]
|
||||||
|
|
||||||
|
# much stronger 1337 mode. Does much larger alphabet. Includes a couple multiple
|
||||||
|
# character replacement values: f -> ph and f -> |= Also does upper case
|
||||||
|
# note contains ALL values from Rexgen.Alpha:leet
|
||||||
|
[List.Rexgen.Alpha:leet2]
|
||||||
|
a=[a4@]
|
||||||
|
b=[b8]
|
||||||
|
c=[c\(<k]
|
||||||
|
e=[e3]
|
||||||
|
f=(f|ph|\|=)
|
||||||
|
g=[g9]
|
||||||
|
i=[i1!\|]
|
||||||
|
l=[l1]
|
||||||
|
o=[o0]
|
||||||
|
s=[s$5]
|
||||||
|
t=[t+7]
|
||||||
|
A=[A4@]
|
||||||
|
B=[B8]
|
||||||
|
C=[C\(<k]
|
||||||
|
E=[E3]
|
||||||
|
F=(F|Ph|PH|\|=)
|
||||||
|
G=[G9]
|
||||||
|
I=[I1!\|]
|
||||||
|
L=[L1]
|
||||||
|
O=[O0]
|
||||||
|
S=[S$5]
|
||||||
|
T=[T+7]
|
||||||
|
|
||||||
|
# stronger elete, with mixed case.
|
||||||
|
[List.Rexgen.Alpha:leet2_case]
|
||||||
|
a=[aA4@]
|
||||||
|
b=[bB8]
|
||||||
|
c=[cC\(]
|
||||||
|
d=[dD]
|
||||||
|
e=[eE3]
|
||||||
|
f=(f|F|ph|Ph|PH|\|=)
|
||||||
|
g=[gG9]
|
||||||
|
h=[hH]
|
||||||
|
i=[iI1!\|]
|
||||||
|
j=[jJ]
|
||||||
|
k=[kK]
|
||||||
|
l=[lL1]
|
||||||
|
m=[mM]
|
||||||
|
n=[nN]
|
||||||
|
o=[oO0]
|
||||||
|
p=[pP]
|
||||||
|
q=[qQ]
|
||||||
|
r=[rR]
|
||||||
|
s=[sS$5]
|
||||||
|
t=[tT+7]
|
||||||
|
u=[uU]
|
||||||
|
v=[vV]
|
||||||
|
w=[wW]
|
||||||
|
x=[xX]
|
||||||
|
y=[yY]
|
||||||
|
z=[zZ]
|
||||||
|
A=[aA4@]
|
||||||
|
B=[bB8]
|
||||||
|
C=[cC\(]
|
||||||
|
D=[dD]
|
||||||
|
E=[eE3]
|
||||||
|
F=(f|F|Ph|ph|PH|\|=)
|
||||||
|
G=[gG9]
|
||||||
|
H=[hH]
|
||||||
|
I=[iI1!\|]
|
||||||
|
J=[jJ]
|
||||||
|
K=[kK]
|
||||||
|
L=[lL1]
|
||||||
|
M=[mM]
|
||||||
|
N=[nN]
|
||||||
|
O=[oO0]
|
||||||
|
P=[pP]
|
||||||
|
Q=[qQ]
|
||||||
|
R=[rR]
|
||||||
|
S=[sS$5]
|
||||||
|
T=[tT+7]
|
||||||
|
U=[uU]
|
||||||
|
V=[vV]
|
||||||
|
W=[wW]
|
||||||
|
X=[xX]
|
||||||
|
Y=[yY]
|
||||||
|
Z=[zZ]
|
||||||
|
|
||||||
|
# Very strong elete. MANY multi char eletes, AND some other more obsure ones.
|
||||||
|
# a LOT of stuff here, BUT runs much much slower, since there are many more optional
|
||||||
|
# values to try.
|
||||||
|
# note contains ALL values from Rexgen.Alpha:leet2
|
||||||
|
[List.Rexgen.Alpha:leet3]
|
||||||
|
a=(a|/-\\|4|@)
|
||||||
|
b=(b|\|3|\|o|8)
|
||||||
|
c=[c\(<KS]
|
||||||
|
d=(d|\|\)|o\||\|>|<\|)
|
||||||
|
e=[e3]
|
||||||
|
f=(f|ph|\|=)
|
||||||
|
g=[g\(69]
|
||||||
|
h=(h|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
|
||||||
|
i=(i|1|!|\||\]\[)
|
||||||
|
j=(j|_\|)
|
||||||
|
k=(k|\|<|/<|\\<|\|\{)
|
||||||
|
l=(l|1|\||\|_)
|
||||||
|
m=(m|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
|
||||||
|
n=(n|\|\\\||/\\/|\|\\\\\||/\|/)
|
||||||
|
o=(o|0|\(\)|\[\]|\{\})
|
||||||
|
p=(p|\|2|\|D)
|
||||||
|
q=(q|\(,\)|kw)
|
||||||
|
r=(r|\|2|\|Z|\|?)
|
||||||
|
s=[s$5]
|
||||||
|
t=(t|+|'\]\['|7)
|
||||||
|
u=(u|\|_\|)
|
||||||
|
v=(v|\|/|\\\||\\/|/)
|
||||||
|
w=(w|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
|
||||||
|
x=(x|><|\}\{)
|
||||||
|
y=(y|'/|`/|j)
|
||||||
|
z=(z|2|\(\\\))
|
||||||
|
A=(A|/-\\|4|@)
|
||||||
|
B=(B|\|3|\|o|8)
|
||||||
|
C=[C\(<KS]
|
||||||
|
D=(D|\|\)|o\||\|>|<\|)
|
||||||
|
E=[E3]
|
||||||
|
F=(F|Ph|PH|\|=)
|
||||||
|
G=[G\(69]
|
||||||
|
H=(H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
|
||||||
|
I=(I|1|!|\||\]\[)
|
||||||
|
J=(J|_\|)
|
||||||
|
K=(K|\|<|/<|\\<|\|\{)
|
||||||
|
L=(L|1|\||\|_)
|
||||||
|
M=(M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
|
||||||
|
N=(N|\|\\\||/\\/|\|\\\\\||/\|/)
|
||||||
|
O=(O|0|\(\)|\[\]|\{\})
|
||||||
|
P=(P|\|2|\|D)
|
||||||
|
Q=(Q|\(,\)|kw)
|
||||||
|
R=(R|\|2|\|Z|\|?)
|
||||||
|
S=[S$5]
|
||||||
|
T=(T|+|'\]\['|7)
|
||||||
|
U=(U|\|_\|)
|
||||||
|
v=(V|\|/|\\\||\\/|/)
|
||||||
|
W=(W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
|
||||||
|
X=(X|><|\}\{)
|
||||||
|
Y=(Y|'/|`/|j)
|
||||||
|
Z=(Z|2|\(\\\))
|
||||||
|
|
||||||
|
[List.Rexgen.Alpha:leet3_case]
|
||||||
|
a=(a|A|/-\\|4|@)
|
||||||
|
b=(b|B|\|3|\|o|8)
|
||||||
|
c=[cC\(<KS]
|
||||||
|
d=(d|D|\|\)|o\||\|>|<\|)
|
||||||
|
e=[eE3]
|
||||||
|
f=(f|F|ph|Ph|PH|\|=)
|
||||||
|
g=[gG\(69]
|
||||||
|
h=(h|H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
|
||||||
|
i=(i|I|1|!|\||\]\[)
|
||||||
|
j=(j|J|_\|)
|
||||||
|
k=(k|K|\|<|/<|\\<|\|\{)
|
||||||
|
l=(l|L|1|\||\|_)
|
||||||
|
m=(m|M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
|
||||||
|
n=(n|N|\|\\\||/\\/|\|\\\\\||/\|/)
|
||||||
|
o=(o|O|0|\(\)|\[\]|\{\})
|
||||||
|
p=(p|P|\|2|\|D)
|
||||||
|
q=(q|Q|\(,\)|kw)
|
||||||
|
r=(r|R|\|2|\|Z|\|?)
|
||||||
|
s=[sS$5]
|
||||||
|
t=(t|T|+|'\]\['|7)
|
||||||
|
u=(u|U|\|_\|)
|
||||||
|
v=(v|V|\|/|\\\||\\/|/)
|
||||||
|
w=(w|W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
|
||||||
|
x=(x|X|><|\}\{)
|
||||||
|
y=(y|Y|'/|`/|j)
|
||||||
|
z=(z|Z|2|\(\\\))
|
||||||
|
A=(a|A|/-\\|4|@)
|
||||||
|
B=(b|B|\|3|\|o|8)
|
||||||
|
C=[cC\(<KS]
|
||||||
|
D=(d|D|\|\)|o\||\|>|<\|)
|
||||||
|
E=[eE3]
|
||||||
|
F=(f|F|PH|Ph|ph|\|=)
|
||||||
|
G=[gG\(69]
|
||||||
|
H=(h|H|\|\-\||\]\-\[|\}-\{|\(-\)|\)-\(|\}\{|#)
|
||||||
|
I=(i|I|1|!|\||\]\[)
|
||||||
|
J=(j|J|_\|)
|
||||||
|
K=(k|K|\|<|/<|\\<|\|\{)
|
||||||
|
L=(l|L|1|\||\|_)
|
||||||
|
M=(m|M|\|\\/\||/\\/\\|\|'\|'\||\(\\/\)|/\\\\|/\|\\|/v\\)
|
||||||
|
N=(n|N|\|\\\||/\\/|\|\\\\\||/\|/)
|
||||||
|
O=(o|O|0|\(\)|\[\]|\{\})
|
||||||
|
P=(p|P|\|2|\|D)
|
||||||
|
Q=(q|Q|\(,\)|kw)
|
||||||
|
R=(r|R|\|2|\|Z|\|?)
|
||||||
|
S=[sS$5]
|
||||||
|
T=(t|T|+|'\]\['|7)
|
||||||
|
U=(u|U|\|_\|)
|
||||||
|
v=(v|V|\|/|\\\||\\/|/)
|
||||||
|
W=(w|W|\\/\\/|\\\|\\\||\|/\|/|\\\|/|\\^/|//)
|
||||||
|
X=(x|X|><|\}\{)
|
||||||
|
Y=(y|Y|'/|`/|j)
|
||||||
|
Z=(z|Z|2|\(\\\))
|
||||||
|
|
||||||
|
[List.Rexgen.Alpha:ascii2nonascii]
|
||||||
|
A=[ÀÁÂÃÄÅÆĀĂĄǍǞǠǺȀȂȦȺA]
|
||||||
|
B=[ƁƂɃʙB]
|
||||||
|
C=[ÇĆĈĊČƇȻC]
|
||||||
|
D=[ÐĎĐƉƊƋDZDzD]
|
||||||
|
E=[ÈÉÊËĒĔĖĘĚƎƏƐȄȆȨɆE]
|
||||||
|
F=[ƑF]
|
||||||
|
G=[ĜĞĠĢƓǤǦǴɢG]
|
||||||
|
H=[ĤĦǶȞʜH]
|
||||||
|
I=[ÌÍÎÏĨĪĬĮİƗǏȈȊɪI]
|
||||||
|
J=[ĴƖɈJ]
|
||||||
|
K=[ĶĸƘǨK]
|
||||||
|
L=[£ĹĻĽĿŁȽʟL]
|
||||||
|
M=[ƜM]
|
||||||
|
N=[ÑŃŅŇŊƝǸȠɴN]
|
||||||
|
O=[ÒÓÔÕÖØŌŎŐŒƆƟƠǑǪǬǾȌȎȪȬȮȰƢO]
|
||||||
|
P=[ƤP]
|
||||||
|
Q=[ɊQ]
|
||||||
|
R=[®ŔŖŘƦȐȒɌʀʁʶR]
|
||||||
|
S=[ŚŜŞŠƧȘS]
|
||||||
|
T=[ŢŤƬƮȚȾT]
|
||||||
|
U=[ÙÚÛÜŨŪŬŮŰŲƯǓǕǗǙǛȔȖɄU]
|
||||||
|
V=[ɅV]
|
||||||
|
W=[ŴW]
|
||||||
|
Y=[¥ÝŶŸƳȲɎʏY]
|
||||||
|
Z=[ŹŻŽƵȤZ]
|
||||||
|
a=[àáâãäåæāăąǎǟǡǻȁȃȧɐɑɒa]
|
||||||
|
b=[ƀƃɓb]
|
||||||
|
c=[¢©çćĉċčƈȼɕc]
|
||||||
|
d=[ðďđƌƍȡɖɗdzd]
|
||||||
|
e=[èéêëēĕėęěǝȅȇȩɇɘəɚɛɜɝɞe]
|
||||||
|
f=[ƒf]
|
||||||
|
g=[ĝğġģǥǧǵɠɡg]
|
||||||
|
h=[ħȟɥɦʮʯʰʱĥh]
|
||||||
|
i=[ìíîïĩīĭįıǐȉȋɨi]
|
||||||
|
j=[ĵǰȷɉɟʄʝʲj]
|
||||||
|
k=[ķƙǩʞ]
|
||||||
|
l=[ĺļľŀłƚƛȴɫɬɭl]
|
||||||
|
m=[µɯɰɱm]
|
||||||
|
n=[ñńņňʼnŋƞǹȵɲɳn]
|
||||||
|
o=[òóôõöøōŏőœơǒǫǭǿȍȏȫȭȯȱɵƣȣo]
|
||||||
|
p=[ƥp]
|
||||||
|
q=[ɋʠq]
|
||||||
|
r=[ŕŗřȑȓɍɹɺɻɼɽɾɿʳʴʵr]
|
||||||
|
s=[śŝşšſƨșȿʂs]
|
||||||
|
t=[ţťŦŧƫƭțȶʇʈt]
|
||||||
|
u=[ùúûüũūŭůűųưǔǖǘǚǜȕȗʉu]
|
||||||
|
v=[ʌv]
|
||||||
|
w=[ŵʍʷw]
|
||||||
|
x=[×x]
|
||||||
|
y=[ýÿŷƴȳɏʎʸy]
|
||||||
|
z=[źżžƶȥɀʐʑz]
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,163 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode AIX
|
||||||
|
based password hashes, such as:
|
||||||
|
|
||||||
|
* `DES` based passwords
|
||||||
|
|
||||||
|
The following can be used to add credentials to the database for cracking:
|
||||||
|
|
||||||
|
* https://github.com/rapid7/metasploit-framework/pull/11264#issuecomment-455762574
|
||||||
|
|
||||||
|
[source](https://openwall.info/wiki/john/sample-hashes), [source2](http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats)
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Have at least one user with a `des` password in the database
|
||||||
|
2. Start msfconsole
|
||||||
|
3. Do: ```use auxiliary/analyze/jtr_aix```
|
||||||
|
4. Do: ```run```
|
||||||
|
5. You should hopefully crack a password.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
|
||||||
|
**CONFIG**
|
||||||
|
|
||||||
|
The path to a John config file (JtR option: `--config`). Default is `metasploit-framework/data/john.conf`
|
||||||
|
|
||||||
|
**CUSTOM_WORDLIST**
|
||||||
|
|
||||||
|
The path to an optional custom wordlist. This file is added to the new wordlist which may include the other
|
||||||
|
`USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
|
||||||
|
|
||||||
|
**ITERATION_TIMOUT**
|
||||||
|
|
||||||
|
The max-run-time for each iteration of cracking
|
||||||
|
|
||||||
|
**JOHN_PATH**
|
||||||
|
|
||||||
|
The absolute path to the John the Ripper executable. Default behavior is to search `path` for
|
||||||
|
`john` and `john.exe`.
|
||||||
|
|
||||||
|
**KORELOGIC**
|
||||||
|
|
||||||
|
Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**MUTATE**
|
||||||
|
|
||||||
|
Apply common mutations to the Wordlist (SLOW). Mutations are:
|
||||||
|
|
||||||
|
* `'@' => 'a'`
|
||||||
|
* `'0' => 'o'`
|
||||||
|
* `'3' => 'e'`
|
||||||
|
* `'$' => 's'`
|
||||||
|
* `'7' => 't'`
|
||||||
|
* `'1' => 'l'`
|
||||||
|
* `'5' => 's'`
|
||||||
|
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**POT**
|
||||||
|
|
||||||
|
The path to a John POT file (JtR option: `--pot`) to use instead. The `pot` file is the data file which
|
||||||
|
records cracked password hashes. Kali linux's default location is `/root/.john/john.pot`.
|
||||||
|
Default is `metasploit-framework/data/john.pot`.
|
||||||
|
|
||||||
|
**USE_CREDS**
|
||||||
|
|
||||||
|
Use existing credential data saved in the database. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DB_INFO**
|
||||||
|
|
||||||
|
Use looted database schema info to seed the wordlist. This includes the Database Name, each Table Name,
|
||||||
|
and each Column Name. If the DB is MSSQL, the Instance Name is also used. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DEFAULT_WORDLIST**
|
||||||
|
|
||||||
|
Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`. Default is
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
**USE_HOSTNAMES**
|
||||||
|
|
||||||
|
Seed the wordlist with hostnames from the workspace. Default is `true`.
|
||||||
|
|
||||||
|
**USE_ROOT_WORDS**
|
||||||
|
|
||||||
|
Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`. Default
|
||||||
|
is true.
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
Utilizing the `make_hashes` file listed in the Vulnerable Application section:
|
||||||
|
|
||||||
|
```
|
||||||
|
[*] Deleted 3 creds
|
||||||
|
resource (hashes.rb)> use auxiliary/scanner/ssh/ssh_login
|
||||||
|
resource (hashes.rb)> set username ubuntu
|
||||||
|
username => ubuntu
|
||||||
|
resource (hashes.rb)> set password ubuntu
|
||||||
|
password => ubuntu
|
||||||
|
resource (hashes.rb)> set rhosts 111.111.1.111
|
||||||
|
rhosts => 111.111.1.111
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] 111.111.1.111:22 - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) Linux ubuntu1604 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
|
||||||
|
[*] Command shell session 1 opened (2.2.2.2:40085 -> 111.111.1.111:22) at 2019-01-19 04:00:54 -0500
|
||||||
|
[*] Scanned 1 of 1 hosts (100% complete)
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
resource (hashes.rb)> use post/test/make_hashes
|
||||||
|
resource (hashes.rb)> set session 1
|
||||||
|
session => 1
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] Adding des_passphrase:qiyh4XPJGsOZ2MEAyLkfWqeQ:des
|
||||||
|
[+] Adding des_password:rEK1ecacw.7.c:des
|
||||||
|
[*] Post module execution completed
|
||||||
|
[*] Starting persistent handler(s)...
|
||||||
|
```
|
||||||
|
```
|
||||||
|
msf5 post(test/make_hashes) > use auxiliary/analyze/jtr_aix
|
||||||
|
msf5 auxiliary(analyze/jtr_aix) > run
|
||||||
|
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190119-17882-1wvuebb
|
||||||
|
[*] Wordlist file written out to /tmp/jtrtmp20190119-17882-u2m52i
|
||||||
|
[*] Cracking descrypt hashes in normal wordlist mode...
|
||||||
|
[*] Loaded 3 password hashes with 3 different salts (descrypt, traditional crypt(3) [DES 256/256 AVX2-16])
|
||||||
|
Will run 8 OpenMP threads
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
[*] password (des_password)
|
||||||
|
[*] se (des_passphrase:2)
|
||||||
|
2g 0:00:00:00 DONE (Sat 19 Jan 2019 04:01:15 AM EST) 50.00g/s 2111Kp/s 5041Kc/s 5041KC/s sanserif..vagrant
|
||||||
|
Warning: passwords printed above might be partial
|
||||||
|
Use the "--show" option to display all of the cracked passwords reliably
|
||||||
|
Session completed
|
||||||
|
[*] Cracking descrypt hashes in single mode...
|
||||||
|
[*] Loaded 3 password hashes with 3 different salts (descrypt, traditional crypt(3) [DES 256/256 AVX2-16])
|
||||||
|
Will run 8 OpenMP threads
|
||||||
|
[*] Remaining 1 password hash
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:07 DONE (Sat 19 Jan 2019 04:01:22 AM EST) 0g/s 4867Kp/s 4867Kc/s 4867KC/s hms1902..tude1900
|
||||||
|
Session completed
|
||||||
|
[*] Cracking descrypt hashes in incremental mode (Digits)...
|
||||||
|
[*] Loaded 3 password hashes with 3 different salts (descrypt, traditional crypt(3) [DES 256/256 AVX2-16])
|
||||||
|
Will run 8 OpenMP threads
|
||||||
|
[*] Remaining 1 password hash
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:05 DONE (Sat 19 Jan 2019 04:01:28 AM EST) 0g/s 18864Kp/s 18864Kc/s 18864KC/s 73602400..73673952
|
||||||
|
Session completed
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] des_passphrase:????????se:3213:
|
||||||
|
[+] des_password:password:3214:
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
msf5 auxiliary(analyze/jtr_aix) > creds
|
||||||
|
Credentials
|
||||||
|
===========
|
||||||
|
|
||||||
|
host origin service public private realm private_type
|
||||||
|
---- ------ ------- ------ ------- ----- ------------
|
||||||
|
111.111.1.111 des_passphrase qiyh4XPJGsOZ2MEAyLkfWqeQ Nonreplayable hash
|
||||||
|
111.111.1.111 des_password rEK1ecacw.7.c Nonreplayable hash
|
||||||
|
des_passphrase ????????se Password
|
||||||
|
des_password password Password
|
||||||
|
111.111.1.111 111.111.1.111 22/tcp (ssh) ubuntu ubuntu Password
|
||||||
|
```
|
|
@ -0,0 +1,203 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Linux
|
||||||
|
based password hashes, such as:
|
||||||
|
|
||||||
|
* `DES` based passwords
|
||||||
|
* `MD5` based passwords
|
||||||
|
* `BSDi` based passwords
|
||||||
|
* With `crypt` set to `true`:
|
||||||
|
* `bf`, `bcrypt`, or `blowfish` based passwords
|
||||||
|
* `SHA256` based passwords
|
||||||
|
* `SHA512` based passwords
|
||||||
|
|
||||||
|
The following can be used to add credentials to the database for cracking:
|
||||||
|
|
||||||
|
* https://github.com/rapid7/metasploit-framework/pull/11264#issuecomment-455762574
|
||||||
|
|
||||||
|
The definition of `crypt` according to JTR and waht algorithms it decodes can be found
|
||||||
|
[here](https://github.com/magnumripper/JohnTheRipper/blob/ae24a410baac45bb36884d793c429adeb7197336/src/c3_fmt.c#L731)
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Have at least one user with an `des`, `md5`, `bsdi`, `crypt`, `blowfish`, `sha512`, or `sha256` password hash in the database
|
||||||
|
2. Start msfconsole
|
||||||
|
3. Do: ```use auxiliary/analyze/jtr_linux```
|
||||||
|
4. Do: ```run```
|
||||||
|
5. You should hopefully crack a password.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
|
||||||
|
**CONFIG**
|
||||||
|
|
||||||
|
The path to a John config file (JtR option: `--config`). Default is `metasploit-framework/data/john.conf`
|
||||||
|
|
||||||
|
**CRYPT**
|
||||||
|
|
||||||
|
Include `blowfish` and `SHA`(256/512) passwords.
|
||||||
|
|
||||||
|
**CUSTOM_WORDLIST**
|
||||||
|
|
||||||
|
The path to an optional custom wordlist. This file is added to the new wordlist which may include the other
|
||||||
|
`USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
|
||||||
|
|
||||||
|
**ITERATION_TIMOUT**
|
||||||
|
|
||||||
|
The max-run-time for each iteration of cracking
|
||||||
|
|
||||||
|
**JOHN_PATH**
|
||||||
|
|
||||||
|
The absolute path to the John the Ripper executable. Default behavior is to search `path` for
|
||||||
|
`john` and `john.exe`.
|
||||||
|
|
||||||
|
**KORELOGIC**
|
||||||
|
|
||||||
|
Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**MUTATE**
|
||||||
|
|
||||||
|
Apply common mutations to the Wordlist (SLOW). Mutations are:
|
||||||
|
|
||||||
|
* `'@' => 'a'`
|
||||||
|
* `'0' => 'o'`
|
||||||
|
* `'3' => 'e'`
|
||||||
|
* `'$' => 's'`
|
||||||
|
* `'7' => 't'`
|
||||||
|
* `'1' => 'l'`
|
||||||
|
* `'5' => 's'`
|
||||||
|
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**POT**
|
||||||
|
|
||||||
|
The path to a John POT file (JtR option: `--pot`) to use instead. The `pot` file is the data file which
|
||||||
|
records cracked password hashes. Kali linux's default location is `/root/.john/john.pot`.
|
||||||
|
Default is `metasploit-framework/data/john.pot`.
|
||||||
|
|
||||||
|
**USE_CREDS**
|
||||||
|
|
||||||
|
Use existing credential data saved in the database. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DB_INFO**
|
||||||
|
|
||||||
|
Use looted database schema info to seed the wordlist. This includes the Database Name, each Table Name,
|
||||||
|
and each Column Name. If the DB is MSSQL, the Instance Name is also used. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DEFAULT_WORDLIST**
|
||||||
|
|
||||||
|
Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`. Default is
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
**USE_HOSTNAMES**
|
||||||
|
|
||||||
|
Seed the wordlist with hostnames from the workspace. Default is `true`.
|
||||||
|
|
||||||
|
**USE_ROOT_WORDS**
|
||||||
|
|
||||||
|
Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`. Default
|
||||||
|
is true.
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
Utilizing the `make_hashes` file listed in the Vulnerable Application section:
|
||||||
|
|
||||||
|
```
|
||||||
|
resource (hashes.rb)> use auxiliary/scanner/ssh/ssh_login
|
||||||
|
resource (hashes.rb)> set username ubuntu
|
||||||
|
username => ubuntu
|
||||||
|
resource (hashes.rb)> set password ubuntu
|
||||||
|
password => ubuntu
|
||||||
|
resource (hashes.rb)> set rhosts 111.111.1.111
|
||||||
|
rhosts => 111.111.1.111
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] 111.111.1.111:22 - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) Linux ubuntu1604 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
|
||||||
|
[*] Command shell session 1 opened (2.2.2.2:34849 -> 111.111.1.111:22) at 2019-01-19 11:52:44 -0500
|
||||||
|
[*] Scanned 1 of 1 hosts (100% complete)
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
resource (hashes.rb)> use post/test/make_hashes
|
||||||
|
resource (hashes.rb)> set session 1
|
||||||
|
session => 1
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] Adding des_passphrase:qiyh4XPJGsOZ2MEAyLkfWqeQ:des
|
||||||
|
[+] Adding des_password:rEK1ecacw.7.c:des
|
||||||
|
[+] Adding md5_password:$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/:md5,des,bsdi,crypt
|
||||||
|
[+] Adding bsdi_password:_J9..K0AyUubDrfOgO4s:md5,des,bsdi,crypt
|
||||||
|
[+] Adding crypt_password:SDbsugeBiC58A:md5,des,bsdi,crypt
|
||||||
|
[+] Adding sha256_password:$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5:md5,des,bsdi,crypt
|
||||||
|
[+] Adding sha512_password:$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1:md5,des,bsdi,crypt
|
||||||
|
[+] Adding crypt16_password:qi8H8R7OM4xMUNMPuRAZxlY.:md5,des,bsdi,crypt
|
||||||
|
[+] Adding blowfish_password:$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe:bcrypt
|
||||||
|
[*] Post module execution completed
|
||||||
|
[*] Starting persistent handler(s)...
|
||||||
|
```
|
||||||
|
```
|
||||||
|
msf5 post(test/make_hashes) > use auxiliary/analyze/jtr_linux
|
||||||
|
msf5 auxiliary(analyze/jtr_linux) > set crypt true
|
||||||
|
crypt => true
|
||||||
|
msf5 auxiliary(analyze/jtr_linux) > run
|
||||||
|
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190119-25843-1igh5zx
|
||||||
|
[*] Wordlist file written out to /tmp/jtrtmp20190119-25843-1fmcnd
|
||||||
|
[*] Cracking md5crypt hashes in normal wordlist mode...
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] md5_password:password
|
||||||
|
[*] Cracking descrypt hashes in normal wordlist mode...
|
||||||
|
Will run 8 OpenMP threads
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:00 DONE (Sat 19 Jan 2019 11:53:04 AM EST) 0g/s 2102Kp/s 6308Kc/s 8411KC/s scapula..vagrant
|
||||||
|
Session completed
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] des_passphrase:????????se
|
||||||
|
[+] des_password:password
|
||||||
|
[*] Cracking bsdicrypt hashes in normal wordlist mode...
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] bsdi_password:password
|
||||||
|
[*] Cracking crypt hashes in normal wordlist mode...
|
||||||
|
Warning: hash encoding string length 24, type id #3
|
||||||
|
appears to be unsupported on this system; will not load such hashes.
|
||||||
|
Warning: hash encoding string length 20, type id #4
|
||||||
|
appears to be unsupported on this system; will not load such hashes.
|
||||||
|
Warning: hash encoding string length 60, type id $2
|
||||||
|
appears to be unsupported on this system; will not load such hashes.
|
||||||
|
Will run 8 OpenMP threads
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
Warning: Only 59 candidates left, minimum 96 needed for performance.
|
||||||
|
0g 0:00:00:00 DONE (Sat 19 Jan 2019 11:53:05 AM EST) 0g/s 540061p/s 540061c/s 540061C/s zubeneschamali..vagrant
|
||||||
|
Session completed
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
Warning: hash encoding string length 24, type id #3
|
||||||
|
appears to be unsupported on this system; will not load such hashes.
|
||||||
|
[+] des_password:password
|
||||||
|
[+] md5_password:password
|
||||||
|
[+] sha256_password:password
|
||||||
|
[+] sha512_password:password
|
||||||
|
[*] Cracking bcrypt hashes in normal wordlist mode...
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] blowfish_password:password
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
msf5 auxiliary(analyze/jtr_linux) > creds
|
||||||
|
Credentials
|
||||||
|
===========
|
||||||
|
|
||||||
|
host origin service public private realm private_type
|
||||||
|
---- ------ ------- ------ ------- ----- ------------
|
||||||
|
des_passphrase ????????se Password
|
||||||
|
111.111.1.111 des_passphrase qiyh4XPJGsOZ2MEAyLkfWqeQ Nonreplayable hash
|
||||||
|
des_password password Password
|
||||||
|
111.111.1.111 des_password rEK1ecacw.7.c Nonreplayable hash
|
||||||
|
md5_password password Password
|
||||||
|
111.111.1.111 md5_password $1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/ Nonreplayable hash
|
||||||
|
bsdi_password password Password
|
||||||
|
111.111.1.111 bsdi_password _J9..K0AyUubDrfOgO4s Nonreplayable hash
|
||||||
|
111.111.1.111 crypt_password SDbsugeBiC58A Nonreplayable hash
|
||||||
|
sha256_password password Password
|
||||||
|
111.111.1.111 sha256_password $5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 Nonreplayable hash
|
||||||
|
sha512_password password Password
|
||||||
|
111.111.1.111 sha512_password $6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 Nonreplayable hash
|
||||||
|
111.111.1.111 crypt16_password qi8H8R7OM4xMUNMPuRAZxlY. Nonreplayable hash
|
||||||
|
blowfish_password password Password
|
||||||
|
111.111.1.111 blowfish_password $2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe Nonreplayable hash
|
||||||
|
111.111.1.111 111.111.1.111 22/tcp (ssh) ubuntu ubuntu Password
|
||||||
|
```
|
|
@ -0,0 +1,160 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Microsoft
|
||||||
|
SQL based password hashes, such as:
|
||||||
|
|
||||||
|
* `mssql` based passwords
|
||||||
|
* `mssql05` based passwords
|
||||||
|
* `mssql12` based passwords
|
||||||
|
|
||||||
|
The following can be used to add credentials to the database for cracking:
|
||||||
|
|
||||||
|
* https://github.com/rapid7/metasploit-framework/pull/11264#issuecomment-455762574
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Have at least one user with an `mssql`, `mssql05` or `mssql12` password in the database
|
||||||
|
2. Start msfconsole
|
||||||
|
3. Do: ```use auxiliary/analyze/jtr_mssql_fast```
|
||||||
|
4. Do: ```run```
|
||||||
|
5. You should hopefully crack a password.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
|
||||||
|
**CONFIG**
|
||||||
|
|
||||||
|
The path to a John config file (JtR option: `--config`). Default is `metasploit-framework/data/john.conf`
|
||||||
|
|
||||||
|
**CUSTOM_WORDLIST**
|
||||||
|
|
||||||
|
The path to an optional custom wordlist. This file is added to the new wordlist which may include the other
|
||||||
|
`USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
|
||||||
|
|
||||||
|
**ITERATION_TIMOUT**
|
||||||
|
|
||||||
|
The max-run-time for each iteration of cracking
|
||||||
|
|
||||||
|
**JOHN_PATH**
|
||||||
|
|
||||||
|
The absolute path to the John the Ripper executable. Default behavior is to search `path` for
|
||||||
|
`john` and `john.exe`.
|
||||||
|
|
||||||
|
**KORELOGIC**
|
||||||
|
|
||||||
|
Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**MUTATE**
|
||||||
|
|
||||||
|
Apply common mutations to the Wordlist (SLOW). Mutations are:
|
||||||
|
|
||||||
|
* `'@' => 'a'`
|
||||||
|
* `'0' => 'o'`
|
||||||
|
* `'3' => 'e'`
|
||||||
|
* `'$' => 's'`
|
||||||
|
* `'7' => 't'`
|
||||||
|
* `'1' => 'l'`
|
||||||
|
* `'5' => 's'`
|
||||||
|
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**POT**
|
||||||
|
|
||||||
|
The path to a John POT file (JtR option: `--pot`) to use instead. The `pot` file is the data file which
|
||||||
|
records cracked password hashes. Kali linux's default location is `/root/.john/john.pot`.
|
||||||
|
Default is `metasploit-framework/data/john.pot`.
|
||||||
|
|
||||||
|
**USE_CREDS**
|
||||||
|
|
||||||
|
Use existing credential data saved in the database. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DB_INFO**
|
||||||
|
|
||||||
|
Use looted database schema info to seed the wordlist. This includes the Database Name, each Table Name,
|
||||||
|
and each Column Name. If the DB is MSSQL, the Instance Name is also used. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DEFAULT_WORDLIST**
|
||||||
|
|
||||||
|
Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`. Default is
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
**USE_HOSTNAMES**
|
||||||
|
|
||||||
|
Seed the wordlist with hostnames from the workspace. Default is `true`.
|
||||||
|
|
||||||
|
**USE_ROOT_WORDS**
|
||||||
|
|
||||||
|
Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`. Default
|
||||||
|
is true.
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
Utilizing the `make_hashes` file listed in the Vulnerable Application section:
|
||||||
|
|
||||||
|
```
|
||||||
|
resource (hashes.rb)> use auxiliary/scanner/ssh/ssh_login
|
||||||
|
resource (hashes.rb)> set username ubuntu
|
||||||
|
username => ubuntu
|
||||||
|
resource (hashes.rb)> set password ubuntu
|
||||||
|
password => ubuntu
|
||||||
|
resource (hashes.rb)> set rhosts 111.111.1.111
|
||||||
|
rhosts => 111.111.1.111
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] 111.111.1.111:22 - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) Linux ubuntu1604 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
|
||||||
|
[*] Command shell session 1 opened (2.2.2.2:40997 -> 111.111.1.111:22) at 2019-01-19 16:56:46 -0500
|
||||||
|
[*] Scanned 1 of 1 hosts (100% complete)
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
resource (hashes.rb)> use post/test/make_hashes
|
||||||
|
resource (hashes.rb)> set session 1
|
||||||
|
session => 1
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] Adding mssql05_toto:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908:mssql05
|
||||||
|
[+] Adding mssql_foo:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254:mssql
|
||||||
|
[+] Adding mssql12_Password1!:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16:mssql12
|
||||||
|
[*] Post module execution completed
|
||||||
|
[*] Starting persistent handler(s)...
|
||||||
|
```
|
||||||
|
```
|
||||||
|
msf5 post(test/make_hashes) > use auxiliary/analyze/jtr_mssql_fast
|
||||||
|
msf5 auxiliary(analyze/jtr_mssql_fast) > run
|
||||||
|
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190119-30098-16dm2ip
|
||||||
|
[*] Wordlist file written out to /tmp/jtrtmp20190119-30098-t4zx7s
|
||||||
|
[*] Cracking mssql05 hashes in normal wordlist mode...
|
||||||
|
[*] Cracking mssql05 hashes in single mode...
|
||||||
|
[*] Cracking mssql05 hashes in incremental mode (Digits)...
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] mssql05_toto:toto
|
||||||
|
[+] mssql_foo:foo
|
||||||
|
[+] mssql05_toto:toto
|
||||||
|
[+] mssql_foo:foo
|
||||||
|
[*] Cracking mssql hashes in normal wordlist mode...
|
||||||
|
[*] Cracking mssql hashes in single mode...
|
||||||
|
[*] Cracking mssql hashes in incremental mode (Digits)...
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] mssql_foo:FOO
|
||||||
|
[+] mssql_foo:FOO
|
||||||
|
[*] Cracking mssql12 hashes in normal wordlist mode...
|
||||||
|
[*] Cracking mssql12 hashes in single mode...
|
||||||
|
[*] Cracking mssql12 hashes in incremental mode (Digits)...
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] mssql12_Password1!:Password1!
|
||||||
|
[+] mssql12_Password1!:Password1!
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
msf5 auxiliary(analyze/jtr_mssql_fast) > creds
|
||||||
|
Credentials
|
||||||
|
===========
|
||||||
|
|
||||||
|
host origin service public private realm private_type
|
||||||
|
---- ------ ------- ------ ------- ----- ------------
|
||||||
|
mssql05_toto toto Password
|
||||||
|
111.111.1.111 mssql05_toto 0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 Nonreplayable hash
|
||||||
|
mssql_foo FOO Password
|
||||||
|
mssql_foo foo Password
|
||||||
|
111.111.1.111 mssql_foo 0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 Nonreplayable hash
|
||||||
|
mssql12_Password1! Password1! Password
|
||||||
|
111.111.1.111 mssql12_Password1! 0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 Nonreplayable hash
|
||||||
|
111.111.1.111 111.111.1.111 22/tcp (ssh) ubuntu ubuntu Password
|
||||||
|
|
||||||
|
```
|
|
@ -0,0 +1,144 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode MySQL
|
||||||
|
based password hashes, such as:
|
||||||
|
|
||||||
|
* `mysql` (pre 4.1) based passwords
|
||||||
|
* `mysql-sha1` based passwords
|
||||||
|
|
||||||
|
The following can be used to add credentials to the database for cracking:
|
||||||
|
|
||||||
|
* https://github.com/rapid7/metasploit-framework/pull/11264#issuecomment-455762574
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Have at least one user with an `mysql`, or `mysql-sha1` password in the database
|
||||||
|
2. Start msfconsole
|
||||||
|
3. Do: ```use auxiliary/analyze/jtr_mysql_fast```
|
||||||
|
4. Do: ```run```
|
||||||
|
5. You should hopefully crack a password.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
|
||||||
|
**CONFIG**
|
||||||
|
|
||||||
|
The path to a John config file (JtR option: `--config`). Default is `metasploit-framework/data/john.conf`
|
||||||
|
|
||||||
|
**CUSTOM_WORDLIST**
|
||||||
|
|
||||||
|
The path to an optional custom wordlist. This file is added to the new wordlist which may include the other
|
||||||
|
`USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
|
||||||
|
|
||||||
|
**ITERATION_TIMOUT**
|
||||||
|
|
||||||
|
The max-run-time for each iteration of cracking
|
||||||
|
|
||||||
|
**JOHN_PATH**
|
||||||
|
|
||||||
|
The absolute path to the John the Ripper executable. Default behavior is to search `path` for
|
||||||
|
`john` and `john.exe`.
|
||||||
|
|
||||||
|
**KORELOGIC**
|
||||||
|
|
||||||
|
Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**MUTATE**
|
||||||
|
|
||||||
|
Apply common mutations to the Wordlist (SLOW). Mutations are:
|
||||||
|
|
||||||
|
* `'@' => 'a'`
|
||||||
|
* `'0' => 'o'`
|
||||||
|
* `'3' => 'e'`
|
||||||
|
* `'$' => 's'`
|
||||||
|
* `'7' => 't'`
|
||||||
|
* `'1' => 'l'`
|
||||||
|
* `'5' => 's'`
|
||||||
|
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**POT**
|
||||||
|
|
||||||
|
The path to a John POT file (JtR option: `--pot`) to use instead. The `pot` file is the data file which
|
||||||
|
records cracked password hashes. Kali linux's default location is `/root/.john/john.pot`.
|
||||||
|
Default is `metasploit-framework/data/john.pot`.
|
||||||
|
|
||||||
|
**USE_CREDS**
|
||||||
|
|
||||||
|
Use existing credential data saved in the database. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DB_INFO**
|
||||||
|
|
||||||
|
Use looted database schema info to seed the wordlist. This includes the Database Name, each Table Name,
|
||||||
|
and each Column Name. If the DB is MSSQL, the Instance Name is also used. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DEFAULT_WORDLIST**
|
||||||
|
|
||||||
|
Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`. Default is
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
**USE_HOSTNAMES**
|
||||||
|
|
||||||
|
Seed the wordlist with hostnames from the workspace. Default is `true`.
|
||||||
|
|
||||||
|
**USE_ROOT_WORDS**
|
||||||
|
|
||||||
|
Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`. Default
|
||||||
|
is true.
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
Utilizing the `make_hashes` file listed in the Vulnerable Application section:
|
||||||
|
|
||||||
|
```
|
||||||
|
resource (hashes.rb)> use auxiliary/scanner/ssh/ssh_login
|
||||||
|
resource (hashes.rb)> set username ubuntu
|
||||||
|
username => ubuntu
|
||||||
|
resource (hashes.rb)> set password ubuntu
|
||||||
|
password => ubuntu
|
||||||
|
resource (hashes.rb)> set rhosts 111.111.1.111
|
||||||
|
rhosts => 111.111.1.111
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] 111.111.1.111:22 - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) Linux ubuntu1604 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
|
||||||
|
[*] Command shell session 1 opened (2.2.2.2:46211 -> 111.111.1.111:22) at 2019-01-19 17:24:54 -0500
|
||||||
|
[*] Scanned 1 of 1 hosts (100% complete)
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
resource (hashes.rb)> use post/test/make_hashes
|
||||||
|
resource (hashes.rb)> set session 1
|
||||||
|
session => 1
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] Adding mysql_probe:445ff82636a7ba59:mysql
|
||||||
|
[+] Adding mssql-sha1_tere:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB:mysql-sha1
|
||||||
|
[*] Post module execution completed
|
||||||
|
[*] Starting persistent handler(s)...
|
||||||
|
```
|
||||||
|
```
|
||||||
|
msf5 post(test/make_hashes) > use auxiliary/analyze/jtr_mysql_fast
|
||||||
|
msf5 auxiliary(analyze/jtr_mysql_fast) > run
|
||||||
|
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190119-30962-19gqf2v
|
||||||
|
[*] Wordlist file written out to /tmp/jtrtmp20190119-30962-qrof08
|
||||||
|
[*] Cracking mysql hashes in normal wordlist mode...
|
||||||
|
[*] Cracking mysql hashes in single mode...
|
||||||
|
[*] Cracking mysql hashes in incremental mode (Digits)...
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] mysql_probe:probe
|
||||||
|
[*] Cracking mysql-sha1 hashes in normal wordlist mode...
|
||||||
|
[*] Cracking mysql-sha1 hashes in single mode...
|
||||||
|
[*] Cracking mysql-sha1 hashes in incremental mode (Digits)...
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] mssql-sha1_tere:tere
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
msf5 auxiliary(analyze/jtr_mysql_fast) > creds
|
||||||
|
Credentials
|
||||||
|
===========
|
||||||
|
|
||||||
|
host origin service public private realm private_type
|
||||||
|
---- ------ ------- ------ ------- ----- ------------
|
||||||
|
mysql_probe probe Password
|
||||||
|
111.111.1.111 mysql_probe 445ff82636a7ba59 Nonreplayable hash
|
||||||
|
mssql-sha1_tere tere Password
|
||||||
|
111.111.1.111 mssql-sha1_tere *5AD8F88516BD021DD43F171E2C785C69F8E54ADB Nonreplayable hash
|
||||||
|
111.111.1.111 111.111.1.111 22/tcp (ssh) ubuntu ubuntu Password
|
||||||
|
```
|
|
@ -0,0 +1,188 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode oracle
|
||||||
|
based password hashes, such as:
|
||||||
|
|
||||||
|
* `oracle` (<=10) aka `des` based passwords
|
||||||
|
* `oracle11` based passwords
|
||||||
|
* Oracle 11 and 12c backwards compatibility `H` field (MD5)
|
||||||
|
* `oracle12c` based passwords
|
||||||
|
|
||||||
|
The following can be used to add credentials to the database for cracking:
|
||||||
|
|
||||||
|
* https://github.com/rapid7/metasploit-framework/pull/11264#issuecomment-455762574
|
||||||
|
|
||||||
|
For a detailed explanation of Oracle 11/12c formats, see
|
||||||
|
[www.trustwave.com](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/changes-in-oracle-database-12c-password-hashes/).
|
||||||
|
|
||||||
|
Oracle 11/12c `H` field is `dynamic_1506` in JtR and added
|
||||||
|
[here](https://github.com/magnumripper/JohnTheRipper/commit/53973c5e6eb026ea232ba643f9aa20a1ffee0ffb)
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Have at least one user with an `oracle`, `oracle11`, or `oracle12c` password in the database
|
||||||
|
2. Start msfconsole
|
||||||
|
3. Do: ```use auxiliary/analyze/jtr_oracle_fast```
|
||||||
|
4. Do: ```run```
|
||||||
|
5. You should hopefully crack a password.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
|
||||||
|
**CONFIG**
|
||||||
|
|
||||||
|
The path to a John config file (JtR option: `--config`). Default is `metasploit-framework/data/john.conf`
|
||||||
|
|
||||||
|
**CUSTOM_WORDLIST**
|
||||||
|
|
||||||
|
The path to an optional custom wordlist. This file is added to the new wordlist which may include the other
|
||||||
|
`USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
|
||||||
|
|
||||||
|
**ITERATION_TIMOUT**
|
||||||
|
|
||||||
|
The max-run-time for each iteration of cracking
|
||||||
|
|
||||||
|
**JOHN_PATH**
|
||||||
|
|
||||||
|
The absolute path to the John the Ripper executable. Default behavior is to search `path` for
|
||||||
|
`john` and `john.exe`.
|
||||||
|
|
||||||
|
**KORELOGIC**
|
||||||
|
|
||||||
|
Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**MUTATE**
|
||||||
|
|
||||||
|
Apply common mutations to the Wordlist (SLOW). Mutations are:
|
||||||
|
|
||||||
|
* `'@' => 'a'`
|
||||||
|
* `'0' => 'o'`
|
||||||
|
* `'3' => 'e'`
|
||||||
|
* `'$' => 's'`
|
||||||
|
* `'7' => 't'`
|
||||||
|
* `'1' => 'l'`
|
||||||
|
* `'5' => 's'`
|
||||||
|
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**POT**
|
||||||
|
|
||||||
|
The path to a John POT file (JtR option: `--pot`) to use instead. The `pot` file is the data file which
|
||||||
|
records cracked password hashes. Kali linux's default location is `/root/.john/john.pot`.
|
||||||
|
Default is `metasploit-framework/data/john.pot`.
|
||||||
|
|
||||||
|
**USE_CREDS**
|
||||||
|
|
||||||
|
Use existing credential data saved in the database. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DB_INFO**
|
||||||
|
|
||||||
|
Use looted database schema info to seed the wordlist. This includes the Database Name, each Table Name,
|
||||||
|
and each Column Name. If the DB is MSSQL, the Instance Name is also used. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DEFAULT_WORDLIST**
|
||||||
|
|
||||||
|
Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`. Default is
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
**USE_HOSTNAMES**
|
||||||
|
|
||||||
|
Seed the wordlist with hostnames from the workspace. Default is `true`.
|
||||||
|
|
||||||
|
**USE_ROOT_WORDS**
|
||||||
|
|
||||||
|
Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`. Default
|
||||||
|
is true.
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
Utilizing the `make_hashes` file listed in the Vulnerable Application section:
|
||||||
|
|
||||||
|
```
|
||||||
|
resource (hashes.rb)> use auxiliary/scanner/ssh/ssh_login
|
||||||
|
resource (hashes.rb)> set username ubuntu
|
||||||
|
username => ubuntu
|
||||||
|
resource (hashes.rb)> set password ubuntu
|
||||||
|
password => ubuntu
|
||||||
|
resource (hashes.rb)> set rhosts 111.111.1.111
|
||||||
|
rhosts => 111.111.1.111
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] 111.111.1.111:22 - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) Linux ubuntu1604 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
|
||||||
|
[*] Command shell session 1 opened (2.2.2.2:45369 -> 111.111.1.111:22) at 2019-01-21 15:35:19 -0500
|
||||||
|
[*] Scanned 1 of 1 hosts (100% complete)
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
resource (hashes.rb)> use post/test/make_hashes
|
||||||
|
resource (hashes.rb)> set session 1
|
||||||
|
session => 1
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] Adding simon:4F8BC1809CB2AF77:des,oracle
|
||||||
|
[+] Adding SYSTEM:9EEDFA0AD26C6D52:des,oracle
|
||||||
|
[+] Adding DEMO:S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C:raw-sha1,oracle
|
||||||
|
[+] Adding oracle11_epsilon:S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C:raw-sha1,oracle
|
||||||
|
[+] Adding oracle12c_epsilon:H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B:pbkdf2,oracle12c
|
||||||
|
[*] Post module execution completed
|
||||||
|
[*] Starting persistent handler(s)...
|
||||||
|
```
|
||||||
|
```
|
||||||
|
msf5 post(test/make_hashes) > use auxiliary/analyze/jtr_oracle_fast
|
||||||
|
msf5 auxiliary(analyze/jtr_oracle_fast) > run
|
||||||
|
|
||||||
|
[*] Wordlist file written out to /tmp/jtrtmp20190121-21358-1qgil9r
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190121-21358-1mz3zna
|
||||||
|
[*] Cracking oracle hashes in normal wordlist mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracking oracle hashes in single mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracked passwords this run:
|
||||||
|
[+] simon:A
|
||||||
|
[+] SYSTEM:THALES
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190121-21358-1hm4xok
|
||||||
|
[*] Cracking dynamic_1506 hashes in normal wordlist mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
Warning: no OpenMP support for this hash type, consider --fork=8
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:00 DONE (2019-01-21 15:35) 0g/s 4861Kp/s 9722Kc/s 9722KC/s waneta..vagrant
|
||||||
|
Session completed
|
||||||
|
[*] Cracking dynamic_1506 hashes in single mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
Warning: no OpenMP support for this hash type, consider --fork=8
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:14 DONE (2019-01-21 15:36) 0g/s 5680Kp/s 11361Kc/s 11361KC/s ximenes1900..vagrant1900
|
||||||
|
Session completed
|
||||||
|
[*] Cracked passwords this run:
|
||||||
|
[+] DEMO:epsilon
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190121-21358-h0fjvl
|
||||||
|
[*] Cracking oracle11 hashes in normal wordlist mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracking oracle11 hashes in single mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracked passwords this run:
|
||||||
|
[+] DEMO:epsilon
|
||||||
|
[+] oracle11_epsilon:epsilon
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190121-21358-5hgfu5
|
||||||
|
[*] Cracking oracle12c hashes in normal wordlist mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracking oracle12c hashes in single mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracked passwords this run:
|
||||||
|
[+] oracle12c_epsilon:epsilon
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
msf5 auxiliary(analyze/jtr_oracle_fast) > creds
|
||||||
|
Credentials
|
||||||
|
===========
|
||||||
|
|
||||||
|
host origin service public private realm private_type
|
||||||
|
---- ------ ------- ------ ------- ----- ------------
|
||||||
|
simon A Password
|
||||||
|
111.111.1.111 simon 4F8BC1809CB2AF77 Nonreplayable hash
|
||||||
|
SYSTEM THALES Password
|
||||||
|
111.111.1.111 SYSTEM 9EEDFA0AD26C6D52 Nonreplayable hash
|
||||||
|
DEMO epsilon Password
|
||||||
|
111.111.1.111 DEMO S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C Nonreplayable hash
|
||||||
|
oracle11_epsilon epsilon Password
|
||||||
|
111.111.1.111 oracle11_epsilon S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C Nonreplayable hash
|
||||||
|
oracle12c_epsilon epsilon Password
|
||||||
|
111.111.1.111 oracle12c_epsilon H:DC9894A01797D91D92ECA1DA66242209;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B Nonreplayable hash
|
||||||
|
111.111.1.111 111.111.1.111 22/tcp (ssh) ubuntu ubuntu Password
|
||||||
|
```
|
|
@ -0,0 +1,142 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode PostgreSQL
|
||||||
|
based password hashes, such as:
|
||||||
|
|
||||||
|
* `postgres` based passwords
|
||||||
|
* `raw-md5` based passwords
|
||||||
|
|
||||||
|
The following can be used to add credentials to the database for cracking:
|
||||||
|
|
||||||
|
* https://github.com/rapid7/metasploit-framework/pull/11264#issuecomment-455762574
|
||||||
|
|
||||||
|
PostgreSQL is a `raw-md5` format with the username appended to the password. This format was
|
||||||
|
added to JtR as `dynamic_1034` [here](https://github.com/magnumripper/JohnTheRipper/commit/e57d740bed5c4f4e40a0ff346bcdde270a8173e6)
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Have at least one user with an `postgres`, or `raw-md5` password in the database
|
||||||
|
2. Start msfconsole
|
||||||
|
3. Do: ```use auxiliary/analyze/jtr_postgres_fast```
|
||||||
|
4. Do: ```run```
|
||||||
|
5. You should hopefully crack a password.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
|
||||||
|
**CONFIG**
|
||||||
|
|
||||||
|
The path to a John config file (JtR option: `--config`). Default is `metasploit-framework/data/john.conf`
|
||||||
|
|
||||||
|
**CUSTOM_WORDLIST**
|
||||||
|
|
||||||
|
The path to an optional custom wordlist. This file is added to the new wordlist which may include the other
|
||||||
|
`USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
|
||||||
|
|
||||||
|
**ITERATION_TIMOUT**
|
||||||
|
|
||||||
|
The max-run-time for each iteration of cracking
|
||||||
|
|
||||||
|
**JOHN_PATH**
|
||||||
|
|
||||||
|
The absolute path to the John the Ripper executable. Default behavior is to search `path` for
|
||||||
|
`john` and `john.exe`.
|
||||||
|
|
||||||
|
**KORELOGIC**
|
||||||
|
|
||||||
|
Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**MUTATE**
|
||||||
|
|
||||||
|
Apply common mutations to the Wordlist (SLOW). Mutations are:
|
||||||
|
|
||||||
|
* `'@' => 'a'`
|
||||||
|
* `'0' => 'o'`
|
||||||
|
* `'3' => 'e'`
|
||||||
|
* `'$' => 's'`
|
||||||
|
* `'7' => 't'`
|
||||||
|
* `'1' => 'l'`
|
||||||
|
* `'5' => 's'`
|
||||||
|
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**POT**
|
||||||
|
|
||||||
|
The path to a John POT file (JtR option: `--pot`) to use instead. The `pot` file is the data file which
|
||||||
|
records cracked password hashes. Kali linux's default location is `/root/.john/john.pot`.
|
||||||
|
Default is `metasploit-framework/data/john.pot`.
|
||||||
|
|
||||||
|
**USE_CREDS**
|
||||||
|
|
||||||
|
Use existing credential data saved in the database. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DB_INFO**
|
||||||
|
|
||||||
|
Use looted database schema info to seed the wordlist. This includes the Database Name, each Table Name,
|
||||||
|
and each Column Name. If the DB is MSSQL, the Instance Name is also used. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DEFAULT_WORDLIST**
|
||||||
|
|
||||||
|
Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`. Default is
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
**USE_HOSTNAMES**
|
||||||
|
|
||||||
|
Seed the wordlist with hostnames from the workspace. Default is `true`.
|
||||||
|
|
||||||
|
**USE_ROOT_WORDS**
|
||||||
|
|
||||||
|
Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`. Default
|
||||||
|
is true.
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
Utilizing the `make_hashes` file listed in the Vulnerable Application section:
|
||||||
|
|
||||||
|
```
|
||||||
|
resource (hashes.rb)> use auxiliary/scanner/ssh/ssh_login
|
||||||
|
resource (hashes.rb)> set username ubuntu
|
||||||
|
username => ubuntu
|
||||||
|
resource (hashes.rb)> set password ubuntu
|
||||||
|
password => ubuntu
|
||||||
|
resource (hashes.rb)> set rhosts 111.111.1.111
|
||||||
|
rhosts => 111.111.1.111
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] 111.111.1.111:22 - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) Linux ubuntu1604 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
|
||||||
|
[*] Command shell session 1 opened (2.2.2.2:36917 -> 111.111.1.111:22) at 2019-01-20 21:07:44 -0500
|
||||||
|
[*] Scanned 1 of 1 hosts (100% complete)
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
resource (hashes.rb)> use post/test/make_hashes
|
||||||
|
resource (hashes.rb)> set session 1
|
||||||
|
session => 1
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] Adding example:md5be86a79bf2043622d58d5453c47d4860:postgres
|
||||||
|
[*] Post module execution completed
|
||||||
|
[*] Starting persistent handler(s)...
|
||||||
|
```
|
||||||
|
```
|
||||||
|
msf5 post(test/make_hashes) > use auxiliary/analyze/jtr_postgres_fast
|
||||||
|
msf5 auxiliary(analyze/jtr_postgres_fast) > run
|
||||||
|
|
||||||
|
[*] Hashes written out to /tmp/hashes_tmp20190120-11480-173dub0
|
||||||
|
[*] Wordlist file written out to /tmp/jtrtmp20190120-11480-1hbm42j
|
||||||
|
[*] Cracking dynamic_1034 hashes in normal wordlist mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracking dynamic_1034 hashes in single mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracking dynamic_1034 hashes in incremental mode (Digits)...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
[*] Cracked passwords this run:
|
||||||
|
[+] example:password
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
msf5 auxiliary(analyze/jtr_postgres_fast) > creds
|
||||||
|
Credentials
|
||||||
|
===========
|
||||||
|
|
||||||
|
host origin service public private realm private_type
|
||||||
|
---- ------ ------- ------ ------- ----- ------------
|
||||||
|
example password Password
|
||||||
|
111.111.1.111 example md5be86a79bf2043622d58d5453c47d4860 Postgres md5
|
||||||
|
111.111.1.111 111.111.1.111 22/tcp (ssh) ubuntu ubuntu Password
|
||||||
|
```
|
|
@ -0,0 +1,189 @@
|
||||||
|
## Vulnerable Application
|
||||||
|
|
||||||
|
This module attempts to use [john the ripper](https://www.openwall.com/john/) to decode Windows
|
||||||
|
based password hashes, such as:
|
||||||
|
|
||||||
|
* `LM`, or `LANMAN` based passwords
|
||||||
|
* `NT`, `NTLM`, or `NTLANMAN` based passwords
|
||||||
|
|
||||||
|
The following can be used to add credentials to the database for cracking:
|
||||||
|
|
||||||
|
* https://github.com/rapid7/metasploit-framework/pull/11264#issuecomment-455762574
|
||||||
|
|
||||||
|
## Verification Steps
|
||||||
|
|
||||||
|
1. Have at least one user with an `nt` or `lm` password in the database
|
||||||
|
2. Start msfconsole
|
||||||
|
3. Do: ```use auxiliary/analyze/jtr_windows_fast```
|
||||||
|
4. Do: ```run```
|
||||||
|
5. You should hopefully crack a password.
|
||||||
|
|
||||||
|
## Options
|
||||||
|
|
||||||
|
|
||||||
|
**CONFIG**
|
||||||
|
|
||||||
|
The path to a John config file (JtR option: `--config`). Default is `metasploit-framework/data/john.conf`
|
||||||
|
|
||||||
|
**CUSTOM_WORDLIST**
|
||||||
|
|
||||||
|
The path to an optional custom wordlist. This file is added to the new wordlist which may include the other
|
||||||
|
`USE` items like `USE_CREDS`, and have `MUTATE` or `KORELOGIC` applied to it.
|
||||||
|
|
||||||
|
**ITERATION_TIMOUT**
|
||||||
|
|
||||||
|
The max-run-time for each iteration of cracking
|
||||||
|
|
||||||
|
**JOHN_PATH**
|
||||||
|
|
||||||
|
The absolute path to the John the Ripper executable. Default behavior is to search `path` for
|
||||||
|
`john` and `john.exe`.
|
||||||
|
|
||||||
|
**KORELOGIC**
|
||||||
|
|
||||||
|
Apply the [KoreLogic rules](http://contest-2010.korelogic.com/rules.html) to Wordlist Mode (slower).
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**MUTATE**
|
||||||
|
|
||||||
|
Apply common mutations to the Wordlist (SLOW). Mutations are:
|
||||||
|
|
||||||
|
* `'@' => 'a'`
|
||||||
|
* `'0' => 'o'`
|
||||||
|
* `'3' => 'e'`
|
||||||
|
* `'$' => 's'`
|
||||||
|
* `'7' => 't'`
|
||||||
|
* `'1' => 'l'`
|
||||||
|
* `'5' => 's'`
|
||||||
|
|
||||||
|
Default is `false`.
|
||||||
|
|
||||||
|
**POT**
|
||||||
|
|
||||||
|
The path to a John POT file (JtR option: `--pot`) to use instead. The `pot` file is the data file which
|
||||||
|
records cracked password hashes. Kali linux's default location is `/root/.john/john.pot`.
|
||||||
|
Default is `metasploit-framework/data/john.pot`.
|
||||||
|
|
||||||
|
**USE_CREDS**
|
||||||
|
|
||||||
|
Use existing credential data saved in the database. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DB_INFO**
|
||||||
|
|
||||||
|
Use looted database schema info to seed the wordlist. This includes the Database Name, each Table Name,
|
||||||
|
and each Column Name. If the DB is MSSQL, the Instance Name is also used. Default is `true`.
|
||||||
|
|
||||||
|
**USE_DEFAULT_WORDLIST**
|
||||||
|
|
||||||
|
Use the default metasploit wordlist in `metasploit-framework/data/wordlists/password.lst`. Default is
|
||||||
|
`true`.
|
||||||
|
|
||||||
|
**USE_HOSTNAMES**
|
||||||
|
|
||||||
|
Seed the wordlist with hostnames from the workspace. Default is `true`.
|
||||||
|
|
||||||
|
**USE_ROOT_WORDS**
|
||||||
|
|
||||||
|
Use the Common Root Words Wordlist in `metasploit-framework/data/wordlists/common_roots.txt`. Default
|
||||||
|
is true.
|
||||||
|
|
||||||
|
## Scenarios
|
||||||
|
|
||||||
|
Utilizing the `make_hashes` file listed in the Vulnerable Application section:
|
||||||
|
|
||||||
|
```
|
||||||
|
resource (hashes.rb)> use auxiliary/scanner/ssh/ssh_login
|
||||||
|
resource (hashes.rb)> set username ubuntu
|
||||||
|
username => ubuntu
|
||||||
|
resource (hashes.rb)> set password ubuntu
|
||||||
|
password => ubuntu
|
||||||
|
resource (hashes.rb)> set rhosts 111.111.1.111
|
||||||
|
rhosts => 111.111.1.111
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] 111.111.1.111:22 - Success: 'ubuntu:ubuntu' 'uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) Linux ubuntu1604 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux '
|
||||||
|
[*] Command shell session 1 opened (2.2.2.2:38243 -> 111.111.1.111:22) at 2019-01-19 05:28:14 -0500
|
||||||
|
[*] Scanned 1 of 1 hosts (100% complete)
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
resource (hashes.rb)> use post/test/make_hashes
|
||||||
|
resource (hashes.rb)> set session 1
|
||||||
|
session => 1
|
||||||
|
resource (hashes.rb)> run
|
||||||
|
[+] Adding lm_password:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C:lm
|
||||||
|
[+] Adding lm_passphrase:855C3697D9979E78AC404C4BA2C66533:7F8FE03093CC84B267B109625F6BBF4B:lm
|
||||||
|
[+] Adding nt_password:00000000000000000000000000000000:8846F7EAEE8FB117AD06BDD830B7586C:nt
|
||||||
|
[+] Adding nt_passphrase:00000000000000000000000000000000:7F8FE03093CC84B267B109625F6BBF4B:nt
|
||||||
|
[*] Post module execution completed
|
||||||
|
[*] Starting persistent handler(s)...
|
||||||
|
```
|
||||||
|
```
|
||||||
|
msf5 post(test/make_hashes) > use auxiliary/analyze/jtr_windows_fast
|
||||||
|
msf5 auxiliary(analyze/jtr_windows_fast) > run
|
||||||
|
|
||||||
|
[*] Hashes Written out to /tmp/hashes_tmp20190123-2730-1wr8x6o
|
||||||
|
[*] Wordlist file written out to /tmp/jtrtmp20190123-2730-lx6cxy
|
||||||
|
[*] Cracking lm hashes in normal wordlist mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
Using default target encoding: CP850
|
||||||
|
Warning: poor OpenMP scalability for this hash type, consider --fork=8
|
||||||
|
Will run 8 OpenMP threads
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:00 DONE (2019-01-23 16:00) 0g/s 2573Kp/s 2573Kc/s 2573KC/s STEEPER..VAGRANT
|
||||||
|
Session completed
|
||||||
|
[*] Cracking lm hashes in single mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
Using default target encoding: CP850
|
||||||
|
Warning: poor OpenMP scalability for this hash type, consider --fork=8
|
||||||
|
Will run 8 OpenMP threads
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:02 DONE (2019-01-23 16:01) 0g/s 5927Kp/s 5927Kc/s 5927KC/s HAS1907..E1900
|
||||||
|
Session completed
|
||||||
|
[*] Cracking lm hashes in incremental mode (Digits)...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
Using default target encoding: CP850
|
||||||
|
Warning: poor OpenMP scalability for this hash type, consider --fork=8
|
||||||
|
Will run 8 OpenMP threads
|
||||||
|
Warning: MaxLen = 20 is too large for the current hash type, reduced to 7
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:00 DONE (2019-01-23 16:01) 0g/s 39682Kp/s 39682Kc/s 39682KC/s 0766269..0769743
|
||||||
|
Session completed
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] lm_password:password
|
||||||
|
[+] lm_passphrase:passphrase
|
||||||
|
[*] Cracking nt hashes in normal wordlist mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
Warning: no OpenMP support for this hash type, consider --fork=8
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:00 DONE (2019-01-23 16:01) 0g/s 3836Kp/s 3836Kc/s 3836KC/s yardarm..yipped
|
||||||
|
Session completed
|
||||||
|
[*] Cracking nt hashes in single mode...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
Warning: no OpenMP support for this hash type, consider --fork=8
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:04 DONE (2019-01-23 16:01) 0g/s 15131Kp/s 15131Kc/s 15131KC/s yankee1900..yipped1900
|
||||||
|
Session completed
|
||||||
|
[*] Cracking nt hashes in incremental mode (Digits)...
|
||||||
|
Using default input encoding: UTF-8
|
||||||
|
Warning: no OpenMP support for this hash type, consider --fork=8
|
||||||
|
Press 'q' or Ctrl-C to abort, almost any other key for status
|
||||||
|
0g 0:00:00:02 DONE (2019-01-23 16:01) 0g/s 40700Kp/s 40700Kc/s 40700KC/s 73673897..73673952
|
||||||
|
Session completed
|
||||||
|
[*] Cracked Passwords this run:
|
||||||
|
[+] lm_password:password
|
||||||
|
[+] nt_password:password
|
||||||
|
[*] Auxiliary module execution completed
|
||||||
|
msf5 auxiliary(analyze/jtr_windows_fast) > creds
|
||||||
|
Credentials
|
||||||
|
===========
|
||||||
|
|
||||||
|
host origin service public private realm private_type
|
||||||
|
---- ------ ------- ------ ------- ----- ------------
|
||||||
|
lm_password password Password
|
||||||
|
111.111.1.111 lm_password e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c NTLM hash
|
||||||
|
lm_passphrase passphrase Password
|
||||||
|
111.111.1.111 lm_passphrase 855c3697d9979e78ac404c4ba2c66533:7f8fe03093cc84b267b109625f6bbf4b NTLM hash
|
||||||
|
nt_password password Password
|
||||||
|
111.111.1.111 nt_password 00000000000000000000000000000000:8846f7eaee8fb117ad06bdd830b7586c NTLM hash
|
||||||
|
111.111.1.111 nt_passphrase 00000000000000000000000000000000:7f8fe03093cc84b267b109625f6bbf4b NTLM hash
|
||||||
|
111.111.1.111 111.111.1.111 22/tcp (ssh) ubuntu ubuntu Password
|
||||||
|
|
||||||
|
```
|
|
@ -36,6 +36,10 @@ module Metasploit
|
||||||
# @return [Integer] An optional maximum duration of the cracking attempt in seconds
|
# @return [Integer] An optional maximum duration of the cracking attempt in seconds
|
||||||
attr_accessor :max_runtime
|
attr_accessor :max_runtime
|
||||||
|
|
||||||
|
# @!attribute max_length
|
||||||
|
# @return [Integer] An optional maximum length of password to attempt cracking
|
||||||
|
attr_accessor :max_length
|
||||||
|
|
||||||
# @!attribute pot
|
# @!attribute pot
|
||||||
# @return [String] The file path to an alternative John pot file to use
|
# @return [String] The file path to an alternative John pot file to use
|
||||||
attr_accessor :pot
|
attr_accessor :pot
|
||||||
|
@ -62,6 +66,12 @@ module Metasploit
|
||||||
greater_than_or_equal_to: 0
|
greater_than_or_equal_to: 0
|
||||||
}, if: 'max_runtime.present?'
|
}, if: 'max_runtime.present?'
|
||||||
|
|
||||||
|
validates :max_length,
|
||||||
|
numericality: {
|
||||||
|
only_integer: true,
|
||||||
|
greater_than_or_equal_to: 0
|
||||||
|
}, if: 'max_length.present?'
|
||||||
|
|
||||||
validates :wordlist, :'Metasploit::Framework::File_path' => true, if: 'wordlist.present?'
|
validates :wordlist, :'Metasploit::Framework::File_path' => true, if: 'wordlist.present?'
|
||||||
|
|
||||||
# @param attributes [Hash{Symbol => String,nil}]
|
# @param attributes [Hash{Symbol => String,nil}]
|
||||||
|
@ -146,6 +156,10 @@ module Metasploit
|
||||||
cmd << ( "--max-run-time=" + max_runtime.to_s)
|
cmd << ( "--max-run-time=" + max_runtime.to_s)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if max_length.present?
|
||||||
|
cmd << ( "--max-len=" + max_length.to_s)
|
||||||
|
end
|
||||||
|
|
||||||
cmd << hash_path
|
cmd << hash_path
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -165,7 +179,7 @@ module Metasploit
|
||||||
#
|
#
|
||||||
# @return [String] the path to the default john.conf file
|
# @return [String] the path to the default john.conf file
|
||||||
def john_config_file
|
def john_config_file
|
||||||
::File.join( ::Msf::Config.data_directory, "john.conf" )
|
::File.join( ::Msf::Config.data_directory, "jtr", "john.conf" )
|
||||||
end
|
end
|
||||||
|
|
||||||
# This method returns the path to a default john.pot file.
|
# This method returns the path to a default john.pot file.
|
||||||
|
|
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'Name' => 'John the Ripper AIX Password Cracker',
|
'Name' => 'John the Ripper AIX Password Cracker',
|
||||||
'Description' => %Q{
|
'Description' => %Q{
|
||||||
This module uses John the Ripper to identify weak passwords that have been
|
This module uses John the Ripper to identify weak passwords that have been
|
||||||
acquired from passwd files on AIX systems.
|
acquired from passwd files on AIX systems. These utilize DES hashing.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
@ -28,8 +28,11 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
def run
|
def run
|
||||||
cracker = new_john_cracker
|
cracker = new_john_cracker
|
||||||
|
|
||||||
# generate our wordlist and close the file handle
|
# create the hash file first, so if there aren't any hashes we can quit early
|
||||||
wordlist = wordlist_file
|
cracker.hash_path = hash_file
|
||||||
|
|
||||||
|
# generate our wordlist and close the file handle. max length of DES is 8
|
||||||
|
wordlist = wordlist_file(8)
|
||||||
unless wordlist
|
unless wordlist
|
||||||
print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
|
print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
|
||||||
return
|
return
|
||||||
|
@ -38,26 +41,27 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
wordlist.close
|
wordlist.close
|
||||||
print_status "Wordlist file written out to #{wordlist.path}"
|
print_status "Wordlist file written out to #{wordlist.path}"
|
||||||
cracker.wordlist = wordlist.path
|
cracker.wordlist = wordlist.path
|
||||||
cracker.hash_path = hash_file
|
|
||||||
|
|
||||||
['des'].each do |format|
|
cleanup_files = [cracker.hash_path, wordlist.path]
|
||||||
|
|
||||||
|
['descrypt'].each do |format|
|
||||||
# dupe our original cracker so we can safely change options between each run
|
# dupe our original cracker so we can safely change options between each run
|
||||||
cracker_instance = cracker.dup
|
cracker_instance = cracker.dup
|
||||||
cracker_instance.format = format
|
cracker_instance.format = format
|
||||||
print_status "Cracking #{format} hashes in normal wordlist mode..."
|
print_status "Cracking #{format} hashes in normal wordlist mode..."
|
||||||
# Turn on KoreLogic rules if the user asked for it
|
# Turn on KoreLogic rules if the user asked for it
|
||||||
if datastore['KoreLogic']
|
if datastore['KORELOGIC']
|
||||||
cracker_instance.rules = 'KoreLogicRules'
|
cracker_instance.rules = 'KoreLogicRules'
|
||||||
print_status "Applying KoreLogic ruleset..."
|
print_status "Applying KoreLogic ruleset..."
|
||||||
end
|
end
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in single mode..."
|
print_status "Cracking #{format} hashes in single mode..."
|
||||||
cracker_instance.rules = 'single'
|
cracker_instance.rules = 'single'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
||||||
|
@ -65,7 +69,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
cracker_instance.wordlist = nil
|
cracker_instance.wordlist = nil
|
||||||
cracker_instance.incremental = 'Digits'
|
cracker_instance.incremental = 'Digits'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracked Passwords this run:"
|
print_status "Cracked Passwords this run:"
|
||||||
|
@ -78,13 +82,17 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
username = fields.shift
|
username = fields.shift
|
||||||
core_id = fields.pop
|
core_id = fields.pop
|
||||||
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
||||||
print_good password_line
|
print_good "#{username}:#{password}"
|
||||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
create_cracked_credential( username: username, password: password, core_id: core_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
cleanup_files.each do |f|
|
||||||
|
File.delete(f)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def hash_file
|
def hash_file
|
||||||
|
wrote_hash = false
|
||||||
hashlist = Rex::Quickfile.new("hashes_tmp")
|
hashlist = Rex::Quickfile.new("hashes_tmp")
|
||||||
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core|
|
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core|
|
||||||
if core.private.jtr_format =~ /des/
|
if core.private.jtr_format =~ /des/
|
||||||
|
@ -92,9 +100,14 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
hash_string = core.private.data
|
hash_string = core.private.data
|
||||||
id = core.id
|
id = core.id
|
||||||
hashlist.puts "#{user}:#{hash_string}:#{id}:"
|
hashlist.puts "#{user}:#{hash_string}:#{id}:"
|
||||||
|
wrote_hash = true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
hashlist.close
|
hashlist.close
|
||||||
|
unless wrote_hash # check if we wrote anything and bail early if we didn't
|
||||||
|
hashlist.delete
|
||||||
|
fail_with Failure::NotFound, 'No DES hashes in database to crack'
|
||||||
|
end
|
||||||
print_status "Hashes Written out to #{hashlist.path}"
|
print_status "Hashes Written out to #{hashlist.path}"
|
||||||
hashlist.path
|
hashlist.path
|
||||||
end
|
end
|
||||||
|
|
|
@ -14,8 +14,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'Description' => %Q{
|
'Description' => %Q{
|
||||||
This module uses John the Ripper to identify weak passwords that have been
|
This module uses John the Ripper to identify weak passwords that have been
|
||||||
acquired from unshadowed passwd files from Unix systems. The module will only crack
|
acquired from unshadowed passwd files from Unix systems. The module will only crack
|
||||||
MD5 and DES implementations by default. Set Crypt to true to also try to crack
|
MD5, BSDi and DES implementations by default. Set Crypt to true to also try to crack
|
||||||
Blowfish and SHA implementations. Warning: This is much slower.
|
Blowfish and SHA(256/512). Warning: This is much slower.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
@ -38,10 +38,14 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
formats = [ 'md5crypt', 'descrypt', 'bsdicrypt']
|
formats = [ 'md5crypt', 'descrypt', 'bsdicrypt']
|
||||||
if datastore['Crypt']
|
if datastore['Crypt']
|
||||||
formats << 'crypt'
|
formats << 'crypt'
|
||||||
|
formats << 'bcrypt' #blowfish is not within the 'crypt' family
|
||||||
end
|
end
|
||||||
|
|
||||||
cracker = new_john_cracker
|
cracker = new_john_cracker
|
||||||
|
|
||||||
|
# create the hash file first, so if there aren't any hashes we can quit early
|
||||||
|
cracker.hash_path = hash_file
|
||||||
|
|
||||||
# generate our wordlist and close the file handle
|
# generate our wordlist and close the file handle
|
||||||
wordlist = wordlist_file
|
wordlist = wordlist_file
|
||||||
unless wordlist
|
unless wordlist
|
||||||
|
@ -52,7 +56,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
wordlist.close
|
wordlist.close
|
||||||
print_status "Wordlist file written out to #{wordlist.path}"
|
print_status "Wordlist file written out to #{wordlist.path}"
|
||||||
cracker.wordlist = wordlist.path
|
cracker.wordlist = wordlist.path
|
||||||
cracker.hash_path = hash_file
|
|
||||||
|
cleanup_files = [cracker.hash_path, wordlist.path]
|
||||||
|
|
||||||
formats.each do |format|
|
formats.each do |format|
|
||||||
# dupe our original cracker so we can safely change options between each run
|
# dupe our original cracker so we can safely change options between each run
|
||||||
|
@ -65,7 +70,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
print_status "Applying KoreLogic ruleset..."
|
print_status "Applying KoreLogic ruleset..."
|
||||||
end
|
end
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracked Passwords this run:"
|
print_status "Cracked Passwords this run:"
|
||||||
|
@ -79,27 +84,34 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
core_id = fields.pop
|
core_id = fields.pop
|
||||||
4.times { fields.pop }
|
4.times { fields.pop }
|
||||||
password = fields.join('') # Anything left must be the password. This accounts for passwords with : in them
|
password = fields.join('') # Anything left must be the password. This accounts for passwords with : in them
|
||||||
print_good password_line
|
print_good "#{username}:#{password}"
|
||||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
create_cracked_credential( username: username, password: password, core_id: core_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
cleanup_files.each do |f|
|
||||||
|
File.delete(f)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def hash_file
|
def hash_file
|
||||||
|
wrote_hash = false
|
||||||
hashlist = Rex::Quickfile.new("hashes_tmp")
|
hashlist = Rex::Quickfile.new("hashes_tmp")
|
||||||
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core|
|
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core|
|
||||||
if core.private.jtr_format =~ /md5|des|bsdi|crypt/
|
if core.private.jtr_format =~ /md5|des|bsdi|crypt|bf/
|
||||||
user = core.public.username
|
user = core.public.username
|
||||||
hash_string = core.private.data
|
hash_string = core.private.data
|
||||||
id = core.id
|
id = core.id
|
||||||
hashlist.puts "#{user}:#{hash_string}:::::#{id}:"
|
hashlist.puts "#{user}:#{hash_string}:::::#{id}:"
|
||||||
|
wrote_hash = true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
hashlist.close
|
hashlist.close
|
||||||
|
unless wrote_hash # check if we wrote anything and bail early if we didn't
|
||||||
|
hashlist.delete
|
||||||
|
fail_with Failure::NotFound, 'No applicable hashes in database to crack'
|
||||||
|
end
|
||||||
print_status "Hashes Written out to #{hashlist.path}"
|
print_status "Hashes Written out to #{hashlist.path}"
|
||||||
hashlist.path
|
hashlist.path
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'Description' => %Q{
|
'Description' => %Q{
|
||||||
This module uses John the Ripper to identify weak passwords that have been
|
This module uses John the Ripper to identify weak passwords that have been
|
||||||
acquired from the mssql_hashdump module. Passwords that have been successfully
|
acquired from the mssql_hashdump module. Passwords that have been successfully
|
||||||
cracked are then saved as proper credentials
|
cracked are then saved as proper credentials.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
@ -29,6 +29,9 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
@formats = Set.new
|
@formats = Set.new
|
||||||
cracker = new_john_cracker
|
cracker = new_john_cracker
|
||||||
|
|
||||||
|
# create the hash file first, so if there aren't any hashes we can quit early
|
||||||
|
cracker.hash_path = hash_file
|
||||||
|
|
||||||
# generate our wordlist and close the file handle
|
# generate our wordlist and close the file handle
|
||||||
wordlist = wordlist_file
|
wordlist = wordlist_file
|
||||||
unless wordlist
|
unless wordlist
|
||||||
|
@ -39,7 +42,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
wordlist.close
|
wordlist.close
|
||||||
print_status "Wordlist file written out to #{wordlist.path}"
|
print_status "Wordlist file written out to #{wordlist.path}"
|
||||||
cracker.wordlist = wordlist.path
|
cracker.wordlist = wordlist.path
|
||||||
cracker.hash_path = hash_file
|
|
||||||
|
cleanup_files = [cracker.hash_path, wordlist.path]
|
||||||
|
|
||||||
@formats.each do |format|
|
@formats.each do |format|
|
||||||
# dupe our original cracker so we can safely change options between each run
|
# dupe our original cracker so we can safely change options between each run
|
||||||
|
@ -52,19 +56,21 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
print_status "Applying KoreLogic ruleset..."
|
print_status "Applying KoreLogic ruleset..."
|
||||||
end
|
end
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in single mode..."
|
print_status "Cracking #{format} hashes in single mode..."
|
||||||
cracker_instance.rules = 'single'
|
cracker_instance.rules = 'single'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
||||||
|
cracker_instance.rules = nil
|
||||||
|
cracker_instance.wordlist = nil
|
||||||
cracker_instance.incremental = 'Digits'
|
cracker_instance.incremental = 'Digits'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracked Passwords this run:"
|
print_status "Cracked Passwords this run:"
|
||||||
|
@ -77,14 +83,17 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
username = fields.shift
|
username = fields.shift
|
||||||
core_id = fields.pop
|
core_id = fields.pop
|
||||||
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
||||||
print_good password_line
|
print_good "#{username}:#{password}"
|
||||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
create_cracked_credential( username: username, password: password, core_id: core_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
cleanup_files.each do |f|
|
||||||
|
File.delete(f)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def hash_file
|
def hash_file
|
||||||
|
wrote_hash = false
|
||||||
hashlist = Rex::Quickfile.new("hashes_tmp")
|
hashlist = Rex::Quickfile.new("hashes_tmp")
|
||||||
Metasploit::Credential::NonreplayableHash.joins(:cores).where(metasploit_credential_cores: { workspace_id: myworkspace.id }, jtr_format: ['mssql', 'mssql05', 'mssql12']).each do |hash|
|
Metasploit::Credential::NonreplayableHash.joins(:cores).where(metasploit_credential_cores: { workspace_id: myworkspace.id }, jtr_format: ['mssql', 'mssql05', 'mssql12']).each do |hash|
|
||||||
# Track the formats that we've seen so we do not attempt a format that isn't relevant
|
# Track the formats that we've seen so we do not attempt a format that isn't relevant
|
||||||
|
@ -103,12 +112,16 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
hash_string = core.private.data
|
hash_string = core.private.data
|
||||||
id = core.id
|
id = core.id
|
||||||
hashlist.puts "#{user}:#{hash_string}:#{id}:"
|
hashlist.puts "#{user}:#{hash_string}:#{id}:"
|
||||||
|
wrote_hash = true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
hashlist.close
|
hashlist.close
|
||||||
|
unless wrote_hash # check if we wrote anything and bail early if we didn't
|
||||||
|
hashlist.delete
|
||||||
|
fail_with Failure::NotFound, 'No applicable hashes in database to crack'
|
||||||
|
end
|
||||||
print_status "Hashes Written out to #{hashlist.path}"
|
print_status "Hashes Written out to #{hashlist.path}"
|
||||||
hashlist.path
|
hashlist.path
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'Description' => %Q{
|
'Description' => %Q{
|
||||||
This module uses John the Ripper to identify weak passwords that have been
|
This module uses John the Ripper to identify weak passwords that have been
|
||||||
acquired from the mysql_hashdump module. Passwords that have been successfully
|
acquired from the mysql_hashdump module. Passwords that have been successfully
|
||||||
cracked are then saved as proper credentials
|
cracked are then saved as proper credentials.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
@ -28,6 +28,9 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
def run
|
def run
|
||||||
cracker = new_john_cracker
|
cracker = new_john_cracker
|
||||||
|
|
||||||
|
# create the hash file first, so if there aren't any hashes we can quit early
|
||||||
|
cracker.hash_path = hash_file
|
||||||
|
|
||||||
# generate our wordlist and close the file handle
|
# generate our wordlist and close the file handle
|
||||||
wordlist = wordlist_file
|
wordlist = wordlist_file
|
||||||
unless wordlist
|
unless wordlist
|
||||||
|
@ -38,7 +41,8 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
wordlist.close
|
wordlist.close
|
||||||
print_status "Wordlist file written out to #{wordlist.path}"
|
print_status "Wordlist file written out to #{wordlist.path}"
|
||||||
cracker.wordlist = wordlist.path
|
cracker.wordlist = wordlist.path
|
||||||
cracker.hash_path = hash_file
|
|
||||||
|
cleanup_files = [cracker.hash_path, wordlist.path]
|
||||||
|
|
||||||
['mysql','mysql-sha1'].each do |format|
|
['mysql','mysql-sha1'].each do |format|
|
||||||
cracker_instance = cracker.dup
|
cracker_instance = cracker.dup
|
||||||
|
@ -50,19 +54,21 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
print_status "Applying KoreLogic ruleset..."
|
print_status "Applying KoreLogic ruleset..."
|
||||||
end
|
end
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in single mode..."
|
print_status "Cracking #{format} hashes in single mode..."
|
||||||
cracker_instance.rules = 'single'
|
cracker_instance.rules = 'single'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
||||||
|
cracker_instance.rules = nil
|
||||||
|
cracker_instance.wordlist = nil
|
||||||
cracker_instance.incremental = 'Digits'
|
cracker_instance.incremental = 'Digits'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracked Passwords this run:"
|
print_status "Cracked Passwords this run:"
|
||||||
|
@ -75,13 +81,17 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
username = fields.shift
|
username = fields.shift
|
||||||
core_id = fields.pop
|
core_id = fields.pop
|
||||||
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
||||||
print_good password_line
|
print_good "#{username}:#{password}"
|
||||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
create_cracked_credential( username: username, password: password, core_id: core_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
cleanup_files.each do |f|
|
||||||
|
File.delete(f)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def hash_file
|
def hash_file
|
||||||
|
wrote_hash = false
|
||||||
hashlist = Rex::Quickfile.new("hashes_tmp")
|
hashlist = Rex::Quickfile.new("hashes_tmp")
|
||||||
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core|
|
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core|
|
||||||
if core.private.jtr_format =~ /mysql|mysql-sha1/
|
if core.private.jtr_format =~ /mysql|mysql-sha1/
|
||||||
|
@ -89,12 +99,16 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
hash_string = core.private.data
|
hash_string = core.private.data
|
||||||
id = core.id
|
id = core.id
|
||||||
hashlist.puts "#{user}:#{hash_string}:#{id}:"
|
hashlist.puts "#{user}:#{hash_string}:#{id}:"
|
||||||
|
wrote_hash = true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
hashlist.close
|
hashlist.close
|
||||||
|
unless wrote_hash # check if we wrote anything and bail early if we didn't
|
||||||
|
hashlist.delete
|
||||||
|
fail_with Failure::NotFound, 'No applicable hashes in database to crack'
|
||||||
|
end
|
||||||
print_status "Hashes Written out to #{hashlist.path}"
|
print_status "Hashes Written out to #{hashlist.path}"
|
||||||
hashlist.path
|
hashlist.path
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
'Description' => %Q{
|
'Description' => %Q{
|
||||||
This module uses John the Ripper to identify weak passwords that have been
|
This module uses John the Ripper to identify weak passwords that have been
|
||||||
acquired from the oracle_hashdump module. Passwords that have been successfully
|
acquired from the oracle_hashdump module. Passwords that have been successfully
|
||||||
cracked are then saved as proper credentials
|
cracked are then saved as proper credentials.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' =>
|
||||||
[
|
[
|
||||||
|
@ -33,17 +33,27 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
wordlist.close
|
wordlist.close
|
||||||
print_status "Wordlist file written out to #{wordlist.path}"
|
print_status "Wordlist file written out to #{wordlist.path}"
|
||||||
cracker.wordlist = wordlist.path
|
cracker.wordlist = wordlist.path
|
||||||
#cracker.hash_path = hash_file("des")
|
|
||||||
|
|
||||||
['oracle', 'oracle11'].each do |format|
|
cleanup_files = [wordlist.path]
|
||||||
|
|
||||||
|
# dynamic_1506 is oracle 11/12's H field, MD5.
|
||||||
|
['oracle', 'dynamic_1506', 'oracle11', 'oracle12c'].each do |format|
|
||||||
cracker_instance = cracker.dup
|
cracker_instance = cracker.dup
|
||||||
cracker_instance.format = format
|
cracker_instance.format = format
|
||||||
|
|
||||||
case format
|
case format
|
||||||
when 'oracle'
|
when 'oracle'
|
||||||
cracker_instance.hash_path = hash_file('des')
|
cracker_instance.hash_path = hash_file('des|oracle')
|
||||||
|
cleanup_files << cracker_instance.hash_path
|
||||||
|
when 'dynamic_1506'
|
||||||
|
cracker_instance.hash_path = hash_file('raw-sha1|oracle11|oracle12c|dynamic_1506')
|
||||||
|
cleanup_files << cracker_instance.hash_path
|
||||||
when 'oracle11'
|
when 'oracle11'
|
||||||
cracker_instance.hash_path = hash_file('raw-sha1')
|
cracker_instance.hash_path = hash_file('raw-sha1|oracle11')
|
||||||
|
cleanup_files << cracker_instance.hash_path
|
||||||
|
when 'oracle12c'
|
||||||
|
cracker_instance.hash_path = hash_file('oracle12c')
|
||||||
|
cleanup_files << cracker_instance.hash_path
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in normal wordlist mode..."
|
print_status "Cracking #{format} hashes in normal wordlist mode..."
|
||||||
|
@ -52,15 +62,14 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
cracker_instance.rules = 'KoreLogicRules'
|
cracker_instance.rules = 'KoreLogicRules'
|
||||||
print_status "Applying KoreLogic ruleset..."
|
print_status "Applying KoreLogic ruleset..."
|
||||||
end
|
end
|
||||||
print_status "Crack command #{cracker_instance.crack_command.join(' ')}"
|
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in single mode..."
|
print_status "Cracking #{format} hashes in single mode..."
|
||||||
cracker_instance.rules = 'single'
|
cracker_instance.rules = 'single'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracked passwords this run:"
|
print_status "Cracked passwords this run:"
|
||||||
|
@ -76,11 +85,13 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
# Postgres hashes always prepend the username to the password before hashing. So we strip the username back off here.
|
# Postgres hashes always prepend the username to the password before hashing. So we strip the username back off here.
|
||||||
password.gsub!(/^#{username}/,'')
|
password.gsub!(/^#{username}/,'')
|
||||||
print_good "#{username}:#{password}:#{core_id}"
|
print_good "#{username}:#{password}"
|
||||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
create_cracked_credential( username: username, password: password, core_id: core_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
cleanup_files.each do |f|
|
||||||
|
File.delete(f)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
@ -89,9 +100,39 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core|
|
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core|
|
||||||
if core.private.jtr_format =~ /#{format}/
|
if core.private.jtr_format =~ /#{format}/
|
||||||
user = core.public.username
|
user = core.public.username
|
||||||
hash_string = core.private.data.split(':')[1]
|
case format
|
||||||
|
when 'des|oracle' #oracle
|
||||||
|
if core.private.jtr_format.start_with?('des') #aka not oracle11/12c
|
||||||
|
hash_string = "O$#{user.upcase}##{core.private.data}"
|
||||||
|
end
|
||||||
|
when 'raw-sha1|oracle11|oracle12c|dynamic_1506'
|
||||||
|
if core.private.data =~ /H:([\dA-F]{32})/
|
||||||
|
user = user.upcase
|
||||||
|
hash_string = "$dynamic_1506$#{$1}"
|
||||||
|
end
|
||||||
|
when 'raw-sha1|oracle11'
|
||||||
|
# this password is stored as a long ascii string with several sections
|
||||||
|
# https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/changes-in-oracle-database-12c-password-hashes/
|
||||||
|
# example: S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C
|
||||||
|
# S: = 60 characters -> sha1(password + salt (10 bytes))
|
||||||
|
# 40 char sha1, 20 char salt
|
||||||
|
# hash is 8F2D65FB5547B71C8DA3760F10960428CD307B1C
|
||||||
|
# salt is 6271691FC55C1F56554A
|
||||||
|
# H: = 32 characters
|
||||||
|
# legacy MD5
|
||||||
|
# T: = 160 characters
|
||||||
|
# PBKDF2-based SHA512 hash specific to 12C
|
||||||
|
if core.private.data =~ /S:([\dA-F]{60})/
|
||||||
|
hash_string = $1
|
||||||
|
end
|
||||||
|
when 'oracle12c'
|
||||||
|
# see H and T sections above
|
||||||
|
if core.private.data =~ /T:([\dA-F]{160})/
|
||||||
|
hash_string = "$oracle12c$#{$1.downcase}"
|
||||||
|
end
|
||||||
|
end
|
||||||
id = core.id
|
id = core.id
|
||||||
hashlist.puts "#{user}:#{hash_string}:#{id}:"
|
hashlist.puts "#{user}:#{hash_string}:#{id}:" unless hash_string.nil? || hash_string.empty?
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
hashlist.close
|
hashlist.close
|
||||||
|
|
|
@ -30,7 +30,11 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
cracker = new_john_cracker
|
cracker = new_john_cracker
|
||||||
|
|
||||||
hash_list = hash_file
|
# since a dynamic list doesn't include an ID, we keep a local list to include it
|
||||||
|
# for lookup at a later time
|
||||||
|
reconstruct_list = []
|
||||||
|
# create the hash file first, so if there aren't any hashes we can quit early
|
||||||
|
cracker.hash_path, reconstruct_list = hash_file(reconstruct_list)
|
||||||
|
|
||||||
# generate our wordlist and close the file handle
|
# generate our wordlist and close the file handle
|
||||||
wordlist = wordlist_file
|
wordlist = wordlist_file
|
||||||
|
@ -38,16 +42,19 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
|
print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
wordlist.close
|
wordlist.close
|
||||||
|
|
||||||
|
|
||||||
print_status "Wordlist file written out to #{wordlist.path}"
|
print_status "Wordlist file written out to #{wordlist.path}"
|
||||||
cracker.wordlist = wordlist.path
|
cracker.wordlist = wordlist.path
|
||||||
cracker.hash_path = hash_list
|
|
||||||
|
|
||||||
['raw-md5'].each do |format|
|
cleanup_files = [cracker.hash_path, wordlist.path]
|
||||||
|
|
||||||
|
['dynamic_1034'].each do |format|
|
||||||
cracker_instance = cracker.dup
|
cracker_instance = cracker.dup
|
||||||
|
# the following line is left for historical purposes, however
|
||||||
|
# while psql uses MD5, instead of using a format flag to john
|
||||||
|
# we actually just set the 'dynamic_1034' type in the hashes
|
||||||
|
# file directly
|
||||||
cracker_instance.format = format
|
cracker_instance.format = format
|
||||||
print_status "Cracking #{format} hashes in normal wordlist mode..."
|
print_status "Cracking #{format} hashes in normal wordlist mode..."
|
||||||
# Turn on KoreLogic rules if the user asked for it
|
# Turn on KoreLogic rules if the user asked for it
|
||||||
|
@ -56,19 +63,21 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
print_status "Applying KoreLogic ruleset..."
|
print_status "Applying KoreLogic ruleset..."
|
||||||
end
|
end
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in single mode..."
|
print_status "Cracking #{format} hashes in single mode..."
|
||||||
cracker_instance.rules = 'single'
|
cracker_instance.rules = 'single'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
||||||
|
cracker_instance.rules = nil
|
||||||
|
cracker_instance.wordlist = nil
|
||||||
cracker_instance.incremental = 'Digits'
|
cracker_instance.incremental = 'Digits'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracked passwords this run:"
|
print_status "Cracked passwords this run:"
|
||||||
|
@ -77,18 +86,47 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
next if password_line.blank?
|
next if password_line.blank?
|
||||||
fields = password_line.split(":")
|
fields = password_line.split(":")
|
||||||
# If we don't have an expected minimum number of fields, this is probably not a hash line
|
# If we don't have an expected minimum number of fields, this is probably not a hash line
|
||||||
next unless fields.count >=3
|
next unless fields.count >=2
|
||||||
username = fields.shift
|
username = fields.shift
|
||||||
core_id = fields.pop
|
#core_id = fields.pop #not passed in on dynamic formats
|
||||||
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
password = fields.join(':') # Anything left must be the password. This accounts for passwords with : in them
|
||||||
|
|
||||||
# Postgres hashes always prepend the username to the password before hashing. So we strip the username back off here.
|
# this is ugly, we need to get the id, however it isnt in the john files
|
||||||
password.gsub!(/^#{username}/,'')
|
# we generated. So we have to open the john.pot file to get the hash
|
||||||
print_good "#{username}:#{password}:#{core_id}"
|
# to password matching, so the end product looks like this:
|
||||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
# (reconstruct_list) (john.pot) (cracked)
|
||||||
|
# un /----> hash un
|
||||||
|
# hash ----/ password -------> password
|
||||||
|
# id
|
||||||
|
# example .pot dynamic_1034 line: $dynamic_1034$be86a79bf2043622d58d5453c47d4860$HEX$24556578616d706c65:password
|
||||||
|
# also note how the $HEX$ till : part is added by jtr
|
||||||
|
pot = File.open(cracker.john_pot_file, 'rb')
|
||||||
|
pots = pot.read
|
||||||
|
pot.close
|
||||||
|
# here we combine un:hash and hash:password to make un:hash:password
|
||||||
|
combined = []
|
||||||
|
pots.each_line do |p|
|
||||||
|
reconstruct_list.each do |r|
|
||||||
|
hash = r.split(":")[1]
|
||||||
|
next unless p.starts_with?("#{hash}$HEX$")
|
||||||
|
combined << "#{r}:#{p.split(':')[1]}"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
combined.each do |cred|
|
||||||
|
c = cred.split(":")
|
||||||
|
c_u = c[0].strip
|
||||||
|
c_h = c[1].strip
|
||||||
|
c_i = c[2].strip
|
||||||
|
c_p = c[3].strip
|
||||||
|
next unless c_u==username && c_p==password
|
||||||
|
print_good "#{username}:#{password}"
|
||||||
|
create_cracked_credential( username: username, password: password, core_id: c_i)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
cleanup_files.each do |f|
|
||||||
|
File.delete(f)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Override the mixin method to add prependers
|
# Override the mixin method to add prependers
|
||||||
|
@ -108,20 +146,29 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
wordlist.to_file
|
wordlist.to_file
|
||||||
end
|
end
|
||||||
|
|
||||||
def hash_file
|
def hash_file(reconstruct_list)
|
||||||
|
wrote_hash = false
|
||||||
hashlist = Rex::Quickfile.new("hashes_tmp")
|
hashlist = Rex::Quickfile.new("hashes_tmp")
|
||||||
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::PostgresMD5').each do |core|
|
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::PostgresMD5').each do |core|
|
||||||
if core.private.jtr_format =~ /des/
|
if core.private.jtr_format =~ /postgres|raw-md5/
|
||||||
user = core.public.username
|
user = core.public.username
|
||||||
@username_set << user
|
@username_set << user
|
||||||
hash_string = core.private.data
|
hash_string = core.private.data
|
||||||
hash_string.gsub!(/^md5/, '')
|
hash_string.gsub!(/^md5/, '')
|
||||||
id = core.id
|
id = core.id
|
||||||
hashlist.puts "#{user}:#{hash_string}:#{id}:"
|
# john --list=subformats | grep 'PostgreSQL MD5'
|
||||||
|
#UserFormat = dynamic_1034 type = dynamic_1034: md5($p.$u) (PostgreSQL MD5)
|
||||||
|
hashlist.puts "#{user}:$dynamic_1034$#{hash_string}"
|
||||||
|
reconstruct_list << "#{user}:$dynamic_1034$#{hash_string}:#{id}"
|
||||||
|
wrote_hash = true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
hashlist.close
|
hashlist.close
|
||||||
|
unless wrote_hash # check if we wrote anything and bail early if we didn't
|
||||||
|
hashlist.delete
|
||||||
|
fail_with Failure::NotFound, 'No Postgres hashes in database to crack'
|
||||||
|
end
|
||||||
print_status "Hashes written out to #{hashlist.path}"
|
print_status "Hashes written out to #{hashlist.path}"
|
||||||
hashlist.path
|
return hashlist.path, reconstruct_list
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,7 +10,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
|
|
||||||
def initialize
|
def initialize
|
||||||
super(
|
super(
|
||||||
'Name' => 'John the Ripper Password Cracker (Fast Mode)',
|
'Name' => 'John the Ripper Windows Password Cracker (Fast Mode)',
|
||||||
'Description' => %Q{
|
'Description' => %Q{
|
||||||
This module uses John the Ripper to identify weak passwords that have been
|
This module uses John the Ripper to identify weak passwords that have been
|
||||||
acquired as hashed files (loot) or raw LANMAN/NTLM hashes (hashdump). The goal
|
acquired as hashed files (loot) or raw LANMAN/NTLM hashes (hashdump). The goal
|
||||||
|
@ -27,6 +27,9 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
def run
|
def run
|
||||||
cracker = new_john_cracker
|
cracker = new_john_cracker
|
||||||
|
|
||||||
|
# create the hash file first, so if there aren't any hashes we can quit early
|
||||||
|
cracker.hash_path = hash_file
|
||||||
|
|
||||||
# generate our wordlist and close the file handle
|
# generate our wordlist and close the file handle
|
||||||
wordlist = wordlist_file
|
wordlist = wordlist_file
|
||||||
unless wordlist
|
unless wordlist
|
||||||
|
@ -37,12 +40,23 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
wordlist.close
|
wordlist.close
|
||||||
print_status "Wordlist file written out to #{wordlist.path}"
|
print_status "Wordlist file written out to #{wordlist.path}"
|
||||||
cracker.wordlist = wordlist.path
|
cracker.wordlist = wordlist.path
|
||||||
cracker.hash_path = hash_file
|
|
||||||
|
cleanup_files = [cracker.hash_path, wordlist.path]
|
||||||
|
|
||||||
['lm','nt'].each do |format|
|
['lm','nt'].each do |format|
|
||||||
# dupe our original cracker so we can safely change options between each run
|
# dupe our original cracker so we can safely change options between each run
|
||||||
cracker_instance = cracker.dup
|
cracker_instance = cracker.dup
|
||||||
cracker_instance.format = format
|
cracker_instance.format = format
|
||||||
|
|
||||||
|
# lanman has a max length of 7, so we create a new wordlist optimized for it
|
||||||
|
if format == 'lm'
|
||||||
|
wordlist = wordlist_file(maxlen=7)
|
||||||
|
cracker.wordlist = wordlist.path
|
||||||
|
# JtR would handle this itself, but throws a warning. This prevents that additional dialog
|
||||||
|
cracker_instance.max_length = 7
|
||||||
|
cleanup_files.append(wordlist.path)
|
||||||
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in normal wordlist mode..."
|
print_status "Cracking #{format} hashes in normal wordlist mode..."
|
||||||
# Turn on KoreLogic rules if the user asked for it
|
# Turn on KoreLogic rules if the user asked for it
|
||||||
if datastore['KORELOGIC']
|
if datastore['KORELOGIC']
|
||||||
|
@ -50,31 +64,26 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
print_status "Applying KoreLogic ruleset..."
|
print_status "Applying KoreLogic ruleset..."
|
||||||
end
|
end
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in single mode..."
|
print_status "Cracking #{format} hashes in single mode..."
|
||||||
cracker_instance.rules = 'single'
|
cracker_instance.rules = 'single'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
|
||||||
|
|
||||||
if format == 'lm'
|
|
||||||
print_status "Cracking #{format} hashes in incremental mode (All4)..."
|
|
||||||
cracker_instance.rules = nil
|
|
||||||
cracker_instance.wordlist = nil
|
|
||||||
cracker_instance.incremental = 'All4'
|
|
||||||
cracker_instance.crack do |line|
|
|
||||||
print_status line.chomp
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
print_status "Cracking #{format} hashes in incremental mode (Digits)..."
|
||||||
|
if format == 'nt'
|
||||||
|
# https://github.com/magnumripper/JohnTheRipper/commit/f4467dd3c58d5223fc804741bc1bcce77d3d898f#diff-c499d11af6e80a995563b547db7ce022R341
|
||||||
|
# we do this for speed
|
||||||
|
cracker_instance.max_length = 8
|
||||||
|
end
|
||||||
cracker_instance.rules = nil
|
cracker_instance.rules = nil
|
||||||
cracker_instance.wordlist = nil
|
cracker_instance.wordlist = nil
|
||||||
cracker_instance.incremental = 'Digits'
|
cracker_instance.incremental = 'Digits'
|
||||||
cracker_instance.crack do |line|
|
cracker_instance.crack do |line|
|
||||||
print_status line.chomp
|
vprint_status line.chomp
|
||||||
end
|
end
|
||||||
|
|
||||||
print_status "Cracked Passwords this run:"
|
print_status "Cracked Passwords this run:"
|
||||||
|
@ -94,6 +103,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
# get the NT and LM hashes
|
# get the NT and LM hashes
|
||||||
nt_hash = fields.pop
|
nt_hash = fields.pop
|
||||||
lm_hash = fields.pop
|
lm_hash = fields.pop
|
||||||
|
id = fields.pop
|
||||||
password = fields.join(':')
|
password = fields.join(':')
|
||||||
|
|
||||||
if format == 'lm'
|
if format == 'lm'
|
||||||
|
@ -113,21 +123,30 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
next if password.nil?
|
next if password.nil?
|
||||||
end
|
end
|
||||||
|
|
||||||
print_good "#{username}:#{password}:#{core_id}"
|
print_good "#{username}:#{password}"
|
||||||
create_cracked_credential( username: username, password: password, core_id: core_id)
|
create_cracked_credential( username: username, password: password, core_id: core_id)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
cleanup_files.each do |f|
|
||||||
|
File.delete(f)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def hash_file
|
def hash_file
|
||||||
|
wrote_hash = false
|
||||||
hashlist = Rex::Quickfile.new("hashes_tmp")
|
hashlist = Rex::Quickfile.new("hashes_tmp")
|
||||||
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NTLMHash').each do |core|
|
framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NTLMHash').each do |core|
|
||||||
user = core.public.username
|
user = core.public.username
|
||||||
hash_string = core.private.data
|
hash_string = core.private.data
|
||||||
id = core.id
|
id = core.id
|
||||||
hashlist.puts "#{user}:#{id}:#{hash_string}:::#{id}"
|
hashlist.puts "#{user}:#{id}:#{hash_string}:::#{id}"
|
||||||
|
wrote_hash = true
|
||||||
end
|
end
|
||||||
hashlist.close
|
hashlist.close
|
||||||
|
unless wrote_hash # check if we wrote anything and bail early if we didn't
|
||||||
|
hashlist.delete
|
||||||
|
fail_with Failure::NotFound, 'No LM/NT hashes in database to crack'
|
||||||
|
end
|
||||||
print_status "Hashes Written out to #{hashlist.path}"
|
print_status "Hashes Written out to #{hashlist.path}"
|
||||||
hashlist.path
|
hashlist.path
|
||||||
end
|
end
|
|
@ -50,8 +50,6 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
:proto => 'tcp'
|
:proto => 'tcp'
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
tbl = Rex::Text::Table.new(
|
tbl = Rex::Text::Table.new(
|
||||||
'Header' => 'Oracle Server Hashes',
|
'Header' => 'Oracle Server Hashes',
|
||||||
'Indent' => 1,
|
'Indent' => 1,
|
||||||
|
@ -97,9 +95,9 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
# Reports the hashes slightly differently depending on the version
|
# Reports the hashes slightly differently depending on the version
|
||||||
# This is so that we know which are which when we go to crack them
|
# This is so that we know which are which when we go to crack them
|
||||||
if is_11g==false
|
if is_11g==false
|
||||||
jtr_format = "des"
|
jtr_format = "des,oracle"
|
||||||
else
|
else
|
||||||
jtr_format = "raw-sha1"
|
jtr_format = "raw-sha1,oracle11"
|
||||||
end
|
end
|
||||||
service_data = {
|
service_data = {
|
||||||
address: Rex::Socket.getaddress(ip),
|
address: Rex::Socket.getaddress(ip),
|
||||||
|
|
Loading…
Reference in New Issue