metasploit-framework/data/john/run.linux.x64.mmx/netscreen.py

133 lines
5.0 KiB
Python

##################################################################
# Filename: netscreen.py
#
# Please note this script will now run in Python version 3.x
#
# This script will generate a netscreen formatted password
#
# This program requires two command line arguments, and works in two modes:
# Mode 1:
# The first argument is a username
# The second argument is a plaintext password
# Mode 2:
# The first argument is -f to indicate reading usernames and passwords from a file
# The second argument is the filename to read
#
# The input file should have one of the following formats (a "," or ":" separator):
# <username>,<plain-text-password>
# or
# <username>:<plain-text-password>
#
# (Don't put a "space" after the separator, unless it is part of the password)
#
# Example input file:
# admin,netscreen
# cisco:cisco
# robert,harris
#
# Output will be the username and hashed password in John the Ripper format
# If reading usernames and passwords from a file, the output file name will be: netscreen-JtR-output.txt
# If the file netscreen-JtR-output.txt exists, it will be overwritten.
#
# Version 2.04
# Updated on September 13, 2010 by Robert B. Harris from VA and Brad Tilley
# Updated to now run in Python v3.x (still works in Python 2.x)
# Additional separator for the input file. It can now have the new separator ":" (or use the old one ",")
# Now correctly handles a separator ("," or ":") in the password field when reading from a file.
# Updated help text in script
#
# Version 2.01
# Updated on August 30, 2010 by Robert B. Harris from VA
# Very minor changes, removed tab, noted it won't run in python 3.x
#
# Version 2.0
# Updated on August 12, 2010 by Robert B. Harris from VA
# Updated to use the hashlib library
# Updated to print help text if both input arguments are missing
# Updated to optionally read from a file
#
##################################################################
import sys
def net(user, password):
b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
middle = "Administration Tools"
s = "%s:%s:%s" % (user, middle, password)
# For versions of Python 2.5 and older
if sys.version_info[0] == 2 and sys.version_info[1] < 6:
import md5
m = md5.new(s).digest()
else:
import hashlib
m = hashlib.md5(s.encode('latin_1')).digest()
narray = []
for i in range(8):
if sys.version_info[0] == 2:
n1 = ord(m[2*i])
n2 = ord(m[2*i+1])
narray.append( (n1<<8 & 0xff00) | (n2 & 0xff) )
if sys.version_info[0] == 3:
n1 = ord(chr(m[2*i]))
n2 = ord(chr(m[2*i+1]))
narray.append( (n1<<8 & 0xff00) | (n2 & 0xff) )
res = ""
for i in narray:
p1 = i >> 12 & 0xf
p2 = i >> 6 & 0x3f
p3 = i & 0x3f
res = res + b64[p1] + b64[p2] + b64[p3]
for c, n in zip("nrcstn", [0, 6, 12, 17, 23, 29]):
res = res[:n] + c + res[n:]
return res
if __name__ == '__main__':
if len(sys.argv) == 3:
if (sys.argv[1])== "-f": # If true, reading from a file
in_file = (sys.argv[2]) # 2nd commandline arg is the filename to read from
input_file = open( in_file, 'r')
output_file = open ("netscreen-JtR-output.txt" , 'w')
import re
for line in input_file:
data=line.strip('\n')
if re.search(',',line):
data=data.split(',',1) # line contains ,
else:
if re.search(':',line):
data=data.split(':',1) # line contains :
else:
print ("\n\n\n")
print ("Error in input file.")
print ("The input file must have either a \",\" or \":\" separator on each line.")
print ("Also it should not contain any blank lines. Please correct the input file.")
break
username = data[0]
password = data[1]
ciphertext = net(username,password)
output_file.write ("%s:%s$%s" % (username,username,ciphertext))
output_file.write ("\n")
input_file.close()
print("\nThe output file has been created.")
output_file.close()
else: # We are not reading from a file
username = sys.argv[1]
password = sys.argv[2]
ciphertext = net(username,password)
print(("%s:%s$%s" % (username,username,ciphertext)))
else: # User did not input the required two commandline arguments
print("\n\n")
print("This program requires two commandline arguments:")
print("The first argument is a username, or -f to indicate reading from a file.")
print("The second argument is a plaintext password, or the name of the file to read from.")
print("See the additional text at the beginning of this script for more details.\n")
print("Output will be the username and the (Netscreen algorithm based) hashed password, in John the Ripper format. \n\n")
print("Example")
print("Input: netscreen.py admin netscreen")
print("Output: admin:admin$nKv3LvrdAVtOcE5EcsGIpYBtniNbUn")
print("(Netscreen uses the username as the salt)")