Skip to content

Instantly share code, notes, and snippets.

@dtmsecurity

dtmsecurity/mscache.py

Created October 24, 2017 10:16
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dtmsecurity/54fd17616df0ec373e828b2152003b81 to your computer and use it in GitHub Desktop.
Save dtmsecurity/54fd17616df0ec373e828b2152003b81 to your computer and use it in GitHub Desktop.
Download ZIP
Needed a dirty way to convert mimikatz output for mscache to hashcat
Raw
mscache.py
import sys
import re
# .\hashcat64.exe -m 2100 .\inhash.txt .\rockyou.txt
if len(sys.argv[1]) > 0:
fh = open(str(sys.argv[1]),"r")
lines = fh.readlines()
fh.close()
outputLine = "$DCC2$10240#"
for line in lines:
m = re.search(r'RID.+\((.+)\)$',line)
if m:
rid = m.group(1)
m = re.search(r'User : .+\\(.+)$',line)
if m:
user = m.group(1)
outputLine += user.strip() + "#"
m = re.search(r'MsCacheV2 : (.+)$',line)
if m:
hashstring = m.group(1)
outputLine += hashstring.strip()
print(outputLine)
outputLine = "$DCC2$10240#"
# .\hashcat64.exe -m 1100 .\inhash.txt .\rockyou.txt
if len(sys.argv[1]) > 0:
fh = open(str(sys.argv[1]),"r")
lines = fh.readlines()
fh.close()
outputLine = ""
user = ""
for line in lines:
m = re.search(r'RID.+\((.+)\)$',line)
if m:
rid = m.group(1)
m = re.search(r'User : .+\\(.+)$',line)
if m:
user = m.group(1)
m = re.search(r'MsCacheV1 : (.+)$',line)
if m:
hashstring = m.group(1)
outputLine += hashstring.strip() + ":" + user.strip()
print(outputLine)
outputLine = ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment