Created
August 21, 2012 16:13
-
-
Save grutz/3416932 to your computer and use it in GitHub Desktop.
Crack All LANMAN Hashes!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# crack-all-lms-avenger | |
# (c) 2012 by Kurt Grutzmacher (grutz@jingojango.net) | |
# License: BSD 3-Clause - http://opensource.org/licenses/bsd-3-clause | |
# | |
# So you have a pwdump file and it has some LANMAN hashes, eh? Run this and I | |
# guarantee you'll crack a ton of them! | |
# | |
# Some paths are hardcoded. YMMV. No warranty express or implied. See your | |
# doctor before starting treatment. If effect lasts for more than 4 hours stop | |
# running so many things on your crackbox! WTF is KDE running? | |
version="1.0" | |
banner_doall() { | |
# All the Things ASCII Art v0.0.1 | |
# by @briantford | |
# https://github.com/btford/allthethings | |
# | |
# Licensed under WTFPL http://sam.zoy.org/wtfpl/ | |
# | |
pur=$(tput setaf 5) # Purple | |
ylw=$(tput setaf 3) # Yellow | |
txtrst=$(tput sgr0) # Text reset | |
echo " ___ ___ _ ___ _ __ _ _ _ _____ _ _ ___ " | |
echo " / __| _ \ /_\ / __| |/ / /_\ | | | | |_ _| || | __|" | |
echo "| (__| / / _ \ (__| ' < / _ \| |__| |__ | | | __ | _| " | |
echo " \___|_|_\/_/ \_\___|_|\_\ /_/ \_\____|____| |_| |_||_|___|" | |
echo "" | |
echo " _ _ _ ___ _ _ ___ ___ " | |
echo "| || | /_\ / __| || | __/ __|" | |
echo "| __ |/ _ \\__ \ __ | _|\__ \\" | |
echo "|_||_/_/ \_\___/_||_|___|___/" | |
echo "" | |
echo " ${ylw}~= ${txtrst}M?${ylw} ,=~${txtrst}" | |
echo " ${ylw}== ${txtrst}MD${ylw} ~=~=~${txtrst}" | |
echo " ${ylw}==== ${txtrst}+${ylw} :=~===${txtrst}" | |
echo " ${ylw}~====~ ~ ${txtrst}M${ylw} :~======${txtrst}" | |
echo " ${ylw}~=====~ ~ == ~== ${txtrst}M${ylw} ~========${txtrst}" | |
echo " ${ylw}~====~~~ ,== ~== ,==== ${txtrst}Z${ylw}~~=========${txtrst}" | |
echo " ${ylw}=======~=~ ~===, ===~ ===== ${txtrst}=${ylw}==========~${txtrst}" | |
echo " ${ylw},===========: ~===== :===~ ,======:===${txtrst}~${ylw}~=======~~${txtrst}" | |
echo " ${ylw}=~=========== ~====== ~==== ,~===========${txtrst}+${ylw}========~${txtrst}" | |
echo " ${ylw},~=============~=======~===~=~ ~==============${txtrst}M${ylw}=======~${txtrst}" | |
echo " ${ylw}=============~~======${txtrst}?MNDDM${ylw}~~==========~======${txtrst}M${ylw}~=====~${txtrst}" | |
echo " ${ylw}================${txtrst}M=,,,,,,,,,D${ylw}~======${txtrst}M N${ylw}=====${txtrst}N${ylw}=====~${txtrst}" | |
echo " ${ylw}==~ =================~${txtrst}N~,,,,,,,:M8MMMNM O M====${txtrst}~${ylw}=====${txtrst}" | |
echo " ${ylw},===~, ~=================~~${txtrst}MM~ M M====${txtrst}=${ylw}==== ${txtrst}" | |
echo " ${ylw}~===~= :=================~${txtrst}N OM M ===${txtrst}?${ylw}~=== ${txtrst}" | |
echo " ${ylw}~====~~ ==============${txtrst}M M ?M ~ 8Z ~:=${txtrst}N${ylw}~==:${txtrst}" | |
echo " M ${ylw}~======~=~ ============${txtrst}M O ?M +7MMMMMMMI 8=${txtrst}M${ylw}~==${txtrst}" | |
echo " NO:7: ${ylw}:======================${txtrst}7 M= MNMMMMMMMMMM +${txtrst}N${ylw}==${txtrst}" | |
echo "MMO:::::? ${ylw}=======================${txtrst}8M~M ~MMMMMMMMMMMMMM M+${ylw}~~ ,===~${txtrst}" | |
echo "M,::::::::N ${ylw}=======================${txtrst}N MMMMMMMMMMMMMMMM M~${ylw}= :=~~=~ ~=~~==~${txtrst}" | |
echo ":,:::::::::Z ${ylw}=====================${txtrst}7 MMMMMMMMMMMMMM M${ylw}===~=====~ ,=~~====${txtrst}" | |
echo "?:::::::::::M ${ylw}==========================${txtrst}M ~MMMMMMMMMMMM II${ylw}======== :~=======${txtrst}" | |
echo " ,::::::::::, ${ylw},========================~${txtrst}8 MMMMMMMMMMI M${pur}?M${ylw}====== =======~==${txtrst}" | |
echo " 8:::::::::::N ${ylw}===~====================+${txtrst}N MMMMMMMMMM I${pur}?I${ylw}===~= ~==========~${txtrst}" | |
echo " D::::::::: ${ylw}======================${txtrst}MM MMMMMMMMM , I${pur}???M${ylw}==~===========${txtrst}" | |
echo " N~==OMMZZ7 ${ylw}:================~+${txtrst}M${ylw}===${txtrst}M 8::~, =N M${pur}????D${ylw}============~${txtrst}" | |
echo " OZZM ${ylw}~===============~==${txtrst}M${ylw}~~=====${txtrst}M O${pur}??????${ylw}===========${txtrst}" | |
echo " ,MZZM=${ylw}~==================${txtrst}OO${ylw}=~========${txtrst}M~ DD${pur}???????M${ylw}========~${txtrst}" | |
echo " ~MZZZ?${ylw}===============${txtrst}MM${ylw}=~===========~${txtrst}7?NMMZZNNM7${pur}?I????????7${ylw}~======${txtrst}" | |
echo " ${ylw}~~~~, ${txtrst}:ZZZM${ylw}============${txtrst}N+${ylw}================${pur}N?????????????????????O${ylw}====~=~~~~~~===~~:,${txtrst}" | |
echo " ${ylw}=========~,${txtrst}MOZM${ylw}~=======${txtrst}NN${ylw}====================${pur}M????????????????????N${ylw}==========================,${txtrst}" | |
echo " ${ylw}===========${txtrst}MZZO${ylw}=~===${txtrst}M${ylw}~=~====================~${pur}?????????????????????~${ylw}========================~=~${txtrst}" | |
echo " ${ylw}~~=========${txtrst}?ZZZNN8${ylw}==========================${pur}MI???????????????????M${ylw}=====================~~${txtrst}" | |
echo " ${ylw}=============${txtrst}NMZM${ylw}============================${pur}????????????????????O${ylw}=================~${txtrst}" | |
echo " ${ylw}===========~~${txtrst}MZZO${ylw}~==========================${pur}M????????????????????${ylw}============~,${txtrst}" | |
echo " ${ylw}=============${txtrst}OZZZN${ylw}=========================${pur}M????????????????????${ylw}~========,${txtrst}" | |
echo " ${ylw}~============~${txtrst}MZZM${ylw}~~======================${pur}8????????????????????${ylw}~=====${txtrst}" | |
echo " ${ylw}~============~${txtrst}MZZM${ylw}======================~${pur}?????????????????????${ylw}~~===${txtrst}" | |
echo "" | |
} | |
usage() { | |
cat <<EEOF | |
Usage: `basename $0` -f pwdump_file [-j jtr loc] [-o oclHashCat binary] [-a -1 -2 -3 -4 -5 -6] | |
-a DO ALL STEPS!!! | |
-1 Step 1: John The Ripper for 15 minutes making lm.pot | |
-2 Step 2: Run lm.pot results through JTR to crack NTLM | |
-3 Step 3: Generate lm-left and run Rainbowtables | |
-4 Step 4: Run rcrack.out results through JTR to crack NTLM | |
-5 Step 5: Run oclHashCat wordlists/rules for remaining NTLM | |
-6 Step 6: Run oclHashCat results through JTR to make ntlm.pot | |
-f PWDUMP filename to process | |
-j John The Ripper binary location | |
-o oclHashCat binary location | |
-w Wordlist file | |
-r Rainbowtable directory | |
The following static filenames are used: | |
lm.pot - LANMAN JTR POT file | |
ntlm.pot - NTLM JTR POT file | |
lm-left - LANMAN hashes left to crack | |
ntlm-left - NTLM hashes left to crack | |
ntlm.ocl - Cracked NTLM hashes from oclHashCat | |
lm.ocl - Cracked LANMAN hashes from oclHashCat | |
rcrack.out - Rainbowcrack output | |
EEOF | |
} | |
jtr_lm() { | |
echo " [*] Running John The Ripper for 20 minutes to crack LM hashes" | |
echo " [-] Defined wordlist first for 5 min then default run for 15 min" | |
echo " [-] You can press Ctrl-C at any time to stop it" | |
echo "" | |
sess=$(/bin/mktemp) | |
$john -fo:lm -max-run-time:300 -sess:$sess -nolog -pot:lm.pot -w:$wordlist $fname | |
$john -fo:lm -max-run-time:900 -sess:$sess -nolog -pot:lm.pot $fname | |
/bin/rm $sess | |
} | |
jtr_lm_to_ntlm() { | |
echo " [*] Running lm.pot results through JTR NTLM rules" | |
echo "" | |
sess=$(/bin/mktemp) | |
tmpf=$(/bin/mktemp) | |
$john -nolog -show -pot:lm.pot -fo:LM $fname | cut -d: -f2 | cut -d\$ -f3 > $tmpf | |
$john -sess:$sess -nolog -wordlist:$tmpf -rules:NT -pot:ntlm.pot -fo:NT $fname | |
/bin/rm $sess $tmpf | |
echo " [-] Generating lm-left and ntlm-left files" | |
$john -nolog -show:left -pot:lm.pot -fo:lm $fname | rev | cut -b -16 | rev | sort -u > lm-left | |
$john -nolog -show:left -pot:ntlm.pot -fo:nt $fname | rev | cut -b -32 | rev | sort -u > ntlm-left | |
} | |
rainbow_lm() { | |
echo " [*] Running Rainbowtables on lm-left" | |
/bin/cp $rtdir/charset.txt . | |
/usr/local/bin/rcracki_mt -l lm-left -o rcrack.out -k -t 5 $rtdir/*.rti2 | |
} | |
rainbow_to_jtr() { | |
echo " [*] Running rcrack.out through JTR to add to lm.pot" | |
cut -f2- -d: rcrack.out | $john -nolog -pot:lm.pot -fo:lm -stdin $fname | |
jtr_lm_to_ntlm | |
} | |
oclhashcat_wl_rules() { | |
echo " [*] Running oclHashCat with our big wordlist + some rules against NTLM" | |
ocldir=`dirname $ocl` | |
workdir=`pwd` | |
pushd $ocldir > /dev/null | |
for rule in best64.rule leetspeak.rule T0XlC.rule d3ad0ne.rule | |
do | |
echo " [-] Running $rule rule" | |
sudo $ocl --rules rules/$rule -m 1000 -o $workdir/ntlm.ocl $workdir/ntlm-left $wordlist | |
done | |
popd > /dev/null | |
} | |
ocl_to_jtr() { | |
echo " [*] Running ntlm.ocl through JTR" | |
$john -w:ntlm.ocl -nolog -pot:ntlm.pot -fo:nt -rules $fname | |
} | |
while getopts f:o:j:w:r:hva123456 z | |
do | |
case $z in | |
f) fname=$OPTARG;; | |
o) ocl=$OPTARG;; | |
j) john=$OPTARG;; | |
w) wordlist=$OPTARG;; | |
r) rtdir=$OPTARG;; | |
a) doall=1;; | |
1) step=1;; | |
2) step=2;; | |
3) step=3;; | |
4) step=4;; | |
5) step=5;; | |
6) step=6;; | |
v) echo " [*] Version: $version" | |
echo "" | |
exit $?;; | |
\?|h) usage | |
exit $?;; | |
esac | |
done | |
if [ -z $fname ]; then | |
usage | |
exit $? | |
fi | |
if [ -x $john ]; then | |
john=/opt/jtr/current/run/john | |
fi | |
if [ -d $ocl ]; then | |
ocl=/opt/hashcat/plus/current/oclHashcat-plus64.bin | |
fi | |
if [ -z $wordlist ]; then | |
wordlist=/opt/wordlists/ALL/all-unique.txt | |
fi | |
if [ -d $rtdir ]; then | |
rtdir=/opt/rainbow_tables/lm/ | |
fi | |
if [ $doall == 1 ]; then | |
banner_doall | |
jtr_lm | |
jtr_lm_to_ntlm | |
rainbow_lm | |
rainbow_to_jtr | |
oclhashcat_wl_rules | |
ocl_to_jtr | |
exit $? | |
fi | |
if [ $step == 1 ]; then | |
jtr_lm | |
exit $? | |
fi | |
if [ $step == 2 ]; then | |
jtr_lm_to_ntlm | |
exit $? | |
fi | |
if [ $step == 3 ]; then | |
rainbow_lm | |
exit $? | |
fi | |
if [ $step == 4 ]; then | |
rainbow_to_jtr | |
exit $? | |
fi | |
if [ $step == 5 ]; then | |
oclhashcat_wl_rules | |
exit $? | |
fi | |
if [ $step == 6 ]; then | |
ocl_to_jtr | |
exit $? | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment