Skip to content

Instantly share code, notes, and snippets.

@grutz
Created August 21, 2012 16:13
Show Gist options
  • Save grutz/3416932 to your computer and use it in GitHub Desktop.
Save grutz/3416932 to your computer and use it in GitHub Desktop.
Crack All LANMAN Hashes!
#!/bin/bash
# crack-all-lms-avenger
# (c) 2012 by Kurt Grutzmacher (grutz@jingojango.net)
# License: BSD 3-Clause - http://opensource.org/licenses/bsd-3-clause
#
# So you have a pwdump file and it has some LANMAN hashes, eh? Run this and I
# guarantee you'll crack a ton of them!
#
# Some paths are hardcoded. YMMV. No warranty express or implied. See your
# doctor before starting treatment. If effect lasts for more than 4 hours stop
# running so many things on your crackbox! WTF is KDE running?
version="1.0"
banner_doall() {
# All the Things ASCII Art v0.0.1
# by @briantford
# https://github.com/btford/allthethings
#
# Licensed under WTFPL http://sam.zoy.org/wtfpl/
#
pur=$(tput setaf 5) # Purple
ylw=$(tput setaf 3) # Yellow
txtrst=$(tput sgr0) # Text reset
echo " ___ ___ _ ___ _ __ _ _ _ _____ _ _ ___ "
echo " / __| _ \ /_\ / __| |/ / /_\ | | | | |_ _| || | __|"
echo "| (__| / / _ \ (__| ' < / _ \| |__| |__ | | | __ | _| "
echo " \___|_|_\/_/ \_\___|_|\_\ /_/ \_\____|____| |_| |_||_|___|"
echo ""
echo " _ _ _ ___ _ _ ___ ___ "
echo "| || | /_\ / __| || | __/ __|"
echo "| __ |/ _ \\__ \ __ | _|\__ \\"
echo "|_||_/_/ \_\___/_||_|___|___/"
echo ""
echo " ${ylw}~= ${txtrst}M?${ylw} ,=~${txtrst}"
echo " ${ylw}== ${txtrst}MD${ylw} ~=~=~${txtrst}"
echo " ${ylw}==== ${txtrst}+${ylw} :=~===${txtrst}"
echo " ${ylw}~====~ ~ ${txtrst}M${ylw} :~======${txtrst}"
echo " ${ylw}~=====~ ~ == ~== ${txtrst}M${ylw} ~========${txtrst}"
echo " ${ylw}~====~~~ ,== ~== ,==== ${txtrst}Z${ylw}~~=========${txtrst}"
echo " ${ylw}=======~=~ ~===, ===~ ===== ${txtrst}=${ylw}==========~${txtrst}"
echo " ${ylw},===========: ~===== :===~ ,======:===${txtrst}~${ylw}~=======~~${txtrst}"
echo " ${ylw}=~=========== ~====== ~==== ,~===========${txtrst}+${ylw}========~${txtrst}"
echo " ${ylw},~=============~=======~===~=~ ~==============${txtrst}M${ylw}=======~${txtrst}"
echo " ${ylw}=============~~======${txtrst}?MNDDM${ylw}~~==========~======${txtrst}M${ylw}~=====~${txtrst}"
echo " ${ylw}================${txtrst}M=,,,,,,,,,D${ylw}~======${txtrst}M N${ylw}=====${txtrst}N${ylw}=====~${txtrst}"
echo " ${ylw}==~ =================~${txtrst}N~,,,,,,,:M8MMMNM O M====${txtrst}~${ylw}=====${txtrst}"
echo " ${ylw},===~, ~=================~~${txtrst}MM~ M M====${txtrst}=${ylw}==== ${txtrst}"
echo " ${ylw}~===~= :=================~${txtrst}N OM M ===${txtrst}?${ylw}~=== ${txtrst}"
echo " ${ylw}~====~~ ==============${txtrst}M M ?M ~ 8Z ~:=${txtrst}N${ylw}~==:${txtrst}"
echo " M ${ylw}~======~=~ ============${txtrst}M O ?M +7MMMMMMMI 8=${txtrst}M${ylw}~==${txtrst}"
echo " NO:7: ${ylw}:======================${txtrst}7 M= MNMMMMMMMMMM +${txtrst}N${ylw}==${txtrst}"
echo "MMO:::::? ${ylw}=======================${txtrst}8M~M ~MMMMMMMMMMMMMM M+${ylw}~~ ,===~${txtrst}"
echo "M,::::::::N ${ylw}=======================${txtrst}N MMMMMMMMMMMMMMMM M~${ylw}= :=~~=~ ~=~~==~${txtrst}"
echo ":,:::::::::Z ${ylw}=====================${txtrst}7 MMMMMMMMMMMMMM M${ylw}===~=====~ ,=~~====${txtrst}"
echo "?:::::::::::M ${ylw}==========================${txtrst}M ~MMMMMMMMMMMM II${ylw}======== :~=======${txtrst}"
echo " ,::::::::::, ${ylw},========================~${txtrst}8 MMMMMMMMMMI M${pur}?M${ylw}====== =======~==${txtrst}"
echo " 8:::::::::::N ${ylw}===~====================+${txtrst}N MMMMMMMMMM I${pur}?I${ylw}===~= ~==========~${txtrst}"
echo " D::::::::: ${ylw}======================${txtrst}MM MMMMMMMMM , I${pur}???M${ylw}==~===========${txtrst}"
echo " N~==OMMZZ7 ${ylw}:================~+${txtrst}M${ylw}===${txtrst}M 8::~, =N M${pur}????D${ylw}============~${txtrst}"
echo " OZZM ${ylw}~===============~==${txtrst}M${ylw}~~=====${txtrst}M O${pur}??????${ylw}===========${txtrst}"
echo " ,MZZM=${ylw}~==================${txtrst}OO${ylw}=~========${txtrst}M~ DD${pur}???????M${ylw}========~${txtrst}"
echo " ~MZZZ?${ylw}===============${txtrst}MM${ylw}=~===========~${txtrst}7?NMMZZNNM7${pur}?I????????7${ylw}~======${txtrst}"
echo " ${ylw}~~~~, ${txtrst}:ZZZM${ylw}============${txtrst}N+${ylw}================${pur}N?????????????????????O${ylw}====~=~~~~~~===~~:,${txtrst}"
echo " ${ylw}=========~,${txtrst}MOZM${ylw}~=======${txtrst}NN${ylw}====================${pur}M????????????????????N${ylw}==========================,${txtrst}"
echo " ${ylw}===========${txtrst}MZZO${ylw}=~===${txtrst}M${ylw}~=~====================~${pur}?????????????????????~${ylw}========================~=~${txtrst}"
echo " ${ylw}~~=========${txtrst}?ZZZNN8${ylw}==========================${pur}MI???????????????????M${ylw}=====================~~${txtrst}"
echo " ${ylw}=============${txtrst}NMZM${ylw}============================${pur}????????????????????O${ylw}=================~${txtrst}"
echo " ${ylw}===========~~${txtrst}MZZO${ylw}~==========================${pur}M????????????????????${ylw}============~,${txtrst}"
echo " ${ylw}=============${txtrst}OZZZN${ylw}=========================${pur}M????????????????????${ylw}~========,${txtrst}"
echo " ${ylw}~============~${txtrst}MZZM${ylw}~~======================${pur}8????????????????????${ylw}~=====${txtrst}"
echo " ${ylw}~============~${txtrst}MZZM${ylw}======================~${pur}?????????????????????${ylw}~~===${txtrst}"
echo ""
}
usage() {
cat <<EEOF
Usage: `basename $0` -f pwdump_file [-j jtr loc] [-o oclHashCat binary] [-a -1 -2 -3 -4 -5 -6]
-a DO ALL STEPS!!!
-1 Step 1: John The Ripper for 15 minutes making lm.pot
-2 Step 2: Run lm.pot results through JTR to crack NTLM
-3 Step 3: Generate lm-left and run Rainbowtables
-4 Step 4: Run rcrack.out results through JTR to crack NTLM
-5 Step 5: Run oclHashCat wordlists/rules for remaining NTLM
-6 Step 6: Run oclHashCat results through JTR to make ntlm.pot
-f PWDUMP filename to process
-j John The Ripper binary location
-o oclHashCat binary location
-w Wordlist file
-r Rainbowtable directory
The following static filenames are used:
lm.pot - LANMAN JTR POT file
ntlm.pot - NTLM JTR POT file
lm-left - LANMAN hashes left to crack
ntlm-left - NTLM hashes left to crack
ntlm.ocl - Cracked NTLM hashes from oclHashCat
lm.ocl - Cracked LANMAN hashes from oclHashCat
rcrack.out - Rainbowcrack output
EEOF
}
jtr_lm() {
echo " [*] Running John The Ripper for 20 minutes to crack LM hashes"
echo " [-] Defined wordlist first for 5 min then default run for 15 min"
echo " [-] You can press Ctrl-C at any time to stop it"
echo ""
sess=$(/bin/mktemp)
$john -fo:lm -max-run-time:300 -sess:$sess -nolog -pot:lm.pot -w:$wordlist $fname
$john -fo:lm -max-run-time:900 -sess:$sess -nolog -pot:lm.pot $fname
/bin/rm $sess
}
jtr_lm_to_ntlm() {
echo " [*] Running lm.pot results through JTR NTLM rules"
echo ""
sess=$(/bin/mktemp)
tmpf=$(/bin/mktemp)
$john -nolog -show -pot:lm.pot -fo:LM $fname | cut -d: -f2 | cut -d\$ -f3 > $tmpf
$john -sess:$sess -nolog -wordlist:$tmpf -rules:NT -pot:ntlm.pot -fo:NT $fname
/bin/rm $sess $tmpf
echo " [-] Generating lm-left and ntlm-left files"
$john -nolog -show:left -pot:lm.pot -fo:lm $fname | rev | cut -b -16 | rev | sort -u > lm-left
$john -nolog -show:left -pot:ntlm.pot -fo:nt $fname | rev | cut -b -32 | rev | sort -u > ntlm-left
}
rainbow_lm() {
echo " [*] Running Rainbowtables on lm-left"
/bin/cp $rtdir/charset.txt .
/usr/local/bin/rcracki_mt -l lm-left -o rcrack.out -k -t 5 $rtdir/*.rti2
}
rainbow_to_jtr() {
echo " [*] Running rcrack.out through JTR to add to lm.pot"
cut -f2- -d: rcrack.out | $john -nolog -pot:lm.pot -fo:lm -stdin $fname
jtr_lm_to_ntlm
}
oclhashcat_wl_rules() {
echo " [*] Running oclHashCat with our big wordlist + some rules against NTLM"
ocldir=`dirname $ocl`
workdir=`pwd`
pushd $ocldir > /dev/null
for rule in best64.rule leetspeak.rule T0XlC.rule d3ad0ne.rule
do
echo " [-] Running $rule rule"
sudo $ocl --rules rules/$rule -m 1000 -o $workdir/ntlm.ocl $workdir/ntlm-left $wordlist
done
popd > /dev/null
}
ocl_to_jtr() {
echo " [*] Running ntlm.ocl through JTR"
$john -w:ntlm.ocl -nolog -pot:ntlm.pot -fo:nt -rules $fname
}
while getopts f:o:j:w:r:hva123456 z
do
case $z in
f) fname=$OPTARG;;
o) ocl=$OPTARG;;
j) john=$OPTARG;;
w) wordlist=$OPTARG;;
r) rtdir=$OPTARG;;
a) doall=1;;
1) step=1;;
2) step=2;;
3) step=3;;
4) step=4;;
5) step=5;;
6) step=6;;
v) echo " [*] Version: $version"
echo ""
exit $?;;
\?|h) usage
exit $?;;
esac
done
if [ -z $fname ]; then
usage
exit $?
fi
if [ -x $john ]; then
john=/opt/jtr/current/run/john
fi
if [ -d $ocl ]; then
ocl=/opt/hashcat/plus/current/oclHashcat-plus64.bin
fi
if [ -z $wordlist ]; then
wordlist=/opt/wordlists/ALL/all-unique.txt
fi
if [ -d $rtdir ]; then
rtdir=/opt/rainbow_tables/lm/
fi
if [ $doall == 1 ]; then
banner_doall
jtr_lm
jtr_lm_to_ntlm
rainbow_lm
rainbow_to_jtr
oclhashcat_wl_rules
ocl_to_jtr
exit $?
fi
if [ $step == 1 ]; then
jtr_lm
exit $?
fi
if [ $step == 2 ]; then
jtr_lm_to_ntlm
exit $?
fi
if [ $step == 3 ]; then
rainbow_lm
exit $?
fi
if [ $step == 4 ]; then
rainbow_to_jtr
exit $?
fi
if [ $step == 5 ]; then
oclhashcat_wl_rules
exit $?
fi
if [ $step == 6 ]; then
ocl_to_jtr
exit $?
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment