joswr1ght/lm2ntcrack.py

## lm2ntcrack.py
#!/usr/bin/env python3
# Most of this code is from @clr2of8's Domain Password Audit Tool:
# https://github.com/clr2of8/DPAT
import hashlib
import os
import sys
import textwrap


def wrap(body):
    '''
    Display body text wrapped for the current terminal size with natural breaks
    on words.
    '''
    maxwidth = os.get_terminal_size()[0] - 1
    wrapper = textwrap.TextWrapper(width=maxwidth, break_long_words=False,
                                   replace_whitespace=False,
                                   break_on_hyphens=False)

    wraptext = []
    for line in body.split('\n'):
        wraptext.append('\n'.join(wrapper.wrap(line)))

    return '\n'.join(wraptext)


# Taken from DPAT:
# https://github.com/clr2of8/DPAT/blob/master/dpat.py#LL142C1-L163C20
def all_casings(input_string):
    if not input_string:
        yield ""
    else:
        first = input_string[:1]
        if first.lower() == first.upper():
            for sub_casing in all_casings(input_string[1:]):
                yield first + sub_casing
        else:
            for sub_casing in all_casings(input_string[1:]):
                yield first.lower() + sub_casing
                yield first.upper() + sub_casing


def crack_it(nt_hash, lm_pass):
    password = None
    for pwd_guess in all_casings(lm_pass):
        hash = hashlib.new('md4', pwd_guess.encode('utf-16le')).hexdigest()
        if nt_hash.lower() == hash.lower():
            password = pwd_guess
            break
    return password


if (len(sys.argv) != 3):
    sys.stderr.write(wrap('lm2ntcrack.py: Using a NT hash and a cracked LANMAN password, brute-force '
                          'all possible capitalization permutations to find the correct NT hash password.\n\n'
                          ))
    sys.stderr.write(wrap(f'Usage: {os.path.basename(sys.argv[0])} <NT hash> <cracked LANMAN password>\n\n'
                          f'e.x. {os.path.basename(sys.argv[0])} A395D93A5A7886E6FD9F91538DFC0D25 DROWSSAP\n\n'
                          ))
else:
    print(crack_it(sys.argv[1], sys.argv[2]))
	#!/usr/bin/env python3
	# Most of this code is from @clr2of8's Domain Password Audit Tool:
	# https://github.com/clr2of8/DPAT
	import hashlib
	import os
	import sys
	import textwrap


	def wrap(body):
	'''
	Display body text wrapped for the current terminal size with natural breaks
	on words.
	'''
	maxwidth = os.get_terminal_size()[0] - 1
	wrapper = textwrap.TextWrapper(width=maxwidth, break_long_words=False,
	replace_whitespace=False,
	break_on_hyphens=False)

	wraptext = []
	for line in body.split('\n'):
	wraptext.append('\n'.join(wrapper.wrap(line)))

	return '\n'.join(wraptext)


	# Taken from DPAT:
	# https://github.com/clr2of8/DPAT/blob/master/dpat.py#LL142C1-L163C20
	def all_casings(input_string):
	if not input_string:
	yield ""
	else:
	first = input_string[:1]
	if first.lower() == first.upper():
	for sub_casing in all_casings(input_string[1:]):
	yield first + sub_casing
	else:
	for sub_casing in all_casings(input_string[1:]):
	yield first.lower() + sub_casing
	yield first.upper() + sub_casing


	def crack_it(nt_hash, lm_pass):
	password = None
	for pwd_guess in all_casings(lm_pass):
	hash = hashlib.new('md4', pwd_guess.encode('utf-16le')).hexdigest()
	if nt_hash.lower() == hash.lower():
	password = pwd_guess
	break
	return password


	if (len(sys.argv) != 3):
	sys.stderr.write(wrap('lm2ntcrack.py: Using a NT hash and a cracked LANMAN password, brute-force '
	'all possible capitalization permutations to find the correct NT hash password.\n\n'
	))
	sys.stderr.write(wrap(f'Usage: {os.path.basename(sys.argv[0])} <NT hash> <cracked LANMAN password>\n\n'
	f'e.x. {os.path.basename(sys.argv[0])} A395D93A5A7886E6FD9F91538DFC0D25 DROWSSAP\n\n'
	))
	else:
	print(crack_it(sys.argv[1], sys.argv[2]))