rmolina/autocrack.py

## autocrack.py
""" http://rmolina.co/2015/10/solucion-automatica-de-crackmes.html """

import sys
import pexpect
import re
import string
import collections


PIN = './pin-2.14-71313-gcc.4.4.7-linux/pin'
INSCOUNT0 = './test/pin-2.14-71313-gcc.4.4.7-linux/source/tools/ManualExamples/obj-ia32/inscount0.so'


def inscount_out():
    while True:
        with open('inscount.out', 'r') as f:
            count = re.findall('Count (.*)', f.read())
        if len(count):
            return count.pop()


def send_password(crackme_name, username_prompt, username, password_prompt, password, padding_size, badboy_message, after_password):
    cmd = '{0} -t {1} -- {2}'.format(PIN, INSCOUNT0, crackme_name)
    child = pexpect.spawn(cmd)
    if username_prompt is not None:
        child.expect(username_prompt)
        child.sendline(username)
    child.expect(password_prompt)
    child.sendline(password + padding_size * '0')
    if after_password:
        child.sendline(after_password)
    child.expect(pexpect.EOF)
    if badboy_message is not None:
        return badboy_message not in child.before, inscount_out()
    return False, inscount_out()


def next_char(crackme_name, username_prompt, username, password_prompt, known, padding_size, badboy_message, charset, after_password):
    d = dict()
    for char in charset:
        completed, inscount = send_password(crackme_name, username_prompt, username, password_prompt, known + char, padding_size, badboy_message, after_password)
        #if completed:
        #    return completed, char
        d[char] = inscount
        sys.stdout.write('\r{0}: {1}   \b\b\b'.format(repr(known + char + padding_size * '0'), d[char]))
        sys.stdout.flush()
        n = collections.Counter(d.values())
        inscount_most_common, count_most_common = n.most_common()[0]
        inscount_least_common, count_least_common = n.most_common()[-1]
        if inscount_least_common > inscount_most_common:
            return completed, [char for char in d.keys() if d[char] == inscount_least_common].pop()
    return completed, ''


def main(crackme_name, username_prompt, username, password_prompt, badboy_message, charset=string.printable, padding_size=0, after_password=False):
    known = ''
    while True:
        completed, char = next_char(crackme_name, username_prompt, username, password_prompt, known, padding_size, badboy_message, charset, after_password)
        if char == '':
            padding_size += 1
        else:
            known += char
            if padding_size != 0:
                padding_size -= 1
        if completed:
            break
    print '\n%s %s' %(password_prompt, known)


#  DEMO
main('./crack', 'User ID', '123', 'Lice%', 'Oops!')  # http://crackmes.de/users/drspliff/drscm3/
main('./BeatMe', 'USERNAME :', 'rmolina', 'PASSWORD :', 'NOPE , YOU LOSE')  # http://crackmes.de/users/rezk2ll/beatme/
main('./linux/toadkey32', 'Username:', 'rmolina', 'Password:', 'Access Denied.')  # http://crackmes.de/users/jockcranley/t0ad_k3yg3n/
main('./crackme_01/crackme', None, None, 'Enter Password:', '-[ Ohhhh, your skills are bad try again later ]-')  # http://crackmes.de/users/cyrex/linux_crackme/
	""" http://rmolina.co/2015/10/solucion-automatica-de-crackmes.html """

	import sys
	import pexpect
	import re
	import string
	import collections


	PIN = './pin-2.14-71313-gcc.4.4.7-linux/pin'
	INSCOUNT0 = './test/pin-2.14-71313-gcc.4.4.7-linux/source/tools/ManualExamples/obj-ia32/inscount0.so'


	def inscount_out():
	while True:
	with open('inscount.out', 'r') as f:
	count = re.findall('Count (.*)', f.read())
	if len(count):
	return count.pop()


	def send_password(crackme_name, username_prompt, username, password_prompt, password, padding_size, badboy_message, after_password):
	cmd = '{0} -t {1} -- {2}'.format(PIN, INSCOUNT0, crackme_name)
	child = pexpect.spawn(cmd)
	if username_prompt is not None:
	child.expect(username_prompt)
	child.sendline(username)
	child.expect(password_prompt)
	child.sendline(password + padding_size * '0')
	if after_password:
	child.sendline(after_password)
	child.expect(pexpect.EOF)
	if badboy_message is not None:
	return badboy_message not in child.before, inscount_out()
	return False, inscount_out()


	def next_char(crackme_name, username_prompt, username, password_prompt, known, padding_size, badboy_message, charset, after_password):
	d = dict()
	for char in charset:
	completed, inscount = send_password(crackme_name, username_prompt, username, password_prompt, known + char, padding_size, badboy_message, after_password)
	#if completed:
	# return completed, char
	d[char] = inscount
	sys.stdout.write('\r{0}: {1} \b\b\b'.format(repr(known + char + padding_size * '0'), d[char]))
	sys.stdout.flush()
	n = collections.Counter(d.values())
	inscount_most_common, count_most_common = n.most_common()[0]
	inscount_least_common, count_least_common = n.most_common()[-1]
	if inscount_least_common > inscount_most_common:
	return completed, [char for char in d.keys() if d[char] == inscount_least_common].pop()
	return completed, ''


	def main(crackme_name, username_prompt, username, password_prompt, badboy_message, charset=string.printable, padding_size=0, after_password=False):
	known = ''
	while True:
	completed, char = next_char(crackme_name, username_prompt, username, password_prompt, known, padding_size, badboy_message, charset, after_password)
	if char == '':
	padding_size += 1
	else:
	known += char
	if padding_size != 0:
	padding_size -= 1
	if completed:
	break
	print '\n%s %s' %(password_prompt, known)


	# DEMO
	main('./crack', 'User ID', '123', 'Lice%', 'Oops!') # http://crackmes.de/users/drspliff/drscm3/
	main('./BeatMe', 'USERNAME :', 'rmolina', 'PASSWORD :', 'NOPE , YOU LOSE') # http://crackmes.de/users/rezk2ll/beatme/
	main('./linux/toadkey32', 'Username:', 'rmolina', 'Password:', 'Access Denied.') # http://crackmes.de/users/jockcranley/t0ad_k3yg3n/
	main('./crackme_01/crackme', None, None, 'Enter Password:', '-[ Ohhhh, your skills are bad try again later ]-') # http://crackmes.de/users/cyrex/linux_crackme/