Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Solución automática de crackmes
""" http://rmolina.co/2015/10/solucion-automatica-de-crackmes.html """
import sys
import pexpect
import re
import string
import collections
PIN = './pin-2.14-71313-gcc.4.4.7-linux/pin'
INSCOUNT0 = './test/pin-2.14-71313-gcc.4.4.7-linux/source/tools/ManualExamples/obj-ia32/inscount0.so'
def inscount_out():
while True:
with open('inscount.out', 'r') as f:
count = re.findall('Count (.*)', f.read())
if len(count):
return count.pop()
def send_password(crackme_name, username_prompt, username, password_prompt, password, padding_size, badboy_message, after_password):
cmd = '{0} -t {1} -- {2}'.format(PIN, INSCOUNT0, crackme_name)
child = pexpect.spawn(cmd)
if username_prompt is not None:
child.expect(username_prompt)
child.sendline(username)
child.expect(password_prompt)
child.sendline(password + padding_size * '0')
if after_password:
child.sendline(after_password)
child.expect(pexpect.EOF)
if badboy_message is not None:
return badboy_message not in child.before, inscount_out()
return False, inscount_out()
def next_char(crackme_name, username_prompt, username, password_prompt, known, padding_size, badboy_message, charset, after_password):
d = dict()
for char in charset:
completed, inscount = send_password(crackme_name, username_prompt, username, password_prompt, known + char, padding_size, badboy_message, after_password)
#if completed:
# return completed, char
d[char] = inscount
sys.stdout.write('\r{0}: {1} \b\b\b'.format(repr(known + char + padding_size * '0'), d[char]))
sys.stdout.flush()
n = collections.Counter(d.values())
inscount_most_common, count_most_common = n.most_common()[0]
inscount_least_common, count_least_common = n.most_common()[-1]
if inscount_least_common > inscount_most_common:
return completed, [char for char in d.keys() if d[char] == inscount_least_common].pop()
return completed, ''
def main(crackme_name, username_prompt, username, password_prompt, badboy_message, charset=string.printable, padding_size=0, after_password=False):
known = ''
while True:
completed, char = next_char(crackme_name, username_prompt, username, password_prompt, known, padding_size, badboy_message, charset, after_password)
if char == '':
padding_size += 1
else:
known += char
if padding_size != 0:
padding_size -= 1
if completed:
break
print '\n%s %s' %(password_prompt, known)
# DEMO
main('./crack', 'User ID', '123', 'Lice%', 'Oops!') # http://crackmes.de/users/drspliff/drscm3/
main('./BeatMe', 'USERNAME :', 'rmolina', 'PASSWORD :', 'NOPE , YOU LOSE') # http://crackmes.de/users/rezk2ll/beatme/
main('./linux/toadkey32', 'Username:', 'rmolina', 'Password:', 'Access Denied.') # http://crackmes.de/users/jockcranley/t0ad_k3yg3n/
main('./crackme_01/crackme', None, None, 'Enter Password:', '-[ Ohhhh, your skills are bad try again later ]-') # http://crackmes.de/users/cyrex/linux_crackme/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment