Created
November 1, 2015 09:53
-
-
Save rohityadavcloud/045b13474e2eaad7a914 to your computer and use it in GitHub Desktop.
CloudStack Encryption key retriever
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.util.*; | |
import java.util.logging.*; | |
import java.io.*; | |
import java.lang.Math.*; | |
import java.nio.charset.*; | |
import java.util.concurrent.LinkedBlockingQueue; | |
import java.util.concurrent.BlockingQueue; | |
import com.google.common.base.CharMatcher; | |
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; | |
public class Crack2 { | |
private static final Logger logger = Logger.getLogger(Crack2.class.getName()); | |
public static class Consumer implements Runnable { | |
protected BlockingQueue queue = null; | |
protected BlockingQueue result = null; | |
protected String input = null; | |
public Consumer(BlockingQueue queue, BlockingQueue result, String input) { | |
this.queue = queue; | |
this.result = result; | |
this.input = input; | |
} | |
public boolean isValid(String s) { | |
//return CharMatcher.ASCII.matchesAllOf(s); | |
//return s.matches("^\\p{ASCII}*$"); | |
//return s.matches("^[a-zA-Z0-9]*"); | |
return s.matches("^[a-zA-Z0-9][a-zA-Z0-9@#+=._-]{2,31}$"); | |
} | |
public void run() { | |
while (true) { | |
try { | |
String password = (String) queue.take(); | |
StandardPBEStringEncryptor decryptor = new StandardPBEStringEncryptor(); | |
decryptor.setPassword(password); | |
try { | |
String decryptedText = decryptor.decrypt(this.input); | |
String dT2 = decryptor.decrypt("putHereStringfrom-vpn_users.password"); | |
logger.info("Trying password: " + password); | |
if (isValid(decryptedText) && isValid(dT2)) { | |
logger.info("Decrypted text: " + decryptedText + " Password FOUND: " + password); | |
this.result.put(password); | |
} | |
} catch (Exception ignore) {} | |
} catch (InterruptedException e) { | |
e.printStackTrace(); | |
} | |
} | |
} | |
} | |
public static void main(String[] args) { | |
// Setup logger | |
logger.setLevel(Level.INFO); | |
logger.setUseParentHandlers(false); | |
FileHandler fh; | |
try { | |
// This block configure the logger with handler and formatter | |
fh = new FileHandler("cracker2.log"); | |
logger.addHandler(fh); | |
SimpleFormatter formatter = new SimpleFormatter(); | |
fh.setFormatter(formatter); | |
} catch (SecurityException e) { | |
e.printStackTrace(); | |
} catch (IOException e) { | |
e.printStackTrace(); | |
} | |
String fileName = "passwords.txt"; | |
if (args.length > 0) { | |
fileName = args[0]; | |
} | |
System.out.println("Using dictionary: " + fileName); | |
final String input = "putHere some String"; | |
//final String input = "K+QEjaCZwk+Dk9qShwpaCg=="; // test input, cloud:password | |
LinkedBlockingQueue queue = new LinkedBlockingQueue(1024); | |
LinkedBlockingQueue result = new LinkedBlockingQueue(16); | |
for (int i = 0; i < 64; i++) { | |
Consumer consumer = new Consumer(queue, result, input); | |
Thread consumerThread = new Thread(consumer); | |
consumerThread.start(); | |
} | |
long counter = 0L; | |
try (BufferedReader br = new BufferedReader(new FileReader(fileName))) { | |
String line; | |
while ((line = br.readLine()) != null) { | |
if (!line.isEmpty()) { | |
queue.put(line); | |
} | |
counter++; | |
if (counter % 10000 == 0) | |
System.out.printf("\r%d", counter); | |
} | |
} catch (Exception e) { | |
System.out.println("File read exception: " + e.getMessage()); | |
} | |
while (!queue.isEmpty()) {} | |
System.out.println("\nEND"); | |
System.exit(0); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.util.*; | |
import java.util.logging.*; | |
import java.io.*; | |
import java.lang.Math.*; | |
import java.nio.charset.*; | |
import java.util.concurrent.LinkedBlockingQueue; | |
import java.util.concurrent.BlockingQueue; | |
import com.google.common.base.CharMatcher; | |
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; | |
public class Crack3 { | |
private static final Logger logger = Logger.getLogger(Crack3.class.getName()); | |
public static class WordGenerator { | |
private int wordNumber; | |
private final int wordlength; | |
private final char[] alphabet; | |
private final long maxWords; | |
private final int radix; | |
public WordGenerator(char[] alphabet, int wordlength) { | |
this.wordlength = wordlength; | |
this.alphabet = alphabet; | |
this.maxWords = (long) Math.pow(alphabet.length, wordlength); | |
this.radix = alphabet.length; | |
} | |
public synchronized String generateNext() { | |
if (hasNext()) { | |
int[] indices = convertToRadix(wordNumber); | |
char[] word = new char[wordlength]; | |
for (int k = 0; k < wordlength; k++) { | |
word[k] = alphabet[indices[k]]; | |
} | |
wordNumber++; | |
return new String(word); | |
} | |
return null; | |
} | |
public boolean hasNext() { | |
return (wordNumber < maxWords); | |
} | |
private int[] convertToRadix(long number) { | |
int[] indices = new int[wordlength]; | |
for (int i = wordlength - 1; i >= 0; i--) { | |
if (number > 0) { | |
int rest = (int) (number % radix); | |
number /= radix; | |
indices[i] = rest; | |
} else { | |
indices[i] = 0; | |
} | |
} | |
return indices; | |
} | |
} | |
public static class Consumer implements Runnable { | |
protected BlockingQueue queue = null; | |
protected BlockingQueue result = null; | |
protected String input = null; | |
public Consumer(BlockingQueue queue, BlockingQueue result, String input) { | |
this.queue = queue; | |
this.result = result; | |
this.input = input; | |
} | |
public boolean isValid(String s) { | |
//return CharMatcher.ASCII.matchesAllOf(s); | |
//return s.matches("^\\p{ASCII}*$"); | |
//return s.matches("^[a-zA-Z0-9]*"); | |
return s.matches("^[a-zA-Z0-9][a-zA-Z0-9@#+=._-]{2,31}$"); | |
} | |
public void run() { | |
while (true) { | |
try { | |
String password = (String) queue.take(); | |
StandardPBEStringEncryptor decryptor = new StandardPBEStringEncryptor(); | |
decryptor.setPassword(password); | |
try { | |
String decryptedText = decryptor.decrypt(this.input); | |
String dT2 = decryptor.decrypt("GlOdpB759l9P3uI6SmrlOVKtdUMS3An5VWu0qf6SpY8="); // id 30 | |
if (isValid(decryptedText) && isValid(dT2)) { | |
logger.info("Decrypted text: " + decryptedText + " Password FOUND: " + password); | |
this.result.put(password); | |
} | |
} catch (Exception ignore) {} | |
} catch (InterruptedException e) { | |
e.printStackTrace(); | |
} | |
} | |
} | |
} | |
public static char[] initAllowedCharacters(int start, int end) { | |
char[] allowedCharacters = new char[end - start + 1]; | |
for (int i = start; i <= end; i++) { | |
allowedCharacters[i - start] = (char) i; | |
} | |
return allowedCharacters; | |
} | |
public static void main(String[] args) { | |
// Setup logger | |
logger.setLevel(Level.INFO); | |
logger.setUseParentHandlers(false); | |
FileHandler fh; | |
try { | |
// This block configure the logger with handler and formatter | |
fh = new FileHandler("cracker3.log"); | |
logger.addHandler(fh); | |
SimpleFormatter formatter = new SimpleFormatter(); | |
fh.setFormatter(formatter); | |
logger.info("Cracker :)"); | |
} catch (SecurityException e) { | |
e.printStackTrace(); | |
} catch (IOException e) { | |
e.printStackTrace(); | |
} | |
final String input = "put some String here"; | |
//final String input = "K+QEjaCZwk+Dk9qShwpaCg=="; // test input, cloud:password | |
LinkedBlockingQueue queue = new LinkedBlockingQueue(1024); | |
LinkedBlockingQueue result = new LinkedBlockingQueue(16); | |
for (int i = 0; i < 32; i++) { | |
Consumer consumer = new Consumer(queue, result, input); | |
Thread consumerThread = new Thread(consumer); | |
consumerThread.start(); | |
} | |
long counter = 0L; | |
char[] alphabet = initAllowedCharacters(' ', '~'); | |
logger.info("Allowed characters: " + String.valueOf(alphabet)); | |
for (int wordlength=5; wordlength < 32; wordlength++) { | |
logger.info("Trying with words of length=" + Integer.toString(wordlength)); | |
WordGenerator gen = new WordGenerator(alphabet, wordlength); | |
while(gen.hasNext()) { | |
try { | |
queue.put(gen.generateNext()); | |
} catch (Exception e) { | |
logger.info("ERROR: Queue put exception: " + e.getMessage()); | |
} | |
counter++; | |
if (counter % 10000 == 0) System.out.printf("\r%d", counter); | |
} | |
} | |
while (!queue.isEmpty()) {} | |
System.out.println("\nFound passwords:"); | |
while (result.isEmpty()) { | |
try { | |
System.out.println((String) result.take()); | |
} catch (Exception e) {} | |
} | |
System.exit(0); | |
} | |
} |
List of known passwords can be grabbed from here: https://github.com/danielmiessler/SecLists/tree/master/Passwords
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Crack2 expect list of known passwords, Crack3 is n! based and can take several years; either way just backup your encryption key somewhere and watch out for those rogue employees :)