Merge pull request #3 from tomasvanagas/patch-1

Update match-creds.py
Update README.md
2025-04-08 17:15:34 +02:00 · 2018-05-23 16:39:15 -05:00 · 2018-01-15 20:00:34 -06:00 · 2018-01-15 19:59:54 -06:00 · 2018-01-15 17:04:47 -02:00 · 2017-11-07 14:09:28 +02:00
6 changed files with 74 additions and 37 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 dicts/rockyou.txt
+hashcat-src
+hashcat.pot
--- a/21
+++ b/21
@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Brannon Dorsey <brannon@brannondorsey.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/README.md
+++ b/README.md
@ -10,8 +10,11 @@ __DISCLAIMER: This software is for educational purposes only. This software shou
 git clone https://github.com/brannondorsey/naive-hashcat
 cd naive-hashcat

+# if you are on MacOS/OSX, run this. If on linux or windows, skip...
+./build-hashcat-osx.sh
+
 # download the 134MB rockyou dictionary file
-curl -o dicts/rockyou.txt 
+curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

 # cracks md5 hashes in hashcat-3.6.0/example0.hash by default
 ./naive-hashcat.sh
@ -54,7 +57,7 @@ To crack your hashes, pass this file as `HASH_FILE=hashes.txt` to the command be
 `naive-hashcat.sh` takes, at most, three parameters. All parameters are expressed using unix environment variables. The command below shows the default values set for each of the configurable environment variables that `naive-hashcat.sh` uses:

 ```bash
-HASH_FILE=hashcat-3.6.0/examples0.hash POT_FILE=hashcat.pot HASH_MODE=0 ./naive-hashcat.sh
+HASH_FILE=hashcat-3.6.0/examples0.hash POT_FILE=hashcat.pot HASH_TYPE=0 ./naive-hashcat.sh
 ```

 - `HASH_FILE` is a text file with one hash per line. These are the password hashes to be cracked.
@ -339,4 +342,4 @@ Below is a list of hash-type codes supported by hashcat. If you don't know the t
  15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256              | Password Managers
  15700 | Ethereum Wallet, SCRYPT                          | Password Managers
  99999 | Plaintext                                        | Plaintext
-``` 
+``` 
--- a/build-hashcat-osx.sh
+++ b/build-hashcat-osx.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+
+# clone the hashcat source
+git clone https://github.com/hashcat/hashcat.git hashcat-src
+
+# clone the OpenCL headers
+mkdir -p hashcat-src/deps
+git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat-src/deps/OpenCL
+
+# build
+cd hashcat-src
+make
--- a/match-creds.py
+++ b/match-creds.py
@ -22,12 +22,12 @@ if __name__ == '__main__':
    args = parse_args()
    with open(args.accounts, 'r') as f:
        hash_to_username = { hsh: username for username, hsh in \
-                         [l.split(args.delimiter) for l in f.read().split('\n') \
-                          if len(l.split(args.delimiter)) > 1] }
+                         [l.split(args.delimiter,1) for l in f.read().split('\n') \
+                          if len(l.split(args.delimiter,1)) > 1] }
    # print(hash_to_username)
    with open(args.potfile, 'r') as f:
-        hash_to_pw = { hsh: pw for hsh, pw in [l.split(':') for l in f.read().split('\n') \
-                                               if len(l.split(':')) > 1]}
+        hash_to_pw = { hsh: pw for hsh, pw in [l.split(':',1) for l in f.read().split('\n') \
+                                               if len(l.split(':',1)) > 1]}

    for hsh, username in hash_to_username.items():
        if hsh in hash_to_pw:
--- a/naive-hashcat.sh
+++ b/naive-hashcat.sh
@ -5,54 +5,53 @@ POT_FILE="${POT_FILE:-hashcat.pot}"
 HASH_TYPE="${HASH_TYPE:-0}"
 # WEIGHT="${WEIGHT:-"medium"}" # light, medium, heavy

-if [ $(uname -m) == 'x86_64' ]; then
-	HASHCAT="./hashcat-3.6.0/hashcat64.bin"
-else
-	HASHCAT="./hashcat-3.6.0/hashcat32.bin"
+# check OSX
+if [ "$(uname)" == 'Darwin' ] ; then
+	if [ -f hashcat-src/hashcat ] ; then
+		HASHCAT="./hashcat-src/hashcat"
+	else
+		echo "You are running naive-hashcat on a MacOS/OSX machine but have not yet built the hashcat binary."
+		echo "Please run ./build-hashcat-osx.sh and try again."
+		exit 1
+	fi
+# check Linux
+elif [ "$(uname)" == 'Linux' ] ; then
+	if [ $(uname -m) == 'x86_64' ]; then
+		HASHCAT="./hashcat-3.6.0/hashcat64.bin"
+	else
+		HASHCAT="./hashcat-3.6.0/hashcat32.bin"
+	fi
+# check Windows
+elif [ "$(uname)" == 'MINGW64_NT-10.0' ] ; then
+	if [ $(uname -m) == 'x86_64' ]; then
+		HASHCAT="./hashcat-3.6.0/hashcat64.exe"
+	else
+		HASHCAT="./hashcat-3.6.0/hashcat32.exe"
+	fi
 fi

 # LIGHT
 # DICTIONARY ATTACK-----------------------------------------------------------------------
 # begin with a _very_ simple and naive dictionary attack. This is blazing fast and 
 # I've seen it crack ~20% of hashes
-"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt --potfile-path "$POT_FILE" --opencl-devices 2 
+"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt --potfile-path "$POT_FILE"

 # DICTIONARY ATTACK WITH RULES------------------------------------------------------------
 # now lets move on to a rule based attack, d3ad0ne.rule is a great one to start with
-"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/d3ad0ne.rule --potfile-path "$POT_FILE" --opencl-devices 2
+"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/d3ad0ne.rule --potfile-path "$POT_FILE"

 # rockyou is pretty good, and not too slow
-"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/rockyou-30000.rule --potfile-path "$POT_FILE" --opencl-devices 2
+"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/rockyou-30000.rule --potfile-path "$POT_FILE"


 # MEDIUM
 # dive is a great rule file, but it takes a bit longer to run, so we will run it after d3ad0ne and rockyou
-"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/dive.rule --potfile-path "$POT_FILE" --opencl-devices 2
+"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/dive.rule --potfile-path "$POT_FILE"

 # HEAVY
 # MASK ATTACK (BRUTE-FORCE)---------------------------------------------------------------
-"$HASHCAT" -m "$HASH_TYPE" -a 3 "$HASH_FILE" hashcat-3.6.0/masks/rockyou-1-60.hcmask --potfile-path "$POT_FILE" --opencl-devices 2
+"$HASHCAT" -m "$HASH_TYPE" -a 3 "$HASH_FILE" hashcat-3.6.0/masks/rockyou-1-60.hcmask --potfile-path "$POT_FILE"

 # COMBINATION ATTACK---------------------------------------------------------------------- 
 # this one can take 12+ hours, don't use it by default
-# "$HASHCAT" -m "$HASH_TYPE" -a 1 "$HASH_FILE" dicts/rockyou.txt dicts/rockyou.txt --potfile-path "POT_FILE" --opencl-devices 2 
-
-# Session..........: hashcat
-# Status...........: Exhausted
-# Hash.Type........: MD5
-# Hash.Target......: hashcat-3.6.0/example0.hash
-# Time.Started.....: Sun Jul  9 22:28:27 2017 (12 hours, 24 mins)
-# Time.Estimated...: Mon Jul 10 10:53:06 2017 (6 secs)
-# Guess.Base.......: File (dicts/rockyou.txt), Left Side
-# Guess.Mod........: File (dicts/rockyou.txt), Right Side
-# Speed.Dev.#2.....:  4490.7 MH/s (6.68ms)
-# Recovered........: 4120/6494 (63.44%) Digests, 0/1 (0.00%) Salts
-# Recovered/Time...: CUR:0,13,N/A AVG:3,182,4372 (Min,Hour,Day)
-# Progress.........: 205701367493846/205730140143616 (99.99%)
-# Rejected.........: 2006/205701367493846 (0.00%)
-# Restore.Point....: 14343296/14343296 (100.00%)
-# Candidates.#2....: $HEX[3033323639346120627574746572666c79] -> $HEX[042a0337c2a156616d6f732103042a0337c2a156616d6f732103]
-# HWMon.Dev.#2.....: Temp: 77c Fan: 85% Util: 95% Core:1911MHz Mem:3802MHz Bus:8
-
-# Started: Sun Jul  9 22:28:27 2017
-# Stopped: Mon Jul 10 10:53:01 2017
+# "$HASHCAT" -m "$HASH_TYPE" -a 1 "$HASH_FILE" dicts/rockyou.txt dicts/rockyou.txt --potfile-path "POT_FILE"
Author	SHA1	Message	Date
Brannon Dorsey	328b296539	Merge pull request #3 from tomasvanagas/patch-1 Update match-creds.py	2018-05-23 16:39:15 -05:00
Brannon Dorsey	a01b47b0e3	Update README.md	2018-01-15 20:00:34 -06:00
Brannon Dorsey	060ccb05da	Merge pull request #6 from royopa/patch-1 Added windows checker	2018-01-15 19:59:54 -06:00
Rodrigo Prado	77d02d9b5b	Added windows checker	2018-01-15 17:04:47 -02:00
Tomas Vanagas	e268a497fd	Update match-creds.py Works better	2017-11-07 14:09:28 +02:00
Brannon Dorsey	7dc2e3bfd1	Update README.md	2017-11-01 11:30:01 -05:00
Brannon Dorsey	5b2c570b02	switch order of commands	2017-07-30 21:23:08 -05:00
Brannon Dorsey	0f1fcb8be0	Add OSX build instructions	2017-07-30 21:22:10 -05:00
Brannon Dorsey	30da7f42ce	Updates to support MacOS/OSX	2017-07-30 21:17:43 -05:00
Brannon Dorsey	e6ac6cfd32	Merge pull request #1 from brannondorsey/add-license-1 Create LICENSE	2017-07-18 00:09:50 -05:00
Brannon Dorsey	0f8d769b87	Create LICENSE	2017-07-18 00:09:39 -05:00
Brannon Dorsey	14b1625323	Remove device-specific flag	2017-07-17 23:59:24 -05:00
Brannon Dorsey	5ad1b4bb4c	remove comments	2017-07-17 23:49:06 -05:00
Brannon Dorsey	0ed7276f6f	Update README	2017-07-17 23:48:29 -05:00