Merge pull request #3 from tomasvanagas/patch-1

Update match-creds.py
Update README.md
2025-07-31 01:34:51 +02:00 · 2018-05-23 16:39:15 -05:00 · 2018-01-15 20:00:34 -06:00 · 2018-01-15 19:59:54 -06:00 · 2018-01-15 17:04:47 -02:00 · 2017-11-07 14:09:28 +02:00
6 changed files with 74 additions and 37 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 dicts/rockyou.txt
 hashcat-src
 hashcat.pot
--- a/21
+++ b/21
@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2017 Brannon Dorsey <brannon@brannondorsey.com>
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/README.md
+++ b/README.md
@ -10,8 +10,11 @@ __DISCLAIMER: This software is for educational purposes only. This software shou
 git clone https://github.com/brannondorsey/naive-hashcat
 cd naive-hashcat
 # if you are on MacOS/OSX, run this. If on linux or windows, skip...
 ./build-hashcat-osx.sh
 # download the 134MB rockyou dictionary file
-curl -o dicts/rockyou.txt 
+curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
 # cracks md5 hashes in hashcat-3.6.0/example0.hash by default
 ./naive-hashcat.sh
@ -54,7 +57,7 @@ To crack your hashes, pass this file as `HASH_FILE=hashes.txt` to the command be
 `naive-hashcat.sh` takes, at most, three parameters. All parameters are expressed using unix environment variables. The command below shows the default values set for each of the configurable environment variables that `naive-hashcat.sh` uses:
 ```bash
-HASH_FILE=hashcat-3.6.0/examples0.hash POT_FILE=hashcat.pot HASH_MODE=0 ./naive-hashcat.sh
+HASH_FILE=hashcat-3.6.0/examples0.hash POT_FILE=hashcat.pot HASH_TYPE=0 ./naive-hashcat.sh
 ```
 - `HASH_FILE` is a text file with one hash per line. These are the password hashes to be cracked.
@ -339,4 +342,4 @@ Below is a list of hash-type codes supported by hashcat. If you don't know the t
  15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256              | Password Managers
  15700 | Ethereum Wallet, SCRYPT                          | Password Managers
  99999 | Plaintext                                        | Plaintext
-``` 
+``` 
--- a/build-hashcat-osx.sh
+++ b/build-hashcat-osx.sh
@ -0,0 +1,12 @@
 #!/bin/bash
 # clone the hashcat source
 git clone https://github.com/hashcat/hashcat.git hashcat-src
 # clone the OpenCL headers
 mkdir -p hashcat-src/deps
 git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat-src/deps/OpenCL
 # build
 cd hashcat-src
 make
--- a/match-creds.py
+++ b/match-creds.py
@ -22,12 +22,12 @@ if __name__ == '__main__':
    args = parse_args()
    with open(args.accounts, 'r') as f:
        hash_to_username = { hsh: username for username, hsh in \
-                         [l.split(args.delimiter) for l in f.read().split('\n') \
+                         [l.split(args.delimiter,1) for l in f.read().split('\n') \
-                          if len(l.split(args.delimiter)) > 1] }
+                          if len(l.split(args.delimiter,1)) > 1] }
    # print(hash_to_username)
    with open(args.potfile, 'r') as f:
-        hash_to_pw = { hsh: pw for hsh, pw in [l.split(':') for l in f.read().split('\n') \
+        hash_to_pw = { hsh: pw for hsh, pw in [l.split(':',1) for l in f.read().split('\n') \
-                                               if len(l.split(':')) > 1]}
+                                               if len(l.split(':',1)) > 1]}
    for hsh, username in hash_to_username.items():
        if hsh in hash_to_pw:
--- a/naive-hashcat.sh
+++ b/naive-hashcat.sh
@ -5,54 +5,53 @@ POT_FILE="${POT_FILE:-hashcat.pot}"
 HASH_TYPE="${HASH_TYPE:-0}"
 # WEIGHT="${WEIGHT:-"medium"}" # light, medium, heavy
-if [ $(uname -m) == 'x86_64' ]; then
+# check OSX
-	HASHCAT="./hashcat-3.6.0/hashcat64.bin"
+if [ "$(uname)" == 'Darwin' ] ; then
-else
+	if [ -f hashcat-src/hashcat ] ; then
-	HASHCAT="./hashcat-3.6.0/hashcat32.bin"
+		HASHCAT="./hashcat-src/hashcat"
 	else
 		echo "You are running naive-hashcat on a MacOS/OSX machine but have not yet built the hashcat binary."
 		echo "Please run ./build-hashcat-osx.sh and try again."
 		exit 1
 	fi
 # check Linux
 elif [ "$(uname)" == 'Linux' ] ; then
 	if [ $(uname -m) == 'x86_64' ]; then
 		HASHCAT="./hashcat-3.6.0/hashcat64.bin"
 	else
 		HASHCAT="./hashcat-3.6.0/hashcat32.bin"
 	fi
 # check Windows
 elif [ "$(uname)" == 'MINGW64_NT-10.0' ] ; then
 	if [ $(uname -m) == 'x86_64' ]; then
 		HASHCAT="./hashcat-3.6.0/hashcat64.exe"
 	else
 		HASHCAT="./hashcat-3.6.0/hashcat32.exe"
 	fi
 fi
 # LIGHT
 # DICTIONARY ATTACK-----------------------------------------------------------------------
 # begin with a _very_ simple and naive dictionary attack. This is blazing fast and 
 # I've seen it crack ~20% of hashes
-"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt --potfile-path "$POT_FILE" --opencl-devices 2 
+"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt --potfile-path "$POT_FILE"
 # DICTIONARY ATTACK WITH RULES------------------------------------------------------------
 # now lets move on to a rule based attack, d3ad0ne.rule is a great one to start with
-"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/d3ad0ne.rule --potfile-path "$POT_FILE" --opencl-devices 2
+"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/d3ad0ne.rule --potfile-path "$POT_FILE"
 # rockyou is pretty good, and not too slow
-"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/rockyou-30000.rule --potfile-path "$POT_FILE" --opencl-devices 2
+"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/rockyou-30000.rule --potfile-path "$POT_FILE"
 # MEDIUM
 # dive is a great rule file, but it takes a bit longer to run, so we will run it after d3ad0ne and rockyou
-"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/dive.rule --potfile-path "$POT_FILE" --opencl-devices 2
+"$HASHCAT" -m "$HASH_TYPE" -a 0 "$HASH_FILE" dicts/rockyou.txt -r hashcat-3.6.0/rules/dive.rule --potfile-path "$POT_FILE"
 # HEAVY
 # MASK ATTACK (BRUTE-FORCE)---------------------------------------------------------------
-"$HASHCAT" -m "$HASH_TYPE" -a 3 "$HASH_FILE" hashcat-3.6.0/masks/rockyou-1-60.hcmask --potfile-path "$POT_FILE" --opencl-devices 2
+"$HASHCAT" -m "$HASH_TYPE" -a 3 "$HASH_FILE" hashcat-3.6.0/masks/rockyou-1-60.hcmask --potfile-path "$POT_FILE"
 # COMBINATION ATTACK---------------------------------------------------------------------- 
 # this one can take 12+ hours, don't use it by default
-# "$HASHCAT" -m "$HASH_TYPE" -a 1 "$HASH_FILE" dicts/rockyou.txt dicts/rockyou.txt --potfile-path "POT_FILE" --opencl-devices 2 
+# "$HASHCAT" -m "$HASH_TYPE" -a 1 "$HASH_FILE" dicts/rockyou.txt dicts/rockyou.txt --potfile-path "POT_FILE" 
 # Session..........: hashcat
 # Status...........: Exhausted
 # Hash.Type........: MD5
 # Hash.Target......: hashcat-3.6.0/example0.hash
 # Time.Started.....: Sun Jul  9 22:28:27 2017 (12 hours, 24 mins)
 # Time.Estimated...: Mon Jul 10 10:53:06 2017 (6 secs)
 # Guess.Base.......: File (dicts/rockyou.txt), Left Side
 # Guess.Mod........: File (dicts/rockyou.txt), Right Side
 # Speed.Dev.#2.....:  4490.7 MH/s (6.68ms)
 # Recovered........: 4120/6494 (63.44%) Digests, 0/1 (0.00%) Salts
 # Recovered/Time...: CUR:0,13,N/A AVG:3,182,4372 (Min,Hour,Day)
 # Progress.........: 205701367493846/205730140143616 (99.99%)
 # Rejected.........: 2006/205701367493846 (0.00%)
 # Restore.Point....: 14343296/14343296 (100.00%)
 # Candidates.#2....: $HEX[3033323639346120627574746572666c79] -> $HEX[042a0337c2a156616d6f732103042a0337c2a156616d6f732103]
 # HWMon.Dev.#2.....: Temp: 77c Fan: 85% Util: 95% Core:1911MHz Mem:3802MHz Bus:8
 # Started: Sun Jul  9 22:28:27 2017
 # Stopped: Mon Jul 10 10:53:01 2017
Author	SHA1	Message	Date
Brannon Dorsey	328b296539	Merge pull request #3 from tomasvanagas/patch-1 Update match-creds.py	2018-05-23 16:39:15 -05:00
Brannon Dorsey	a01b47b0e3	Update README.md	2018-01-15 20:00:34 -06:00
Brannon Dorsey	060ccb05da	Merge pull request #6 from royopa/patch-1 Added windows checker	2018-01-15 19:59:54 -06:00
Rodrigo Prado	77d02d9b5b	Added windows checker	2018-01-15 17:04:47 -02:00
Tomas Vanagas	e268a497fd	Update match-creds.py Works better	2017-11-07 14:09:28 +02:00
Brannon Dorsey	7dc2e3bfd1	Update README.md	2017-11-01 11:30:01 -05:00
Brannon Dorsey	5b2c570b02	switch order of commands	2017-07-30 21:23:08 -05:00
Brannon Dorsey	0f1fcb8be0	Add OSX build instructions	2017-07-30 21:22:10 -05:00
Brannon Dorsey	30da7f42ce	Updates to support MacOS/OSX	2017-07-30 21:17:43 -05:00
Brannon Dorsey	e6ac6cfd32	Merge pull request #1 from brannondorsey/add-license-1 Create LICENSE	2017-07-18 00:09:50 -05:00
Brannon Dorsey	0f8d769b87	Create LICENSE	2017-07-18 00:09:39 -05:00
Brannon Dorsey	14b1625323	Remove device-specific flag	2017-07-17 23:59:24 -05:00
Brannon Dorsey	5ad1b4bb4c	remove comments	2017-07-17 23:49:06 -05:00
Brannon Dorsey	0ed7276f6f	Update README	2017-07-17 23:48:29 -05:00