trustedsec / hate_crack Goto Github PK

View Code? Open in Web Editor NEW

1.6K 1.6K 257.0 608 KB

A tool for automating cracking methodologies through Hashcat from the TrustedSec team.

Home Page: https://www.trustedsec.com

Python 98.90% Perl 1.10%

hate_crack's People

Contributors

Stargazers

Watchers

Forkers

pentest30 cephurs gavz w00t3k qsdj pentestingtools clicknull shellgh05t firefalc0n ro9ueadmin cclauss incredibleindishell walexzzy minkione awesome-security techlord-rce samyoyo 0thm4n3 m41doror slowmistio himdar reconvillage1 ykankaya methos2016 gdraperi ashr architaa 1nd0 shantanu561993 peterg75 denisse-dev mlynchcogent r3dfruitrollup jbarcia dothanthitiendiettiende flywithoutwings howtoblind riviera12345 spoonman1091 alpha0king brianheeseis elykoel zard777 theanalyz3r 0x4e38 epheandrill wizard2773 ip-2014 seabreg watchmaker40 mcjon3z ritter0715 8l4nk dlat jrodriguez556 ellerbrock unsecureio sgachies raystyle catrebel 0xbadca7 rulzgz aryanrtm analyticsearch kellermannrobert dannymas strunz983 c002 yazidshil xstpl hackern0v1c3 dougray m00zh33 bbhunter yqyunjie balancedstate ara2104 wzdiyb jinnu92 kmackinley mother2110 liufeng-take oneplush rainbowspec generalzero superf0sh th-watch3r llenroc gnebbia sarmadbytes raimundojimenez alchemycyberblaze cjsatuforc mspicer w1ck3dth1ngs offshores kylesmithit faidamine vinhjaxt oueldz4

hate_crack's Issues

ls -rt -d -1 $PWD/{,.} >../wordlists.txt

I have a folder with all my password files in it. I was trying to run...
ls -rt -d -1 $PWD/{,.} >../wordlists.txt

but getting

[root:...testing/Passwords/wordlists]# ls
bt4-password.txt darkweb2017-top1000.txt openwall.net-all.txt rockyou.txt
cirt-default-passwords.txt darkweb2017-top100.txt PHP-Magic-Hashes.txt twitter-banned.txt
clarkson-university-82.txt darkweb2017-top10.txt probable-v2-top12000.txt unkown-azul.txt
darkc0de.txt Keyboard-Combinations.txt probable-v2-top1575.txt UserPassCombo-Jay.txt
darkweb2017-top10000.txt Most-Popular-Letter-Passes.txt probable-v2-top207.txt

[root:...testing/Passwords/wordlists]# ls -rt -d -1 $PWD/{,.} >../wordlists.txt
zsh: no matches found: /root/pentesting/Passwords/wordlists/.*

What am I doing wrong here??

Thanmks

wordlist_optimizer choking on certain wordlists?

Hello,

I just spun up a fresh Linux box, downloaded hashcat + utils + hatecrack as well as a bundle of wordlists, and am ready to run wordlist_optimizer.

As I kick off the optimization, I'll see hatecrack kind of bomb out with a blurb of text like this:

Checking /opt/wordlists/optimized//58 against cache
Lines compared 18
Removed 12 lines from cache

Sorting back to original positions...

Finished!
Removed 12 lines from cache
Writing 238119 lines to /tmp/splitlen.out
Traceback (most recent call last):
  File "wordlist_optimizer.py", line 88, in <module>
    main()
  File "wordlist_optimizer.py", line 72, in main
    if lineCount("/tmp/splitlen.out") > 0:
  File "wordlist_optimizer.py", line 20, in lineCount
    for line in outFile:
  File "/usr/lib/python3.6/codecs.py", line 321, in decode
    (result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xbb in position 1239: invalid start byte

Note: the issue appears to be wordlist related. This was happening on crackstation.txt. I renamed it to crackstation2.txt and then optimizer completed. Anything I can do to help troubleshoot why certain wordlists might be problematic? I'd love to have crackstation (and a few others that bomb out too) get properly optimized.

Thanks,
Brian

Optimizers

How can I apply optimizers like -O and -W (2,3,4) to hate crack?

<kernel>:9:10: fatal error: 'OpenCL/inc_vendor.h' file not found CYGWIN

Hi, im ran into a problem, when starting any attack in hate_crack. Im working in cygwin.
Here's log:

$ python hate_crack.py hash.txt 0

___ ___         __             _________                       __
/   |   \_____ _/  |_  ____     \_   ___ \____________    ____ |  | __
/    ~    \__  \\   __\/ __ \    /    \  \/\_  __ \__  \ _/ ___\|  |/ /
\    Y    // __ \|  | \  ___/    \     \____|  | \// __ \\  \___|    <
\___|_  /(____  /__|  \___  >____\______  /|__|  (____  /\___  >__|_ \
      \/      \/          \/_____/      \/            \/     \/     \/
                         Version 1.09


       (1) Quick Crack
       (2) Extensive Pure_Hate Methodology Crack
       (3) Brute Force Attack
       (4) Top Mask Attack
       (5) Fingerprint Attack
       (6) Combinator Attack
       (7) Hybrid Attack
       (8) Pathwell Top 100 Mask Brute Force Crack
       (9) PRINCE Attack
       (10) YOLO Combinator Attack
       (11) Middle Combinator Attack
       (12) Thorough Combinator Attack
       (13) Bandrel Methodology

       (95) Analyze hashes with Pipal
       (96) Export Output to Excel Format
       (97) Display Cracked Hashes
       (98) Display README
       (99) Quit

Select a task: 1

Enter path of wordlist or wordlist directory.
Press Enter for default optimized wordlists [/home/Admin123/hashcat/passwords1]:

Which rule(s) would you like to run?
(0) To run without any rules
(1) best64.rule
(2) d3ad0ne.rule
(3) T0XlC.rule
(4) dive.rule
(99) YOLO...run all of the rules
Enter Comma separated list of rules you would like to run. To run rules chained use the + symbol.
For example 1+1 will run best64.rule chained twice and 1,2 would run best64.rule and then d3ad0ne.rule sequentially.
Choose wisely: 1+1
hashcat (v6.2.6-792-ge6715fbd8) starting

Successfully initialized the NVIDIA main driver CUDA runtime library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
            CUDA SDK Toolkit required for proper device support and utilization.
            For more information, see: https://hashcat.net/faq/wrongdriver
            Falling back to OpenCL runtime.

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.2.79) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #1: NVIDIA GeForce GTX 1650, 3968/4095 MB (1023 MB allocatable), 14MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 31

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 4356

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

Watchdog: Temperature abort trigger set to 90c

Initializing backend runtime for device #1. Please be patient...1 error generated.
clCompileProgram(): CL_COMPILE_PROGRAM_FAILURE

<kernel>:9:10: fatal error: 'OpenCL/inc_vendor.h' file not found
#include M2S(INCLUDE_PATH/inc_vendor.h)
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<built-in>:4:16: note: expanded from here
#define M2S(x) XM2S(x)
              ^~~~~~~
<built-in>:3:17: note: expanded from here
#define XM2S(x) #x
               ^~
<scratch space>:2:1: note: expanded from here
"OpenCL/inc_vendor.h"
^~~~~~~~~~~~~~~~~~~~~

* Device #1: Kernel /home/Admin123/hashcat/OpenCL/m00000_a0-optimized.cl build failed.

Started: Sat Oct  7 02:46:38 2023
Stopped: Sat Oct  7 02:46:39 2023

Surprisingly, hashcat without hate_crack works perfectly. Left code below:

$ ./hashcat -m 0 -O -a 3 -1 '?l?d' example0.hash -i '?1?1?1?1?1?1?1?1'
hashcat (v6.2.6-792-ge6715fbd8) starting

Successfully initialized the NVIDIA main driver CUDA runtime library.

Failed to initialize NVIDIA RTC library.

* Device #1: CUDA SDK Toolkit not installed or incorrectly installed.
             CUDA SDK Toolkit required for proper device support and utilization.
             For more information, see: https://hashcat.net/faq/wrongdriver
             Falling back to OpenCL runtime.

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL API (OpenCL 3.0 CUDA 12.2.79) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #1: NVIDIA GeForce GTX 1650, 3968/4095 MB (1023 MB allocatable), 14MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 55

Hashes: 6494 digests; 6494 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Meet-In-The-Middle
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash

Watchdog: Temperature abort trigger set to 90c

INFO: Removed 756 hashes found as potfile entries.

Host memory required for this attack: 829 MB

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.


Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 0 (MD5)
Hash.Target......: example0.hash
Time.Started.....: Sat Oct  7 02:52:56 2023 (0 secs)
Time.Estimated...: Sat Oct  7 02:52:56 2023 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?1 [1]
Guess.Charset....: -1 ?l?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/8 (12.50%)
Speed.#1.........:     5200 H/s (0.04ms) @ Accel:128 Loops:36 Thr:256 Vec:8
Recovered........: 756/6494 (11.64%) Digests (total), 0/6494 (0.00%) Digests (new)
Remaining........: 5738 (88.36%) Digests
Recovered/Time...: CUR:N/A,N/A,N/A AVG:N/A,N/A,N/A (Min,Hour,Day)
Progress.........: 36/36 (100.00%)
Rejected.........: 0/36 (0.00%)
Restore.Point....: 1/1 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-36 Iteration:0-36
Candidate.Engine.: Device Generator
Candidates.#1....: s -> x
Hardware.Mon.#1..: Temp: 49c Fan:  0% Util:  8% Core:1485MHz Mem:4001MHz Bus:16

I will be very grateful for your help. thank you in advance.

Add pipal menu option

If I added pipal as a menu option is this something you would be interested in accepting a pull request for?

I would add it as as an option in the config, and if it was disabled then the menu wouldn't show up

Support for recycling passwords that include a colon

Hi,

I'm extremely not knowledgeable about things (and this is pretty trivial), but I notice on lines 125, 147, 252, and 269 it looks like the cut command is being used to extract passwords cracked by hashcat like:

hcatProcess = subprocess.Popen("cat %s.out | cut -d : -f 2 > %s.working" % (hcatHashFile, hcatHashFile),
                                   shell=True).wait()

Might be worth changing the -f 2 option to -f 2- so that passwords including a colon are captured.

Cheers!

Add option to ignore duplicate accounts when using NetNTLM

Add a detection for duplicate accounts for NetNTLMv1 and NetNTLMv2 for when unique challenge and responses from Responder.

Will prompt use on detection if they want to ignore the duplicates or not.

Recommended methodology?

Hi there,

This isn't really an issue, but more a question about best practices for using Hatecrack. Do you have a recommended methodology for which Hatecrack options to use to most efficiently crack a list of hashes. I've just been starting at 1 and going up from there, and if there's a certain option that says it'll take days to run, I maybe let it run 24 hours and go on to the next for the sake of time.

But I'd love to hear if this is how the TrustedSec team uses the tool or if you have other recommendations/tips.

Thanks for the great tool!

Brian

Add automated detection of computer accounts for NTLM

Detect accounts that end in $ and prompt to ignore them or not.

Menu-less launch options

It would make it easier to use hate_crack with other scripts if there were options to run cracking without interacting with the main menu. An example would be

sudo python /opt/hatecrack/hate_crack.py ~/Documents/example_ntlm.txt 1000 1 0

Which would run quick cracking with 0 best64.rule. I'm not at all suggesting that you get rid of the main menu, just providing both launch options would be a really nice feature.

Keep up the fantastic work!

Support for hashcat bin file not located in hashcat directory

The default installation for hashcat in Kali has the binary file for hashcat located in /usr/bin/hashcat The existing code assumes that the hashcat bin is located in the same directory as the rest of the hashcat files, but in Kali these are located in /usr/share/hashcat

A workaround until this can be fixed is to add a symbolic link in the /usr/share directory using the following command cd /usr/share/hashcat && ln -s /usr/bin/hashcat hashcat

Hash Issues

Is anyone else noticing that hate_crack is outputting the same hash for different passwords?

c45cde80ed7302003b28d040862bf6e9:Shadai25
c45cde80ed7302003b28d040862bf6e9:Work4Me2
c45cde80ed7302003b28d040862bf6e9:Chelle76
c45cde80ed7302003b28d040862bf6e9:Thepijo2
c45cde80ed7302003b28d040862bf6e9:Kathleen1
c45cde80ed7302003b28d040862bf6e9:Shadow10

Had a list of NTLM hashes with username:hash. Stripped them out to just one hash per line.
Ran
./hate_crack.py tmp.txt 1000
Chose quick crack, and it started outputting the same hash over and over with a different password.

Note: I'm still investigating to see if this is a Hashcat issue.

Any chance of a Windows Python port for us poor folks stuck on a Windows base platform?

Pretty please?

:-)

Yours Hopefully,
SS.

hashcat-utils/bin/splitlen.app: 1: hashcat-utils/bin/splitlen.app: ��: not found

Hello,
I am following your guide on the TrestedSec release site and have created my wordlists file exactly as you have specified. When i run the following command i am getting this error... any thoughts on this one.

PC is a new ubuntu 16.04LTS build dual NVIDIA GTX 1080 FE's
Hashcat installed from PTF and hate_crack installed in home directory.

Thanks for the great tool! I got it running on my MAC and it is great!

:~/hate_crack$ python wordlist_optimizer.py wordlists.txt ../optimized_wordlists/
/home/redacted/Passwords/wordlists/hashes.org-2017.txt
hashcat-utils/bin/splitlen.app: 1: hashcat-utils/bin/splitlen.app: ��: not found
hashcat-utils/bin/splitlen.app: 2: hashcat-utils/bin/splitlen.app: Syntax error: word unexpected (expecting ")")

Invalid Path for hashcat binary

Getting this error even though I'm pretty sure the config.json file is pointing to the right folder paths....

Top Mask Attack - Mask Generation Fails

Running into the following issue. Let me know what other info I can provide:

python hate_crack.py /root/ntlm.txt 1000


  ___ ___         __             _________                       __
 /   |   \_____ _/  |_  ____     \_   ___ \____________    ____ |  | __
/    ~    \__  \\   __\/ __ \    /    \  \/\_  __ \__  \ _/ ___\|  |/ /
\    Y    // __ \|  | \  ___/    \     \____|  | \// __ \\  \___|    <
 \___|_  /(____  /__|  \___  >____\______  /|__|  (____  /\___  >__|_ \
       \/      \/          \/_____/      \/            \/     \/     \/
                          Version 1.06

PWDUMP format detected...
Parsing NT hashes...
Parsing LM hashes...
LM hashes identified. Would you like to brute force the LM hashes first? (Y) N

        (1) Quick Crack
        (2) Extensive Pure_Hate Methodology Crack
        (3) Brute Force Attack
        (4) Top Mask Attack
        (5) Fingerprint Attack
        (6) Combinator Attack
        (7) Hybrid Attack
        (8) Pathwell Top 100 Mask Brute Force Crack
        (9) PRINCE Attack
        (10) YOLO Combinator Attack
        (11) Middle Combinator Attack
        (12) Thorough Combinator Attack

        (96) Export Output to Excel Format
        (97) Display Cracked Hashes
        (98) Display README
        (99) Quit

Select a task: 4

Enter a target time for completion in hours (4):
Traceback (most recent call last):
  File "/root/tools/hate_crack/PACK/statsgen.py", line 302, in <module>
    statsgen.print_stats()
  File "/root/tools/hate_crack/PACK/statsgen.py", line 197, in print_stats
    self.filter_counter * 100 / self.total_counter, self.filter_counter, self.total_counter)
ZeroDivisionError: division by zero
Traceback (most recent call last):
  File "/root/tools/hate_crack/PACK/maskgen.py", line 312, in <module>
    maskgen.generate_masks(sorting_mode)
  File "/root/tools/hate_crack/PACK/maskgen.py", line 136, in generate_masks
    sample_occurrence * 100 / self.total_occurrence, sample_occurrence, self.total_occurrence)
ZeroDivisionError: division by zero
hashcat (v5.0.0) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080 Ti, 2793/11175 MB allocatable, 28MCU

Invalid mask.

Started: Thu Nov  1 10:40:48 2018
Stopped: Thu Nov  1 10:40:49 2018

Check if destination folder exists

Hi,

Simple request: a check if the destination folder exists, and if not let wordlist_optimizer.py create it or complain about missing permissions to do so?
At the moment it spits out this:

$ python wordlist_optimizer.py /usr/share/wordlists/rockyou.txt /usr/share/wordlists/optimized_wordlists/
123456
Traceback (most recent call last):
File "wordlist_optimizer.py", line 74, in
main()
File "wordlist_optimizer.py", line 45, in main
if len(os.listdir(destination)) == 0:
OSError: [Errno 2] No such file or directory: '/usr/share/wordlists/optimized_wordlists/'