-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathFilterPotfile.py
executable file
·123 lines (93 loc) · 4.33 KB
/
FilterPotfile.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/usr/bin/env python3
import sys, os, hashlib, binascii, argparse, signal
import setupDB
from dbcommands import Database
class FilterHash(object):
def __init__(self, args, parser):
#import args and parser objects from argparse
self.args = args
self.parser = parser
self.original_potfile_dict = {}
self.database = 'potfile.db'
if not os.path.exists('potfile'):
print('\n[!] Potfile missing, please symlink "potfile" to this folder')
sys.exit(0)
if not os.path.exists('./new_pots'):
print('\n[!] "./new_pots missing, creating..."')
try:
os.makedirs('./new_pots')
except Exception as e:
print(e)
sys.exit(0)
if not os.path.exists(self.database):
print('\n[!] Database missing, creating %s \n' % self.database)
setupDB.main()
def ntlm_filter(self):
original_potfile = open('potfile', "r")
ntlm_hash_dict = {}
hash_name = 'ntlm'
hashcat_mode = 1000
ntlm_potfile = open('./new_pots/ntlm.potfile', 'w+')
print('[+] Reading potfile lines')
#read the original potfile and get line numbers
for i, line in enumerate(original_potfile):
#split on first colon, maxsplit of 1 (in case colons exist in the password!)
split_pot_entry = line.split(":", 1)
#first split is the hash in the potfile
hash_to_verify = str(split_pot_entry[0].rstrip("\r\n"))
#some pots have junk and no second field, need to check
#second split is the plaintext in the potfile
try:
plain_text = str(split_pot_entry[1].rstrip("\r\n"))
except IndexError as e:
print('weirdness on line %s' % i)
#first quick check is length of NTLM
if len(hash_to_verify) == 32:
#print ('ntlm length found at %s' % i)
#compute new ntlm based on plain from pot line
computed_hash = hashlib.new('md4', plain_text.encode('utf-16le')).digest()
decoded_hash = binascii.hexlify(computed_hash).decode()
#compare entry with computed
if decoded_hash == hash_to_verify:
#print ('ntlm found! suspected:%s computed: %s plain: %s ' % (hash_to_verify,decoded_hash,plain_text))
ntlm_potfile.writelines('%s:%s\n' % (decoded_hash, plain_text))
#add to new dictionary for eventual database commit
ntlm_hash_dict[decoded_hash] = hash_name, plain_text, hashcat_mode
#tell user every millionth line read
if (i % 1000000) == 0:
print('Read %s lines' % i)
if self.args.database is True:
#send to database with hash_name, hashValue, plainText, hashcatMode
print('Adding NTLM hashes to database')
dbOps = Database(ntlm_hash_dict)
dbOps.add_hash()
print('Added NTLM hashes to database')
original_potfile.close()
def sha1_filter(self):
original_potfile = open('potfile', "r")
ntlm_hash_dict = {}
hash_name = 'sha1'
hashcat_mode = 100
ntlm_potfile = open('./new_pots/ntlm.potfile', 'w+')
print('[+] Reading potfile lines')
print('[+] Searching potfile for hashes with a SHA1 length')
def main():
#https://docs.python.org/3/library/argparse.html
parser = argparse.ArgumentParser()
#parser.add_argument('-a', '--all', help = 'run All modes', action = 'store_true')
parser.add_argument('-m', '--mode', help = 'specify a mode', nargs = "*")
parser.add_argument('-d', '--database', help='log sorted hashes to a database', action='store_true')
parser.add_argument('-v', '--verbose', help = 'Verbose', action = 'store_true')
args = parser.parse_args()
run = FilterHash(args,parser)
if args.mode is None:
print('please select the hashcat mode(s) of the hashes you want to filter, e.g. FilterHash.py -m 1000 5500')
sys.exit(0)
for m in args.mode:
if m == '1000':
print('selected mode {}'.format(m))
run.ntlm_filter()
if m == '100':
run.sha1_filter()
if __name__ == '__main__':
main()