From 3589c4f4c7ddf2e1d41a930b7d0f86e018caaffb Mon Sep 17 00:00:00 2001 From: h00die Date: Sun, 2 Jun 2019 21:14:02 -0400 Subject: [PATCH] avoid cracking hashes already cracked --- lib/msf/core/auxiliary/password_cracker.rb | 11 ++++++ modules/auxiliary/analyze/crack_aix.rb | 17 +++++---- modules/auxiliary/analyze/crack_databases.rb | 40 +++++++++++--------- modules/auxiliary/analyze/crack_linux.rb | 17 +++++---- modules/auxiliary/analyze/crack_osx.rb | 17 +++++---- modules/auxiliary/analyze/crack_webapps.rb | 17 +++++---- modules/auxiliary/analyze/crack_windows.rb | 17 +++++---- 7 files changed, 84 insertions(+), 52 deletions(-) diff --git a/lib/msf/core/auxiliary/password_cracker.rb b/lib/msf/core/auxiliary/password_cracker.rb index 8022fd7524..0d0ca7fdef 100644 --- a/lib/msf/core/auxiliary/password_cracker.rb +++ b/lib/msf/core/auxiliary/password_cracker.rb @@ -106,5 +106,16 @@ module Auxiliary::PasswordCracker wordlist.to_file(max_len) end + def already_cracked_pass(hash) + framework.db.creds({:pass => hash}).each do |test_cred| + test_cred.public.cores.each do |core| + if core.origin_type == "Metasploit::Credential::Origin::CrackedPassword" + return core.private.data + end + end + end + nil + end + end end diff --git a/modules/auxiliary/analyze/crack_aix.rb b/modules/auxiliary/analyze/crack_aix.rb index be70c11eb2..d3666f2475 100644 --- a/modules/auxiliary/analyze/crack_aix.rb +++ b/modules/auxiliary/analyze/crack_aix.rb @@ -228,14 +228,17 @@ class MetasploitModule < Msf::Auxiliary regex = Regexp.new hashes_regex framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core| if core.private.jtr_format =~ regex - if action.name == 'john' - hashlist.puts hash_to_jtr(core) - elsif action.name == 'hashcat' - # hashcat hash files dont include the ID to reference back to so we build an array to reference - hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} - hashlist.puts hash_to_hashcat(core) + # only add hashes which havne't been cracked + if already_cracked_pass(core.private.data).nil? + if action.name == 'john' + hashlist.puts hash_to_jtr(core) + elsif action.name == 'hashcat' + # hashcat hash files dont include the ID to reference back to so we build an array to reference + hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} + hashlist.puts hash_to_hashcat(core) + end + wrote_hash = true end - wrote_hash = true end end hashlist.close diff --git a/modules/auxiliary/analyze/crack_databases.rb b/modules/auxiliary/analyze/crack_databases.rb index 7ab54e80d9..2f87a4e001 100644 --- a/modules/auxiliary/analyze/crack_databases.rb +++ b/modules/auxiliary/analyze/crack_databases.rb @@ -336,34 +336,40 @@ class MetasploitModule < Msf::Auxiliary regex = Regexp.new hashes_regex framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core| if core.private.jtr_format =~ regex - if action.name == 'john' - hashlist.puts hash_to_jtr(core) - elsif action.name == 'hashcat' - # hashcat hash files dont include the ID to reference back to so we build an array to reference - hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} - hashlist.puts hash_to_hashcat(core) - end - wrote_hash = true - end - end - if datastore['POSTGRES'] - framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::PostgresMD5').each do |core| - if core.private.jtr_format =~ regex + # only add hashes which havne't been cracked + if already_cracked_pass(core.private.data).nil? if action.name == 'john' - # hashcat hash files dont include the ID to reference back to so we build an array to reference - # however, for postgres, john doesn't take an id either - hashes << {'hash' => hash_to_jtr(core), 'un' => core.public.username, 'id' => core.id} hashlist.puts hash_to_jtr(core) elsif action.name == 'hashcat' # hashcat hash files dont include the ID to reference back to so we build an array to reference hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} hashlist.puts hash_to_hashcat(core) end - wrote_hash = true end end end + if datastore['POSTGRES'] + framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::PostgresMD5').each do |core| + if core.private.jtr_format =~ regex + # only add hashes which havne't been cracked + if already_cracked_pass(core.private.data).nil? + if action.name == 'john' + # hashcat hash files dont include the ID to reference back to so we build an array to reference + # however, for postgres, john doesn't take an id either + hashes << {'hash' => hash_to_jtr(core), 'un' => core.public.username, 'id' => core.id} + hashlist.puts hash_to_jtr(core) + elsif action.name == 'hashcat' + # hashcat hash files dont include the ID to reference back to so we build an array to reference + hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} + hashlist.puts hash_to_hashcat(core) + end + + wrote_hash = true + end + end + end + end hashlist.close unless wrote_hash # check if we wrote anything and bail early if we didn't hashlist.delete diff --git a/modules/auxiliary/analyze/crack_linux.rb b/modules/auxiliary/analyze/crack_linux.rb index 6275e219af..2213af01d0 100644 --- a/modules/auxiliary/analyze/crack_linux.rb +++ b/modules/auxiliary/analyze/crack_linux.rb @@ -252,14 +252,17 @@ class MetasploitModule < Msf::Auxiliary regex = Regexp.new hashes_regex framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core| if core.private.jtr_format =~ regex - if action.name == 'john' - hashlist.puts hash_to_jtr(core) - elsif action.name == 'hashcat' - # hashcat hash files dont include the ID to reference back to so we build an array to reference - hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} - hashlist.puts hash_to_hashcat(core) + # only add hashes which havne't been cracked + if already_cracked_pass(core.private.data).nil? + if action.name == 'john' + hashlist.puts hash_to_jtr(core) + elsif action.name == 'hashcat' + # hashcat hash files dont include the ID to reference back to so we build an array to reference + hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} + hashlist.puts hash_to_hashcat(core) + end + wrote_hash = true end - wrote_hash = true end end hashlist.close diff --git a/modules/auxiliary/analyze/crack_osx.rb b/modules/auxiliary/analyze/crack_osx.rb index 16599d9eb9..5df1c24e4d 100644 --- a/modules/auxiliary/analyze/crack_osx.rb +++ b/modules/auxiliary/analyze/crack_osx.rb @@ -231,14 +231,17 @@ class MetasploitModule < Msf::Auxiliary regex = Regexp.new hashes_regex framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core| if core.private.jtr_format =~ regex - if action.name == 'john' - hashlist.puts hash_to_jtr(core) - elsif action.name == 'hashcat' - # hashcat hash files dont include the ID to reference back to so we build an array to reference - hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} - hashlist.puts hash_to_hashcat(core) + # only add hashes which havne't been cracked + if already_cracked_pass(core.private.data).nil? + if action.name == 'john' + hashlist.puts hash_to_jtr(core) + elsif action.name == 'hashcat' + # hashcat hash files dont include the ID to reference back to so we build an array to reference + hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} + hashlist.puts hash_to_hashcat(core) + end + wrote_hash = true end - wrote_hash = true end end hashlist.close diff --git a/modules/auxiliary/analyze/crack_webapps.rb b/modules/auxiliary/analyze/crack_webapps.rb index e12dc20913..f5aa9f44c3 100644 --- a/modules/auxiliary/analyze/crack_webapps.rb +++ b/modules/auxiliary/analyze/crack_webapps.rb @@ -232,14 +232,17 @@ class MetasploitModule < Msf::Auxiliary regex = Regexp.new hashes_regex framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NonreplayableHash').each do |core| if core.private.jtr_format =~ regex - if action.name == 'john' - hashlist.puts hash_to_jtr(core) - elsif action.name == 'hashcat' - # hashcat hash files dont include the ID to reference back to so we build an array to reference - hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} - hashlist.puts hash_to_hashcat(core) + # only add hashes which havne't been cracked + if already_cracked_pass(core.private.data).nil? + if action.name == 'john' + hashlist.puts hash_to_jtr(core) + elsif action.name == 'hashcat' + # hashcat hash files dont include the ID to reference back to so we build an array to reference + hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} + hashlist.puts hash_to_hashcat(core) + end + wrote_hash = true end - wrote_hash = true end end hashlist.close diff --git a/modules/auxiliary/analyze/crack_windows.rb b/modules/auxiliary/analyze/crack_windows.rb index c495eaa0e4..4caf9b4222 100644 --- a/modules/auxiliary/analyze/crack_windows.rb +++ b/modules/auxiliary/analyze/crack_windows.rb @@ -261,14 +261,17 @@ class MetasploitModule < Msf::Auxiliary framework.db.creds(workspace: myworkspace, type: 'Metasploit::Credential::NTLMHash').each do |core| regex = Regexp.new hashes_regex if core.private.jtr_format =~ regex - if action.name == 'john' - hashlist.puts hash_to_jtr(core) - elsif action.name == 'hashcat' - # hashcat hash files dont include the ID to reference back to so we build an array to reference - hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} - hashlist.puts hash_to_hashcat(core) + # only add hashes which havne't been cracked + if already_cracked_pass(core.private.data).nil? + if action.name == 'john' + hashlist.puts hash_to_jtr(core) + elsif action.name == 'hashcat' + # hashcat hash files dont include the ID to reference back to so we build an array to reference + hashes << {'hash' => core.private.data, 'un' => core.public.username, 'id' => core.id} + hashlist.puts hash_to_hashcat(core) + end + wrote_hash = true end - wrote_hash = true end end hashlist.close