testing
This commit is contained in:
h00die
@@ -86,11 +86,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||
end
|
||||
|
||||
def run
|
||||
tbl = Rex::Text::Table.new(
|
||||
'Header' => 'Cracked Hashes',
|
||||
'Indent' => 1,
|
||||
'Columns' => ['DB ID', 'Hash Type', 'Username', 'Cracked Password', 'Method']
|
||||
)
|
||||
tbl = cracker_results_table
|
||||
|
||||
# array of hashes in jtr_format in the db, converted to an OR combined regex
|
||||
hash_types_to_crack = []
|
||||
|
||||
@@ -101,7 +101,9 @@ class MetasploitModule < Msf::Auxiliary
|
||||
end
|
||||
end
|
||||
|
||||
create_cracked_credential(username: cred['username'], password: cred['password'], core_id: cred['core_id'])
|
||||
puts "XXX process_cracker_results cred prior to create_cracked_credential: #{cred.inspect}"
|
||||
t = create_cracked_credential(username: cred['username'], password: cred['password'], core_id: cred['core_id'])
|
||||
puts "XXX create_cracked_credential returned: #{t.inspect}"
|
||||
results
|
||||
end
|
||||
|
||||
@@ -157,16 +159,17 @@ class MetasploitModule < Msf::Auxiliary
|
||||
|
||||
cred['core_id'] = fields.shift
|
||||
|
||||
if ['netntlm', 'netntlmv2'].include? hash_type
|
||||
case hash_type
|
||||
when 'netntlm', 'netntlmv2'
|
||||
# we could grab the username here, but no need since we grab it later based on core_id, which is safer
|
||||
6.times { fields.shift } # Get rid of a bunch of extra fields
|
||||
elsif ['krb5tgs', 'krb5asrep'].include? hash_type
|
||||
when 'krb5asrep'
|
||||
2.times { fields.shift } # Get rid of extra hash fields
|
||||
else
|
||||
else # 'krb5tgs'
|
||||
cred['hash'] = fields.shift
|
||||
end
|
||||
|
||||
fields.pop if hash_type == 'mscash' # Get rid of username
|
||||
fields.pop if ['mscash'].include? hash_type # Get rid of username
|
||||
|
||||
cred['password'] = fields.join(':') # Anything left must be the password. This accounts for passwords with semi-colons in it
|
||||
next if cred['core_id'].include?("Hashfile '") && cred['core_id'].include?("' on line ") # skip error lines
|
||||
@@ -175,6 +178,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||
# so we can now just go grab the username from the DB
|
||||
cred['username'] = framework.db.creds(workspace: myworkspace, id: cred['core_id'])[0].public.username
|
||||
end
|
||||
puts "XXX check_results function prior to process_crack_results: #{cred.inspect}"
|
||||
results = process_cracker_results(results, cred)
|
||||
end
|
||||
results
|
||||
|
||||
@@ -185,10 +185,10 @@ def windows_hashes_and_regex_john_compat
|
||||
creds_expected_output_regex << /mscash-test1\s+M\$test1\#64cd29e36a8431a2b111378564a10631\s+Nonreplayable hash\s+mscash\s+test1$/
|
||||
creds_command << ' creds add user:mscash2-hashcat hash:\$DCC2\$10240#tom#e4e938d12fe5974dc42a90120bd9c90f jtr:mscash2;'
|
||||
creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/
|
||||
creds_command << ' creds add user:krb5asrep hash:\$krb5asrep\$23\$user@domain.com:3e156ada591263b8aab0965f5aebd837\$007497cb51b6c8116d6407a782ea0e1c5402b17db7afa6b05a6d30ed164a9933c754d720e279c6c573679bd27128fe77e5fea1f72334c1193c8ff0b370fadc6368bf2d49bbfdba4c5dccab95e8c8ebfdc75f438a0797dbfb2f8a1a5f4c423f9bfc1fea483342a11bd56a216f4d5158ccc4b224b52894fadfba3957dfe4b6b8f5f9f9fe422811a314768673e0c924340b8ccb84775ce9defaa3baa0910b676ad0036d13032b0dd94e3b13903cc738a7b6d00b0b3c210d1f972a6c7cae9bd3c959acf7565be528fc179118f28c679f6deeee1456f0781eb8154e18e49cb27b64bf74cd7112a0ebae2102ac jtr:krb5asrep;'
|
||||
creds_expected_output_regex << /krb5asrep\s+\$krb5asrep\$23\$user@domain.com:3e156ada591263b8aab0965f5aebd837\$007497cb51b6c \(TRUNCATED\)\s+Nonreplayable hash\s+krb5asrep\s+hashcat$/
|
||||
creds_command << ' creds add user:krb5tgs hash:\$krb5tgs\$23\$*svc_test\$MSFLAB.LOCAL\$MSSQLSvc/sql01.msflab.local:1433*\$cd5188391bf0e980a2cc48fddfcdb6c9$838309d0fe47fe1452faa663a378b37b5b69a170ee564ef4197f7f7ac918923e39dc0fe17b3beb9a963af47929d506d9d798fefb6038fe6447401cf23212a27aca5f05b8248aed48190d4b6b41405e796a960cc8c02bacb5c5e9869226e039f2581d98cd4d0defe15fd131d48a38ce95d69e28d8ae5f5fcfd371bdab8a68cd044c71a1b1cd46a0fb35eea7043bc7c3703186a9a0dcf6e8b688fdde20603de5daa7d428cf2923c0ba59a12c855ba396e080055e6d340231ba4822db632d12ba19eec436815fc28c88d8852601d58217019566c7c601ed37bb96920bbef4bf357b8e73549dbb70a5f4c53609c008e55d093b409572699b86fc8bd8cc395d6ec2de5fb2f64c56b7f6dd85ab89094883df99f3fd24db442b6da46c8998b3a5bd407fcb6fb2b65faded0b37034b54fa398d604c7030f52db4826ba09698a9a56a2f57a93f5299033cdcd641b4678926df5d8730b6b923c663fa2f9f2fa5f225a4108380f2b7bb9d75620478d1b912949a346bf19688877fcdf92231387b4c1d9ae83420abd38215802859c535205f8673125e0a559aa646663f4e41e97e5339be48972cafb501d01d3ec0f13bcc578b431b74eb285084d167d307ef5b5e2a2fa7cae7b221a6f5a0ce6a45883e6ccbdedcec7cfbc1dec3cad4b53d2db01750e087906747f3e5ed6d3e776a8844f578ff2072325d3d8122fd08342a18d5a637275aa1c534a78e9f798eb61dc2ca4a3cab0ea5b20bf67739763298cee85cc51443ba4faaf069593639fd474c69f31a5f6f29eb1ef20692091eb9eed5aa729dc84af1dde99ccbc978f2334fb1906d224101c425e088d98608ea05b7d4dccdee207d5a3e672829f35e3be751e2b395002619a6e0863e41b10efc321f2ae57fed86b5ed90b5a641e6d3488335ea4e8d8bea397ce35fa0113cf05b4c0c38ee0140d4be3bd490b461dc4fb41b4fc2c50bee160d379934f4043fec940f1549aee56543f7ba6c9c309805fe7397374bed469f1e1dabb6cdad02c9f663b17c64e6bb5a248f1389c2032b15e96d46172526329c29acf04ff537049420efc71aba58f29bac5b6a09522aa893d97ca59de9cc6d13789617859c0db170443e943e58ec7604745e475d1b16057aa8975b0b668fffc9a32f8b26452fa4a95129c53f8cf9a0191898dd8694ad9f0e106d7866b3e3116f92c2921e6ed6fc03a12a2aed56d73d6f9eee8eccad27839f55aef53942c2d7efc0e765621ba72d2280c21df512628011a56fc1aae3a6e62dc87cdd0a4c0c5a179b8ae233ce785293e7eca0b76a6418b0cf798be1eaf7a33f220dbdbb5166a529f129582b5a57b01b90c5c7c48b4d7c8e8aac1677704af319bd73816bbfa344cb10f070426746f162a4fc5809a5c37d566c45043b77e53e6cfb703e511ec1e6d14200d9b859fad51fb93b2477b61435ddcbea97ebf7c4b3dacbec3f8158c5c1d317887b7233199d20d7536febb8dd255aab jtr:krb5tgs;'
|
||||
creds_expected_output_regex << %r{krb5tgs\s+\$krb5tgs\$23\$\*svc_test\$MSFLAB\.LOCAL\$MSSQLSvc/sql01.msflab.local:1433\*\$cd51883 \(TRUNCATED\)\s+Nonreplayable hash\s+krb5tgs\s+Password1!$}
|
||||
#creds_command << ' creds add user:krb5asrep hash:\$krb5asrep\$23\$user@domain.com:3e156ada591263b8aab0965f5aebd837\$007497cb51b6c8116d6407a782ea0e1c5402b17db7afa6b05a6d30ed164a9933c754d720e279c6c573679bd27128fe77e5fea1f72334c1193c8ff0b370fadc6368bf2d49bbfdba4c5dccab95e8c8ebfdc75f438a0797dbfb2f8a1a5f4c423f9bfc1fea483342a11bd56a216f4d5158ccc4b224b52894fadfba3957dfe4b6b8f5f9f9fe422811a314768673e0c924340b8ccb84775ce9defaa3baa0910b676ad0036d13032b0dd94e3b13903cc738a7b6d00b0b3c210d1f972a6c7cae9bd3c959acf7565be528fc179118f28c679f6deeee1456f0781eb8154e18e49cb27b64bf74cd7112a0ebae2102ac jtr:krb5asrep;'
|
||||
#creds_expected_output_regex << /krb5asrep\s+\$krb5asrep\$23\$user@domain.com:3e156ada591263b8aab0965f5aebd837\$007497cb51b6c \(TRUNCATED\)\s+Nonreplayable hash\s+krb5asrep\s+hashcat$/
|
||||
creds_command << ' creds add user:krb5tgs hash:\$krb5tgs\$23\$*user\$realm\$test/spn*\$63386d22d359fe42230300d56852c9eb\$891ad31d09ab89c6b3b8c5e5de6c06a7f49fd559d7a9a3c32576c8fedf705376cea582ab5938f7fc8bc741acf05c5990741b36ef4311fe3562a41b70a4ec6ecba849905f2385bb3799d92499909658c7287c49160276bca0006c350b0db4fd387adc27c01e9e9ad0c20ed53a7e6356dee2452e35eca2a6a1d1432796fc5c19d068978df74d3d0baf35c77de12456bf1144b6a750d11f55805f5a16ece2975246e2d026dce997fba34ac8757312e9e4e6272de35e20d52fb668c5ed jtr:krb5tgs;'
|
||||
creds_expected_output_regex << %r{krb5tgs\s+\$krb5tgs\$23\$\*user\$realm\$test/spn\*\$63386d22d359fe42230300d56852c9eb\$891ad31d0\s+\(TRUNCATED\)\s+Nonreplayable hash\s+krb5tgs\s+hashcat$}
|
||||
return creds_command, creds_expected_output_regex
|
||||
end
|
||||
|
||||
@@ -198,8 +198,6 @@ def windows_hashes_and_regex_hashcat_compat
|
||||
cred_temp, regex_temp = windows_hashes_and_regex_john_compat
|
||||
creds_command << cred_temp
|
||||
creds_expected_output_regex += regex_temp
|
||||
creds_command << ' creds add user:krb5tgs hash:\$krb5tgs\$23\$*svc_test\$MSFLAB.LOCAL\$MSSQLSvc\/sql01.msflab.local:1433*\$cd5188391bf0e980a2cc48fddfcdb6c9\$838309d0fe47fe1452faa663a378b37b5b69a170ee564ef4197f7f7ac918923e39dc0fe17b3beb9a963af47929d506d9d798fefb6038fe6447401cf23212a27aca5f05b8248aed48190d4b6b41405e796a960cc8c02bacb5c5e9869226e039f2581d98cd4d0defe15fd131d48a38ce95d69e28d8ae5f5fcfd371bdab8a68cd044c71a1b1cd46a0fb35eea7043bc7c3703186a9a0dcf6e8b688fdde20603de5daa7d428cf2923c0ba59a12c855ba396e080055e6d340231ba4822db632d12ba19eec436815fc28c88d8852601d58217019566c7c601ed37bb96920bbef4bf357b8e73549dbb70a5f4c53609c008e55d093b409572699b86fc8bd8cc395d6ec2de5fb2f64c56b7f6dd85ab89094883df99f3fd24db442b6da46c8998b3a5bd407fcb6fb2b65faded0b37034b54fa398d604c7030f52db4826ba09698a9a56a2f57a93f5299033cdcd641b4678926df5d8730b6b923c663fa2f9f2fa5f225a4108380f2b7bb9d75620478d1b912949a346bf19688877fcdf92231387b4c1d9ae83420abd38215802859c535205f8673125e0a559aa646663f4e41e97e5339be48972cafb501d01d3ec0f13bcc578b431b74eb285084d167d307ef5b5e2a2fa7cae7b221a6f5a0ce6a45883e6ccbdedcec7cfbc1dec3cad4b53d2db01750e087906747f3e5ed6d3e776a8844f578ff2072325d3d8122fd08342a18d5a637275aa1c534a78e9f798eb61dc2ca4a3cab0ea5b20bf67739763298cee85cc51443ba4faaf069593639fd474c69f31a5f6f29eb1ef20692091eb9eed5aa729dc84af1dde99ccbc978f2334fb1906d224101c425e088d98608ea05b7d4dccdee207d5a3e672829f35e3be751e2b395002619a6e0863e41b10efc321f2ae57fed86b5ed90b5a641e6d3488335ea4e8d8bea397ce35fa0113cf05b4c0c38ee0140d4be3bd490b461dc4fb41b4fc2c50bee160d379934f4043fec940f1549aee56543f7ba6c9c309805fe7397374bed469f1e1dabb6cdad02c9f663b17c64e6bb5a248f1389c2032b15e96d46172526329c29acf04ff537049420efc71aba58f29bac5b6a09522aa893d97ca59de9cc6d13789617859c0db170443e943e58ec7604745e475d1b16057aa8975b0b668fffc9a32f8b26452fa4a95129c53f8cf9a0191898dd8694ad9f0e106d7866b3e3116f92c2921e6ed6fc03a12a2aed56d73d6f9eee8eccad27839f55aef53942c2d7efc0e765621ba72d2280c21df512628011a56fc1aae3a6e62dc87cdd0a4c0c5a179b8ae233ce785293e7eca0b76a6418b0cf798be1eaf7a33f220dbdbb5166a529f129582b5a57b01b90c5c7c48b4d7c8e8aac1677704af319bd73816bbfa344cb10f070426746f162a4fc5809a5c37d566c45043b77e53e6cfb703e511ec1e6d14200d9b859fad51fb93b2477b61435ddcbea97ebf7c4b3dacbec3f8158c5c1d317887b7233199d20d7536febb8dd255aab jtr:krb5tgs;'
|
||||
creds_expected_output_regex << %r{krb5tgs\s+\$krb5tgs\$23\$\*svc_test\$MSFLAB.LOCAL\$MSSQLSvc/sql01.msflab.local:1433\*\$cd51883 \(TRUNCATED\)\s+Nonreplayable hash\s+krb5tgs\s+Password1!$}
|
||||
creds_command << ' creds add user:krb5tgs-aes128 hash:\$krb5tgs\$17\$user\$realm\$ae8434177efd09be5bc2eff8\$90b4ce5b266821adc26c64f71958a475cf9348fce65096190be04f8430c4e0d554c86dd7ad29c275f9e8f15d2dab4565a3d6e21e449dc2f88e52ea0402c7170ba74f4af037c5d7f8db6d53018a564ab590fc23aa1134788bcc4a55f69ec13c0a083291a96b41bffb978f5a160b7edc828382d11aacd89b5a1bfa710b0e591b190bff9062eace4d26187777db358e70efd26df9c9312dbeef20b1ee0d823d4e71b8f1d00d91ea017459c27c32dc20e451ea6278be63cdd512ce656357c942b95438228e jtr:krb5tgs-aes128;'
|
||||
creds_expected_output_regex << /krb5tgs-aes128\s+\$krb5tgs\$17\$user\$realm\$ae8434177efd09be5bc2eff8\$90b4ce5b266821adc26c64f71958 \(TRUNCATED\)\s+ Nonreplayable hash\s+krb5tgs-aes128\s+hashcat$/
|
||||
creds_command << ' creds add user:krb5tgs-aes256 hash:\$krb5tgs\$18\$user\$realm\$8efd91bb01cc69dd07e46009\$7352410d6aafd72c64972a66058b02aa1c28ac580ba41137d5a170467f06f17faf5dfb3f95ecf4fad74821fdc7e63a3195573f45f962f86942cb24255e544ad8d05178d560f683a3f59ce94e82c8e724a3af0160be549b472dd83e6b80733ad349973885e9082617294c6cbbea92349671883eaf068d7f5dcfc0405d97fda27435082b82b24f3be27f06c19354bf32066933312c770424eb6143674756243c1bde78ee3294792dcc49008a1b54f32ec5d5695f899946d42a67ce2fb1c227cb1d2004c0 jtr:krb5tgs-aes256;'
|
||||
|
||||
Reference in New Issue
Block a user