Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JTR crack multiple hash types #473

Merged
merged 1 commit into from
Feb 7, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions helpers/helpers_emba_print.sh
Original file line number Diff line number Diff line change
Expand Up @@ -76,12 +76,12 @@ module_log_init()
module_title()
{
local MODULE_TITLE
MODULE_TITLE="$1"
MODULE_TITLE="${1:-}"
local MODULE_TITLE_FORMAT
MODULE_TITLE_FORMAT="[""${BLUE}""+""${NC}""] ""${CYAN}""${BOLD}""$MODULE_TITLE""${NC}""\\n""${BOLD}""=================================================================""${NC}"
echo -e "\\n\\n""$MODULE_TITLE_FORMAT"
echo -e "\\n\\n""$MODULE_TITLE_FORMAT" || true
if [[ "${2:-}" != "no_log" ]] ; then
echo -e "$(format_log "$MODULE_TITLE_FORMAT")" | tee -a "$LOG_FILE" >/dev/null
echo -e "$(format_log "$MODULE_TITLE_FORMAT")" | tee -a "$LOG_FILE" >/dev/null || true
if [[ $LOG_GREP -eq 1 ]] ; then
write_grep_log "$MODULE_TITLE" "MODULE_TITLE"
fi
Expand All @@ -95,8 +95,8 @@ sub_module_title()
SUB_MODULE_TITLE="${1:-}"
local SUB_MODULE_TITLE_FORMAT
SUB_MODULE_TITLE_FORMAT="\\n""${BLUE}""==>""${NC}"" ""${CYAN}""$SUB_MODULE_TITLE""${NC}""\\n-----------------------------------------------------------------"
echo -e "$SUB_MODULE_TITLE_FORMAT"
echo -e "$(format_log "$SUB_MODULE_TITLE_FORMAT")" | tee -a "$LOG_FILE" >/dev/null
echo -e "$SUB_MODULE_TITLE_FORMAT" || true
echo -e "$(format_log "$SUB_MODULE_TITLE_FORMAT")" | tee -a "$LOG_FILE" >/dev/null || true
if [[ $LOG_GREP -eq 1 ]] ; then
SUB_MODULE_COUNT=$((SUB_MODULE_COUNT + 1))
write_grep_log "$SUB_MODULE_TITLE" "SUB_MODULE_TITLE"
Expand Down
9 changes: 8 additions & 1 deletion modules/S108_stacs_password_search.sh
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,16 @@ S108_stacs_password_search()
local MESSAGE=""

if command -v stacs > /dev/null ; then
stacs --skip-unprocessable --rule-pack "$STACS_RULES_DIR"/credential.json "$FIRMWARE_PATH" > "$STACS_LOG_FILE" || true
stacs --skip-unprocessable --rule-pack "$STACS_RULES_DIR"/credential.json "$FIRMWARE_PATH" 2> "$TMP_DIR"/stacs.err 1> "$STACS_LOG_FILE" || true

if [[ -f "$TMP_DIR"/stacs.err ]]; then
print_ln
print_output "[*] STACS log:"
tee -a "$LOG_FILE" < "$TMP_DIR"/stacs.err
fi

if [[ -f "$STACS_LOG_FILE" && $(jq ".runs[0] .results[] | .message[]" "$STACS_LOG_FILE" | wc -l) -gt 0 ]]; then
print_ln
ELEMENTS_="$(jq ".runs[0] .results[] .message.text" "$STACS_LOG_FILE" | wc -l)"
print_output "[+] Found $ORANGE$ELEMENTS_$GREEN credential areas:"
write_csv_log "Message" "PW_PATH" "PW_HASH" "PW_HASH_real"
Expand Down
55 changes: 53 additions & 2 deletions modules/S109_jtr_local_pw_cracking.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ S109_jtr_local_pw_cracking()
local JTR_FINAL_STAT=""
local CRACKED_HASH=""
local CRACKED=0
local JTR_TIMEOUT="60m"
local JTR_TIMEOUT="3600"

# This module waits for S108_stacs_password_search
# check emba.log for S108_stacs_password_search starting
Expand Down Expand Up @@ -69,7 +69,58 @@ S109_jtr_local_pw_cracking()
print_output "[*] Starting jtr with a runtime of $ORANGE$JTR_TIMEOUT$NC on the following data:"
tee -a "$LOG_FILE" < "$LOG_PATH_MODULE"/jtr_hashes.txt
print_ln
timeout --preserve-status --signal SIGINT "$JTR_TIMEOUT" john --progress-every=120 "$LOG_PATH_MODULE"/jtr_hashes.txt | tee -a "$LOG_FILE" || true
john --progress-every=120 "$LOG_PATH_MODULE"/jtr_hashes.txt 2>&1 | tee -a "$LOG_FILE" || true &
PID="$!"
COUNT=0
while [[ "$COUNT" -le "$JTR_TIMEOUT" ]];do
((COUNT+=1))
if ! pgrep john > /dev/null; then
# if no john process is running it means we are finished with cracking passwords
# and we can exit the while loop for waiting
break
fi
sleep 1
done
if [[ "$COUNT" -ge "$JTR_TIMEOUT" ]]; then
# we are running out of time and kill john
kill "$PID" || true
fi

# lets check our log if we can find further hashes
mapfile -t JTR_FORMATS < <(grep "option to force loading hashes of that type instead" "$LOG_FILE" || true)

# if we have further hashes we are processing these now
if [[ "${#JTR_FORMATS[@]}" -gt 0 ]] && [[ "$COUNT" -lt "$JTR_TIMEOUT" ]] ; then
print_ln
print_output "[*] Further password hashes detected:"
for JTR_FORMAT in "${JTR_FORMATS[@]}"; do
JTR_FORMAT="$(echo "$JTR_FORMAT" | cut -d '=' -f2 | awk '{print $1}' | tr -d '"' )"
print_output "$(indent "$(orange "Detected hash type: $JTR_FORMAT")")"
done

for JTR_FORMAT in "${JTR_FORMATS[@]}"; do
print_ln
echo "[*] COUNT: $COUNT"
JTR_FORMAT="$(echo "$JTR_FORMAT" | cut -d '=' -f2 | awk '{print $1}' | tr -d '"' )"
print_output "[*] Testing password hash types $ORANGE$JTR_FORMAT$NC"
john --format="$JTR_FORMAT" --progress-every=120 "$LOG_PATH_MODULE"/jtr_hashes.txt 2>&1 | tee -a "$LOG_FILE" || true &
PID="$!"

while [[ "$COUNT" -le "$JTR_TIMEOUT" ]];do
((COUNT+=1))
if ! pgrep john > /dev/null; then
# if no john process is running it means we are finished with cracking passwords
# and we can exit the while loop for waiting
break
fi
sleep 1
done
if [[ "$COUNT" -ge "$JTR_TIMEOUT" ]]; then
# we are running out of time and kill john
kill "$PID" || true
fi
done
fi
print_ln
NEG_LOG=1

Expand Down
2 changes: 1 addition & 1 deletion modules/S12_binary_protection.sh
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ S12_binary_protection()
FILE=$(print_path "$FILE")

printf "\t%-22.22s %-25.25s %-20.20s %-20.20s %-20.20s %-20.20s %-20.20s %-5.5s %s\n" \
"$RELRO" "$CANARY" "$NX" "$PIE" "$RPATH" "$RUNPATH" "$SYMBOLS" "$FORTIFY" "$FILE" | tee -a "$TMP_DIR"/s12.tmp
"$RELRO" "$CANARY" "$NX" "$PIE" "$RPATH" "$RUNPATH" "$SYMBOLS" "$FORTIFY" "$FILE" | tee -a "$TMP_DIR"/s12.tmp || true
BIN_PROT_COUNTER=$((BIN_PROT_COUNTER+1))
fi
done
Expand Down
4 changes: 2 additions & 2 deletions modules/S15_bootloader_check.sh
Original file line number Diff line number Diff line change
Expand Up @@ -253,9 +253,9 @@ check_bootloader()
local OBSD_FILE1=""
local OBSD_FILE2=""
# mapfile -t OBSD_PATH1 < <(mod_path "/usr/mdec/biosboot")
mapfile -t OBSD_PATH1 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/usr/mdec/biosboot")
mapfile -t OBSD_PATH1 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/usr/mdec/biosboot" || true)
# mapfile -t OBSD_PATH2 < <(mod_path "/boot")
mapfile -t OBSD_PATH2 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot")
mapfile -t OBSD_PATH2 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot" || true)
for OBSD_FILE1 in "${OBSD_PATH1[@]}" ; do
for OBSD_FILE2 in "${OBSD_PATH2[@]}" ; do
if [[ -f "$OBSD_FILE2" ]] && [[ -f "OBSD_FILE2" ]] ; then
Expand Down
2 changes: 1 addition & 1 deletion modules/S26_kernel_vuln_verifier.sh
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ S26_kernel_vuln_verifier()
if [[ -d "$LOG_DIR""/firmware" ]]; then
print_output "[*] Identify kernel modules symbols ..."
find "$LOG_DIR/firmware" -name "*.ko" -exec readelf -a {} \; | grep FUNC | sed 's/.*FUNC//' | \
awk '{print $4}' | sed 's/\[\.\.\.\]//' >> "$LOG_PATH_MODULE"/symbols.txt
awk '{print $4}' | sed 's/\[\.\.\.\]//' >> "$LOG_PATH_MODULE"/symbols.txt || true
fi

uniq "$LOG_PATH_MODULE"/symbols.txt > "$LOG_PATH_MODULE"/symbols_uniq.txt
Expand Down