Added Nautilus scripts for cracking GNU/Linux passwords and some fixes

2020-12-01 11:29:27 +01:00 · 2020-12-01 11:29:27 +01:00 · ba7f07512c
commit ba7f07512c
parent edfba81c48
8 changed files with 282 additions and 6 deletions
--- a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07a-pwdump-hashcat-dictionary
+++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07a-pwdump-hashcat-dictionary
@ -20,7 +20,7 @@
 #   Starts hashcat with a dictionary and a rule on the choosen pwdump file.
 #
 # REQUIREMENTS:
-#   bash, zenity, coreutils and hashcat
+#   bash, zenity, coreutils, procps and hashcat
 #
 # BUGS:
 #   ---
@ -94,6 +94,7 @@ source "${LIBRARY}"
 # Checks (see library "casualscripter_nautilus-scripts_functions.sh").
 #-------------------------------------------------------------------------------
 check_dep "${CUT_BIN}" "coreutils"
+check_dep "${PGREP_BIN}" "procps"
 check_dep "${HASHCAT_BIN}" "hashcat"

 check_ext "${SOURCE}" "txt"
--- a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07b-pwdump-hashcat-brute-force
+++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/07b-pwdump-hashcat-brute-force
@ -20,7 +20,7 @@
 #   Starts hashcat with a brute force attack on the choosen pwdump file.
 #
 # REQUIREMENTS:
-#   bash, zenity, coreutils and hashcat
+#   bash, zenity, coreutils, procps and hashcat
 #
 # BUGS:
 #   ---
@ -94,6 +94,7 @@ source "${LIBRARY}"
 # Checks (see library "casualscripter_nautilus-scripts_functions.sh").
 #-------------------------------------------------------------------------------
 check_dep "${CUT_BIN}" "coreutils"
+check_dep "${PGREP_BIN}" "procps"
 check_dep "${HASHCAT_BIN}" "hashcat"

 check_ext "${SOURCE}" "txt"
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06a-fwh-SALTED-SHA1-hashcat-dict-v10.4-10.6
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06a-fwh-SALTED-SHA1-hashcat-dict-v10.4-10.6
@ -20,7 +20,7 @@
 #   Starts hashcat with a dictionary and a rule on the choosen file with hashes.
 #
 # REQUIREMENTS:
-#   bash, zenity, coreutils and hashcat
+#   bash, zenity, coreutils, procps and hashcat
 #
 # BUGS:
 #   ---
@ -94,6 +94,7 @@ source "${LIBRARY}"
 # Checks (see library "casualscripter_nautilus-scripts_functions.sh").
 #-------------------------------------------------------------------------------
 check_dep "${CUT_BIN}" "coreutils"
+check_dep "${PGREP_BIN}" "procps"
 check_dep "${HASHCAT_BIN}" "hashcat"

 check_ext "${SOURCE}" "txt"
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06b-fwh-SALTED-SHA1-hashcat-dict-v10.7
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06b-fwh-SALTED-SHA1-hashcat-dict-v10.7
@ -20,7 +20,7 @@
 #   Starts hashcat with a dictionary and a rule on the choosen file with hashes.
 #
 # REQUIREMENTS:
-#   bash, zenity, coreutils and hashcat
+#   bash, zenity, coreutils, procps and hashcat
 #
 # BUGS:
 #   ---
@ -94,6 +94,7 @@ source "${LIBRARY}"
 # Checks (see library "casualscripter_nautilus-scripts_functions.sh").
 #-------------------------------------------------------------------------------
 check_dep "${CUT_BIN}" "coreutils"
+check_dep "${PGREP_BIN}" "procps"
 check_dep "${HASHCAT_BIN}" "hashcat"

 check_ext "${SOURCE}" "txt"
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06c-fwh-SALTED-SHA512-PBKDF2-hashcat-dict-v10.8-10.15
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06c-fwh-SALTED-SHA512-PBKDF2-hashcat-dict-v10.8-10.15
@ -20,7 +20,7 @@
 #   Starts hashcat with a dictionary and a rule on the choosen file with hashes.
 #
 # REQUIREMENTS:
-#   bash, zenity, coreutils and hashcat
+#   bash, zenity, coreutils, procps and hashcat
 #
 # BUGS:
 #   ---
@ -94,6 +94,7 @@ source "${LIBRARY}"
 # Checks (see library "casualscripter_nautilus-scripts_functions.sh").
 #-------------------------------------------------------------------------------
 check_dep "${CUT_BIN}" "coreutils"
+check_dep "${PGREP_BIN}" "procps"
 check_dep "${HASHCAT_BIN}" "hashcat"

 check_ext "${SOURCE}" "txt"
--- a/home/lucifer/.local/share/nautilus/scripts/05c-Linux/02a-E01-RPi-CPU-version
+++ b/home/lucifer/.local/share/nautilus/scripts/05c-Linux/02a-E01-RPi-CPU-version
@ -10,7 +10,7 @@
 #   02a-RPi-CPU-version
 #
 # USAGE:
-#   Right klick on a EWF_E01 image (.E01) and
+#   Right click on a EWF_E01 image (.E01) and
 #   choose this nautilus script from the context menu.
 #
 # OPTIONS:
--- a/home/lucifer/.local/share/nautilus/scripts/05c-Linux/05-E01-dump-sha512crypt
+++ b/home/lucifer/.local/share/nautilus/scripts/05c-Linux/05-E01-dump-sha512crypt
@ -0,0 +1,127 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05c-Linux/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05c-Linux/ (deprecated)
+#
+# FILE:
+#   05-E01-dump-sha512crypt
+#
+# USAGE:
+#   Right click on a EWF_E01 image (.E01) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Extracts the Hashes out of a GNU/Linux system
+#
+# REQUIREMENTS:
+#   bash, zenity, sleuthkit and awk
+#
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://...
+#
+# CREATED:
+#   19.06.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ----
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${FCAT_BIN}" "sleuthkit"
+check_dep "${AWK_BIN}" "awk"
+
+check_ext "${SOURCE}" "[eE]01"
+
+check_tmp
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly OFFSET="$( choose_partition "${SOURCE}" | ${AWK_BIN} -F "_" '{ print $3; }' )"
+
+readonly SHADOW="${TMP}/${OFFSET}-shadow.txt"
+readonly SHA512="${TMP}/${OFFSET}-sha512.txt"
+
+#-------------------------------------------------------------------------------
+# Extract hashes from /etc/shadow
+#-------------------------------------------------------------------------------
+if ! [ -f "${SHADOW}" ] ; then
+  ${FCAT_BIN} -o "${OFFSET}" "/etc/shadow" "${SOURCE}" > "${SHADOW}"
+fi
+
+if ! [ -f "${SHA512}" ] ; then
+  ${AWK_BIN} -F ":" '$2 ~ /.{3,}/ { print $2; }' "${SHADOW}" > "${SHA512}"
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "sha512.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${SHA512}"
+
+exit 0
--- a/home/lucifer/.local/share/nautilus/scripts/05c-Linux/06-fwh-sha512crypt-hashcat-dict
+++ b/home/lucifer/.local/share/nautilus/scripts/05c-Linux/06-fwh-sha512crypt-hashcat-dict
@ -0,0 +1,144 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05c-Linux/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05c-Linux/ (deprecated)
+#
+# FILE:
+#   06-fwh-sha512crypt-hashcat-dict
+#
+# USAGE:
+#   Right click on file with hashes (fwh) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Starts hashcat with a dictionary and a rule on the choosen file with hashes.
+#
+# REQUIREMENTS:
+#   bash, zenity, hashcat, coreutils and procps
+#
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://
+#
+# CREATED:
+#   20.06.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ----
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${HASHCAT_BIN}" "hashcat"
+check_dep "${PGREP_BIN}" "procps"
+check_dep "${SLEEP_BIN}" "coreutils"
+
+check_ext "${SOURCE}" "txt"
+
+# For development I have only used rockyou.txt.
+# TODO: choice of more dictionaties:
+#   https://github.com/danielmiessler/SecLists/tree/master/Passwords
+readonly DICTIONARY="/home/${USER}/hashcat/dictionaries/rockyou.txt"
+check_file "${DICTIONARY}" "rockyou.txt"
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly HASHCAT="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-hashcat-dictionary.txt"
+
+#-------------------------------------------------------------------------------
+# We need force if we use an intel GPU with "broken" OpenCL!
+#   (need some hours)
+#-------------------------------------------------------------------------------
+if [ ! -f "${HASHCAT}" ] ; then
+  ${GTERMINAL_BIN} --hide-menubar -- \
+    ${HASHCAT_BIN} \
+    --potfile-disable \
+    --hash-type 1800 \
+    --attack-mode 0 \
+    --workload-profile 3 \
+    --optimized-kernel-enable \
+    --force \
+    --outfile "${HASHCAT}" \
+    "${SOURCE}" \
+    "${DICTIONARY}" \
+    --rules-file /usr/share/doc/hashcat/rules/dive.rule
+
+  ${SLEEP_BIN} 3
+
+  # We have to wait until ewfverify has finished...
+  while ${PGREP_BIN} --full "${HASHCAT_BIN}" > /dev/null 2>&1; do
+    ${SLEEP_BIN} 1
+  done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashcat.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHCAT}"
+
+exit 0