1
0
Fork
You've already forked hash-compare
0
Quickly deliver user's passwords cracked from oclHashcat.
  • Shell 100%
Find a file
2015年05月15日 22:51:45 -06:00
hashcompare.sh Create hashcompare.sh 2012年12月26日 13:58:31 -08:00
README.md Update outdated README.md. 2015年05月15日 22:51:45 -06:00

hashcompare

A simple utility that allows for easy password recovery from oclHashcat cracking sessions.

In the instance where oclHashcat spits out successfully cracked passwords via the format hash:password, and the original file of hashes is in the format user:hash, this tool matches on the hash and produces an output file with the format of user:password.

Examples

user:hash

george:c21cfaebe1d69ac9e2e4e1e2dc383bac

hash:password

c21cfaebe1d69ac9e2e4e1e2dc383bac:password

Tools

The following tools were used in a proof of concept attack I conducted, of which led to the need to build a series of scripts (namely this one) to automate the process of password extraction and cracking from compromised Active Directory machines.

creddump (https://github.com/moyix/creddump)

Used for dumping cached credentials.

libesedb (https://github.com/libyal/libesedb)

Extracts the relevant portions of the NTDS tables.

NTDSXtract (https://github.com/csababarta/ntdsxtract)

A custom file, dshashes.py, was used to export the password hashes into a more usable format. place the dshashes.py file into the root of NTDSXtract.

Usage

Both of the input files need to be in the correct format of user:hash and hash:password, as this was built without the ability to check formatting.

sh hashcompare.sh -i [user:hash input] -t [hash:password input] -o [output file]

Formatting

In order to format the data correctly, until I update this (which probably won't happen), simply use the cut or sed utilities.

Example input:

:::user:PID:LM:NTLM:::

Example command:

cut -d: -f1,4 [inputfile

Example output:

user:NTLM