Monday, August 01, 2005

[TOOL] Cryptonite - Password Generator and Brute Force

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Cryptonite - Password Generator and Brute Force
------------------------------------------------------------------------

SUMMARY

DETAILS

Cryptonite written by nuTshell

Criptonite can do things like:
* Encrypt single password from command line;
* Encrypt clear text passwords from text file;
* Brute force encrypted password taking clear text passwords from text
file

Example:
root@scarface:/home/hash/security/tools/cryptonite# tail -1 /etc/shadow
test:$1$rOp0rYgu$AEX89iDMflYwnN.d51/ng1:12993:0:99999:7:::
root@scarface:/home/hash/security/tools/cryptonite# logout
hash@scarface:~/security/tools/cryptonite$ cat wordlist.txt
linuxRuleZ
hiyou
mI|NuJ3CS6bv
hello_world
lixo
Q!eQi:mVy
hackm3
changepasswordS
hash@scarface:~/security/tools/cryptonite$ ./cryptonite.pl -decrypMD5
'$1$rOp0rYgu$AEX89iDMflYwnN.d51/ng1' wordlist.txt
[*] Testing: linuxRuleZ
[*] Testing: hiyou
[*] Testing: mI|NuJ3CS6bv
[*] Testing: hello_world

[:)] HACK HACK HACK lalalalala
[!] $1$rOp0rYgu$AEX89iDMflYwnN.d51/ng1 cracked password is: hello_world
Execution time: 0s

Tool:
#!/usr/bin/perl
#
# Cryptonite written by nuTshell
# http://nutshell.gotfault.net
#
# Description: Cryptonite is [encrypter/decrypter<->password generator]
# Supported Algorithms are MD5 and SHA.
# Criptonite can do things like:
# -Encrypt single password from command line;
# -Encrypt cleartext passwords from textfile;
# -Decrypt encrypted password taking cleartext passwords from textfile
#
# eg. MD5 decryption:
#
# # cat /etc/shadow |grep ^test
# test:$1$B0Z/2qHu$ukj7EmMbRC7NsT5UwlPLm1:12992:0:99999:7:::
# $ ./cryptonite.pl -decrypMD5 '$1$B0Z/2qHu$ukj7EmMbRC7NsT5UwlPLm1'
wordlist
# [*] Testing: testing
# [*] Testing: areyouok
# [*] Testing: aracnophobia
# [*] Testing: kern3ltest1ng
# [*] Testing: hithere
# [*] Testing: hackme
#
# [:)] HACK HACK HACK lalalalala
# [!] $1$B0Z/2qHu$ukj7EmMbRC7NsT5UwlPLm1 cracked password is: hackme
# Execution time: 0 ms
# $
#
# eg. SHA creation of single password:
#
# $ ./cryptonite.pl -SHA hithere
# Algorithm: SHA
# nb1o8FrXI7iAQ
# $
#
# TIP: You could use gen.pl <http://nutshell.gotfault.net/geni/gen.html>
# to create wordlists!
#
# IMPORTANT 1: When inserting encrypted passwords from command line ALWAYS
# use (') single quotations marks.. ALWAYS!!!!
# IMPORTANT 2: If you use wordlists out there make sure to
# make it be "ASCII text" not any other type nor "ASCII English text, with
CRLF line terminators"
# use utility "dos2unix" for that:
# $ dos2unix wordlist.txt
#
# To do: support for more ciphers.
#
# For usage help just type: ./cryptonite.pl
#
# Greets to all of friends out there
#
use strict;
use warnings;
use Term::ANSIColor;

my $x;
my $endtime;
my $cleartext;
my @array =
split(",","a,b,c,d,e,f,g,h,i,j,l,m,n,o,p,q,r,s,t,u,v,x,z,y,w,k");
my $salts = 2; #you can increase it but never decrease

sub usage() {
die <<EOF

Cryptonite written by nuTshell
password[generator/cracker]

Usage: $0 [-MD5|-SHA|]
Options:
-MD5 [passfrase|-input {input_file}{output_file}]
-SHA [passfrase|-input {input_file}{output_file}]
-decrypMD5 ['cripted_password' wordlist_file]
-decrypSHA ['cripted_password' wordlist_file]
EOF
}

sub crypmeMD5 () {
my $cleartext = $ARGV[1];
if ($cleartext eq "-input") {
my $inputfile = $ARGV[2] or &usage;
my $outputfile = $ARGV[3] or &usage;
open(INPUT, "<$inputfile") or die "$!\n";
open(ZERO,">$outputfile") or die "$!\n";
print(ZERO "Algorithm: MD5\n\n");
close(ZERO);
open(OUTPUT,">>$outputfile");
printf("Algorithm: MD5\n");
foreach my $outline (<INPUT>) {
for(1..$salts) {
my $array = $array[rand(@array)] ;
$x .= $array;
}
chomp($outline);
my $pass = crypt($outline,"\$1\$$x");
chomp($outline);chomp($pass);
print(OUTPUT "$outline : $pass\n");
print("$outline : $pass\n");
$x = "";
}
}
else {
for(1..$salts) {
my $array = $array[rand(@array)] ;
$x .= $array;
}
my $pass = crypt($cleartext,"\$1\$$x");
printf("Algorithm: MD5\n");
print "$pass\n"
}

}

sub crypmeSHA () {
my $cleartext = $ARGV[1];
if ($cleartext eq "-input") {
my $inputfile = $ARGV[2] or &usage;
my $outputfile = $ARGV[3] or &usage;
open(INPUT, "<$inputfile") or die "$!\n";
open(ZERO,">$outputfile") or die "$!\n";
print(ZERO "Algorithm: SHA\n\n");
close(ZERO);
open(OUTPUT,">>$outputfile");
printf("Algorithm: SHA\n");
foreach my $outline (<INPUT>) {
for(1..$salts) {
my $array = $array[rand(@array)] ;
$x .= $array;
}
my $pass = crypt($outline,"$x");
chomp($outline);chomp($pass);
print(OUTPUT "$outline : $pass\n");
print("$outline : $pass\n");
$x = "";
}
}
else {
for(1..$salts) {
my $array = $array[rand(@array)] ;
$x .= $array;
}
my $pass = crypt($cleartext,"$x");
printf("Algorithm: SHA\n");
print "$pass\n"
}

}

sub decrypMD5() {
my $pass_to_crack = $ARGV[1] or die &usage;
my $inputpassfile = $ARGV[2] or die &usage;
open(INPUT, "<$inputpassfile") or die "$!\n";
my $begintime = $^T;
foreach my $try (<INPUT>) {
chomp($try);
my $check = crypt($try,$pass_to_crack);
chomp($try);
printf("[*] Testing: $try\n");
if ($check eq $pass_to_crack) {
printf("\n[:)] HACK HACK HACK
lalalalala\n");
printf("[!] $pass_to_crack cracked
password is: ");
printf color('bold');
printf("$try\n");
printf color('reset');
$endtime = time;
print "Execution time: ", $endtime -
$begintime, " ms\n";
exit(0);
}
}
$endtime = time;
printf("\nNo passwords cracked. Better luck next time.\n");
print "Execution time: ", $endtime - $begintime, " ms\n";
}

sub decrypSHA() {
my $pass_to_crack = $ARGV[1] or die &usage;
my $inputpassfile = $ARGV[2] or die &usage;
open(INPUT, "<$inputpassfile") or die "$!\n";
my $begintime = $^T;
foreach my $try (<INPUT>) {
my $check = crypt($try,$pass_to_crack);
chomp($try);
printf("[*] Testing: $try\n");
if ($check eq $pass_to_crack) {
printf("\n[:)] HACK HACK HACK
lalalalala\n");
printf("[!] $pass_to_crack cracked
password is: ");
printf color('bold');
printf("$try\n");
printf color('reset');
$endtime = time;
print "Execution time: ", $endtime -
$begintime, "s\n";
exit(0);
}
}
$endtime = time;
printf("\nNo passwords cracked. Better luck next time.\n");
print "Execution time: ", $endtime - $begintime, " ms\n";
}

my %cmd = (
"-MD5" => \&crypmeMD5,
"-decrypMD5" => \&decrypMD5,
"-SHA" => \&crypmeSHA,
"-decrypSHA" => \&decrypSHA,
"-help" => \&usage,
);
chomp(my $string = $ARGV[0]);
if ($cmd{$string}) {
$cmd{$string}->();
} else {&usage}
#eof

ADDITIONAL INFORMATION

The information has been provided by <mailto:h4sh@globo.com> Carlos
Carvalho .
To keep updated with the tool visit the project's homepage at:
<http://nutshell.gotfault.net/tools/cryptonite/cryptonite.html>
http://nutshell.gotfault.net/tools/cryptonite/cryptonite.html

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

No comments:

Post a Comment