Adjust cracker modules

Author: msutovsky-r7

lib/metasploit/framework/password_crackers/cracker.rb

@@ -119,6 +119,10 @@ def initialize(attributes = {})
             public_send("#{attribute}=", value)
           end
         end
+        
+        def get_type
+          self.cracker
+        end
 
         # This method takes a {framework.db.cred.private.jtr_format} (string), and
         # returns the string number associated to the hashcat format
@@ -573,7 +577,7 @@ def show_command
           end
           cmd << hash_path
         end
-
+        
         def get_hashcat
           # Look in the Environment PATH for the hashcat binary
           self.cracker = 'hashcat'

modules/auxiliary/analyze/crack_aix.rb

@@ -25,8 +25,9 @@ def initialize
       'Actions' => [
         ['john', { 'Description' => 'Use John the Ripper' }],
         ['hashcat', { 'Description' => 'Use Hashcat' }],
+        ['auto', { 'Description' => 'Auto-selection of cracker' ]}
       ],
-      'DefaultAction' => 'john',
+      'DefaultAction' => 'auto',
       'Notes' => {
         'Stability' => [CRASH_SAFE],
         'SideEffects' => [],
@@ -45,9 +46,9 @@ def initialize
   def show_command(cracker_instance)
     return unless datastore['ShowCommand']
 
-    if action.name == 'john'
+    if @cracker_type == 'john'
       cmd = cracker_instance.john_crack_command
-    elsif action.name == 'hashcat'
+    elsif @cracker_type == 'hashcat'
       cmd = cracker_instance.hashcat_crack_command
     end
     print_status("   Cracking Command: #{cmd.join(' ')}")
@@ -63,12 +64,12 @@ def check_results(passwords, results, hash_type, method)
       next unless fields.count >= 3
 
       cred = { 'hash_type' => hash_type, 'method' => method }
-      if action.name == 'john'
+      if @cracker_type == 'john'
         cred['username'] = fields.shift
         cred['core_id'] = fields.pop
         4.times { fields.pop } # Get rid of extra :
         cred['password'] = fields.join(':') # Anything left must be the password. This accounts for passwords with semi-colons in it
-      elsif action.name == 'hashcat'
+      elsif @cracker_type == 'hashcat'
         cred['core_id'] = fields.shift
         cred['hash'] = fields.shift
         cred['password'] = fields.join(':') # Anything left must be the password. This accounts for passwords with semi-colons in it
@@ -86,13 +87,19 @@ def check_results(passwords, results, hash_type, method)
 
   def run
     tbl = tbl = cracker_results_table
+    cracker = new_password_cracker(action.name)
+    if action.name == 'auto'
+      @cracker_type = cracker.get_type
+    else
+      @cracker_type = action.name
+    end
 
     hash_types_to_crack = ['descrypt']
     jobs_to_do = []
 
     # build our job list
     hash_types_to_crack.each do |hash_type|
-      job = hash_job(hash_type, action.name)
+      job = hash_job(hash_type, @cracker_type)
       if job.nil?
         print_status("No #{hash_type} found to crack")
       else
@@ -110,8 +117,6 @@ def run
     # Inner array format: db_id, hash_type, username, password, method_of_crack
     results = []
 
-    cracker = new_password_cracker(action.name)
-
     # generate our wordlist and close the file handle.  max length of DES is 8
     wordlist = wordlist_file(8)
     unless wordlist
@@ -136,7 +141,7 @@ def run
       cracker_instance = cracker.dup
       cracker_instance.format = format
 
-      if action.name == 'john'
+      if @cracker_type == 'john'
         cracker_instance.fork = datastore['FORK']
       end
 
@@ -147,7 +152,7 @@ def run
       job['cred_ids_left_to_crack'] = job['cred_ids_left_to_crack'] - results.map { |i| i[0].to_i } # remove cracked hashes from the hash list
       next if job['cred_ids_left_to_crack'].empty?
 
-      if action.name == 'john'
+      if @cracker_type == 'john'
         print_status "Cracking #{format} hashes in single mode..."
         cracker_instance.mode_single(wordlist.path)
         show_command cracker_instance
@@ -189,7 +194,7 @@ def run
       print_status "Cracking #{format} hashes in wordlist mode..."
       cracker_instance.mode_wordlist(wordlist.path)
       # Turn on KoreLogic rules if the user asked for it
-      if action.name == 'john' && datastore['KORELOGIC']
+      if @cracker_type == 'john' && datastore['KORELOGIC']
         cracker_instance.rules = 'KoreLogicRules'
         print_status 'Applying KoreLogic ruleset...'
       end

modules/auxiliary/analyze/crack_databases.rb

@@ -59,29 +59,29 @@ def initialize
   def show_command(cracker_instance)
     return unless datastore['ShowCommand']
 
-    if cracker_instance.cracker == 'john'
+    if @cracker_type == 'john'
       cmd = cracker_instance.john_crack_command
-    elsif cracker_instance.cracker == 'hashcat'
+    elsif @cracker_type == 'hashcat'
       cmd = cracker_instance.hashcat_crack_command
     end
     print_status("   Cracking Command: #{cmd.join(' ')}")
   end
 
-  def check_results(passwords, results, hash_type, method, cracker_type)
+  def check_results(passwords, results, hash_type, method)
     passwords.each do |password_line|
       password_line.chomp!
       next if password_line.blank?
 
       fields = password_line.split(':')
       cred = { 'hash_type' => hash_type, 'method' => method }
 
-      if cracker_type == 'john'
+      if @cracker_type == 'john'
         next unless fields.count >= 3
 
         cred['username'] = fields.shift
         cred['core_id'] = fields.pop
         cred['password'] = fields.join(':') # Anything left must be the password. This accounts for passwords with semi-colons in it
-      elsif cracker_type == 'hashcat'
+      elsif @cracker_type == 'hashcat'
         next unless fields.count >= 2
 
         cred['core_id'] = fields.shift
@@ -112,6 +112,11 @@ def check_results(passwords, results, hash_type, method, cracker_type)
   def run
     tbl = cracker_results_table
     cracker = new_password_cracker(action.name)
+    if action.name == 'auto'
+      @cracker_type = cracker.get_type
+    else
+      @cracker_type = action.name
+    end
 
     # array of hashes in jtr_format in the db, converted to an OR combined regex
     hash_types_to_crack = []
@@ -130,7 +135,7 @@ def run
 
       # hashcat requires a format we dont have all the data for
       # in the current dumper, so this is disabled in module and lib
-      if cracker.cracker == 'john'
+      if @cracker_type == 'john'
         hash_types_to_crack << 'oracle'
         hash_types_to_crack << 'dynamic_1506'
       end
@@ -187,25 +192,25 @@ def run
       cracker_instance = cracker.dup
       cracker_instance.format = format
 
-      if cracker.cracker == 'john'
+      if @cracker_type == 'john'
         cracker_instance.fork = datastore['FORK']
       end
 
       # first check if anything has already been cracked so we don't report it incorrectly
       print_status "Checking #{format} hashes already cracked..."
-      results = check_results(cracker_instance.each_cracked_password, results, format, 'Already Cracked/POT', cracker.cracker)
+      results = check_results(cracker_instance.each_cracked_password, results, format, 'Already Cracked/POT')
       vprint_good(append_results(tbl, results)) unless results.empty?
       job['cred_ids_left_to_crack'] = job['cred_ids_left_to_crack'] - results.map { |i| i[0].to_i } # remove cracked hashes from the hash list
       next if job['cred_ids_left_to_crack'].empty?
 
-      if cracker.cracker == 'john'
+      if @cracker_type == 'john'
         print_status "Cracking #{format} hashes in single mode..."
         cracker_instance.mode_single(wordlist.path)
         show_command cracker_instance
         cracker_instance.crack do |line|
           vprint_status line.chomp
         end
-        results = check_results(cracker_instance.each_cracked_password, results, format, 'Single', cracker.cracker)
+        results = check_results(cracker_instance.each_cracked_password, results, format, 'Single')
         vprint_good(append_results(tbl, results)) unless results.empty?
         job['cred_ids_left_to_crack'] = job['cred_ids_left_to_crack'] - results.map { |i| i[0].to_i } # remove cracked hashes from the hash list
         next if job['cred_ids_left_to_crack'].empty?
@@ -216,7 +221,7 @@ def run
         cracker_instance.crack do |line|
           vprint_status line.chomp
         end
-        results = check_results(cracker_instance.each_cracked_password, results, format, 'Normal', cracker.cracker)
+        results = check_results(cracker_instance.each_cracked_password, results, format, 'Normal')
         vprint_good(append_results(tbl, results)) unless results.empty?
         job['cred_ids_left_to_crack'] = job['cred_ids_left_to_crack'] - results.map { |i| i[0].to_i } # remove cracked hashes from the hash list
         next if job['cred_ids_left_to_crack'].empty?
@@ -229,7 +234,7 @@ def run
         cracker_instance.crack do |line|
           vprint_status line.chomp
         end
-        results = check_results(cracker_instance.each_cracked_password, results, format, 'Incremental', cracker.cracker)
+        results = check_results(cracker_instance.each_cracked_password, results, format, 'Incremental')
         vprint_good(append_results(tbl, results)) unless results.empty?
         job['cred_ids_left_to_crack'] = job['cred_ids_left_to_crack'] - results.map { |i| i[0].to_i } # remove cracked hashes from the hash list
         next if job['cred_ids_left_to_crack'].empty?
@@ -239,7 +244,7 @@ def run
         print_status "Cracking #{format} hashes in wordlist mode..."
         cracker_instance.mode_wordlist(wordlist.path)
         # Turn on KoreLogic rules if the user asked for it
-        if cracker.cracker == 'john' && datastore['KORELOGIC']
+        if @cracker_type == 'john' && datastore['KORELOGIC']
           cracker_instance.rules = 'KoreLogicRules'
           print_status 'Applying KoreLogic ruleset...'
         end
@@ -248,7 +253,7 @@ def run
           vprint_status line.chomp
         end
 
-        results = check_results(cracker_instance.each_cracked_password, results, format, 'Wordlist', cracker.cracker)
+        results = check_results(cracker_instance.each_cracked_password, results, format, 'Wordlist')
         vprint_good(append_results(tbl, results)) unless results.empty?
         job['cred_ids_left_to_crack'] = job['cred_ids_left_to_crack'] - results.map { |i| i[0].to_i } # remove cracked hashes from the hash list
         next if job['cred_ids_left_to_crack'].empty?

modules/auxiliary/analyze/crack_linux.rb

@@ -32,8 +32,9 @@ def initialize
       'Actions' => [
         ['john', { 'Description' => 'Use John the Ripper' }],
         ['hashcat', { 'Description' => 'Use Hashcat' }],
+        ['auto', { 'Description' => 'Auto-selection of cracker' }]
       ],
-      'DefaultAction' => 'john',
+      'DefaultAction' => 'auto',
       'Notes' => {
         'Stability' => [CRASH_SAFE],
         'SideEffects' => [],
@@ -58,9 +59,9 @@ def initialize
   def show_command(cracker_instance)
     return unless datastore['ShowCommand']
 
-    if action.name == 'john'
+    if @cracker_type == 'john'
       cmd = cracker_instance.john_crack_command
-    elsif action.name == 'hashcat'
+    elsif @cracker_type == 'hashcat'
       cmd = cracker_instance.hashcat_crack_command
     end
     print_status("   Cracking Command: #{cmd.join(' ')}")
@@ -74,14 +75,14 @@ def check_results(passwords, results, hash_type, method)
       fields = password_line.split(':')
       cred = { 'hash_type' => hash_type, 'method' => method }
 
-      if action.name == 'john'
+      if @cracker_type == 'john'
         next unless fields.count >= 3 # If we don't have an expected minimum number of fields, this is probably not a hash line
 
         cred['username'] = fields.shift
         cred['core_id'] = fields.pop
         4.times { fields.pop } # Get rid of extra :
         cred['password'] = fields.join(':') # Anything left must be the password. This accounts for passwords with semi-colons in it
-      elsif action.name == 'hashcat'
+      elsif @cracker_type == 'hashcat'
         next unless fields.count >= 2 # If we don't have an expected minimum number of fields, this is probably not a hash line
 
         cred['core_id'] = fields.shift
@@ -100,7 +101,13 @@ def check_results(passwords, results, hash_type, method)
   end
 
   def run
-    tbl = tbl = cracker_results_table
+    tbl = cracker_results_table
+    cracker = new_password_cracker(action.name)
+    if action.name == 'auto'
+      @cracker_type = cracker.get_type
+    else
+      @cracker_type = action.name
+    end
 
     # array of hashes in jtr_format in the db, converted to an OR combined regex
     hash_types_to_crack = []
@@ -115,7 +122,7 @@ def run
 
     # build our job list
     hash_types_to_crack.each do |hash_type|
-      job = hash_job(hash_type, action.name)
+      job = hash_job(hash_type, @cracker_type)
       if job.nil?
         print_status("No #{hash_type} found to crack")
       else
@@ -133,8 +140,6 @@ def run
     # Inner array format: db_id, hash_type, username, password, method_of_crack
     results = []
 
-    cracker = new_password_cracker(action.name)
-
     # generate our wordlist and close the file handle.
     wordlist = wordlist_file
     unless wordlist
@@ -158,7 +163,7 @@ def run
       cracker_instance = cracker.dup
       cracker_instance.format = format
 
-      if action.name == 'john'
+      if @cracker_type == 'john'
         cracker_instance.fork = datastore['FORK']
       end
 
@@ -169,7 +174,7 @@ def run
       job['cred_ids_left_to_crack'] = job['cred_ids_left_to_crack'] - results.map { |i| i[0].to_i } # remove cracked hashes from the hash list
       next if job['cred_ids_left_to_crack'].empty?
 
-      if action.name == 'john'
+      if @cracker_type == 'john'
         print_status "Cracking #{format} hashes in single mode..."
         cracker_instance.mode_single(wordlist.path)
         show_command cracker_instance
@@ -211,7 +216,7 @@ def run
       print_status "Cracking #{format} hashes in wordlist mode..."
       cracker_instance.mode_wordlist(wordlist.path)
       # Turn on KoreLogic rules if the user asked for it
-      if action.name == 'john' && datastore['KORELOGIC']
+      if @cracker_type == 'john' && datastore['KORELOGIC']
         cracker_instance.rules = 'KoreLogicRules'
         print_status 'Applying KoreLogic ruleset...'
       end