Path: blob/master/tools/dev/hash_cracker_validator.rb
31347 views
#!/usr/bin/env ruby12# This script is used to validate the hash cracking capabilities of metasploit3# https://github.com/rapid7/metasploit-framework/pull/17667 shows the complexity4# of trying to insert hashes, run the appropriate hash cracking module, and verify the hashes are cracked.5# this automates everything and checks the output of the hash cracking modules to ensure they are working as expected6# author: h00die78require 'open3'9require 'tempfile'10require 'optparse'1112options = { test: 'all', verbose: false }1314OptionParser.new do |opts|15opts.banner = <<~BANNER16hash_cracker_validator.rb - A Script to verify hash cracking in Metasploit.1718Based on passwords/hashes from https://docs.metasploit.com/docs/using-metasploit/intermediate/hashes-and-password-cracking.html#hashes1920Usage: hash_cracker_validator.rb [options]21BANNER22opts.on('--verbose', 'Enable verbose output.') do23options[:verbose] = true24end25opts.on('-t', '--test LIST', "Which tests to conduct. Takes a list of numbers (comma-separated), defaults to 'all'",26'Test 1: Test database connection',27'Test 2: *nix hashes in john wordlist mode',28'Test 3: windows hashes in john wordlist mode',29'Test 4: sql hashes in john wordlist mode',30'Test 5: osx hashes in john wordlist mode',31'Test 6: webapp hashes in john wordlist mode',32'Test 7: *nix hashes in hashcat wordlist mode',33'Test 8: windows hashes in hashcat wordlist mode',34'Test 9: sql hashes in hashcat wordlist mode',35'Test 10: mobile hashes in hashcat wordlist mode',36'Test 11: osx hashes in hashcat wordlist mode',37'Test 12: webapp hashes in hashcat wordlist mode',38'Test 13: *nix hashes in john pot mode',39'Test 14: windows hashes in john pot mode',40'Test 15: sql hashes in john pot mode',41'Test 16: osx hashes in john pot mode',42'Test 17: webapp hashes in john pot mode',43'Test 18: *nix hashes in hashcat pot mode',44'Test 19: windows hashes in hashcat pot mode',45'Test 20: sql hashes in hashcat pot mode',46'Test 21: mobile hashes in hashcat pot mode',47'Test 22: osx hashes in hashcat pot mode',48'Test 23: webapp hashes in hashcat pot mode',49'Test 24: all hashes in john apply_pot mode') do |list|50options[:test] = begin51list.split(',').map(&:strip).map(&:to_i)52rescue StandardError53'all'54end55end56end.parse!5758# colors and puts templates from msftidy.rb5960class String61def red62"\e[1;31;40m#{self}\e[0m"63end6465def yellow66"\e[1;33;40m#{self}\e[0m"67end6869def green70"\e[1;32;40m#{self}\e[0m"71end7273def cyan74"\e[1;36;40m#{self}\e[0m"75end76end7778def cleanup_text(txt)79txt80end8182#83# Display an error message, given some text84#85def good(txt)86puts "[#{'GOOD'.green}] #{cleanup_text(txt)}"87end8889#90# Display an error message, given some text91#92def error(txt)93puts "[#{'ERROR'.red}] #{cleanup_text(txt)}"94end9596#97# Display a warning message, given some text98#99def warning(txt)100puts "[#{'WARNING'.yellow}] #{cleanup_text(txt)}"101end102103#104# Display a info message, given some text105#106def info(txt)107puts "[#{'INFO'.cyan}] #{cleanup_text(txt)}"108end109110def nix_hashes_and_regex111creds_command = ''112creds_expected_output_regex = []113creds_command << ' creds add user:des_password hash:rEK1ecacw.7.c jtr:des;'114creds_expected_output_regex << /des_password\s+rEK1ecacw\.7\.c\s+Nonreplayable hash\s+des\s+password$/115creds_command << ' creds add user:md5_password hash:\$1\$O3JMY.Tw\$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5;'116creds_expected_output_regex << %r{md5_password\s+\$1\$O3JMY\.Tw\$AdLnLjQ/5jXF9\.MTp3gHv/\s+Nonreplayable hash\s+md5\s+password$}117creds_command << ' creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi;'118creds_expected_output_regex << /bsdi_password\s+_J9\.\.K0AyUubDrfOgO4s\s+Nonreplayable hash\s+bsdi\s+password$/119creds_command << ' creds add user:sha256_password hash:\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt;'120creds_command << ' set SHA256 true;'121creds_expected_output_regex << %r{sha256_password\s+\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP\.Os80yXhTurpBMUbA5\s+Nonreplayable hash\s+sha256,crypt\s+password$}122creds_command << ' creds add user:sha512_password hash:\$6\$zWwwXKNj\$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt;'123creds_command << ' set SHA512 true;'124creds_expected_output_regex << %r{sha512_password\s+\$6\$zWwwXKNj\$gLAOoZCjcr8p/\.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcV \(TRUNCATED\)\s+Nonreplayable hash\s+sha512,crypt\s+password$}125creds_command << ' creds add user:blowfish_password hash:\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf;'126creds_command << ' set BLOWFISH true;'127creds_expected_output_regex << %r{blowfish_password\s+\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe\s+Nonreplayable hash\s+bf\s+password$}128return creds_command, creds_expected_output_regex129end130131def osx_hashes_and_regex132creds_command = ''133creds_expected_output_regex = []134creds_command << ' creds add user:xsha_hashcat hash:1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683 jtr:xsha;'135creds_expected_output_regex << /xsha_hashcat\s+1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683\s+Nonreplayable hash\s+xsha\s+hashcat$/136creds_command << ' creds add user:pbkdf2_hashcat hash:\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222 jtr:PBKDF2-HMAC-SHA512;'137creds_expected_output_regex << /pbkdf2_hashcat\s+\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$7 \(TRUNCATED\)\s+Nonreplayable hash\s+PBKDF2-HMAC-SHA512\s+hashcat$/138creds_command << ' creds add user:xsha512_hashcat hash:648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d jtr:xsha512;'139creds_expected_output_regex << /xsha512_hashcat\s+648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c0 \(TRUNCATED\)\s+Nonreplayable hash\s+xsha512\s+hashcat$/140return creds_command, creds_expected_output_regex141end142143def webapp_hashes_and_regex144creds_command = ''145creds_expected_output_regex = []146creds_command << ' creds add user:mediawiki_hashcat hash:\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898 jtr:mediawiki;'147creds_expected_output_regex << /mediawiki_hashcat\s+\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898\s+Nonreplayable hash\s+mediawiki\s+hashcat$/148creds_command << ' creds add user:phpass_p_hashcat hash:\$P\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'149creds_expected_output_regex << /phpass_p_hashcat\s+\$P\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/150creds_command << ' creds add user:phpass_h_hashcat hash:\$H\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'151creds_expected_output_regex << /phpass_h_hashcat\s+\$H\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/152creds_command << ' creds add user:atlassian_hashcat hash:{PKCS5S2}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa jtr:PBKDF2-HMAC-SHA1;'153creds_expected_output_regex << %r{atlassian_hashcat\s+\{PKCS5S2\}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa\s+Nonreplayable\s+hash\s+PBKDF2-HMAC-SHA1\s+hashcat$}154return creds_command, creds_expected_output_regex155end156157def mobile_hashes_and_regex158creds_command = ''159creds_expected_output_regex = []160creds_command << ' creds add user:samsungsha1 hash:D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1 jtr:android-samsung-sha1;'161creds_expected_output_regex << /samsungsha1\s+D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1\s+Nonreplayable hash\s+android-samsung-sha1\s+1234$/162creds_command << ' creds add user:androidsha1 hash:9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5 jtr:android-sha1;'163creds_expected_output_regex << /androidsha1\s+9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5\s+Nonreplayable hash\s+android-sha1\s+1234$/164creds_command << ' creds add user:androidmd5 hash:1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5 jtr:android-md5;'165creds_expected_output_regex << /androidmd5\s+1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5\s+Nonreplayable hash\s+android-md5\s+1234$/166return creds_command, creds_expected_output_regex167end168169def windows_hashes_and_regex_john_compat170creds_command = ''171creds_expected_output_regex = []172creds_command << ' creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm;'173creds_expected_output_regex << /lm_password\s+e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+PASSWORD$/i # hashcat does PASSWORD, john does password174creds_command << ' creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt;'175creds_expected_output_regex << /nt_password\s+aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/176creds_command << ' creds add user:u4-netntlm hash:u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c jtr:netntlm;'177creds_expected_output_regex << /u4-netntlm\s+u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a \(TRUNCATED\)\s+Nonreplayable hash\s+netntlm\s+hashcat$/178creds_command << ' creds add user:admin hash:admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 jtr:netntlmv2;'179creds_expected_output_regex << /admin\s+admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c783031 \(TRUNCATED\)\s+Nonreplayable hash\s+netntlmv2\s+hashcat$/180creds_command << ' creds add user:mscash-test1 hash:M\$test1#64cd29e36a8431a2b111378564a10631 jtr:mscash;'181creds_expected_output_regex << /mscash-test1\s+M\$test1\#64cd29e36a8431a2b111378564a10631\s+Nonreplayable hash\s+mscash\s+test1$/182creds_command << ' creds add user:mscash2-hashcat hash:\$DCC2\$10240#tom#e4e938d12fe5974dc42a90120bd9c90f jtr:mscash2;'183creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/184return creds_command, creds_expected_output_regex185end186187def windows_hashes_and_regex_hashcat_compat188creds_command = ''189creds_expected_output_regex = []190cred_temp, regex_temp = windows_hashes_and_regex_john_compat191creds_command << cred_temp192creds_expected_output_regex += regex_temp193return creds_command, creds_expected_output_regex194end195196def sql_hashes_and_regex_hashcat_compat197creds_command = ''198creds_expected_output_regex = []199creds_command << ' creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05;'200creds_expected_output_regex << /mssql05_toto\s+0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908\s+Nonreplayable hash\s+mssql05\s+toto$/201creds_command << ' creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql;'202creds_expected_output_regex << /mssql_foo\s+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6 \(TRUNCATED\)\s+Nonreplayable hash\s+mssql\s+FOO$/203creds_command << ' creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12;'204creds_expected_output_regex << /mssql12_Password1!\s+0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE \(TRUNCATED\)\s+Nonreplayable hash\s+mssql12\s+Password1!$/205creds_command << ' creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql;'206creds_expected_output_regex << /mysql_probe\s+445ff82636a7ba59\s+Nonreplayable hash\s+mysql\s+probe$/207creds_command << ' creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1;'208creds_expected_output_regex << /mysql-sha1_tere\s+\*5AD8F88516BD021DD43F171E2C785C69F8E54ADB\s+Nonreplayable hash\s+mysql-sha1\s+tere$/209# hashcat des,oracle is a no go: https://github.com/rapid7/metasploit-framework/blob/7a7b009161d6b0839653f21296864da3365402a0/lib/metasploit/framework/password_crackers/cracker.rb#L152-L155210# creds_command << ' creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle;'211# creds_expected_output_regex << %r{simon\s+4F8BC1809CB2AF77\s+Nonreplayable hash\s+des,oracle\s+A$}212# creds_command << ' creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle;'213# creds_expected_output_regex << %r{SYSTEM\s+9EEDFA0AD26C6D52\s+Nonreplayable hash\s+des,oracle\s+THALES$}214215# can't escape ;?216# creds_command << ' creds add user:DEMO hash:\'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C\' jtr:raw-sha1,oracle;'217# creds_expected_output_regex << %r{mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$}218# creds_command << ' creds add user:oracle11_epsilon hash:"S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A\\\\;H:DC9894A01797D91D92ECA1DA66242209\\\\;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C" jtr:raw-sha1,oracle;'219# creds_expected_output_regex << %r{mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$}220# creds_command << ' creds add user:oracle12c_epsilon hash:"H:DC9894A01797D91D92ECA1DA66242209\\\\;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B" jtr:pbkdf2,oracle12c;'221# creds_expected_output_regex << %r{mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$}222# creds_command << ' creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860;'223# creds_expected_output_regex << %r{example\s+md5be86a79bf2043622d58d5453c47d4860\s+Postgres md5\s+raw-md5,postgres\s+password$}224return creds_command, creds_expected_output_regex225end226227def sql_hashes_and_regex_john_compat228creds_command = ''229creds_expected_output_regex = []230cred_temp, regex_temp = sql_hashes_and_regex_hashcat_compat231creds_command << cred_temp232creds_expected_output_regex += regex_temp233creds_command << ' creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle;'234creds_expected_output_regex << /simon\s+4F8BC1809CB2AF77\s+Nonreplayable hash\s+des,oracle\s+A$/235creds_command << ' creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle;'236creds_expected_output_regex << /SYSTEM\s+9EEDFA0AD26C6D52\s+Nonreplayable hash\s+des,oracle\s+THALES$/237creds_command << cred_temp238creds_expected_output_regex += regex_temp239return creds_command, creds_expected_output_regex240end241242warning 'WARNING: All credentials will be deleted as part of this script execution!'243244start_time = Time.now245246def run_msfconsole(command, expected_output_regexes)247section_start_time = Time.now248stdout, stderr = Open3.capture3("./msfconsole --defer-module-loads -qx \"#{command}\"")249250failing_regex = expected_output_regexes.find { |regex| !stdout.match?(regex) }251252if failing_regex.nil?253good ' SUCCESS: All expected outputs found.'254good " Section Runtime: #{Time.now - section_start_time} seconds"255return true256else257error " FAILURE: Expected output not found for regex: #{failing_regex.inspect}"258error " STDOUT: #{stdout}"259error " Section Runtime: #{Time.now - section_start_time} seconds"260error " STDERR: #{stderr}"261return false262end263end264265if options[:test] == 'all' || options[:test].include?(1)266info '[1/24] Checking Metasploit database connection...'267db_status_command = 'db_status; exit'268db_expected_output_regex = [/Connected to .+\. Connection type: .+\./]269unless run_msfconsole(db_status_command, db_expected_output_regex)270puts '-------------------------------'271error 'Database connection check failed. Exiting.'272exit 1273end274end275276wordlist = Tempfile.new('wordlist')277File.open(wordlist, 'w') { |file| file.write("password\nhashcat\ntest1\ntoto\nfoo\nPassword1!\nprobe\ntere\na\nTHALES\nepsilon\n1234\nTestPass123#\npasswor\nd\n") }278info "Wordlist file created at: #{wordlist.path}"279280if options[:test] == 'all' || options[:test].include?(2)281info '[2/24] Running *nix hashes in john wordlist mode...'282tempfile = Tempfile.new('john_pot')283creds_expected_output_regex = []284creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'285cred_temp, regex_temp = nix_hashes_and_regex286creds_command << cred_temp287creds_expected_output_regex += regex_temp288creds_command << ' use auxiliary/analyze/crack_linux;'289creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"290creds_command << " set POT #{tempfile.path};"291creds_command << ' run; creds -d; exit;'292info "Run Command: #{creds_command}" if options[:verbose]293unless run_msfconsole(creds_command, creds_expected_output_regex)294tempfile.close!295tempfile.unlink296puts '-------------------------------'297error 'Credential verification failed. Exiting.'298exit 1299end300tempfile.close!301tempfile.unlink302end303304if options[:test] == 'all' || options[:test].include?(3)305info '[3/24] Running windows hashes in john wordlist mode...'306tempfile = Tempfile.new('john_pot')307creds_expected_output_regex = []308creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'309cred_temp, regex_temp = windows_hashes_and_regex_john_compat310creds_command << cred_temp311creds_expected_output_regex += regex_temp312creds_command << ' use auxiliary/analyze/crack_windows;'313creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"314creds_command << " set POT #{tempfile.path};"315creds_command << ' run; creds -d; exit;'316info "Run Command: #{creds_command}" if options[:verbose]317unless run_msfconsole(creds_command, creds_expected_output_regex)318tempfile.close!319tempfile.unlink320puts '-------------------------------'321error 'Credential verification failed. Exiting.'322exit 1323end324tempfile.close!325tempfile.unlink326end327328if options[:test] == 'all' || options[:test].include?(4)329info '[4/24] Running sql hashes in john wordlist mode...'330tempfile = Tempfile.new('john_pot')331creds_expected_output_regex = []332creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'333cred_temp, regex_temp = sql_hashes_and_regex_john_compat334creds_command << cred_temp335creds_expected_output_regex += regex_temp336337creds_command << ' use auxiliary/analyze/crack_databases;'338creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"339creds_command << " set POT #{tempfile.path};"340creds_command << ' run; creds -d; exit;'341info "Run Command: #{creds_command}" if options[:verbose]342unless run_msfconsole(creds_command, creds_expected_output_regex)343tempfile.close!344tempfile.unlink345puts '-------------------------------'346error 'Credential verification failed. Exiting.'347exit 1348end349tempfile.close!350tempfile.unlink351end352353if options[:test] == 'all' || options[:test].include?(5)354info '[5/24] Running osx hashes in john wordlist mode...'355tempfile = Tempfile.new('john_pot')356creds_expected_output_regex = []357creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'358cred_temp, regex_temp = osx_hashes_and_regex359creds_command << cred_temp360creds_expected_output_regex += regex_temp361creds_command << ' use auxiliary/analyze/crack_osx;'362creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"363creds_command << " set POT #{tempfile.path};"364creds_command << ' run; creds -d; exit;'365info "Run Command: #{creds_command}" if options[:verbose]366unless run_msfconsole(creds_command, creds_expected_output_regex)367tempfile.close!368tempfile.unlink369puts '-------------------------------'370error 'Credential verification failed. Exiting.'371exit 1372end373tempfile.close!374tempfile.unlink375end376377if options[:test] == 'all' || options[:test].include?(6)378info '[6/24] Running webapp hashes in john wordlist mode...'379tempfile = Tempfile.new('john_pot')380creds_expected_output_regex = []381creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'382cred_temp, regex_temp = webapp_hashes_and_regex383creds_command << cred_temp384creds_expected_output_regex += regex_temp385creds_command << ' use auxiliary/analyze/crack_webapps;'386creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"387creds_command << " set POT #{tempfile.path};"388creds_command << ' run; creds -d; exit;'389info "Run Command: #{creds_command}" if options[:verbose]390unless run_msfconsole(creds_command, creds_expected_output_regex)391tempfile.close!392tempfile.unlink393puts '-------------------------------'394error 'Credential verification failed. Exiting.'395exit 1396end397tempfile.close!398tempfile.unlink399end400401if options[:test] == 'all' || options[:test].include?(7)402info '[7/24] Running *nix hashes in hashcat wordlist mode...'403tempfile = Tempfile.new('john_pot')404creds_expected_output_regex = []405creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'406cred_temp, regex_temp = nix_hashes_and_regex407creds_command << cred_temp408creds_expected_output_regex += regex_temp409creds_command << ' use auxiliary/analyze/crack_linux;'410creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"411creds_command << " set POT #{tempfile.path};"412creds_command << ' set action hashcat;'413creds_command << ' run; creds -d; exit;'414info "Run Command: #{creds_command}" if options[:verbose]415unless run_msfconsole(creds_command, creds_expected_output_regex)416tempfile.close!417tempfile.unlink418puts '-------------------------------'419error 'Credential verification failed. Exiting.'420exit 1421end422tempfile.close!423tempfile.unlink424end425426if options[:test] == 'all' || options[:test].include?(8)427info '[8/24] Running windows hashes in hashcat wordlist mode...'428tempfile = Tempfile.new('john_pot')429creds_expected_output_regex = []430creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'431cred_temp, regex_temp = windows_hashes_and_regex_hashcat_compat432creds_command << cred_temp433creds_expected_output_regex += regex_temp434creds_command << ' use auxiliary/analyze/crack_windows;'435creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"436creds_command << " set POT #{tempfile.path};"437creds_command << ' set action hashcat;'438creds_command << ' run; creds -d; exit;'439info "Run Command: #{creds_command}" if options[:verbose]440unless run_msfconsole(creds_command, creds_expected_output_regex)441tempfile.close!442tempfile.unlink443puts '-------------------------------'444error 'Credential verification failed. Exiting.'445exit 1446end447tempfile.close!448tempfile.unlink449end450451if options[:test] == 'all' || options[:test].include?(9)452info '[9/24] Running sql hashes in hashcat wordlist mode...'453tempfile = Tempfile.new('john_pot')454creds_expected_output_regex = []455creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'456cred_temp, regex_temp = sql_hashes_and_regex_hashcat_compat457creds_command << cred_temp458creds_expected_output_regex += regex_temp459460creds_command << ' use auxiliary/analyze/crack_databases;'461creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"462creds_command << " set POT #{tempfile.path};"463creds_command << ' set action hashcat;'464creds_command << ' run; creds -d; exit;'465info "Run Command: #{creds_command}" if options[:verbose]466unless run_msfconsole(creds_command, creds_expected_output_regex)467tempfile.close!468tempfile.unlink469puts '-------------------------------'470error 'Credential verification failed. Exiting.'471exit 1472end473tempfile.close!474tempfile.unlink475end476477if options[:test] == 'all' || options[:test].include?(10)478info '[10/24] Running mobile hashes in hashcat wordlist mode...'479tempfile = Tempfile.new('john_pot')480creds_expected_output_regex = []481creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'482cred_temp, regex_temp = mobile_hashes_and_regex483creds_command << cred_temp484creds_expected_output_regex += regex_temp485creds_command << ' use auxiliary/analyze/crack_mobile;'486creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"487creds_command << " set POT #{tempfile.path};"488creds_command << ' set action hashcat;'489creds_command << ' run; creds -d; exit;'490info "Run Command: #{creds_command}" if options[:verbose]491unless run_msfconsole(creds_command, creds_expected_output_regex)492tempfile.close!493tempfile.unlink494puts '-------------------------------'495error 'Credential verification failed. Exiting.'496exit 1497end498tempfile.close!499tempfile.unlink500end501502if options[:test] == 'all' || options[:test].include?(11)503info '[11/24] Running osx hashes in hashcat wordlist mode...'504tempfile = Tempfile.new('john_pot')505creds_expected_output_regex = []506creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'507cred_temp, regex_temp = osx_hashes_and_regex508creds_command << cred_temp509creds_expected_output_regex += regex_temp510creds_command << ' use auxiliary/analyze/crack_osx;'511creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"512creds_command << " set POT #{tempfile.path};"513creds_command << ' set action hashcat;'514creds_command << ' run; creds -d; exit;'515info "Run Command: #{creds_command}" if options[:verbose]516unless run_msfconsole(creds_command, creds_expected_output_regex)517tempfile.close!518tempfile.unlink519puts '-------------------------------'520error 'Credential verification failed. Exiting.'521exit 1522end523tempfile.close!524tempfile.unlink525end526527if options[:test] == 'all' || options[:test].include?(12)528info '[12/24] Running webapp hashes in hashcat wordlist mode...'529tempfile = Tempfile.new('john_pot')530creds_expected_output_regex = []531creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'532cred_temp, regex_temp = webapp_hashes_and_regex533creds_command << cred_temp534creds_expected_output_regex += regex_temp535creds_command << ' use auxiliary/analyze/crack_webapps;'536creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"537creds_command << " set POT #{tempfile.path};"538creds_command << ' set action hashcat;'539creds_command << ' run; creds -d; exit;'540info "Run Command: #{creds_command}" if options[:verbose]541unless run_msfconsole(creds_command, creds_expected_output_regex)542tempfile.close!543tempfile.unlink544puts '-------------------------------'545error 'Credential verification failed. Exiting.'546exit 1547end548tempfile.close!549tempfile.unlink550end551552wordlist.close!553wordlist.unlink554555pot_file = Tempfile.new('john_pot')556File.open(pot_file, 'w') { |file| file.write("$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/:password\nrEK1ecacw.7.c:password\n_J9..K0AyUubDrfOgO4s:password\n$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe:password\n$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5:password\n$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1:password\n$LM$4a3b108f3fa6cb6d:D\n$LM$e52cac67419a9a22:PASSWOR\n$NT$8846f7eaee8fb117ad06bdd830b7586c:password\nM$test1#64cd29e36a8431a2b111378564a10631:test1\n$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f:hashcat\n$NETNTLM$cb8086049ec4736c338d08f8e26de933$9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:hashcat\n$NETNTLMv2$ADMINN46iSNekpT$08ca45b7d7ea58ee$88dcbe4446168966a153a0064958dac6$5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030:hashcat\n0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254:FOO\n0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908:toto\n0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16:Password1!\n445ff82636a7ba59:probe\n*5AD8F88516BD021DD43F171E2C785C69F8E54ADB:tere\nO$SIMON#4f8bc1809cb2af77:A\nO$SYSTEM#9eedfa0ad26c6d52:THALES\n9860a48ca459d054f3fef0f8518cf6872923dae2:81fcb23bcadd6c5:1234\nd1b19a90b87fc10c304e657f37162445dae27d16:a006983800cc3dd1:1234\n1c0a0fdb673fba36beaeb078322c7393:81fcb23bcadd6c5:1234\n1430823483D07626EF8BE3FDA2FF056D0DFD818DBFE47683:hashcat\n$LION$648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d:hashcat\n$pbkdf2-hmac-sha512$35460.93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05.752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222:hashcat\n$pbkdf2-hmac-sha1$10000$37323237333437363735323036323731$d0c38acef03f149b4b37c5a8319feeefcbd34912127ba96f3dfa5c22f49bbc1a:hashcat\n$H$984478476IagS59wHZvyQMArzfx58u.:hashcat\n$P$984478476IagS59wHZvyQMArzfx58u.:hashcat\n$B$56668501$0ce106caa70af57fd525aeaf80ef2898:hashcat\ne52cac67419a9a22:PASSWOR\n4a3b108f3fa6cb6d:D\n8846f7eaee8fb117ad06bdd830b7586c:password\n64cd29e36a8431a2b111378564a10631:test1:test1\nu4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c:hashcat\nADMIN::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030:hashcat\n5ad8f88516bd021dd43f171e2c785c69f8e54adb:tere\n648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d:hashcat\n$ml$35460$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05$752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222:hashcat\n{PKCS5S2}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa:hashcat\n") }557info "john.pot file created at: #{pot_file.path}"558559if options[:test] == 'all' || options[:test].include?(13)560info '[13/24] Running *nix hashes in john pot mode...'561creds_expected_output_regex = []562creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'563cred_temp, regex_temp = nix_hashes_and_regex564creds_command << cred_temp565creds_expected_output_regex += regex_temp566creds_command << ' use auxiliary/analyze/crack_linux;'567creds_command << " set POT #{pot_file.path};"568creds_command << ' run; creds -d; exit;'569info "Run Command: #{creds_command}" if options[:verbose]570unless run_msfconsole(creds_command, creds_expected_output_regex)571puts '-------------------------------'572error 'Credential verification failed. Exiting.'573pot_file.close!574pot_file.unlink575exit 1576end577end578579if options[:test] == 'all' || options[:test].include?(14)580info '[14/24] Running windows hashes in john pot mode...'581582creds_expected_output_regex = []583creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'584cred_temp, regex_temp = windows_hashes_and_regex_john_compat585creds_command << cred_temp586creds_expected_output_regex += regex_temp587creds_command << ' use auxiliary/analyze/crack_windows;'588creds_command << " set POT #{pot_file.path};"589creds_command << ' run; creds -d; exit;'590info "Run Command: #{creds_command}" if options[:verbose]591unless run_msfconsole(creds_command, creds_expected_output_regex)592puts '-------------------------------'593error 'Credential verification failed. Exiting.'594pot_file.close!595pot_file.unlink596exit 1597end598end599600if options[:test] == 'all' || options[:test].include?(15)601info '[15/24] Running sql hashes in john pot mode...'602603creds_expected_output_regex = []604creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'605cred_temp, regex_temp = sql_hashes_and_regex_john_compat606creds_command << cred_temp607creds_expected_output_regex += regex_temp608609creds_command << ' use auxiliary/analyze/crack_databases;'610creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"611creds_command << " set POT #{pot_file.path};"612creds_command << ' run; creds -d; exit;'613info "Run Command: #{creds_command}" if options[:verbose]614unless run_msfconsole(creds_command, creds_expected_output_regex)615puts '-------------------------------'616error 'Credential verification failed. Exiting.'617pot_file.close!618pot_file.unlink619exit 1620end621end622623if options[:test] == 'all' || options[:test].include?(16)624info '[16/24] Running osx hashes in john pot mode...'625626creds_expected_output_regex = []627creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'628cred_temp, regex_temp = osx_hashes_and_regex629creds_command << cred_temp630creds_expected_output_regex += regex_temp631creds_command << ' use auxiliary/analyze/crack_osx;'632creds_command << " set POT #{pot_file.path};"633creds_command << ' run; creds -d; exit;'634info "Run Command: #{creds_command}" if options[:verbose]635unless run_msfconsole(creds_command, creds_expected_output_regex)636puts '-------------------------------'637error 'Credential verification failed. Exiting.'638pot_file.close!639pot_file.unlink640exit 1641end642end643644if options[:test] == 'all' || options[:test].include?(17)645info '[17/24] Running webapp hashes in john pot mode...'646647creds_expected_output_regex = []648creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'649cred_temp, regex_temp = webapp_hashes_and_regex650creds_command << cred_temp651creds_expected_output_regex += regex_temp652creds_command << ' use auxiliary/analyze/crack_webapps;'653creds_command << " set POT #{pot_file.path};"654creds_command << ' run; creds -d; exit;'655info "Run Command: #{creds_command}" if options[:verbose]656unless run_msfconsole(creds_command, creds_expected_output_regex)657puts '-------------------------------'658error 'Credential verification failed. Exiting.'659pot_file.close!660pot_file.unlink661exit 1662end663end664665if options[:test] == 'all' || options[:test].include?(18)666info '[18/24] Running *nix hashes in hashcat pot mode...'667668creds_expected_output_regex = []669creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'670cred_temp, regex_temp = nix_hashes_and_regex671creds_command << cred_temp672creds_expected_output_regex += regex_temp673creds_command << ' use auxiliary/analyze/crack_linux;'674creds_command << " set POT #{pot_file.path};"675creds_command << ' set action hashcat;'676creds_command << ' run; creds -d; exit;'677info "Run Command: #{creds_command}" if options[:verbose]678unless run_msfconsole(creds_command, creds_expected_output_regex)679puts '-------------------------------'680error 'Credential verification failed. Exiting.'681pot_file.close!682pot_file.unlink683exit 1684end685end686687if options[:test] == 'all' || options[:test].include?(19)688info '[19/24] Running windows hashes in hashcat pot mode...'689690creds_expected_output_regex = []691creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'692cred_temp, regex_temp = windows_hashes_and_regex_hashcat_compat693creds_command << cred_temp694creds_expected_output_regex += regex_temp695creds_command << ' use auxiliary/analyze/crack_windows;'696creds_command << " set POT #{pot_file.path};"697creds_command << ' set action hashcat;'698creds_command << ' run; creds -d; exit;'699info "Run Command: #{creds_command}" if options[:verbose]700unless run_msfconsole(creds_command, creds_expected_output_regex)701puts '-------------------------------'702error 'Credential verification failed. Exiting.'703pot_file.close!704pot_file.unlink705exit 1706end707end708709if options[:test] == 'all' || options[:test].include?(20)710info '[20/24] Running sql hashes in hashcat pot mode...'711712creds_expected_output_regex = []713creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'714cred_temp, regex_temp = sql_hashes_and_regex_hashcat_compat715creds_command << cred_temp716creds_expected_output_regex += regex_temp717718creds_command << ' use auxiliary/analyze/crack_databases;'719creds_command << " set POT #{pot_file.path};"720creds_command << ' set action hashcat;'721creds_command << ' run; creds -d; exit;'722info "Run Command: #{creds_command}" if options[:verbose]723unless run_msfconsole(creds_command, creds_expected_output_regex)724puts '-------------------------------'725error 'Credential verification failed. Exiting.'726pot_file.close!727pot_file.unlink728exit 1729end730end731732if options[:test] == 'all' || options[:test].include?(21)733info '[21/24] Running mobile hashes in hashcat pot mode...'734735creds_expected_output_regex = []736creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'737cred_temp, regex_temp = mobile_hashes_and_regex738creds_command << cred_temp739creds_expected_output_regex += regex_temp740creds_command << ' use auxiliary/analyze/crack_mobile;'741creds_command << " set POT #{pot_file.path};"742creds_command << ' set action hashcat;'743creds_command << ' run; creds -d; exit;'744info "Run Command: #{creds_command}" if options[:verbose]745unless run_msfconsole(creds_command, creds_expected_output_regex)746puts '-------------------------------'747error 'Credential verification failed. Exiting.'748pot_file.close!749pot_file.unlink750exit 1751end752end753754if options[:test] == 'all' || options[:test].include?(22)755info '[22/24] Running osx hashes in hashcat pot mode...'756757creds_expected_output_regex = []758creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'759cred_temp, regex_temp = osx_hashes_and_regex760creds_command << cred_temp761creds_expected_output_regex += regex_temp762creds_command << ' use auxiliary/analyze/crack_osx;'763creds_command << " set POT #{pot_file.path};"764creds_command << ' set action hashcat;'765creds_command << ' run; creds -d; exit;'766info "Run Command: #{creds_command}" if options[:verbose]767unless run_msfconsole(creds_command, creds_expected_output_regex)768puts '-------------------------------'769error 'Credential verification failed. Exiting.'770pot_file.close!771pot_file.unlink772exit 1773end774end775776if options[:test] == 'all' || options[:test].include?(23)777info '[23/24] Running webapp hashes in hashcat pot mode...'778779creds_expected_output_regex = []780creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'781cred_temp, regex_temp = webapp_hashes_and_regex782creds_command << cred_temp783creds_expected_output_regex += regex_temp784creds_command << ' use auxiliary/analyze/crack_webapps;'785creds_command << " set POT #{pot_file.path};"786creds_command << ' set action hashcat;'787creds_command << ' run; creds -d; exit;'788info "Run Command: #{creds_command}" if options[:verbose]789unless run_msfconsole(creds_command, creds_expected_output_regex)790puts '-------------------------------'791error 'Credential verification failed. Exiting.'792pot_file.close!793pot_file.unlink794exit 1795end796end797798if options[:test] == 'all' || options[:test].include?(24)799info '[24/24] Running all hashes in john apply_pot mode...'800801creds_expected_output_regex = []802creds_command = 'setg verbose true;'803cred_temp, regex_temp = nix_hashes_and_regex804creds_command << cred_temp805creds_expected_output_regex += regex_temp806cred_temp, regex_temp = windows_hashes_and_regex_john_compat807creds_command << cred_temp808creds_expected_output_regex += regex_temp809cred_temp, regex_temp = sql_hashes_and_regex_john_compat810creds_command << cred_temp811creds_expected_output_regex += regex_temp812cred_temp, regex_temp = osx_hashes_and_regex813creds_command << cred_temp814creds_expected_output_regex += regex_temp815cred_temp, regex_temp = webapp_hashes_and_regex816creds_command << cred_temp817creds_expected_output_regex += regex_temp818creds_command << ' use auxiliary/analyze/apply_pot;'819creds_command << " set POT #{pot_file.path};"820creds_command << ' run; creds -d; exit;'821info "Run Command: #{creds_command}" if options[:verbose]822unless run_msfconsole(creds_command, creds_expected_output_regex)823puts '-------------------------------'824error 'Credential verification failed. Exiting.'825pot_file.close!826pot_file.unlink827exit 1828end829end830831pot_file.close!832pot_file.unlink833834puts '-------------------------------'835good 'All checks passed successfully!'836info "Script runtime: #{Time.now - start_time} seconds"837838839