Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Path: blob/master/tools/dev/hash_cracker_validator.rb
Views: 17951
#!/usr/bin/env ruby12# This script is used to validate the hash cracking capabilities of metasploit3# https://github.com/rapid7/metasploit-framework/pull/17667 shows the complexity4# of trying to insert hashes, run the appropriate hash cracking module, and verify the hashes are cracked.5# this automates everything and checks the output of the hash cracking modules to ensure they are working as expected6# author: h00die78require 'open3'9require 'tempfile'10require 'optparse'1112options = { test: 'all', verbose: false }1314OptionParser.new do |opts|15opts.banner = <<~BANNER16hash_cracker_validator.rb - A Script to verify hash cracking in Metasploit.1718Based on passwords/hashes from https://docs.metasploit.com/docs/using-metasploit/intermediate/hashes-and-password-cracking.html#hashes1920Usage: hash_cracker_validator.rb [options]21BANNER22opts.on('--verbose', 'Enable verbose output.') do23options[:verbose] = true24end25opts.on('-t', '--test LIST', "Which tests to conduct. Takes a list of numbers (comma-separated), defaults to 'all'",26'Test 1: Test database connection',27'Test 2: *nix hashes in john wordlist mode',28'Test 3: windows hashes in john wordlist mode',29'Test 4: sql hashes in john wordlist mode',30'Test 5: osx hashes in john wordlist mode',31'Test 6: webapp hashes in john wordlist mode',32'Test 7: *nix hashes in hashcat wordlist mode',33'Test 8: windows hashes in hashcat wordlist mode',34'Test 9: sql hashes in hashcat wordlist mode',35'Test 10: mobile hashes in hashcat wordlist mode',36'Test 11: osx hashes in hashcat wordlist mode',37'Test 12: webapp hashes in hashcat wordlist mode',38'Test 13: *nix hashes in john pot mode',39'Test 14: windows hashes in john pot mode',40'Test 15: sql hashes in john pot mode',41'Test 16: osx hashes in john pot mode',42'Test 17: webapp hashes in john pot mode',43'Test 18: *nix hashes in hashcat pot mode',44'Test 19: windows hashes in hashcat pot mode',45'Test 20: sql hashes in hashcat pot mode',46'Test 21: mobile hashes in hashcat pot mode',47'Test 22: osx hashes in hashcat pot mode',48'Test 23: webapp hashes in hashcat pot mode',49'Test 24: all hashes in john apply_pot mode') do |list|50options[:test] = begin51list.split(',').map(&:strip).map(&:to_i)52rescue StandardError53'all'54end55end56end.parse!5758# colors and puts templates from msftidy.rb5960class String61def red62"\e[1;31;40m#{self}\e[0m"63end6465def yellow66"\e[1;33;40m#{self}\e[0m"67end6869def green70"\e[1;32;40m#{self}\e[0m"71end7273def cyan74"\e[1;36;40m#{self}\e[0m"75end76end7778def cleanup_text(txt)79txt80end8182#83# Display an error message, given some text84#85def good(txt)86puts "[#{'GOOD'.green}] #{cleanup_text(txt)}"87end8889#90# Display an error message, given some text91#92def error(txt)93puts "[#{'ERROR'.red}] #{cleanup_text(txt)}"94end9596#97# Display a warning message, given some text98#99def warning(txt)100puts "[#{'WARNING'.yellow}] #{cleanup_text(txt)}"101end102103#104# Display a info message, given some text105#106def info(txt)107puts "[#{'INFO'.cyan}] #{cleanup_text(txt)}"108end109110warning 'WARNING: All credentials will be deleted as part of this script execution!'111112start_time = Time.now113114def run_msfconsole(command, expected_output_regexes)115section_start_time = Time.now116stdout, stderr = Open3.capture3("./msfconsole --defer-module-loads -qx \"#{command}\"")117118failing_regex = expected_output_regexes.find { |regex| !stdout.match?(regex) }119120if failing_regex.nil?121good ' SUCCESS: All expected outputs found.'122good " Section Runtime: #{Time.now - section_start_time} seconds"123return true124else125error " FAILURE: Expected output not found for regex: #{failing_regex.inspect}"126error " STDOUT: #{stdout}"127error " Section Runtime: #{Time.now - section_start_time} seconds"128error " STDERR: #{stderr}"129return false130end131end132133if options[:test] == 'all' || options[:test].include?(1)134info '[1/24] Checking Metasploit database connection...'135db_status_command = 'db_status; exit'136db_expected_output_regex = [/Connected to .+\. Connection type: .+\./]137unless run_msfconsole(db_status_command, db_expected_output_regex)138puts '-------------------------------'139error 'Database connection check failed. Exiting.'140exit 1141end142end143144wordlist = Tempfile.new('wordlist')145File.open(wordlist, 'w') { |file| file.write("password\nhashcat\ntest1\ntoto\nfoo\nPassword1!\nprobe\ntere\na\nTHALES\nepsilon\n1234\nTestPass123#\npasswor\nd\n") }146info "Wordlist file created at: #{wordlist.path}"147148if options[:test] == 'all' || options[:test].include?(2)149info '[2/24] Running *nix hashes in john wordlist mode...'150tempfile = Tempfile.new('john_pot')151creds_expected_output_regex = []152creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'153creds_command << ' creds add user:des_password hash:rEK1ecacw.7.c jtr:des;'154creds_expected_output_regex << /des_password\s+rEK1ecacw\.7\.c\s+Nonreplayable hash\s+des\s+password$/155creds_command << ' creds add user:md5_password hash:\$1\$O3JMY.Tw\$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5;'156creds_expected_output_regex << %r{md5_password\s+\$1\$O3JMY\.Tw\$AdLnLjQ/5jXF9\.MTp3gHv/\s+Nonreplayable hash\s+md5\s+password$}157creds_command << ' creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi;'158creds_expected_output_regex << /bsdi_password\s+_J9\.\.K0AyUubDrfOgO4s\s+Nonreplayable hash\s+bsdi\s+password$/159creds_command << ' creds add user:sha256_password hash:\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt;'160creds_command << ' set SHA256 true;'161creds_expected_output_regex << %r{sha256_password\s+\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP\.Os80yXhTurpBMUbA5\s+Nonreplayable hash\s+sha256,crypt\s+password$}162creds_command << ' creds add user:sha512_password hash:\$6\$zWwwXKNj\$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt;'163creds_command << ' set SHA512 true;'164creds_expected_output_regex << %r{sha512_password\s+\$6\$zWwwXKNj\$gLAOoZCjcr8p/\.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcV \(TRUNCATED\)\s+Nonreplayable hash\s+sha512,crypt\s+password$}165creds_command << ' creds add user:blowfish_password hash:\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf;'166creds_command << ' set BLOWFISH true;'167creds_expected_output_regex << %r{blowfish_password\s+\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe\s+Nonreplayable hash\s+bf\s+password$}168creds_command << ' use auxiliary/analyze/crack_linux;'169creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"170creds_command << " set POT #{tempfile.path};"171creds_command << ' run; creds -d; exit;'172info "Run Command: #{creds_command}" if options[:verbose]173unless run_msfconsole(creds_command, creds_expected_output_regex)174tempfile.close!175tempfile.unlink176puts '-------------------------------'177error "Credential verification failed. Exiting."178exit 1179end180tempfile.close!181tempfile.unlink182end183184if options[:test] == 'all' || options[:test].include?(3)185info '[3/24] Running windows hashes in john wordlist mode...'186tempfile = Tempfile.new('john_pot')187creds_expected_output_regex = []188creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'189creds_command << ' creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm;'190creds_expected_output_regex << /lm_password\s+e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/191creds_command << ' creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt;'192creds_expected_output_regex << /nt_password\s+aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/193creds_command << ' creds add user:u4-netntlm hash:u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c jtr:netntlm;'194creds_expected_output_regex << /u4-netntlm\s+u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a \(TRUNCATED\)\s+Nonreplayable hash\s+netntlm\s+hashcat$/195creds_command << ' creds add user:admin hash:admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 jtr:netntlmv2;'196creds_expected_output_regex << /admin\s+admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c783031 \(TRUNCATED\)\s+Nonreplayable hash\s+netntlmv2\s+hashcat$/197creds_command << ' creds add user:mscash-test1 hash:M\$test1#64cd29e36a8431a2b111378564a10631 jtr:mscash;'198creds_expected_output_regex << /mscash-test1\s+M\$test1\#64cd29e36a8431a2b111378564a10631\s+Nonreplayable hash\s+mscash\s+test1$/199creds_command << ' creds add user:mscash2-hashcat hash:\$DCC2\$10240#tom#e4e938d12fe5974dc42a90120bd9c90f jtr:mscash2;'200creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/201creds_command << ' use auxiliary/analyze/crack_windows;'202creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"203creds_command << " set POT #{tempfile.path};"204creds_command << ' run; creds -d; exit;'205info "Run Command: #{creds_command}" if options[:verbose]206unless run_msfconsole(creds_command, creds_expected_output_regex)207tempfile.close!208tempfile.unlink209puts '-------------------------------'210error "Credential verification failed. Exiting."211exit 1212end213tempfile.close!214tempfile.unlink215end216217if options[:test] == 'all' || options[:test].include?(4)218info '[4/24] Running sql hashes in john wordlist mode...'219tempfile = Tempfile.new('john_pot')220creds_expected_output_regex = []221creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'222creds_command << ' creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05;'223creds_expected_output_regex << /mssql05_toto\s+0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908\s+Nonreplayable hash\s+mssql05\s+toto$/224creds_command << ' creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql;'225creds_expected_output_regex << /mssql_foo\s+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6 \(TRUNCATED\)\s+Nonreplayable hash\s+mssql\s+FOO$/226creds_command << ' creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12;'227creds_expected_output_regex << /mssql12_Password1!\s+0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE \(TRUNCATED\)\s+Nonreplayable hash\s+mssql12\s+Password1!$/228creds_command << ' creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql;'229creds_expected_output_regex << /mysql_probe\s+445ff82636a7ba59\s+Nonreplayable hash\s+mysql\s+probe$/230creds_command << ' creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1;'231creds_expected_output_regex << /mysql-sha1_tere\s+\*5AD8F88516BD021DD43F171E2C785C69F8E54ADB\s+Nonreplayable hash\s+mysql-sha1\s+tere$/232creds_command << ' creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle;'233creds_expected_output_regex << /simon\s+4F8BC1809CB2AF77\s+Nonreplayable hash\s+des,oracle\s+A$/234creds_command << ' creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle;'235creds_expected_output_regex << /SYSTEM\s+9EEDFA0AD26C6D52\s+Nonreplayable hash\s+des,oracle\s+THALES$/236# can't escape ;?237# creds_command << ' creds add user:DEMO hash:\'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C\' jtr:raw-sha1,oracle;'238# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/239# creds_command << ' creds add user:oracle11_epsilon hash:"S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A\\\\;H:DC9894A01797D91D92ECA1DA66242209\\\\;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C" jtr:raw-sha1,oracle;'240# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/241# creds_command << ' creds add user:oracle12c_epsilon hash:"H:DC9894A01797D91D92ECA1DA66242209\\\\;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B" jtr:pbkdf2,oracle12c;'242# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/243# creds_command << ' creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860;'244# creds_expected_output_regex << /example\s+md5be86a79bf2043622d58d5453c47d4860\s+Postgres md5\s+raw-md5,postgres\s+password$/245246creds_command << ' use auxiliary/analyze/crack_databases;'247creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"248creds_command << " set POT #{tempfile.path};"249creds_command << ' run; creds -d; exit;'250info "Run Command: #{creds_command}" if options[:verbose]251unless run_msfconsole(creds_command, creds_expected_output_regex)252tempfile.close!253tempfile.unlink254puts '-------------------------------'255error "Credential verification failed. Exiting."256exit 1257end258tempfile.close!259tempfile.unlink260end261262if options[:test] == 'all' || options[:test].include?(5)263info '[5/24] Running osx hashes in john wordlist mode...'264tempfile = Tempfile.new('john_pot')265creds_expected_output_regex = []266creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'267creds_command << ' creds add user:xsha_hashcat hash:1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683 jtr:xsha;'268creds_expected_output_regex << /xsha_hashcat\s+1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683\s+Nonreplayable hash\s+xsha\s+hashcat$/269creds_command << ' creds add user:pbkdf2_hashcat hash:\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222 jtr:PBKDF2-HMAC-SHA512;'270creds_expected_output_regex << /pbkdf2_hashcat\s+\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$7 \(TRUNCATED\)\s+Nonreplayable hash\s+PBKDF2-HMAC-SHA512\s+hashcat$/271creds_command << ' creds add user:xsha512_hashcat hash:648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d jtr:xsha512;'272creds_expected_output_regex << /xsha512_hashcat\s+648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c0 \(TRUNCATED\)\s+Nonreplayable hash\s+xsha512\s+hashcat$/273creds_command << ' use auxiliary/analyze/crack_osx;'274creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"275creds_command << " set POT #{tempfile.path};"276creds_command << ' run; creds -d; exit;'277info "Run Command: #{creds_command}" if options[:verbose]278unless run_msfconsole(creds_command, creds_expected_output_regex)279tempfile.close!280tempfile.unlink281puts '-------------------------------'282error "Credential verification failed. Exiting."283exit 1284end285tempfile.close!286tempfile.unlink287end288289if options[:test] == 'all' || options[:test].include?(6)290info '[6/24] Running webapp hashes in john wordlist mode...'291tempfile = Tempfile.new('john_pot')292creds_expected_output_regex = []293creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'294creds_command << ' creds add user:mediawiki_hashcat hash:\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898 jtr:mediawiki;'295creds_expected_output_regex << /mediawiki_hashcat\s+\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898\s+Nonreplayable hash\s+mediawiki\s+hashcat$/296creds_command << ' creds add user:phpass_p_hashcat hash:\$P\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'297creds_expected_output_regex << /phpass_p_hashcat\s+\$P\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/298creds_command << ' creds add user:phpass_h_hashcat hash:\$H\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'299creds_expected_output_regex << /phpass_h_hashcat\s+\$H\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/300creds_command << ' creds add user:atlassian_hashcat hash:{PKCS5S2}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa jtr:PBKDF2-HMAC-SHA1;'301creds_expected_output_regex << %r{atlassian_hashcat\s+\{PKCS5S2\}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa\s+Nonreplayable\s+hash\s+PBKDF2-HMAC-SHA1\s+hashcat$}302creds_command << ' use auxiliary/analyze/crack_webapps;'303creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"304creds_command << " set POT #{tempfile.path};"305creds_command << ' run; creds -d; exit;'306info "Run Command: #{creds_command}" if options[:verbose]307unless run_msfconsole(creds_command, creds_expected_output_regex)308tempfile.close!309tempfile.unlink310puts '-------------------------------'311error "Credential verification failed. Exiting."312exit 1313end314tempfile.close!315tempfile.unlink316end317318if options[:test] == 'all' || options[:test].include?(7)319info '[7/24] Running *nix hashes in hashcat wordlist mode...'320tempfile = Tempfile.new('john_pot')321creds_expected_output_regex = []322creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'323creds_command << ' creds add user:des_password hash:rEK1ecacw.7.c jtr:des;'324creds_expected_output_regex << /des_password\s+rEK1ecacw\.7\.c\s+Nonreplayable hash\s+des\s+password$/325creds_command << ' creds add user:md5_password hash:\$1\$O3JMY.Tw\$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5;'326creds_expected_output_regex << %r{md5_password\s+\$1\$O3JMY\.Tw\$AdLnLjQ/5jXF9\.MTp3gHv/\s+Nonreplayable hash\s+md5\s+password$}327creds_command << ' creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi;'328creds_expected_output_regex << /bsdi_password\s+_J9\.\.K0AyUubDrfOgO4s\s+Nonreplayable hash\s+bsdi\s+password$/329creds_command << ' creds add user:sha256_password hash:\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt;'330creds_command << ' set SHA256 true;'331creds_expected_output_regex << %r{sha256_password\s+\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP\.Os80yXhTurpBMUbA5\s+Nonreplayable hash\s+sha256,crypt\s+password$}332creds_command << ' creds add user:sha512_password hash:\$6\$zWwwXKNj\$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt;'333creds_command << ' set SHA512 true;'334creds_expected_output_regex << %r{sha512_password\s+\$6\$zWwwXKNj\$gLAOoZCjcr8p/\.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcV \(TRUNCATED\)\s+Nonreplayable hash\s+sha512,crypt\s+password$}335creds_command << ' creds add user:blowfish_password hash:\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf;'336creds_command << ' set BLOWFISH true;'337creds_expected_output_regex << %r{blowfish_password\s+\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe\s+Nonreplayable hash\s+bf\s+password$}338creds_command << ' use auxiliary/analyze/crack_linux;'339creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"340creds_command << " set POT #{tempfile.path};"341creds_command << ' set action hashcat;'342creds_command << ' run; creds -d; exit;'343info "Run Command: #{creds_command}" if options[:verbose]344unless run_msfconsole(creds_command, creds_expected_output_regex)345tempfile.close!346tempfile.unlink347puts '-------------------------------'348error "Credential verification failed. Exiting."349exit 1350end351tempfile.close!352tempfile.unlink353end354355if options[:test] == 'all' || options[:test].include?(8)356info '[8/24] Running windows hashes in hashcat wordlist mode...'357tempfile = Tempfile.new('john_pot')358creds_expected_output_regex = []359creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'360creds_command << ' creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm;'361creds_expected_output_regex << /lm_password\s+e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+PASSWORD$/362creds_command << ' creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt;'363creds_expected_output_regex << /nt_password\s+aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/364creds_command << ' creds add user:u4-netntlm hash:u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c jtr:netntlm;'365creds_expected_output_regex << /u4-netntlm\s+u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a \(TRUNCATED\)\s+Nonreplayable hash\s+netntlm\s+hashcat$/366creds_command << ' creds add user:admin hash:admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 jtr:netntlmv2;'367creds_expected_output_regex << /admin\s+admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c783031 \(TRUNCATED\)\s+Nonreplayable hash\s+netntlmv2\s+hashcat$/368creds_command << ' creds add user:mscash-test1 hash:M\$test1#64cd29e36a8431a2b111378564a10631 jtr:mscash;'369creds_expected_output_regex << /mscash-test1\s+M\$test1\#64cd29e36a8431a2b111378564a10631\s+Nonreplayable hash\s+mscash\s+test1$/370creds_command << ' creds add user:mscash2-hashcat hash:\$DCC2\$10240#tom#e4e938d12fe5974dc42a90120bd9c90f jtr:mscash2;'371creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/372creds_command << ' use auxiliary/analyze/crack_windows;'373creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"374creds_command << " set POT #{tempfile.path};"375creds_command << ' set action hashcat;'376creds_command << ' run; creds -d; exit;'377info "Run Command: #{creds_command}" if options[:verbose]378unless run_msfconsole(creds_command, creds_expected_output_regex)379tempfile.close!380tempfile.unlink381puts '-------------------------------'382error "Credential verification failed. Exiting."383exit 1384end385tempfile.close!386tempfile.unlink387end388389if options[:test] == 'all' || options[:test].include?(9)390info '[9/24] Running sql hashes in hashcat wordlist mode...'391tempfile = Tempfile.new('john_pot')392creds_expected_output_regex = []393creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'394creds_command << ' creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05;'395creds_expected_output_regex << /mssql05_toto\s+0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908\s+Nonreplayable hash\s+mssql05\s+toto$/396creds_command << ' creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql;'397creds_expected_output_regex << /mssql_foo\s+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6 \(TRUNCATED\)\s+Nonreplayable hash\s+mssql\s+FOO$/398creds_command << ' creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12;'399creds_expected_output_regex << /mssql12_Password1!\s+0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE \(TRUNCATED\)\s+Nonreplayable hash\s+mssql12\s+Password1!$/400creds_command << ' creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql;'401creds_expected_output_regex << /mysql_probe\s+445ff82636a7ba59\s+Nonreplayable hash\s+mysql\s+probe$/402creds_command << ' creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1;'403creds_expected_output_regex << /mysql-sha1_tere\s+\*5AD8F88516BD021DD43F171E2C785C69F8E54ADB\s+Nonreplayable hash\s+mysql-sha1\s+tere$/404# hashcat des,oracle is a no go: https://github.com/rapid7/metasploit-framework/blob/7a7b009161d6b0839653f21296864da3365402a0/lib/metasploit/framework/password_crackers/cracker.rb#L152-L155405# creds_command << ' creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle;'406# creds_expected_output_regex << /simon\s+4F8BC1809CB2AF77\s+Nonreplayable hash\s+des,oracle\s+A$/407# creds_command << ' creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle;'408# creds_expected_output_regex << /SYSTEM\s+9EEDFA0AD26C6D52\s+Nonreplayable hash\s+des,oracle\s+THALES$/409# can't escape ;?410# creds_command << ' creds add user:DEMO hash:\'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C\' jtr:raw-sha1,oracle;'411# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/412# creds_command << ' creds add user:oracle11_epsilon hash:"S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A\\\\;H:DC9894A01797D91D92ECA1DA66242209\\\\;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C" jtr:raw-sha1,oracle;'413# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/414# creds_command << ' creds add user:oracle12c_epsilon hash:"H:DC9894A01797D91D92ECA1DA66242209\\\\;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B" jtr:pbkdf2,oracle12c;'415# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/416# creds_command << ' creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860;'417# creds_expected_output_regex << /example\s+md5be86a79bf2043622d58d5453c47d4860\s+Postgres md5\s+raw-md5,postgres\s+password$/418419creds_command << ' use auxiliary/analyze/crack_databases;'420creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"421creds_command << " set POT #{tempfile.path};"422creds_command << ' set action hashcat;'423creds_command << ' run; creds -d; exit;'424info "Run Command: #{creds_command}" if options[:verbose]425unless run_msfconsole(creds_command, creds_expected_output_regex)426tempfile.close!427tempfile.unlink428puts '-------------------------------'429error "Credential verification failed. Exiting."430exit 1431end432tempfile.close!433tempfile.unlink434end435436if options[:test] == 'all' || options[:test].include?(10)437info '[10/24] Running mobile hashes in hashcat wordlist mode...'438tempfile = Tempfile.new('john_pot')439creds_expected_output_regex = []440creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'441creds_command << ' creds add user:samsungsha1 hash:D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1 jtr:android-samsung-sha1;'442creds_expected_output_regex << /samsungsha1\s+D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1\s+Nonreplayable hash\s+android-samsung-sha1\s+1234$/443creds_command << ' creds add user:androidsha1 hash:9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5 jtr:android-sha1;'444creds_expected_output_regex << /androidsha1\s+9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5\s+Nonreplayable hash\s+android-sha1\s+1234$/445creds_command << ' creds add user:androidmd5 hash:1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5 jtr:android-md5;'446creds_expected_output_regex << /androidmd5\s+1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5\s+Nonreplayable hash\s+android-md5\s+1234$/447creds_command << ' use auxiliary/analyze/crack_mobile;'448creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"449creds_command << " set POT #{tempfile.path};"450creds_command << ' set action hashcat;'451creds_command << ' run; creds -d; exit;'452info "Run Command: #{creds_command}" if options[:verbose]453unless run_msfconsole(creds_command, creds_expected_output_regex)454tempfile.close!455tempfile.unlink456puts '-------------------------------'457error "Credential verification failed. Exiting."458exit 1459end460tempfile.close!461tempfile.unlink462end463464if options[:test] == 'all' || options[:test].include?(11)465info '[11/24] Running osx hashes in hashcat wordlist mode...'466tempfile = Tempfile.new('john_pot')467creds_expected_output_regex = []468creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'469creds_command << ' creds add user:xsha_hashcat hash:1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683 jtr:xsha;'470creds_expected_output_regex << /xsha_hashcat\s+1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683\s+Nonreplayable hash\s+xsha\s+hashcat$/471creds_command << ' creds add user:pbkdf2_hashcat hash:\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222 jtr:PBKDF2-HMAC-SHA512;'472creds_expected_output_regex << /pbkdf2_hashcat\s+\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$7 \(TRUNCATED\)\s+Nonreplayable hash\s+PBKDF2-HMAC-SHA512\s+hashcat$/473creds_command << ' creds add user:xsha512_hashcat hash:648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d jtr:xsha512;'474creds_expected_output_regex << /xsha512_hashcat\s+648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c0 \(TRUNCATED\)\s+Nonreplayable hash\s+xsha512\s+hashcat$/475creds_command << ' use auxiliary/analyze/crack_osx;'476creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"477creds_command << " set POT #{tempfile.path};"478creds_command << ' set action hashcat;'479creds_command << ' run; creds -d; exit;'480info "Run Command: #{creds_command}" if options[:verbose]481unless run_msfconsole(creds_command, creds_expected_output_regex)482tempfile.close!483tempfile.unlink484puts '-------------------------------'485error "Credential verification failed. Exiting."486exit 1487end488tempfile.close!489tempfile.unlink490end491492if options[:test] == 'all' || options[:test].include?(12)493info '[12/24] Running webapp hashes in hashcat wordlist mode...'494tempfile = Tempfile.new('john_pot')495creds_expected_output_regex = []496creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST true; setg verbose true;'497creds_command << ' creds add user:mediawiki_hashcat hash:\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898 jtr:mediawiki;'498creds_expected_output_regex << /mediawiki_hashcat\s+\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898\s+Nonreplayable hash\s+mediawiki\s+hashcat$/499creds_command << ' creds add user:phpass_p_hashcat hash:\$P\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'500creds_expected_output_regex << /phpass_p_hashcat\s+\$P\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/501creds_command << ' creds add user:phpass_h_hashcat hash:\$H\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'502creds_expected_output_regex << /phpass_h_hashcat\s+\$H\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/503creds_command << ' creds add user:atlassian_hashcat hash:{PKCS5S2}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa jtr:PBKDF2-HMAC-SHA1;'504creds_expected_output_regex << %r{atlassian_hashcat\s+\{PKCS5S2\}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa\s+Nonreplayable\s+hash\s+PBKDF2-HMAC-SHA1\s+hashcat$}505creds_command << ' use auxiliary/analyze/crack_webapps;'506creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"507creds_command << " set POT #{tempfile.path};"508creds_command << ' set action hashcat;'509creds_command << ' run; creds -d; exit;'510info "Run Command: #{creds_command}" if options[:verbose]511unless run_msfconsole(creds_command, creds_expected_output_regex)512tempfile.close!513tempfile.unlink514puts '-------------------------------'515error "Credential verification failed. Exiting."516exit 1517end518tempfile.close!519tempfile.unlink520end521522wordlist.close!523wordlist.unlink524525pot_file = Tempfile.new('john_pot')526File.open(pot_file, 'w') { |file| file.write("$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/:password\nrEK1ecacw.7.c:password\n_J9..K0AyUubDrfOgO4s:password\n$2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe:password\n$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5:password\n$6$zWwwXKNj$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1:password\n$LM$4a3b108f3fa6cb6d:D\n$LM$e52cac67419a9a22:PASSWOR\n$NT$8846f7eaee8fb117ad06bdd830b7586c:password\nM$test1#64cd29e36a8431a2b111378564a10631:test1\n$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f:hashcat\n$NETNTLM$cb8086049ec4736c338d08f8e26de933$9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:hashcat\n$NETNTLMv2$ADMINN46iSNekpT$08ca45b7d7ea58ee$88dcbe4446168966a153a0064958dac6$5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030:hashcat\n0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254:FOO\n0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908:toto\n0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16:Password1!\n445ff82636a7ba59:probe\n*5AD8F88516BD021DD43F171E2C785C69F8E54ADB:tere\nO$SIMON#4f8bc1809cb2af77:A\nO$SYSTEM#9eedfa0ad26c6d52:THALES\n9860a48ca459d054f3fef0f8518cf6872923dae2:81fcb23bcadd6c5:1234\nd1b19a90b87fc10c304e657f37162445dae27d16:a006983800cc3dd1:1234\n1c0a0fdb673fba36beaeb078322c7393:81fcb23bcadd6c5:1234\n1430823483D07626EF8BE3FDA2FF056D0DFD818DBFE47683:hashcat\n$LION$648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d:hashcat\n$pbkdf2-hmac-sha512$35460.93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05.752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222:hashcat\n$pbkdf2-hmac-sha1$10000$37323237333437363735323036323731$d0c38acef03f149b4b37c5a8319feeefcbd34912127ba96f3dfa5c22f49bbc1a:hashcat\n$H$984478476IagS59wHZvyQMArzfx58u.:hashcat\n$P$984478476IagS59wHZvyQMArzfx58u.:hashcat\n$B$56668501$0ce106caa70af57fd525aeaf80ef2898:hashcat\ne52cac67419a9a22:PASSWOR\n4a3b108f3fa6cb6d:D\n8846f7eaee8fb117ad06bdd830b7586c:password\n64cd29e36a8431a2b111378564a10631:test1:test1\nu4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c:hashcat\nADMIN::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030:hashcat\n5ad8f88516bd021dd43f171e2c785c69f8e54adb:tere\n648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d:hashcat\n$ml$35460$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05$752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222:hashcat\n{PKCS5S2}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa:hashcat\n") }527info "john.pot file created at: #{pot_file.path}"528529if options[:test] == 'all' || options[:test].include?(13)530info '[13/24] Running *nix hashes in john pot mode...'531creds_expected_output_regex = []532creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'533creds_command << ' creds add user:des_password hash:rEK1ecacw.7.c jtr:des;'534creds_expected_output_regex << /des_password\s+rEK1ecacw\.7\.c\s+Nonreplayable hash\s+des\s+password$/535creds_command << ' creds add user:md5_password hash:\$1\$O3JMY.Tw\$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5;'536creds_expected_output_regex << %r{md5_password\s+\$1\$O3JMY\.Tw\$AdLnLjQ/5jXF9\.MTp3gHv/\s+Nonreplayable hash\s+md5\s+password$}537creds_command << ' creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi;'538creds_expected_output_regex << /bsdi_password\s+_J9\.\.K0AyUubDrfOgO4s\s+Nonreplayable hash\s+bsdi\s+password$/539creds_command << ' creds add user:sha256_password hash:\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt;'540creds_command << ' set SHA256 true;'541creds_expected_output_regex << %r{sha256_password\s+\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP\.Os80yXhTurpBMUbA5\s+Nonreplayable hash\s+sha256,crypt\s+password$}542creds_command << ' creds add user:sha512_password hash:\$6\$zWwwXKNj\$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt;'543creds_command << ' set SHA512 true;'544creds_expected_output_regex << %r{sha512_password\s+\$6\$zWwwXKNj\$gLAOoZCjcr8p/\.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcV \(TRUNCATED\)\s+Nonreplayable hash\s+sha512,crypt\s+password$}545creds_command << ' creds add user:blowfish_password hash:\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf;'546creds_command << ' set BLOWFISH true;'547creds_expected_output_regex << %r{blowfish_password\s+\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe\s+Nonreplayable hash\s+bf\s+password$}548creds_command << ' use auxiliary/analyze/crack_linux;'549creds_command << " set POT #{pot_file.path};"550creds_command << ' run; creds -d; exit;'551info "Run Command: #{creds_command}" if options[:verbose]552unless run_msfconsole(creds_command, creds_expected_output_regex)553puts '-------------------------------'554error "Credential verification failed. Exiting."555pot_file.close!556pot_file.unlink557exit 1558end559end560561if options[:test] == 'all' || options[:test].include?(14)562info '[14/24] Running windows hashes in john pot mode...'563564creds_expected_output_regex = []565creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'566creds_command << ' creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm;'567creds_expected_output_regex << /lm_password\s+e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/568creds_command << ' creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt;'569creds_expected_output_regex << /nt_password\s+aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/570creds_command << ' creds add user:u4-netntlm hash:u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c jtr:netntlm;'571creds_expected_output_regex << /u4-netntlm\s+u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a \(TRUNCATED\)\s+Nonreplayable hash\s+netntlm\s+hashcat$/572creds_command << ' creds add user:admin hash:admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 jtr:netntlmv2;'573creds_expected_output_regex << /admin\s+admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c783031 \(TRUNCATED\)\s+Nonreplayable hash\s+netntlmv2\s+hashcat$/574creds_command << ' creds add user:mscash-test1 hash:M\$test1#64cd29e36a8431a2b111378564a10631 jtr:mscash;'575creds_expected_output_regex << /mscash-test1\s+M\$test1\#64cd29e36a8431a2b111378564a10631\s+Nonreplayable hash\s+mscash\s+test1$/576creds_command << ' creds add user:mscash2-hashcat hash:\$DCC2\$10240#tom#e4e938d12fe5974dc42a90120bd9c90f jtr:mscash2;'577creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/578creds_command << ' use auxiliary/analyze/crack_windows;'579creds_command << " set POT #{pot_file.path};"580creds_command << ' run; creds -d; exit;'581info "Run Command: #{creds_command}" if options[:verbose]582unless run_msfconsole(creds_command, creds_expected_output_regex)583puts '-------------------------------'584error "Credential verification failed. Exiting."585pot_file.close!586pot_file.unlink587exit 1588end589end590591if options[:test] == 'all' || options[:test].include?(15)592info '[15/24] Running sql hashes in john pot mode...'593594creds_expected_output_regex = []595creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'596creds_command << ' creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05;'597creds_expected_output_regex << /mssql05_toto\s+0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908\s+Nonreplayable hash\s+mssql05\s+toto$/598creds_command << ' creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql;'599creds_expected_output_regex << /mssql_foo\s+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6 \(TRUNCATED\)\s+Nonreplayable hash\s+mssql\s+FOO$/600creds_command << ' creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12;'601creds_expected_output_regex << /mssql12_Password1!\s+0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE \(TRUNCATED\)\s+Nonreplayable hash\s+mssql12\s+Password1!$/602creds_command << ' creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql;'603creds_expected_output_regex << /mysql_probe\s+445ff82636a7ba59\s+Nonreplayable hash\s+mysql\s+probe$/604creds_command << ' creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1;'605creds_expected_output_regex << /mysql-sha1_tere\s+\*5AD8F88516BD021DD43F171E2C785C69F8E54ADB\s+Nonreplayable hash\s+mysql-sha1\s+tere$/606creds_command << ' creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle;'607creds_expected_output_regex << /simon\s+4F8BC1809CB2AF77\s+Nonreplayable hash\s+des,oracle\s+A$/608creds_command << ' creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle;'609creds_expected_output_regex << /SYSTEM\s+9EEDFA0AD26C6D52\s+Nonreplayable hash\s+des,oracle\s+THALES$/610# can't escape ;?611# creds_command << ' creds add user:DEMO hash:\'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C\' jtr:raw-sha1,oracle;'612# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/613# creds_command << ' creds add user:oracle11_epsilon hash:"S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A\\\\;H:DC9894A01797D91D92ECA1DA66242209\\\\;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C" jtr:raw-sha1,oracle;'614# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/615# creds_command << ' creds add user:oracle12c_epsilon hash:"H:DC9894A01797D91D92ECA1DA66242209\\\\;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B" jtr:pbkdf2,oracle12c;'616# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/617# creds_command << ' creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860;'618# creds_expected_output_regex << /example\s+md5be86a79bf2043622d58d5453c47d4860\s+Postgres md5\s+raw-md5,postgres\s+password$/619620creds_command << ' use auxiliary/analyze/crack_databases;'621creds_command << " set CUSTOM_WORDLIST #{wordlist.path};"622creds_command << " set POT #{pot_file.path};"623creds_command << ' run; creds -d; exit;'624info "Run Command: #{creds_command}" if options[:verbose]625unless run_msfconsole(creds_command, creds_expected_output_regex)626puts '-------------------------------'627error "Credential verification failed. Exiting."628pot_file.close!629pot_file.unlink630exit 1631end632end633634if options[:test] == 'all' || options[:test].include?(16)635info '[16/24] Running osx hashes in john pot mode...'636637creds_expected_output_regex = []638creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'639creds_command << ' creds add user:xsha_hashcat hash:1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683 jtr:xsha;'640creds_expected_output_regex << /xsha_hashcat\s+1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683\s+Nonreplayable hash\s+xsha\s+hashcat$/641creds_command << ' creds add user:pbkdf2_hashcat hash:\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222 jtr:PBKDF2-HMAC-SHA512;'642creds_expected_output_regex << /pbkdf2_hashcat\s+\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$7 \(TRUNCATED\)\s+Nonreplayable hash\s+PBKDF2-HMAC-SHA512\s+hashcat$/643creds_command << ' creds add user:xsha512_hashcat hash:648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d jtr:xsha512;'644creds_expected_output_regex << /xsha512_hashcat\s+648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c0 \(TRUNCATED\)\s+Nonreplayable hash\s+xsha512\s+hashcat$/645creds_command << ' use auxiliary/analyze/crack_osx;'646creds_command << " set POT #{pot_file.path};"647creds_command << ' run; creds -d; exit;'648info "Run Command: #{creds_command}" if options[:verbose]649unless run_msfconsole(creds_command, creds_expected_output_regex)650puts '-------------------------------'651error "Credential verification failed. Exiting."652pot_file.close!653pot_file.unlink654exit 1655end656end657658if options[:test] == 'all' || options[:test].include?(17)659info '[17/24] Running webapp hashes in john pot mode...'660661creds_expected_output_regex = []662creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'663creds_command << ' creds add user:mediawiki_hashcat hash:\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898 jtr:mediawiki;'664creds_expected_output_regex << /mediawiki_hashcat\s+\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898\s+Nonreplayable hash\s+mediawiki\s+hashcat$/665creds_command << ' creds add user:phpass_p_hashcat hash:\$P\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'666creds_expected_output_regex << /phpass_p_hashcat\s+\$P\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/667creds_command << ' creds add user:phpass_h_hashcat hash:\$H\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'668creds_expected_output_regex << /phpass_h_hashcat\s+\$H\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/669creds_command << ' creds add user:atlassian_hashcat hash:{PKCS5S2}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa jtr:PBKDF2-HMAC-SHA1;'670creds_expected_output_regex << %r{atlassian_hashcat\s+\{PKCS5S2\}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa\s+Nonreplayable\s+hash\s+PBKDF2-HMAC-SHA1\s+hashcat$}671creds_command << ' use auxiliary/analyze/crack_webapps;'672creds_command << " set POT #{pot_file.path};"673creds_command << ' run; creds -d; exit;'674info "Run Command: #{creds_command}" if options[:verbose]675unless run_msfconsole(creds_command, creds_expected_output_regex)676puts '-------------------------------'677error "Credential verification failed. Exiting."678pot_file.close!679pot_file.unlink680exit 1681end682end683684if options[:test] == 'all' || options[:test].include?(18)685info '[18/24] Running *nix hashes in hashcat pot mode...'686687creds_expected_output_regex = []688creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'689creds_command << ' creds add user:des_password hash:rEK1ecacw.7.c jtr:des;'690creds_expected_output_regex << /des_password\s+rEK1ecacw\.7\.c\s+Nonreplayable hash\s+des\s+password$/691creds_command << ' creds add user:md5_password hash:\$1\$O3JMY.Tw\$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5;'692creds_expected_output_regex << %r{md5_password\s+\$1\$O3JMY\.Tw\$AdLnLjQ/5jXF9\.MTp3gHv/\s+Nonreplayable hash\s+md5\s+password$}693creds_command << ' creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi;'694creds_expected_output_regex << /bsdi_password\s+_J9\.\.K0AyUubDrfOgO4s\s+Nonreplayable hash\s+bsdi\s+password$/695creds_command << ' creds add user:sha256_password hash:\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt;'696creds_command << ' set SHA256 true;'697creds_expected_output_regex << %r{sha256_password\s+\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP\.Os80yXhTurpBMUbA5\s+Nonreplayable hash\s+sha256,crypt\s+password$}698creds_command << ' creds add user:sha512_password hash:\$6\$zWwwXKNj\$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt;'699creds_command << ' set SHA512 true;'700creds_expected_output_regex << %r{sha512_password\s+\$6\$zWwwXKNj\$gLAOoZCjcr8p/\.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcV \(TRUNCATED\)\s+Nonreplayable hash\s+sha512,crypt\s+password$}701creds_command << ' creds add user:blowfish_password hash:\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf;'702creds_command << ' set BLOWFISH true;'703creds_expected_output_regex << %r{blowfish_password\s+\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe\s+Nonreplayable hash\s+bf\s+password$}704creds_command << ' use auxiliary/analyze/crack_linux;'705creds_command << " set POT #{pot_file.path};"706creds_command << ' set action hashcat;'707creds_command << ' run; creds -d; exit;'708info "Run Command: #{creds_command}" if options[:verbose]709unless run_msfconsole(creds_command, creds_expected_output_regex)710puts '-------------------------------'711error "Credential verification failed. Exiting."712pot_file.close!713pot_file.unlink714exit 1715end716end717718if options[:test] == 'all' || options[:test].include?(19)719info '[19/24] Running windows hashes in hashcat pot mode...'720721creds_expected_output_regex = []722creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'723creds_command << ' creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm;'724creds_expected_output_regex << /lm_password\s+e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+PASSWORD$/725creds_command << ' creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt;'726creds_expected_output_regex << /nt_password\s+aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/727creds_command << ' creds add user:u4-netntlm hash:u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c jtr:netntlm;'728creds_expected_output_regex << /u4-netntlm\s+u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a \(TRUNCATED\)\s+Nonreplayable hash\s+netntlm\s+hashcat$/729creds_command << ' creds add user:admin hash:admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 jtr:netntlmv2;'730creds_expected_output_regex << /admin\s+admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c783031 \(TRUNCATED\)\s+Nonreplayable hash\s+netntlmv2\s+hashcat$/731creds_command << ' creds add user:mscash-test1 hash:M\$test1#64cd29e36a8431a2b111378564a10631 jtr:mscash;'732creds_expected_output_regex << /mscash-test1\s+M\$test1\#64cd29e36a8431a2b111378564a10631\s+Nonreplayable hash\s+mscash\s+test1$/733creds_command << ' creds add user:mscash2-hashcat hash:\$DCC2\$10240#tom#e4e938d12fe5974dc42a90120bd9c90f jtr:mscash2;'734creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/735creds_command << ' use auxiliary/analyze/crack_windows;'736creds_command << " set POT #{pot_file.path};"737creds_command << ' set action hashcat;'738creds_command << ' run; creds -d; exit;'739info "Run Command: #{creds_command}" if options[:verbose]740unless run_msfconsole(creds_command, creds_expected_output_regex)741puts '-------------------------------'742error "Credential verification failed. Exiting."743pot_file.close!744pot_file.unlink745exit 1746end747end748749if options[:test] == 'all' || options[:test].include?(20)750info '[20/24] Running sql hashes in hashcat pot mode...'751752creds_expected_output_regex = []753creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'754creds_command << ' creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05;'755creds_expected_output_regex << /mssql05_toto\s+0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908\s+Nonreplayable hash\s+mssql05\s+toto$/756creds_command << ' creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql;'757creds_expected_output_regex << /mssql_foo\s+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6 \(TRUNCATED\)\s+Nonreplayable hash\s+mssql\s+FOO$/758creds_command << ' creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12;'759creds_expected_output_regex << /mssql12_Password1!\s+0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE \(TRUNCATED\)\s+Nonreplayable hash\s+mssql12\s+Password1!$/760creds_command << ' creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql;'761creds_expected_output_regex << /mysql_probe\s+445ff82636a7ba59\s+Nonreplayable hash\s+mysql\s+probe$/762creds_command << ' creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1;'763creds_expected_output_regex << /mysql-sha1_tere\s+\*5AD8F88516BD021DD43F171E2C785C69F8E54ADB\s+Nonreplayable hash\s+mysql-sha1\s+tere$/764# hashcat des,oracle is a no go: https://github.com/rapid7/metasploit-framework/blob/7a7b009161d6b0839653f21296864da3365402a0/lib/metasploit/framework/password_crackers/cracker.rb#L152-L155765# creds_command << ' creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle;'766# creds_expected_output_regex << /simon\s+4F8BC1809CB2AF77\s+Nonreplayable hash\s+des,oracle\s+A$/767# creds_command << ' creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle;'768# creds_expected_output_regex << /SYSTEM\s+9EEDFA0AD26C6D52\s+Nonreplayable hash\s+des,oracle\s+THALES$/769# can't escape ;?770# creds_command << ' creds add user:DEMO hash:\'S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A;H:DC9894A01797D91D92ECA1DA66242209;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C\' jtr:raw-sha1,oracle;'771# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/772# creds_command << ' creds add user:oracle11_epsilon hash:"S:8F2D65FB5547B71C8DA3760F10960428CD307B1C6271691FC55C1F56554A\\\\;H:DC9894A01797D91D92ECA1DA66242209\\\\;T:23D1F8CAC9001F69630ED2DD8DF67DD3BE5C470B5EA97B622F757FE102D8BF14BEDC94A3CC046D10858D885DB656DC0CBF899A79CD8C76B788744844CADE54EEEB4FDEC478FB7C7CBFBBAC57BA3EF22C" jtr:raw-sha1,oracle;'773# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/774# creds_command << ' creds add user:oracle12c_epsilon hash:"H:DC9894A01797D91D92ECA1DA66242209\\\\;T:E3243B98974159CC24FD2C9A8B30BA62E0E83B6CA2FC7C55177C3A7F82602E3BDD17CEB9B9091CF9DAD672B8BE961A9EAC4D344BDBA878EDC5DCB5899F689EBD8DD1BE3F67BFF9813A464382381AB36B" jtr:pbkdf2,oracle12c;'775# creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/776# creds_command << ' creds add user:example postgres:md5be86a79bf2043622d58d5453c47d4860;'777# creds_expected_output_regex << /example\s+md5be86a79bf2043622d58d5453c47d4860\s+Postgres md5\s+raw-md5,postgres\s+password$/778779creds_command << ' use auxiliary/analyze/crack_databases;'780creds_command << " set POT #{pot_file.path};"781creds_command << ' set action hashcat;'782creds_command << ' run; creds -d; exit;'783info "Run Command: #{creds_command}" if options[:verbose]784unless run_msfconsole(creds_command, creds_expected_output_regex)785puts '-------------------------------'786error "Credential verification failed. Exiting."787pot_file.close!788pot_file.unlink789exit 1790end791end792793if options[:test] == 'all' || options[:test].include?(21)794info '[21/24] Running mobile hashes in hashcat pot mode...'795796creds_expected_output_regex = []797creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'798creds_command << ' creds add user:samsungsha1 hash:D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1 jtr:android-samsung-sha1;'799creds_expected_output_regex << /samsungsha1\s+D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1\s+Nonreplayable hash\s+android-samsung-sha1\s+1234$/800creds_command << ' creds add user:androidsha1 hash:9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5 jtr:android-sha1;'801creds_expected_output_regex << /androidsha1\s+9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5\s+Nonreplayable hash\s+android-sha1\s+1234$/802creds_command << ' creds add user:androidmd5 hash:1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5 jtr:android-md5;'803creds_expected_output_regex << /androidmd5\s+1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5\s+Nonreplayable hash\s+android-md5\s+1234$/804creds_command << ' use auxiliary/analyze/crack_mobile;'805creds_command << " set POT #{pot_file.path};"806creds_command << ' set action hashcat;'807creds_command << ' run; creds -d; exit;'808info "Run Command: #{creds_command}" if options[:verbose]809unless run_msfconsole(creds_command, creds_expected_output_regex)810puts '-------------------------------'811error "Credential verification failed. Exiting."812pot_file.close!813pot_file.unlink814exit 1815end816end817818if options[:test] == 'all' || options[:test].include?(22)819info '[22/24] Running osx hashes in hashcat pot mode...'820821creds_expected_output_regex = []822creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'823creds_command << ' creds add user:xsha_hashcat hash:1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683 jtr:xsha;'824creds_expected_output_regex << /xsha_hashcat\s+1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683\s+Nonreplayable hash\s+xsha\s+hashcat$/825creds_command << ' creds add user:pbkdf2_hashcat hash:\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222 jtr:PBKDF2-HMAC-SHA512;'826creds_expected_output_regex << /pbkdf2_hashcat\s+\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$7 \(TRUNCATED\)\s+Nonreplayable hash\s+PBKDF2-HMAC-SHA512\s+hashcat$/827creds_command << ' creds add user:xsha512_hashcat hash:648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d jtr:xsha512;'828creds_expected_output_regex << /xsha512_hashcat\s+648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c0 \(TRUNCATED\)\s+Nonreplayable hash\s+xsha512\s+hashcat$/829creds_command << ' use auxiliary/analyze/crack_osx;'830creds_command << " set POT #{pot_file.path};"831creds_command << ' set action hashcat;'832creds_command << ' run; creds -d; exit;'833info "Run Command: #{creds_command}" if options[:verbose]834unless run_msfconsole(creds_command, creds_expected_output_regex)835puts '-------------------------------'836error "Credential verification failed. Exiting."837pot_file.close!838pot_file.unlink839exit 1840end841end842843if options[:test] == 'all' || options[:test].include?(23)844info '[23/24] Running webapp hashes in hashcat pot mode...'845846creds_expected_output_regex = []847creds_command = 'setg INCREMENTAL false;setg USE_CREDS false; setg USE_DB_INFO false; setg USE_DEFAULT_WORDLIST false; setg USE_HOSTNAMES false; setg USE_ROOT_WORDS false; setg WORDLIST false; setg verbose true;'848creds_command << ' creds add user:mediawiki_hashcat hash:\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898 jtr:mediawiki;'849creds_expected_output_regex << /mediawiki_hashcat\s+\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898\s+Nonreplayable hash\s+mediawiki\s+hashcat$/850creds_command << ' creds add user:phpass_p_hashcat hash:\$P\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'851creds_expected_output_regex << /phpass_p_hashcat\s+\$P\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/852creds_command << ' creds add user:phpass_h_hashcat hash:\$H\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'853creds_expected_output_regex << /phpass_h_hashcat\s+\$H\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/854creds_command << ' creds add user:atlassian_hashcat hash:{PKCS5S2}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa jtr:PBKDF2-HMAC-SHA1;'855creds_expected_output_regex << %r{atlassian_hashcat\s+\{PKCS5S2\}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa\s+Nonreplayable\s+hash\s+PBKDF2-HMAC-SHA1\s+hashcat$}856creds_command << ' use auxiliary/analyze/crack_webapps;'857creds_command << " set POT #{pot_file.path};"858creds_command << ' set action hashcat;'859creds_command << ' run; creds -d; exit;'860info "Run Command: #{creds_command}" if options[:verbose]861unless run_msfconsole(creds_command, creds_expected_output_regex)862puts '-------------------------------'863error "Credential verification failed. Exiting."864pot_file.close!865pot_file.unlink866exit 1867end868end869870if options[:test] == 'all' || options[:test].include?(24)871info '[24/24] Running all hashes in john apply_pot mode...'872873creds_expected_output_regex = []874creds_command = 'setg verbose true;'875creds_command << ' creds add user:des_password hash:rEK1ecacw.7.c jtr:des;'876creds_expected_output_regex << /des_password\s+rEK1ecacw\.7\.c\s+Nonreplayable hash\s+des\s+password$/877creds_command << ' creds add user:md5_password hash:\$1\$O3JMY.Tw\$AdLnLjQ/5jXF9.MTp3gHv/ jtr:md5;'878creds_expected_output_regex << %r{md5_password\s+\$1\$O3JMY\.Tw\$AdLnLjQ/5jXF9\.MTp3gHv/\s+Nonreplayable hash\s+md5\s+password$}879creds_command << ' creds add user:bsdi_password hash:_J9..K0AyUubDrfOgO4s jtr:bsdi;'880creds_expected_output_regex << /bsdi_password\s+_J9\.\.K0AyUubDrfOgO4s\s+Nonreplayable hash\s+bsdi\s+password$/881creds_command << ' creds add user:sha256_password hash:\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5 jtr:sha256,crypt;'882creds_expected_output_regex << %r{sha256_password\s+\$5\$MnfsQ4iN\$ZMTppKN16y/tIsUYs/obHlhdP\.Os80yXhTurpBMUbA5\s+Nonreplayable hash\s+sha256,crypt\s+password$}883creds_command << ' creds add user:sha512_password hash:\$6\$zWwwXKNj\$gLAOoZCjcr8p/.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcVEJLT/rSwZcDMlVVf/bhf.1 jtr:sha512,crypt;'884creds_expected_output_regex << %r{sha512_password\s+\$6\$zWwwXKNj\$gLAOoZCjcr8p/\.VgV/FkGC3NX7BsXys3KHYePfuIGMNjY83dVxugPYlxVg/evpcV \(TRUNCATED\)\s+Nonreplayable hash\s+sha512,crypt\s+password$}885creds_command << ' creds add user:blowfish_password hash:\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe jtr:bf;'886creds_expected_output_regex << %r{blowfish_password\s+\$2a\$05\$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe\s+Nonreplayable hash\s+bf\s+password$}887creds_command << ' creds add user:lm_password ntlm:E52CAC67419A9A224A3B108F3FA6CB6D:8846F7EAEE8FB117AD06BDD830B7586C jtr:lm;'888creds_expected_output_regex << /lm_password\s+e52cac67419a9a224a3b108f3fa6cb6d:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/889creds_command << ' creds add user:nt_password ntlm:AAD3B435B51404EEAAD3B435B51404EE:8846F7EAEE8FB117AD06BDD830B7586C jtr:nt;'890creds_expected_output_regex << /nt_password\s+aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c\s+NTLM hash\s+nt,lm\s+password$/891creds_command << ' creds add user:u4-netntlm hash:u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c jtr:netntlm;'892creds_expected_output_regex << /u4-netntlm\s+u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a \(TRUNCATED\)\s+Nonreplayable hash\s+netntlm\s+hashcat$/893creds_command << ' creds add user:admin hash:admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 jtr:netntlmv2;'894creds_expected_output_regex << /admin\s+admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c783031 \(TRUNCATED\)\s+Nonreplayable hash\s+netntlmv2\s+hashcat$/895creds_command << ' creds add user:mscash-test1 hash:M\$test1#64cd29e36a8431a2b111378564a10631 jtr:mscash;'896creds_expected_output_regex << /mscash-test1\s+M\$test1\#64cd29e36a8431a2b111378564a10631\s+Nonreplayable hash\s+mscash\s+test1$/897creds_command << ' creds add user:mscash2-hashcat hash:\$DCC2\$10240#tom#e4e938d12fe5974dc42a90120bd9c90f jtr:mscash2;'898creds_expected_output_regex << /mscash2-hashcat\s+\$DCC2\$10240\#tom\#e4e938d12fe5974dc42a90120bd9c90f\s+Nonreplayable hash\s+mscash2\s+hashcat$/899creds_command << ' creds add user:mssql05_toto hash:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 jtr:mssql05;'900creds_expected_output_regex << /mssql05_toto\s+0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908\s+Nonreplayable hash\s+mssql05\s+toto$/901creds_command << ' creds add user:mssql_foo hash:0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6913CE747006A2E3254 jtr:mssql;'902creds_expected_output_regex << /mssql_foo\s+0x0100A607BA7C54A24D17B565C59F1743776A10250F581D482DA8B6D6261460D3F53B279CC6 \(TRUNCATED\)\s+Nonreplayable hash\s+mssql\s+FOO$/903creds_command << ' creds add user:mssql12_Password1! hash:0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE92CC9347ECCB34C3EFADAF2FD99BFFECD8D9150DD6AACB5D409A9D2652A4E0AF16 jtr:mssql12;'904creds_expected_output_regex << /mssql12_Password1!\s+0x0200F733058A07892C5CACE899768F89965F6BD1DED7955FE89E1C9A10E27849B0B213B5CE \(TRUNCATED\)\s+Nonreplayable hash\s+mssql12\s+Password1!$/905creds_command << ' creds add user:mysql_probe hash:445ff82636a7ba59 jtr:mysql;'906creds_expected_output_regex << /mysql_probe\s+445ff82636a7ba59\s+Nonreplayable hash\s+mysql\s+probe$/907creds_command << ' creds add user:mysql-sha1_tere hash:*5AD8F88516BD021DD43F171E2C785C69F8E54ADB jtr:mysql-sha1;'908creds_expected_output_regex << /mysql-sha1_tere\s+\*5AD8F88516BD021DD43F171E2C785C69F8E54ADB\s+Nonreplayable hash\s+mysql-sha1\s+tere$/909creds_command << ' creds add user:simon hash:4F8BC1809CB2AF77 jtr:des,oracle;'910creds_expected_output_regex << /simon\s+4F8BC1809CB2AF77\s+Nonreplayable hash\s+des,oracle\s+A$/911creds_command << ' creds add user:SYSTEM hash:9EEDFA0AD26C6D52 jtr:des,oracle;'912creds_expected_output_regex << /SYSTEM\s+9EEDFA0AD26C6D52\s+Nonreplayable hash\s+des,oracle\s+THALES$/913# mobile is done on hashcat, not john, so skip these914# creds_command << ' creds add user:samsungsha1 hash:D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1 jtr:android-samsung-sha1;'915# creds_expected_output_regex << /samsungsha1\s+D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1\s+Nonreplayable hash\s+android-samsung-sha1\s+1234$/916# creds_command << ' creds add user:androidsha1 hash:9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5 jtr:android-sha1;'917# creds_expected_output_regex << /androidsha1\s+9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5\s+Nonreplayable hash\s+android-sha1\s+1234$/918# creds_command << ' creds add user:androidmd5 hash:1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5 jtr:android-md5;'919# creds_expected_output_regex << /androidmd5\s+1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5\s+Nonreplayable hash\s+android-md5\s+1234$/920creds_command << ' creds add user:xsha_hashcat hash:1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683 jtr:xsha;'921creds_expected_output_regex << /xsha_hashcat\s+1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683\s+Nonreplayable hash\s+xsha\s+hashcat$/922creds_command << ' creds add user:pbkdf2_hashcat hash:\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$752351df64dd2ce9dc9c64a72ad91de6581a15c19176266b44d98919dfa81f0f96cbcb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222 jtr:PBKDF2-HMAC-SHA512;'923creds_expected_output_regex << /pbkdf2_hashcat\s+\$ml\$35460\$93a94bd24b5de64d79a5e49fa372827e739f4d7b6975c752c9a0ff1e5cf72e05\$7 \(TRUNCATED\)\s+Nonreplayable hash\s+PBKDF2-HMAC-SHA512\s+hashcat$/924creds_command << ' creds add user:xsha512_hashcat hash:648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c007db6882680b09962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d jtr:xsha512;'925creds_expected_output_regex << /xsha512_hashcat\s+648742485c9b0acd786a233b2330197223118111b481abfa0ab8b3e8ede5f014fc7c523991c0 \(TRUNCATED\)\s+Nonreplayable hash\s+xsha512\s+hashcat$/926creds_command << ' creds add user:mediawiki_hashcat hash:\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898 jtr:mediawiki;'927creds_expected_output_regex << /mediawiki_hashcat\s+\$B\$56668501\$0ce106caa70af57fd525aeaf80ef2898\s+Nonreplayable hash\s+mediawiki\s+hashcat$/928creds_command << ' creds add user:phpass_p_hashcat hash:\$P\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'929creds_expected_output_regex << /phpass_p_hashcat\s+\$P\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/930creds_command << ' creds add user:phpass_h_hashcat hash:\$H\$984478476IagS59wHZvyQMArzfx58u. jtr:phpass;'931creds_expected_output_regex << /phpass_h_hashcat\s+\$H\$984478476IagS59wHZvyQMArzfx58u\.\s+Nonreplayable hash\s+phpass\s+hashcat$/932creds_command << ' creds add user:atlassian_hashcat hash:{PKCS5S2}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa jtr:PBKDF2-HMAC-SHA1;'933creds_expected_output_regex << %r{atlassian_hashcat\s+\{PKCS5S2\}NzIyNzM0NzY3NTIwNjI3MdDDis7wPxSbSzfFqDGf7u/L00kSEnupbz36XCL0m7wa\s+Nonreplayable\s+hash\s+PBKDF2-HMAC-SHA1\s+hashcat$}934creds_command << ' use auxiliary/analyze/apply_pot;'935creds_command << " set POT #{pot_file.path};"936creds_command << ' run; creds -d; exit;'937info "Run Command: #{creds_command}" if options[:verbose]938unless run_msfconsole(creds_command, creds_expected_output_regex)939puts '-------------------------------'940error "Credential verification failed. Exiting."941pot_file.close!942pot_file.unlink943exit 1944end945end946947pot_file.close!948pot_file.unlink949950puts '-------------------------------'951good 'All checks passed successfully!'952info "Script runtime: #{Time.now - start_time} seconds"953954