Network Security - UNIX Cracker

1. import crypt
2. import itertools
3. from time import gmtime, strftime
4. import fileinput
5.  
6. def menu():
7.         RUN = "yes"
8.         print "Password cracking tool for SECRYPT Coursework 2012"
9.         print "Group Members: 457040, 480864, 503350"
10.         print "Please do not distribute without prior permission from"
11.         print "the University of Portsmouth and group members"
12.         SOURCEFILE = raw_input("Please first enter the password file to crack: ")
13.         while RUN == "yes":
14.                 #loop until user types exit
15.                 print
16.                 print "Please choose the desired crack from the following options:"
17.                 print "1.   User Data Attack"
18.                 print "2.   Dictionary Attacks"
19.                 print "3.   Generate Hash Tables"
20.                 print "4.   Test Hash Tables"
21.                 print "5.   Brute Force"
22.                 print "all  All Attacks"
23.                 print "exit Exit the program"
24.                 print
25.                 CHOICE = raw_input("Option: ")
26.                 if CHOICE == "1":
27.                         SimpleUserAttack(SOURCEFILE)
28.                 elif CHOICE == "2":
29.                         DictionaryAttack(SOURCEFILE)
30.                 elif CHOICE == "3":
31.                         GenHashTables()
32.                 elif CHOICE == "4":
33.                         ChkHashTables(SOURCEFILE)
34.                 elif CHOICE == "5":
35.                         BruteForce(SOURCEFILE)
36.                 elif CHOICE == "all":
37.                         SimpleUserAttack(SOURCEFILE)
38.                         DictionaryAttack(SOURCEFILE)
39.                         GenHashTables()
40.                         ChkHashTables(SOURCEFILE)
41.                         BruteForce(SOURCEFILE)
42.                 elif CHOICE == "exit":
43.                         RUN = "no"
44.  
45. def PASSWORDCHECK(TESTPHRASE, PASSWORD, USERNAME, WORD):
46.         if TESTPHRASE == PASSWORD:
47.                 print USERNAME, "has the password:", WORD
48.                        
49. def DictionaryAttack(SOURCEFILE):
50.         print
51.         print "-----Select Source Files-----"
52.         DICT = raw_input("Please enter the name of the dictionary to use: ")
53.         SALT = "aa"
54.         print
55.         #Opens the dictionary and the password file
56.         DICTIONARY = open(DICT, 'r').readlines()
57.         PASSFILE = open(SOURCEFILE, 'r').readlines()
58.         #Will run the dictionary unaltered to check for any initial matches
59.         print "-----Testing Standard Dictionary-----"
60.         for WORD in DICTIONARY:
61.                 WORD = WORD.rstrip('\n')
62.                 TESTPHRASE = crypt.crypt(WORD, SALT)
63.                 #Splits the single long string of the password file lines up into seperate lists so usernames
64.                 #and passwords can be picked out
65.                 for LINE in PASSFILE:
66.                         TEMP = LINE.split(':')
67.                         PASSWORD = TEMP[1]
68.                         USERNAME = TEMP[0]
69.                         #Passes all the necessary variables to the PASSWORDCHECK function to assess for any matches
70.                         PASSWORDCHECK(TESTPHRASE, PASSWORD, USERNAME, WORD)
71.         #Will capitalize the start of each passphrase and then check for any further matches
72.         print
73.         print "-----Testing Modified Dictionaries-----"
74.         for WORD in DICTIONARY:
75.                 WORD = WORD.rstrip('\n')
76.                 WORD = WORD.capitalize()
77.                 TESTPHRASE = crypt.crypt(WORD, SALT)
78.                 for LINE in PASSFILE:
79.                         TEMP = LINE.split(':')
80.                         PASSWORD = TEMP[1]
81.                         USERNAME = TEMP[0]
82.                         PASSWORDCHECK(TESTPHRASE, PASSWORD, USERNAME, WORD)
83.  
84. def SimpleUserAttack(SOURCEFILE):
85.         PASSFILE = open(SOURCEFILE, 'r').readlines()
86.         SALT = "aa"
87.         print
88.         print "-----Testing Stored User Data-----"
89.         for LINE in PASSFILE:
90.                 TEMP = LINE.split(':')
91.                 #Stores the hash of the password to be tested
92.                 PASSWORD = TEMP[1]
93.                 USERNAME = TEMP[0]
94.                 #Extracts the additional information field from the password file
95.                 ADDITIONALDATA = TEMP[4]
96.                 #Splits the additional information into a list of useable strings
97.                 TEMP = ADDITIONALDATA.split(',')
98.                 #Stores the number found in the additional information field
99.                 REFNUM = TEMP[1]
100.                 #Stores the users first and last name to be used for testing
101.                 FULLNAME = TEMP[0]
102.                 TEMP = FULLNAME.split(' ')
103.                 FIRSTNAME = TEMP[0]
104.                 SURNAME = TEMP[1]
105.                 TESTPHRASE = SURNAME.lower() + REFNUM
106.                 #Trims the test phrase to an 8 character string as this
107.                 #is the maximum LENGTH for DES encrypted passwords
108.                 TESTPHRASE = TESTPHRASE[:8]
109.                 WORD = TESTPHRASE
110.                 TESTPHRASE = crypt.crypt(TESTPHRASE, SALT)
111.                 #First test uses last name + number
112.                 PASSWORDCHECK(TESTPHRASE, PASSWORD, USERNAME, WORD)
113.                 TESTPHRASE = FIRSTNAME.lower() + SURNAME.lower()
114.                 TESTPHRASE = TESTPHRASE[:8]
115.                 WORD = TESTPHRASE
116.                 TESTPHRASE = crypt.crypt(TESTPHRASE, SALT)
117.                 #Second test uses first name + last name
118.                 PASSWORDCHECK(TESTPHRASE, PASSWORD, USERNAME, WORD)
119.                 TESTPHRASE = FIRSTNAME.lower() + REFNUM
120.                 TESTPHRASE = TESTPHRASE[:8]
121.                 WORD = TESTPHRASE
122.                 TESTPHRASE = crypt.crypt(TESTPHRASE, SALT)
123.                 #Third test uses first name + number
124.                 PASSWORDCHECK(TESTPHRASE, PASSWORD, USERNAME, WORD)
125.                 TESTPHRASE = SURNAME.lower() + FIRSTNAME.lower()
126.                 TESTPHRASE = TESTPHRASE[:8]
127.                 WORD = TESTPHRASE
128.                 TESTPHRASE = crypt.crypt(TESTPHRASE, SALT)
129.                 #Last test uses last name + first name
130.                 PASSWORDCHECK(TESTPHRASE, PASSWORD, USERNAME, WORD)
131.  
132. def GenHashTables():
133.         print
134.         print "-----Hash Table Generator-----"
135.         CHARSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
136.         #Allows user to chose start and end point for generation
137.         LENGTH = int(raw_input("First Table LENGTH to Generate: "))
138.         LAST = int(raw_input("Last Table LENGTH to Generate: "))
139.         TMPLENGTH = LENGTH
140.         SIZENEEDED = float(0)
141.         while TMPLENGTH <= LAST:
142.                 #Calculates the amount of space needed to store the tables in bytes
143.                 SIZENEEDED = SIZENEEDED + ((15+TMPLENGTH)*pow(62,TMPLENGTH))
144.                 TMPLENGTH = TMPLENGTH + 1
145.         if SIZENEEDED >= 1073741824:
146.                 #Warns the user if the space needed is more than 1 GB
147.                 SIZENEEDED = '%.2f' % (SIZENEEDED / float(1073741824))
148.                 print "WARNING!!! - This requires " + str(SIZENEEDED) + " GB of space."
149.                 CONTINUE = raw_input("Type 'generate tables' to continue: ")
150.                 if CONTINUE != "generate tables":
151.                         #Only continues if the user types 'generate tables' correctly
152.                         return
153.         while LENGTH <= LAST:
154.                 #Loops though the tables to be generated
155.                 print strftime("%d-%m-%Y %H:%M:%S - Generating "+str(LENGTH)+" Character Passwords.", gmtime())
156.                 HASHFILE=open("HashTable_" + str(LENGTH), "a+")
157.                 COMBOS = itertools.product(*[CHARSET]*LENGTH)
158.                 for COMBO in COMBOS:
159.                         #Converts the tuple to a string
160.                         COMBO = ''.join(COMBO)
161.                         #Hashes the password using the salt 'aa'
162.                         CRYPT = crypt.crypt(COMBO, "aa")
163.                         #Saves the hash in the format Password:Hash, 1 per line
164.                         TOWRITE = COMBO + ":" + CRYPT + "\n"
165.                         HASHFILE.write(TOWRITE)
166.                 HASHFILE.close()
167.                 LENGTH = LENGTH + 1
168.         print strftime("%d-%m-%Y %H:%M:%S - Finshed Generating Hash Tables.", gmtime())
169.  
170. def ChkHashTables(FILE):
171.         print
172.         print "-----Hash Table Attack-----"
173.         #Gets the user to enter the first and last tables they have generated
174.         LENGTH = int(raw_input("First Hash Table Length: "))
175.         LAST = int(raw_input("Last Hash Table Length: "))
176.         FOUND = 0      
177.         while LENGTH <= LAST:
178.                 #loops though the first to last tables
179.                 print strftime("%d-%m-%Y %H:%M:%S - Testing "+str(LENGTH)+" Character Passwords.", gmtime())
180.                 for HASHLINE in fileinput.input("HashTable_" + str(LENGTH)):
181.                         #seperates the password from the hash
182.                         HASHITEMS = HASHLINE.split(':')
183.                         #removes the newline character
184.                         CRYPT = HASHITEMS[1].rstrip('\n')
185.                         for USER in open(FILE, 'r').readlines():
186.                                 #Checks the current has agains all the hashes in the provided password file
187.                                 USERITEMS = USER.split(':')
188.                                 UCRYPT = USERITEMS[1]
189.                                 if UCRYPT == CRYPT:
190.                                         #If a match is found increment found, inform the user and write the match to file.
191.                                         FOUND = FOUND + 1
192.                                         print strftime("%d-%m-%Y %H:%M:%S - Found "+str(FOUND)+" Password(s).", gmtime())
193.                                         TOWRITE = USERITEMS[0] + ":" + HASHITEMS[0] + "\n"
194.                                         FOUNDFILE=open("FoundPasswordsHashTables.txt", "a+")
195.                                         FOUNDFILE.write(TOWRITE)
196.                                         FOUNDFILE.close()
197.                 LENGTH = LENGTH + 1
198.         print strftime("%d-%m-%Y %H:%M:%S - Finshed Testing with Hash Tables.", gmtime())
199.         if FOUND > 0:
200.                 #If matches found print out matches
201.                 print "The following matches where found and saved to FoundPasswordsHashTables.txt"
202.                 for PASSWORDMATCH in open("FoundPasswordsHashTables.txt", 'r').readlines():
203.                         print PASSWORDMATCH.rstrip('\n')
204.  
205. def BruteForce(FILE):
206.         print
207.         print "-----Brute Force Attack-----"
208.         CHARSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
209.         #allows the user to set min and max password lengths
210.         LENGTH = int(raw_input("Length to Start Attack From: "))
211.         LAST = int(raw_input("Stop Attack at: "))
212.         FOUND = 0
213.         while LENGTH <= LAST:
214.                 #loops though Lengths
215.                 print strftime("%d-%m-%Y %H:%M:%S - Testing "+str(LENGTH)+" Character Passwords.", gmtime())
216.                 COMBOS = itertools.product(*[CHARSET]*LENGTH)
217.                 LENGTH = LENGTH + 1
218.                 for COMBO in COMBOS:
219.                         #Converts the tuple to a string
220.                         COMBO = ''.join(COMBO)
221.                         #hashes the combination using the salt 'aa'
222.                         CRYPT = crypt.crypt(COMBO, "aa")
223.                         for USER in open(FILE, 'r').readlines():
224.                                 #test the current hash against all hashes in the password file
225.                                 USERITEMS = USER.split(':')
226.                                 UCRYPT = USERITEMS[1]
227.                                 if UCRYPT == CRYPT:
228.                                         #if a match is found increment counter, inform user and save the match to file
229.                                         FOUND = FOUND + 1
230.                                         print strftime("%d-%m-%Y %H:%M:%S - Found "+str(FOUND)+" Password(s).", gmtime())
231.                                         TOWRITE = USERITEMS[0] + ":" + COMBO + "\n"
232.                                         FOUNDFILE=open("FoundPasswordsBruteForce.txt", "a+")
233.                                         FOUNDFILE.write(TOWRITE)
234.                                         FOUNDFILE.close()
235.         print strftime("%d-%m-%Y %H:%M:%S - Finshed Testing with Brute Force.", gmtime())
236.         if FOUND > 0:
237.                 #if passwords where found print them out
238.                 print "The following matches where found and saved to FoundPasswordsBruteForce.txt"
239.                 for PASSWORDMATCH in open("FoundPasswordsBruteForce.txt", 'r').readlines():
240.                         print PASSWORDMATCH.rstrip('\n')
241.                        
242. if __name__ == "__main__":
243.         #autostart the menu system
244.         menu()