Adds auto selection of cracker for password crackers #20418
Conversation
msutovsky-r7
changed the title
| def getaction | ||
| newaction = action.name | ||
| if action.name == 'auto' | ||
| path = Rex::FileUtils.find_full_path('hashcat') || | ||
| Rex::FileUtils.find_full_path('hashcat.exe') | ||
| if path | ||
| newaction = 'hashcat' | ||
| else | ||
| path = Rex::FileUtils.find_full_path('john') || | ||
| Rex::FileUtils.find_full_path('john.exe') | ||
| if path | ||
| newaction = 'john' | ||
| else | ||
| raise PasswordCrackerNotFoundError, 'No suitable john/hashcat binary was found on the system' | ||
| end | ||
| end | ||
| end | ||
| return newaction | ||
| end |
There was a problem hiding this comment.
This just does exactly what is in cracker.rb - I think we should keep the logic there and not move it separately into each module.
There was a problem hiding this comment.
I would adjust little bit logic here to adapt it more for auto option. It might be better to move search for john and hashcat into separate functions:
def get_hashcat
Rex::FileUtils.find_full_path('hashcat') ||
Rex::FileUtils.find_full_path('hashcat.exe')
end
def get_john
Rex::FileUtils.find_full_path('john') ||
Rex::FileUtils.find_full_path('john.exe')
end
I would also adjust logic in binary_path little bit:
def binary_path
if cracker_path && ::File.file?(cracker_path)
return cracker_path
else
case cracker
when 'hashcat'
path = get_hashcat
when 'john'
path = get_john
when 'auto'
path = get_hashcat || get_john
else
raise PasswordCrackerNotFoundError, 'No suitable password cracker binary was found on the system'
end
raise PasswordCrackerNotFoundError, 'Could not find request cracker binary on the system' unless path && ::File.file?(path)
path
end
end
There was a problem hiding this comment.
Hello, I've just committed the changes you requested. I removed the previously added features from the following files:
- crack_aix.rb
- crack_databases.rb
- crack_linux.rb
- crack_osx.rb
- crack_webapps.rb
- crack_windows.rb
and improved the cracker.rb file as you requested. I'm not sure what approach I should take to implement the “auto” function without affecting the other modules.
There was a problem hiding this comment.
Suggested some changes for you here - feel free to use/adjust at your will.
…ction Suggests additional changes for PR
Description
The changes satisfy the requests made in issue number #20396.
The first change was made in the file “lib/metasploit/framework/password_crackers/cracker.rb”
to the “binary_path” function. In the issue, the user reported that if John The Ripper was not detected by Metasploit, it would not check if Hashcat was installed, so I modified the function so that there are four concatenated if statements rather than an if-elsif-else statement.
The second change is in “modules/auxiliary/analyze/” in the files:
They received the same change with the same implementation. I added an action, “auto.” If this action is used, the module will see if either Hashcat or John The Ripper is installed and will choose one of the two, preferring Hashcat.
Verification
msfconsoleuse auxiliary/analyze/crack_databasesset action autocreds add user:test_user postgres:md55d41402abc4b2a76b9719d911017c592run