Password Analysis To Hashcat (PATH) Script

Sunday, June 03, 2012

Contributed By:
f8lerror

What is PATH? It is a script that integrates password analysis and Hashcat.

First and foremost let me say, I do not code on a regular basis. I created this script out of necessity and part laziness. DigiNinja's Password analysis tool Pipal is what got me thinking about creating this.

I found myself analyzing list with Pipal and taking the Hashcat masks from the output one by one back into Hashcat. From time to time my box would sit idle because I didn't know the exact moment the bruteforce had completed and sometimes it sat idle for hours.

I grew tired of waiting and restarting Hashcat so I automated it and PATH was born. PATH is written in Python and is simple to use with a few command line options.

PATH can take a list of passwords then generate Hashcat masks and display them. However, the fun part comes in when you apply the cracking option. This takes your list, analyzes it, generates the masks and starts the brute-force attack, with each mask sequentially.

You can also start with just a list of hashes and a large dictionary and the cracking option. PATH can take this list start a dictionary attack, analyze the output, generate the masks and start the brute-force attack. You can even specify rules, if you do it will run the plain dictionary first then run it again with the rule applied.

Here is the help file:

Password Analysis To Hashcat (PATH): Generate Hashcat Masks From A Wordlist

Start a BruteForce Attack With The Results

optional arguments:

-h, --help show this help message and exit

-i INPUT, --input: Input File Name for Mask Analysis

-t TOP, --top:How Many Values Outputted Default 10

-o OUTPUT, --output: Output File Name

-c, --crackmode: Enables Brute ForceCrack Mode

-s SDICT, --sdict: Initial Dictionary

-p PHASH, --phash: Password Hash Type

-l HASHLIST, --hashlist: List of Hashes

-r RULES, --rules: Apply Rules to Inital Dictionary

-u, --usage How to Use This Tool

Example usage:

python PATH.py -s bigdict.txt -l hashes.txt -p 0 -o output.txt -c

python PATH.py -i plain.txt -c

(click image to enlarge)

This script requires a minimum of Python 2.7 and HashcatPlus. As long as the switches in Hashcat stay the same it should continue to work fine as versions progress. *This was tested only with MD5, LM and NTLM hashes. You must define the location of HashcatPlus in the script prior to running it.

You can copy and past the code from my site http://tickorone.wordpress.com/2012/06/02/password-analysis-to-hashcat-path-script/ or the infosecisland admins can paste it in here.

Cross-posted from TickOrOne

Share This! |

Views:	4209
Categories:	Network Access Control

Post Rating I Like this!

Comments:

You Must Register or Login to Comment

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked

Latest Member Comments

"Android is always preferable over any OS, very much flexible. Waiting for it's desktop popularity... http://www.doctorbrakes.com"

Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013

"http://www.lovewigs88.com"

Is BYOD a Nightmare for IT Security or a Dre... Sasa Miss on 05-16-2013

"http://www.wighair.co.uk/"

FTC Seeks Comment on Proposed Revisions to C... Sasa Miss on 05-16-2013

"http://www.lovewigs88.com"

How to Protect Your Privacy from Facebook's ... Sasa Miss on 05-16-2013