├── LICENSE ├── README.md ├── blender.sh ├── combimask.sh ├── cutb-revisit.sh ├── cutb.sh ├── evil-cutb.sh ├── fingercut.sh ├── hybridmask.sh ├── mask.sh ├── policy.sh ├── pp.sh ├── ppp.sh ├── raking.sh └── rules.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Dustin Heywood 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # hashcat-scripts 2 | Random Hashcat Scrips 3 | 4 | # Fingercut 5 | New script I added, combines dynamic expander and fingerprint attacks into one script 6 | 7 | This Bash script automates the process of expanding a wordlist using the `hashcat-utils` `expander.bin` utility, followed by cutting and processing the expanded wordlist. Below is an overview of its functionality: 8 | 9 | ### Features 10 | 11 | 1. **Input Validation**: 12 | - The script checks if a valid input wordlist file is provided. 13 | - If the file does not exist or is missing, the script aborts with an error message. 14 | 15 | 2. **Wordlist Expansion**: 16 | - The input wordlist is processed through `expander.bin`, generating variations for each word. 17 | - The expanded words are stored and appended to the original wordlist. 18 | 19 | 3. **Dynamic Length Calculation**: 20 | - The script determines the length of the longest line in the updated wordlist. 21 | - The maximum length is capped at 16 characters to avoid overly large cuts. 22 | 23 | 4. **Cut Operations**: 24 | - The wordlist is processed by cutting the first and last portions of each line, up to half the maximum line length. 25 | - For odd-length lines, the middle character is processed separately. 26 | 27 | 5. **Sorting and Uniqueness**: 28 | - After the cut operations, the results are sorted and made unique to ensure clean output. 29 | - The final output is saved to a specified file. 30 | 31 | 6. **Runtime Calculation**: 32 | - The script logs the start and end times of the operation. 33 | - It provides a human-readable summary of the total runtime in hours, minutes, and seconds. 34 | 35 | ### Usage Example 36 | 37 | ```bash 38 | ./fingercut.sh 39 | ``` 40 | 41 | # evilmogs random ad methodology 42 | realistically I would go with the following approach: 43 | 44 | 1. run rockyou with -g 100000 or all the rulesets combined 45 | 2. run expander (modified to max at 8 or 10), and then run -a1 46 | 3. run cutb with -a1 47 | 4. run rockyou through princeprocessor and then pipe into hashcat with -g 100000 48 | 5. extract the plains from the potfile, pipe them through expander and cutb again, run the -a1 attack, then run the founds through princeprocessor with -g 100000 49 | 6. repeat step 5 50 | 7. run expanded dict through prince processor with -g 100000 51 | 8. run cutb through pp, same deal 52 | 9. repeat step 5 53 | 10. use PACK and generate masks 54 | 11. try other random rules 55 | 12. run rockyou through expander, run -a1 56 | and then basically repeat 57 | 13. also pipe in the usernames into the above process 58 | 14. when using rules turn on debug mode and capture the rules 59 | 15. use cewl and crunch to generate a wordlist, repeat the above 60 | 61 | # random snippits 62 | 63 | ## A1 Grind 64 | 65 | for i in $(seq 1 30); do ./hashcat.bin ../ntlm.hash -m 1000 --show | cut -d: -f2- | /opt/utils/hashcat-utils/src/expander.bin | sort -u > cand.exp; ./hashcat.bin ../ntlm.hash -m 1000 -a 1 cand.exp cand.exp -O; done 66 | 67 | ## Prince Fingerprint 68 | cut -d: -f2- < ~/.hashcat/hashcat.potfile | sort -u | ~/hashcat-utils/src/expander.bin | sort -u | ~/princeprocessor/pp64.bin | ~/princeprocessor/pp64.bin | hashcat -m1000 ntds.ntds 69 | 70 | ## Prince Grind - Cutb 71 | for i in $(seq 1 50); do ./hashcat.bin ../ntlm.hash -m 1000 --show | cut -d: -f2- | sort -u > cand.lst; shuf cand.lst | /opt/utils/princeprocessor/src/pp64.bin | ./hashcat.bin ../ntlm.hash -m 1000 -a 0 -O -g 100000; done 72 | 73 | ## Expander Rockyou generate 74 | expander.bin < rockyou.txt | sort -u > rockyou.exp; for i in $(seq 1 200); do shuf rockyou.exp | ./hashcat.bin -m 1000 -O -w3 ntds.dit -g 100000; done 75 | 76 | -------------------------------------------------------------------------------- /blender.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | pppath="/opt/utils/princeprocessor/src" 3 | hupath="/opt/utils/hashcat-utils/src" 4 | hcpath="/opt/cracken2/hashcat" 5 | workpath="/opt/evilmog/tmp" 6 | 7 | echo "[+] Sorting Potfile" 8 | cut -d: -f2- < $hcpath/hashcat.potfile | sort -u > $workpath/cand.lst 9 | 10 | echo "[+] Running Cutb" 11 | for i in {1..8}; do 12 | echo "[+] Forward Cutb segment $i" 13 | $hupath/cutb.bin 0 $i < $workpath/cand.lst | sort -u > $workpath/$i-first.txt 14 | done 15 | 16 | for i in {1..8}; do 17 | echo "[+] Reverse Cutb segment $i" 18 | $hupath/cutb.bin -$i < $workpath/cand.lst | sort -u > $workpath/$i-last.txt 19 | done 20 | 21 | echo "[+] Cat Cutb" 22 | cat $workpath/*-first.txt $workpath/*-last.txt | sort -u > $workpath/cand.cutb 23 | echo "[+] First Expander" 24 | $hupath/expander.bin < $workpath/cand.lst | sort -u > $workpath/cand.exp 25 | echo "[+] Cutb Expander" 26 | $hupath/expander.bin < $workpath/cand.cutb | sort -u > $workpath/cand.cutb.exp 27 | 28 | -------------------------------------------------------------------------------- /combimask.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | workpath="/opt/evilmog/tmp" 3 | hupath="/opt/utils/hashcat-utils/src" 4 | 5 | $hupath/combinator.bin $workpath/hybrid.sorted.hcmask $workpath/hybrid.sorted.hcmask | sort -u > $workpath/hybrid.raw.hcmask 6 | $hupath/len.bin 16 20 < $workpath/hybrid.raw.hcmask | sort -u > $workpath/hybrid.cutb.hcmask 7 | -------------------------------------------------------------------------------- /cutb-revisit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | hupath="/opt/utils/hashcat-utils/src" 3 | hcpath="/opt/cracken2/hashcat" 4 | workpath="/opt/evilmog/tmp" 5 | 6 | echo "[+] Sorting Potfile" 7 | cut -d: -f2- < $hcpath/hashcat.potfile | sort -u > $workpath/cand.lst 8 | for i in {1..8}; do 9 | for s in $( eval echo {0..$i} ); do 10 | $hupath/cutb.bin $s $i < $workpath/cand.lst | sort -u > $workpath/$i-first-seq.txt 11 | done 12 | done 13 | for i in {1..8}; do 14 | $hupath/cutb.bin -$i < $workpath/cand.lst | sort -u > $workpath/$i-last-seq.txt 15 | done 16 | 17 | cat $workpath/*-first-seq.txt $workpath/*-last-seq.txt | sort -u > $workpath/cand.seq.cutb 18 | $hupath/expander.bin < $workpath/cand.seq.cutb | sort -u > $workpath/cand.seq.cutb.exp 19 | -------------------------------------------------------------------------------- /cutb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | pp_path="/opt/utils/princeprocessor/src" 3 | hu_path="/opt/utils/hashcat-utils/src" 4 | work_path="/opt/cutb" 5 | 6 | for i in {1..8}; do 7 | $pp_path/cutb.bin 0 $i < $1 | sort -u > $workpath/$i-first.txt 8 | done 9 | 10 | for i in {1..8}; do 11 | $pp_path/cutb.bin -$i < $1 | sort -u > $workpath/$i-last.txt 12 | done 13 | 14 | cat $workpath/*-first.txt $workpath/*-last.txt | sort -u > $workpath/cand.cutb 15 | -------------------------------------------------------------------------------- /evil-cutb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | hupath="/opt/utils/hashcat-utils/src" 3 | hcpath="/opt/cracken2/hashcat" 4 | workpath="/opt/evilmog/tmp" 5 | 6 | echo "[+] Sorting Potfile" 7 | cut -d: -f2- < $hcpath/hashcat.potfile | sort -u > $workpath/cand.lst 8 | for i in {1..8}; do 9 | for s in $( eval echo {0..$i} ); do 10 | $hupath/cutb.bin 0 $i < $workpath/cand.lst | sort -u > $workpath/$i-first-seq.txt 11 | done 12 | done 13 | for i in {1..8}; do 14 | $hupath/cutb.bin -$i < $workpath/cand.lst | sort -u > $workpath/$i-last-seq.txt 15 | done 16 | cat $workpath/*-first-seq.txt $workpath/*-last-seq.txt | sort -u > $workpath/cand.seq.cutb 17 | $hupath/expander.bin < $workpath/cand.seq.cutb | sort -u > $workpath/cand.seq.cutb.exp 18 | for i in {1..8}; do 19 | for s in $( eval echo {0..$i} ); do 20 | $hupath/cutb.bin 0 $i < $workpath/cand.seq.cutb.exp | sort -u > $workpath/$i-first-seq.txt 21 | done 22 | done 23 | for i in {1..8}; do 24 | $hupath/cutb.bin -$i < $workpath/cand.seq.cutb.exp | sort -u > $workpath/$i-last-seq.txt 25 | done 26 | cat $workpath/*-first-seq.txt $workpath/*-last-seq.txt | sort -u > $workpath/cand.seq.cutb.seq.cutb 27 | $hupath/expander.bin < $workpath/cand.seq.cutb.seq.cutb | sort -u > $workpath/cand.seq.cutb.seq.cutb.exp 28 | -------------------------------------------------------------------------------- /fingercut.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Define path to hashcat-utils and the working directory 4 | hu_path="/opt/hashcat-utils/src" 5 | work_path="/opt/cutb" 6 | input_file="$1" 7 | 8 | # Check if input file is provided and exists 9 | if [ -z "$input_file" ]; then 10 | echo "Error: No input wordlist provided." 11 | echo "Usage: $0 " 12 | exit 1 13 | fi 14 | 15 | # Ensure work_path exists 16 | mkdir -p "$work_path" 17 | 18 | # Start time (in seconds) 19 | start_time=$(date +%s) 20 | 21 | # Step 1: Run expander on the input wordlist 22 | echo "Running expander on the input wordlist..." 23 | 24 | # Generate intermediate wordlist (cand.exp) 25 | $hu_path/expander.bin < "$input_file" | sort -u > "$work_path/cand.exp" 26 | 27 | # Step 2: Append the expanded results to the input wordlist 28 | echo "Appending expanded words to the intermediate wordlist..." 29 | 30 | cat "$work_path/cand.exp" >> "$input_file" 31 | 32 | # Step 3: Find the maximum line length in the entire input file 33 | echo "Determining the longest line in the input file..." 34 | 35 | max_length=$(awk '{ if (length > max) max = length } END { print max }' "$input_file") 36 | 37 | # Cap max_length at 16 characters (since that's the maximum we care about) 38 | if [ "$max_length" -gt 16 ]; then 39 | max_length=16 40 | fi 41 | 42 | echo "Detected max line length: $max_length" 43 | echo "Processing cuts up to a maximum of $max_length characters..." 44 | 45 | # Step 4: Perform the cut operations on the input file 46 | 47 | # Cut the first half of the string (up to max_length) 48 | for i in $(seq 1 $(($max_length / 2))); do 49 | $hu_path/cutb.bin 0 $i < "$input_file" | sort -u >> "$work_path/cand.cutb" 50 | done 51 | 52 | # Cut the last half of the string (up to max_length) 53 | for i in $(seq 1 $(($max_length / 2))); do 54 | $hu_path/cutb.bin -$i < "$input_file" | sort -u >> "$work_path/cand.cutb" 55 | done 56 | 57 | # For odd-length strings, handle the middle character 58 | if [ $(($max_length % 2)) -eq 1 ]; then 59 | middle_index=$(($max_length / 2 + 1)) 60 | $hu_path/cutb.bin 0 $middle_index < "$input_file" | sort -u >> "$work_path/cand.cutb" 61 | fi 62 | 63 | # Step 5: Final sort and unique to produce the result 64 | sort -u "$work_path/cand.cutb" -o "$work_path/cand.cutb" 65 | 66 | # End time (in seconds) 67 | end_time=$(date +%s) 68 | 69 | # Calculate the runtime in seconds 70 | runtime=$((end_time - start_time)) 71 | 72 | # Convert runtime to human-readable format (HH:MM:SS) 73 | hours=$((runtime / 3600)) 74 | minutes=$(((runtime % 3600) / 60)) 75 | seconds=$((runtime % 60)) 76 | 77 | # Output the runtime 78 | echo "Processing complete!" 79 | printf "Total runtime: %02d:%02d:%02d\n" $hours $minutes $seconds 80 | 81 | -------------------------------------------------------------------------------- /hybridmask.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | workpath="/opt/evilmog/tmp" 3 | packpath="/opt/utils/pack" 4 | pps="160000000" 5 | rt="360" 6 | 7 | python $packpath/maskgen.py --pps=$pps --minlength=3 --maxlength=8 -t $rt -o $workpath/hybrid.hcmask $workpath/cand.lst 8 | python $packpath/maskgen.py --pps=$pps --minlength=3 --maxlength=8 -t $rt -o $workpath/hybrid.exp.hcmask $workpath/cand.exp.mask 9 | python $packpath/maskgen.py --pps=$pps --minlength=3 --maxlength=8 -t $rt -o $workpath/hybrid.cutb.hcmask $workpath/cand.cutb.mask 10 | python $packpath/maskgen.py --pps=$pps --minlength=3 --maxlength=8 -t $rt -o $workpath/hybrid.cutb.exp.hcmask $workpath/cand.cutb.exp.mask 11 | 12 | cat $workpath/hybrid*.hcmask | sort -u > $workpath/hybrid.sorted.hcmask 13 | -------------------------------------------------------------------------------- /mask.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | workpath="/opt/evilmog/tmp" 3 | packpath="/opt/utils/pack" 4 | pps="160000000000" 5 | rt="360" 6 | 7 | python $packpath/maskgen.py --pps=$pps --minlength=8 --minoccurrence=10 -t $rt -o $workpath/cand.lst.hcmask $workpath/cand.lst.mask 8 | python $packpath/maskgen.py --pps=$pps --minlength=8 --minoccurrence=10 -t $rt -o $workpath/cand.exp.hcmask $workpath/cand.exp.mask 9 | python $packpath/maskgen.py --pps=$pps --minlength=8 --minoccurrence=10 -t $rt -o $workpath/cand.cutb.hcmask $workpath/cand.cutb.mask 10 | python $packpath/maskgen.py --pps=$pps --minlength=8 --minoccurrence=10 -t $rt -o $workpath/cand.cutb.exp.hcmask $workpath/cand.cutb.exp.mask 11 | -------------------------------------------------------------------------------- /policy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | workpath="/opt/evilmog/tmp" 3 | packpath="/opt/utils/pack" 4 | pps="160000000000" 5 | rt="360" 6 | 7 | python $packpath/statsgen.py --maxlength=24 -o $workpath/cand.lst.mask --hiderare $workpath/cand.lst 8 | python $packpath/statsgen.py --maxlength=24 -o $workpath/cand.exp.mask --hiderare $workpath/cand.exp 9 | python $packpath/statsgen.py --maxlength=24 -o $workpath/cand.cutb.mask --hiderare $workpath/cand.cutb 10 | python $packpath/statsgen.py --maxlength=24 -o $workpath/cand.cutb.exp.mask --hiderare $workpath/cand.cutb.exp 11 | 12 | python $packpath/maskgen.py --pps=$pps --minlength=8 --minoccurrence=10 -t $rt -o $workpath/cand.lst.hcmask $workpath/cand.lst.mask 13 | python $packpath/maskgen.py --pps=$pps --minlength=8 --minoccurrence=10 -t $rt -o $workpath/cand.exp.hcmask $workpath/cand.exp.mask 14 | python $packpath/maskgen.py --pps=$pps --minlength=8 --minoccurrence=10 -t $rt -o $workpath/cand.cutb.hcmask $workpath/cand.cutb.mask 15 | python $packpath/maskgen.py --pps=$pps --minlength=8 --minoccurrence=10 -t $rt -o $workpath/cand.cutb.exp.hcmask $workpath/cand.cutb.exp.mask 16 | -------------------------------------------------------------------------------- /pp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | pppath="/opt/utils/princeprocessor/src" 3 | hupath="/opt/utils/hashcat-utils/src" 4 | hcpath="/opt/cracken2/hashcat" 5 | workpath="/opt/evilmog/tmp" 6 | 7 | echo "[+] Prince Processor" 8 | shuf $workpath/cand.cutb | $pppath/pp64.bin 9 | -------------------------------------------------------------------------------- /ppp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | pppath="/opt/utils/princeprocessor/src" 3 | hupath="/opt/utils/hashcat-utils/src" 4 | hcpath="/opt/cracken2/hashcat" 5 | workpath="/opt/evilmog/tmp" 6 | 7 | echo "[+] Prince Processor" 8 | shuf $workpath/cand.cutb | $pppath/pp64.bin | $pppath/pp64.bin 9 | -------------------------------------------------------------------------------- /raking.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | for start in {1..100}; do 3 | 4 | /opt/hashcat/hashcat –w 3 –m 1000 –a 0 /opt/hashes/hashlist /opt/wordlists/*.dict –g 100000 –debug-mode=4 –debug-file=/opt/debug/node1.$start.debug 5 | 6 | done 7 | 8 | 9 | cat /opt/debug/node1.*.debug | cut -d: -f2 | sort -u > /opt/rules/debug.rule 10 | cat /opt/debug/node1.*.debug | cut -d: -f1 | sort -u > /opt/wordlists/debug.dict 11 | cat /opt/debug/node1.*.debug | cut -d: -f3 | sort -u >> /opt/wordlists/debug.dict 12 | 13 | /opt/hashcat/hashcat -w3 -m 1000 -a 0 /opt/hashes/hashlist /opt/wordlists/debug.dict -r /opt/rules/debug.rule 14 | -------------------------------------------------------------------------------- /rules.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | hupath="/opt/utils/hashcat-utils/src" 3 | workpath="/opt/evilmog/tmp" 4 | 5 | for i in {1..1000}; do 6 | echo $i 7 | $hupath/generate-rules.bin 1000 $(((RANDOM<<15)|RANDOM)) > $workpath/random.$i.rule 8 | done 9 | 10 | cat $workpath/random.*.rule | sort -u | rules_optimize.bin | sort -u > $workpath/random.rule 11 | 12 | 13 | --------------------------------------------------------------------------------