Formal Report - Coffee Crack Home

[Coffee Crack]
SAIT Polytechnic
Formal Report
[The Almond Box]
Jordan Walsh, Alex Chung,
Jonathan Tham
The Almond
TABLE OF CONTENTS
TABLE OF CONTENTS ............................................................................................................................................................. 2
EXECUTIVE SUMMARY .......................................................................................................................................................... 3
PROJECT VISION ..................................................................................................................................................................... 4
PROJECT PURPOSE ................................................................................................................................................................. 5
PROBLEM / OPPORTUNITY................................................................................................................................................................. 5
PROJECT DESCRIPTION ...................................................................................................................................................................... 5
KEY STAKEHOLDERS .......................................................................................................................................................................... 5
PROJECT SCOPE...................................................................................................................................................................... 6
SCOPE ............................................................................................................................................................................................ 6
OUT OF SCOPE................................................................................................................................................................................. 6
PROJECT OBJECTIVES ............................................................................................................................................................. 7
PROJECT TEAM....................................................................................................................................................................... 8
PROJECT STAKEHOLDERS....................................................................................................................................................... 9
RISK ASSESSMENT................................................................................................................................................................ 10
PROJECT SCHEDULE ............................................................................................................................................................. 11
PROJECT FACILITIES AND RESOURCES ................................................................................................................................. 12
PROJECT BUDGET................................................................................................................................................................. 13
EQUIPMENT AND FACILITIES ............................................................................................................................................................. 13
OPERATING COSTS ......................................................................................................................................................................... 13
ACTUAL COST ................................................................................................................................................................................ 13
INTELLECTUAL PROPERTY .................................................................................................................................................... 14
INITIAL PROPOSITION ...................................................................................................................................................................... 14
FINAL DECISION: ............................................................................................................................................................................ 14
CHALLENGES ........................................................................................................................................................................ 15
ACHIEVEMENTS ................................................................................................................................................................... 16
RECOMENDATIONS ............................................................................................................................................................. 17
LESSONS LEARNED ............................................................................................................................................................... 18
CONCLUSION ....................................................................................................................................................................... 19
ACKNOWLEDGEMENT ......................................................................................................................................................... 20
REFERENCES ......................................................................................................................................................................... 21
APPENDIX............................................................................................................................................................................. 22
GLOSSARY: .................................................................................................................................................................................... 22
PROJECT WEBSITE: ......................................................................................................................................................................... 22
CODE: .......................................................................................................................................................................................... 38
The Almond
Section
1
EXECUTIVE SUMMARY
The purpose of this project is to develop a service which assesses the strength of passwords that are used by
consumers. Team CoffeeCrack will be providing this service through a device using hardware that will be
compatible with a chosen software.
One of the major issues that companies and regular consumers run into is the use of passwords and how
secure they are. The CoffeeCrack team, represented by Jordan Walsh, Alex Chung and Jonathan Tham, will
provide a service that will critique how secure these passwords are using Open Source software and hardware
that is selected for compatible with the software. Our target for this project is to be able to make the device,
named The Almond Box, as small as possible yet giving efficient performance. We strive to have The Almond
Box completed by the end of April of 2015.
The Almond
Section
2
PROJECT VISION
Security has been an issue that businesses of all kinds had to face for years. One security issue is employees
using simple passwords that give access to their workstation or other company related tools which are used on
a daily basis. No matter how well companies try to implement rules and conditions, employees still use
passwords that are convenient to them, which are passwords that they will most likely remember. These
passwords pose a tremendous amount of security concerns. Should any information get out about the
company, devastating events are expected to follow.
In this project, we will have a device that assesses passwords and a guide on how to use the device showing
how easy and simple it is to operate the product. We expect the device to be small and light, but also quiet yet
efficient.
Additionally, we want to compare whether or not energy efficiency is worth the effort when assessing the
strengths of passwords for companies.
The Almond
Section
3
PROJECT PURPOSE
Too many people have too weak passwords. This can be a liability to many companies, and typical password
control policies provide only limited protection. The purpose of the Almond Box is to assess the strength of a set
of passwords and return a report of its findings. The Almond Box will be a powerful mini PC that will be easy to
transport and use a minimal amount of power.
PROBLEM / OPPORTUNITY
Businesses today have a high concern over how well their security is. This project will surface the strength of
passwords used by employees within the business. One of the main priorities of this project is to make the
device small and as efficient and quiet as possible. This will also give an opportunity to produce a device that
will use less energy than an average computer.
PROJECT DESCRIPTION
The project will consist of a list of commonly used passwords and/or passwords that actual people might use.
How we assess the strength of the passwords used will be based on how quickly the device is able to crack the
password being used. The company can then take action on the employee depending on the report on
password strengths. The reduced consumption of energy will also help save the company a little bit of money
on the use of energy while using this device.
KEY STAKEHOLDERS
The four key stakeholders for this project are as follows:
Stakeholders
Project Manager
Client
Performing Organization
Sponsor
Comment
Jonathan Tham, Jordan Walsh, Alex Chung
Michael McDonnell
Jonathan Tham, Jordan Walsh, Alex Chung
Michael McDonnell
The Almond
Section
4
PROJECT SCOPE
The project will include the integration of open source password cracking software onto a small, efficient and
powerful PC. The password hashes will be accepted by either local media or over the network. The PC will then
provide a report on the processed passwords indicating how strong they are.
SCOPE
Within this project we will be aiming to deliver a small portable device that assesses passwords by using a preexisting database with open source or free software to evaluate how protective a single person's password is
while providing a quiet yet energy efficient performance. Our end goal is to be able to make the device work with
or without having it to connect to a network.
OUT OF SCOPE
- Updating hardware
- integrating different software
- Producing multiple copies of the device
- Automated Process
- Distributed assessment of two or more software
The Almond
Section
5
PROJECT OBJECTIVES
Our main goals of this project will act as a guideline for us to successfully keep on track to our final product. This
ensures that we will be able to maintain a steady pace and have a product that is complete.
The objectives that we must meet are:





Finding a coding language that is easy to understand and utilize by April 2015
Finding the proper hardware that is compatible with the coding language by April 2015
Keeping cost as low as possible by April 2015
Making sure that the device is running efficiently and quietly by April 2015
Creating a method that is understandable for the standard consumer use by April 2015
The Almond
Section
6
PROJECT TEAM
The team for Project Almond is made up of three members coming from the SAIT Polytechnic ITCS program.
Their respective roles for the project are as follows:
Member
Alex Chung
Jonathan Tham
Jordan Walsh
Role
Hardware Assembler and Software Tester
Website designer and Prep/setup
Researcher for Hardware/Software
The Almond
Section
7
PROJECT STAKEHOLDERS
We were able to obtain this project by way of request from a client. As a group that is working for a client, we
strive to fulfill the required features for the device and hope to also implement other features which the client has
requested at the side. The project will be sponsored by our client who will also be guiding us along the way.
Stakeholder
Jonathan, Alex, Jordan
Colin Chamberlain
Michael McDonnell
Role or Influence
Employees/Project managers
Assistant
Client
The Almond
Section
8
RISK ASSESSMENT
Every project is bound to run into some sort of problem and potential risks are involved. The following is a list of
risks that could potentially occur during the execution of our project.
Project Risk Assessment
Risk 1 – Software/Hardware
compatibility
Mitigation Strategy
…
Risk 2 – Conflicting group ideas
Mitigation Strategy
…
Risk 3 – Inadequate communication
between members
Mitigation Strategy
Probability
Impact
Severity
e.g. High, Medium, Low
e.g. High, Medium, Low
e.g. High, Medium, Low
medium
high
medium
Research and ensure that the software and hardware will be
compatible.
low
medium
low
Communication among members, giving reminders of what the task
is at hand
high
high
high
Keep communication among members constant with updates and
discuss progression of the project
Risk 4 – Conflict in budget
Mitigation Strategy
low
high
high
Making sure that the hardware isn't overly expensive and that it fits
within the budget that is given. Hope for no compatibility issues
between software and hardware.
Risk 5 – Scope creep
Mitigation Strategy
low
medium
high
Prioritize what we set out to do with the project.
The Almond
Section
9
PROJECT SCHEDULE
We have compiled a Gantt chart outlining the course of how our project will be broken up into. The research and
development of the project will begin starting in January, which will run through to April. Our major tasks that we
must fulfill is to research software which will be used for the project, finding hardware that will be able to support
the software, and making the device energy efficient, quiet, and small. We must understand how the software
works and be able to use it. Finding the hardware comes after the software we are using is confirmed.
Please refer to the attached Gantt chart.
The Almond
Section
10
PROJECT FACILITIES AND RESOURCES
To develop The Almond Box, we will require a facility that offers an electrical outlet, space to work, and
preferably an internet connection. We will also need hardware resources: a mini PC, keyboard, mouse and
monitor. (see budget for details)
Additionally, our sponsor Michael had lent us a piece of hardware to benchmark the same tests running the
same version and OS and compare it to the laptop provided.
This is to prove whether or not Energy efficiency is effective when assessing password strengths.
The Almond
Section
11
PROJECT BUDGET
We are considering a few options for the PC hardware. Before making a solid decision we need to research
software, compatibilities and optimizations before we invest in something. The will be no software costs, as it is
part of the project’s scope to exclusively use open source or free software. Peripherals for the Almond Box will
be provided by SAIT or the project’s members.
EQUIPMENT AND FACILITIES
The primary expense will be the PC hardware. Several of the PC assets will be provided by SAIT.
Item
PC Hardware
Cost
<$600
OPERATING COSTS
The operational costs of The Almond Box should be minimal. The following is the operational costs of a few
options we are considering for hardware.
Item
Raspberry pi B+
Intel NUC (Haswell)
Gigabyte Brix
Zotec Zbox Plus
Custom built PC
Wattage
<2
<30
<37
<50
<200
Rate
$0.0779/kWH
$0.0779/kWH
$0.0779/kWH
$0.0779/kWH
$0.0779/kWH
Cost
$0.0001558/hr
$0.002337/hr
$0.0028823/hr
$0.003895/hr
$0.01158/hr
ACTUAL COST
The actual cost of the hardware:
Item
Laptop
Cost of energy:
Wattage
Rate
~30-33W
$0.0779/kWH
Cost
$549.99
$0.002337
The Almond
Section
12
INTELLECTUAL PROPERTY
INITIAL PROPOSITION
The Intellectual Property can go to either party between the sponsor and us, the team that is providing the
service. The Intellectual Property for this project is based around services overall rather than the final product.
Therefore, the Intellectual Property will be assigned to the performing organization. If the sponsor wishes to
have a part in the IP, a meeting and documentation will then be required for legal issues. Due to the use of
Open-Source software, the product is not saleable on its own. There is nothing patentable.
FINAL DECISION:
After talking it over with our sponsor, the final decision came out to a mutual agreement of leaving the
Intellectual Property talk out of the project. We as a team were fine with the Intellectual property going either
way, but after discussion, we came to the conclusion of have the services being open for the public to use and
look at, making it open source. As fresh graduates, we feel that it will not be a good idea to have a service in our
names, but we do find that it can be useful to have it as open source for future development and such. We
would be recognized for our work which could give us a groundwork for our reputation in the industry, which we
find more important.
The Almond
Section
13
CHALLENGES
Over the past several months that we have worked on The Almond, we ran into several challenges which have
hindered us very slightly. Some of these challenges include:
 Understanding the Software of choice and its functions
 Understanding how masks work in oclHashCat
 General website issues
 Multiple hardware issues
 GPU Crashes
 A login issue near the end of the project
 Getting the script to function properly
The Almond
Section
14
ACHIEVEMENTS
Despite the challenges we have faced, we have accomplished a lot in these four months working on The
Almond. Some of these accomplishments are as follows:
 Getting a functional laptop with the software implemented to work.
 Running our first test on real world NTLM hashes and getting some decent results. (Approx. 32% of
passwords cracked)
 Understanding the different methods that we can use to assess passwords, such as brute forces and
masks.
 Getting better results because of the understanding of the different methods and how to use them.
 Getting the script to function and generate reports in HTML.
 Getting another PC to test the difference between the laptop and the borrowed PC.
 Getting the opportunity to do this project since the 3rd semester.
The Almond
Section
15
RECOMENDATIONS
Some recommendations that we will suggest is for anyone who wants to pursue something similar to this project
or want to improve on this project are as follows:
 This project has rather large learning curve, if anyone is to attempt this, they should have a huge desire
to learn new things.
 Pick the right hardware for the software you choose. The hardware/software decision is like a landmine
field. Finding hardware that works with the software is difficult and may take a lot of time. Do a lot of
research ahead of time and ensure they function with each other.
 Get a sponsor! Having a sponsor is probably the best thing you’ll ever get to experience.
 Communicate with your sponsor. Always keep some form of communication between your group and
your sponsor. Communication is important!
The Almond
Section
16
LESSONS LEARNED
We’ve all learned various lessons within these 4 months. These are some of the lessons we all learned to
prevent the same mistakes from happening in the future:






Do not run certain word list generators for too long, it may clog the memory and prevent anything from
actually running.
Pay careful attention to Colin when learning about Gantt charts, Otherwise you will struggle when
making the project Gantt chart and updating it.
Don’t forget important dates with your sponsor.
If you’re doing Perl scripts for your project, review your old Perl notes from Semester 2.
When running oclHashCat, make sure what switches do what and how they function. If not, you may
end up crashing your laptop constantly.
The usage of team viewer does not work with oclHashCat. It will crash if you’re connected via team
viewer and run a test.
The Almond
Section
17
CONCLUSION
Our goal was to come up with a device which was energy efficient and also make it capable of cracking hashes.
We can safely conclude that the set up that we have been working on is much more energy efficient compared
to a set up with a powerful graphics card. We were able to use a computer that our client put together and use it
as a comparison to how our set up works. The dedicated graphics card that is mainly used in the computer
needs a lot more energy to run while running the software that we use for our project. Because the graphics
card in the computer is dedicated, it also runs a lot more quickly when it’s running the software.
The Almond
Section
18
ACKNOWLEDGEMENT
OCLHashcat – For providing the software we needed to run through this project with minimal issues.
Michael McDonnell – Big thanks to Michael, our sponsor and guide throughout our journey. Without his initial
request, we would have been stuck searching for a project to do. Michael’s assistance was truly great. He has
helped us out with getting a method put together, providing useful information, and giving suggestions about
what we can do.
Christopher McNeil – Big thanks to Christopher for being there for us. He has given us many suggestions as a
past graduate on what we should do during our time at SAIT.
Colin Chamberlain – For being a big help with keeping us on track with the project and providing us the
resources and facility we needed to do this project.
W3Schools – a site that helped with creating our website. Truly an amazing source to help with crafting a
simple and easy website of our own.
Fancybox – a simple and easy gallery display for websites. Fancybox is open for anyone to use as long as it is
for non-profit purposes.
PerlMonks.org – A good website with lots of Perl guidance.
The Almond
Section
19
REFERENCES
http://hashcat.net/oclhashcat/
http://hashcat.net/wiki/doku.php?id=hashcat_utils
http://hashcat.net/wiki/doku.php?id=oclhashcat
http://www.ncix.com/detail/lenovo-thinkpad-edge-e545-a6-5350m-5c-93689-1205.htm
http://en.wikipedia.org/wiki/Password_cracking
http://technet.microsoft.com/en-us/library/cc784090(v=ws.10).aspx
http://insights.scorpionsoft.com/bid/329695/The-Most-Recent-Password-Security-Compliance-Guidelines
https://xato.net/passwords/more-top-worst-passwords/#.VLF9VivF98E
http://www.darknet.org.uk/2008/02/password-cracking-wordlists-and-tools-for-brute-forcing/
http://www.adeptus-mechanicus.com/codex/crkpass/crkpass.php
http://tiptopsecurity.com/password-cracking-101-how-hackers-get-your-passwords/
http://security.stackexchange.com/questions/9567/modern-high-quality-password-dictionary
http://www.defenceindepth.net/2010/05/password-wordlists-and-dictionaries.html
https://crackstation.net/
https://www.hashkiller.co.uk/
https://forum.hashkiller.co.uk/
https://blog.skullsecurity.org/
https://wiki.skullsecurity.org/index.php?title=Main_Page
https://downloads.skullsecurity.org/passwords/
http://packetstormsecurity.com/Crackers/wordlists/
https://github.com/danielmiessler/SecLists/tree/master/Passwords
http://hashes.org/public.php
http://www.onlinehashcrack.com/list-cracked-hash.php?h=ntlm
http://golubev.com/gpuest.htm
http://www.w3schools.com/html/html_images.asp
http://www.w3schools.com/tags/ref_colorpicker.asp
http://www.w3schools.com/cssref/pr_text_text-align.asp
http://fancybox.net/
http://floatboxjs.com/options
http://stackoverflow.com/questions/9100344/pure-css-multi-level-drop-down-menu
http://www.perlmonks.org/
The Non-Designer’s Design Book
The Almond
Section
20
APPENDIX
GLOSSARY:
OS – Operating System
CRAP – Coffeecrack Reporting and Processing
GPU – Graphics Processing Unit
NTLM – NT Lan Manager - Authentication method used in modern windows OSs
WPA – Wi-Fi Protected Access
HTML – Hyper Text Markup Language
PROJECT WEBSITE:
Index.htm
<!DOCTYPE html>
<html>
<head>
<title>Coffee Crack Home</title>
<meta charset="utf-8" />
<link rel="stylesheet" media="screen" href="style.css">
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<body>
<div id="wrapper">
<div id="topblock">
<a href="index.htm"><img style="border:0;" src="images/banner1.jpg"
alt="Coffee Crack Logo"></a>
</div>
<div id='nav'>
<ul class="top-level-menu">
<li><a href='index.htm'>Home</a></li>
<li>
<a href="#">Documents</a>
<ul class="second-level-menu">
<li><a href='doc/charter.pdf'><span>Project Charter</span></a></li>
<li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li>
<li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li>
<li>
<a href="#">Weekly Journals</a>
<ul class="third-level-menu">
<li><a href='journalalex.html'>Alex's Journal</a></li>
<li><a href='journaljonathan.html'>Jonathan's
Journal</a></li>
<li><a href='journaljordan.html'>Jordan's Journal</a></li>
</ul>
</li>
<li><a href='doc/manual.pdf'><span>Manual</span></a></li>
The Almond
<li><a href='doc/presentation.pdf'><span>Project
Presentation</span></a></li>
<li><a href='doc/report.pdf'><span>Formal Report</span></a></li>
</ul>
</li>
<li><a href='members.html'>Members</a></li>
<li><a href='gallery.html'>Gallery</a></li>
<li><a href='assessment.html'>Analysis</a></li>
</ul>
</div>
<div id="centerblock">
<h1>About:</h1>
<p>The purpose of this project is to develop a service
which assesses the strength of passwords that are used by consumers. Team
CoffeeCrack will be providing this service through a device using hardware that
will be compatible with a chosen software.</p>
<p>One of the major issues that companies and regular consumers run into is the
use of passwords and how secure they are. The CoffeeCrack team, represented by
Jordan Walsh, Alex Chung and Jonathan Tham, will provide a service that will
critique how secure these passwords are using Open Source software and hardware
that is selected for compatible with the software. Our target for this project is
to be able to make the device, named The Almond Box, as small as possible yet
giving efficient performance. We strive to have The Almond Box completed by the
end of April of 2015.
</p>
</div>
<div id="footer">
<p>ITCS Capstone &copy;2015 All rights reserved. Alex Chung,
Jonathan Tham, Jordan Walsh.</p>
</div>
</div>
</body>
</html>
Members.html
<!DOCTYPE html>
<html>
<head>
<title>Coffee Crack Group Members</title>
<meta charset="utf-8" />
<link rel="stylesheet" media="screen" href="style.css">
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<body>
<div id="wrapper">
<div id="topblock">
<a href="index.htm"><img style="border:0;" src="images/banner1.jpg"
alt="Coffee Crack Logo"></a>
</div>
<div id='nav'>
<ul class="top-level-menu">
<li><a href='index.htm'>Home</a></li>
The Almond
<li>
<a href="#">Documents</a>
<ul class="second-level-menu">
<li><a href='doc/charter.pdf'><span>Project Charter</span></a></li>
<li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li>
<li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li>
<li>
<a href="#">Weekly Journals</a>
<ul class="third-level-menu">
<li><a href='journalalex.html'>Alex's Journal</a></li>
<li><a href='journaljonathan.html'>Jonathan's
Journal</a></li>
<li><a href='journaljordan.html'>Jordan's Journal</a></li>
</ul>
</li>
<li><a href='doc/manual.pdf'><span>Manual</span></a></li>
<li><a href='doc/presentation.pdf'><span>Project
Presentation</span></a></li>
<li><a href='doc/report.pdf'><span>Formal Report</span></a></li>
</ul>
</li>
<li><a href='members.html'>Members</a></li>
<li><a href='gallery.html'>Gallery</a></li>
<li><a href='assessment.html'>Analysis</a></li>
</ul>
</div>
<div id="centerblock">
<h1>Members:</h1>
<img src="images/team.jpg" alt="Team" style="height:530px">
<h3><p>Alex Chung:</p></h3>
<div id="pic"><img src="images/alex.jpg" alt="Alex"
style="height:200px"></div>
<div id="bio"><p>My background with technology started
with a simple PC running windows 98. I mainly used it to play video games at
first but after I grew up, I slowly started gaining an interest in technology.
When I started taking several computer courses, this helped me further my
interest with hardware at first but it also brought up a software side as well.
At first I wanted to go into Computer Engineering, but after some thought, IT was
my choice for my career path.</p></div>
<div><p>I chose the IT program at SAIT as it lets me further my passion into
technology, and software. Over my years at SAIT, I’ve developed more skills and
experiences than I would have in high school. I’ve even started to come up with
possible ideas from random technology I see in stores. These experiences and
skills I’ve gained have made me think of technology differently than before when
I was young. The computer systems path in the IT program was more flexible for my
way of thinking and I hope the software development will be the same regarding
software and coding.</p>
<p>In the capstone group, I was responsible for testing and troubleshooting the
software that we were using. Using various open-source hash files and supplied
hash files as test material in order to generate a rough report.
</p>
</div>
<h3><p>Jonathan Tham:</p></h3>
<div id="pic"><img src="images/jon.jpg" alt="Jon"
style="height:200px"></div>
The Almond
<div id="bio"><p>Over the years, up until i was about the
age of 16 and 17, I started playing around with some software and command prompt.
I never really learned how to use command promt properly, but I read about
commands and how they work. Very easy stuff now, but back then, it was a complete
mystery. It was time for graduation from High School and now I had to choose what
i wanted to study. My top picks were IT or Psychology.</p></div>
<div><p>My main pick was IT, but I had a great interest
in Psychology. Since I was so curious about Psychology, I made the choice of
going into Psychology at Mount Royal University. While attending Mount Royal, I
took the chance of taking other areas of interest. Since I was already in
Psychology, I took some courses in Sociology since they closely relate to one
another. I weighed out my options and found that with Psychology, I would have to
take a longer journey if I wanted to make a career out of it.</p>
<p>I made the choice of going to IT after two and a half
years in Psychology. I didn't mind the change since Psychology can be used
anywhere. IT had more to offer in terms of skills and training, so i jumped into
SAIT as soon as I possibly could. Presently about to graduate from ITCS, I find
that there are many things I am now able to do, and how these skills can carry
onto many industries in society. My journey is only starting, and SAIT has
offered me a great opportunity to jump start my career. The vast amount of
techonology that I am able to work with gets me excited. There are so many things
that I can occupy my time with and so many opportunities of learning new skills.
IT is truly one of the best decisions I've ever made in my life.</p></div>
<h3><p>Jordan Walsh:</p></h3>
<div id="pic"><img src="images/jordan.jpg" alt="Jordan"
style="height:200px"></div>
<div id="bio"><p>Jordan was born and raised right here in
Calgary, and is currently attending SAIT Polytechnic, and majoring in Computer
Systems. After graduating high school, Jordan worked at Wal-Mart for a while
before coming to SAIT. He always had a passion for technology, whether it was
building a new computer or playing with Linux distributions. He hopes that after
SAIT, he will be able to get a job in the IT field, with advancement
opportunities. He hopes that one day he will be a system administrator.</p></div>
</div>
<div id="footer">
<p>ITCS Capstone &copy;2015 All rights reserved. Alex Chung,
Jonathan Tham, Jordan Walsh.</p>
</div>
</div>
</body>
</html>
Gallery.html
<!DOCTYPE html>
<html>
<head>
<title>Coffee Crack Gallery</title>
<meta charset="utf-8" />
<link rel="stylesheet" media="screen" href="style.css">
<link rel="shortcut icon" href="favicon.ico"/>
<script type="text/javascript" src="http://code.jquery.com/jquerylatest.min.js"></script>
The Almond
<script type="text/javascript" src="fancybox/lib/jquery.mousewheel3.0.6.pack.js"></script>
<link rel="stylesheet" href="fancybox/source/jquery.fancybox.css?v=2.1.5"
type="text/css" media="screen" />
<script type="text/javascript"
src="fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
<link rel="stylesheet" href="fancybox/source/helpers/jquery.fancyboxbuttons.css?v=1.0.5" type="text/css" media="screen" />
<script type="text/javascript"
src="fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5"></script>
<script type="text/javascript"
src="fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.6"></script>
<script type="text/javascript" src="thumb.js"></script>
<link rel="stylesheet" href="fancybox/source/helpers/jquery.fancyboxthumbs.css?v=1.0.7" type="text/css" media="screen" />
<script type="text/javascript"
src="fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7"></script>
</head>
<body>
<div id="wrapper">
<div id="topblock">
<a href="index.htm"><img style="border:0;" src="images/banner1.jpg"
alt="Coffee Crack Logo"></a>
</div>
<div id='nav'>
<ul class="top-level-menu">
<li><a href='index.htm'>Home</a></li>
<li>
<a href="#">Documents</a>
<ul class="second-level-menu">
<li><a href='doc/charter.pdf'><span>Project Charter</span></a></li>
<li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li>
<li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li>
<li>
<a href="#">Weekly Journals</a>
<ul class="third-level-menu">
<li><a href='journalalex.html'>Alex's Journal</a></li>
<li><a href='journaljonathan.html'>Jonathan's
Journal</a></li>
<li><a href='journaljordan.html'>Jordan's Journal</a></li>
</ul>
</li>
<li><a href='doc/manual.pdf'><span>Manual</span></a></li>
<li><a href='doc/presentation.pdf'><span>Project
Presentation</span></a></li>
<li><a href='doc/report.pdf'><span>Formal Report</span></a></li>
</ul>
</li>
<li><a href='members.html'>Members</a></li>
<li><a href='gallery.html'>Gallery</a></li>
<li><a href='assessment.html'>Analysis</a></li>
</ul>
</div>
</br>
</br>
<div class="fancy">
The Almond
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/work.jpg"
title="Typical Day">
<img src="images/work.jpg" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/poweron.jpg"
title="Rough day">
<img src="images/poweron.jpg" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/watt.jpg"
title="Initial energy usage while in rest.">
<img src="images/watt.jpg" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/set.jpg"
title="Setup">
<img src="images/set.jpg" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/test1.png"
title="Password cracking test">
<img src="images/test1.png" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/kernel.jpg"
title="Kernel problems">
<img src="images/kernel.jpg" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/Progressmeeting.jpg"
title="Progress Meetings">
<img src="images/Progressmeeting.jpg" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/watt2.jpg"
title="Energy consumption during test.">
<img src="images/watt2.jpg" alt="" />
</a>
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/alexworking.jpg"
title="Alex working on our client's computer">
<img src="images/alexworking.jpg" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/comparisonjpg"
title="Using our client's computer for a comparison on efficiency.">
<img src="images/comparison.jpg" alt="" />
</a>
<a class="fancybox-thumb" rel="fancybox-thumb" href="images/stats.jpg"
title="Energy consumption during test on our client's computer.">
<img src="images/stats.jpg" alt="" />
</a>
</div>
<div id="footer">
<p>ITCS Capstone &copy;2015 All rights reserved. Alex Chung,
Jonathan Tham, Jordan Walsh.</p>
</div>
</div>
</body>
</html>
The Almond
Journalalex.html
<!DOCTYPE html>
<html>
<head>
<title>Coffee Crack: Alex's Journal</title>
<meta charset="utf-8" />
<link rel="stylesheet" media="screen" href="style.css">
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<body>
<div id="wrapper">
<div id="topblock">
<a href="index.htm"><img style="border:0;" src="images/banner1.jpg"
alt="Coffee Crack Logo"></a>
</div>
<div id='nav'>
<ul class="top-level-menu">
<li><a href='index.htm'>Home</a></li>
<li>
<a href="#">Documents</a>
<ul class="second-level-menu">
<li><a href='doc/charter.pdf'><span>Project Charter</span></a></li>
<li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li>
<li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li>
<li>
<a href="#">Weekly Journals</a>
<ul class="third-level-menu">
<li><a href='journalalex.html'>Alex's Journal</a></li>
<li><a href='journaljonathan.html'>Jonathan's
Journal</a></li>
<li><a href='journaljordan.html'>Jordan's Journal</a></li>
</ul>
</li>
<li><a href='doc/manual.pdf'><span>Manual</span></a></li>
<li><a href='doc/presentation.pdf'><span>Project
Presentation</span></a></li>
<li><a href='doc/report.pdf'><span>Formal Report</span></a></li>
</ul>
</li>
<li><a href='members.html'>Members</a></li>
<li><a href='gallery.html'>Gallery</a></li>
<li><a href='assessment.html'>Analysis</a></li>
</ul>
</div>
<div id="centerblock">
<h1>Alex's Journals:</h1>
<ul class="journal">
<li><a href='\doc\Journals\Alex Journal\Week1.pdf'>Week
1</a></li>
<li><a href='\doc\Journals\Alex Journal\Week2.pdf'>Week
2</a></li>
<li><a href='\doc\Journals\Alex Journal\Week3.pdf'>Week
3</a></li>
The Almond
<li><a href='\doc\Journals\Alex Journal\Week4.pdf'>Week
4</a></li>
<li><a href='\doc\Journals\Alex Journal\Week5.pdf'>Week
5</a></li>
<li><a href='\doc\Journals\Alex Journal\Week6.pdf'>Week
6</a></li>
<li><a href='\doc\Journals\Alex Journal\Week7.pdf'>Week
7</a></li>
<li><a href='\doc\Journals\Alex Journal\Week8.pdf'>Week
8</a></li>
<li><a href='\doc\Journals\Alex Journal\Week9.pdf'>Week
9</a></li>
<li><a href='\doc\Journals\Alex Journal\Week10.pdf'>Week
10</a></li>
<li><a href='\doc\Journals\Alex Journal\Week11.pdf'>Week
11</a></li>
<li><a href='\doc\Journals\Alex Journal\Week12.pdf'>Week
12</a></li>
<li><a href='\doc\Journals\Alex Journal\Week13.pdf'>Week
13</a></li>
</ul>
</div>
<div id="footer">
<p>ITCS Capstone &copy;2015 All rights reserved. Alex Chung,
Jonathan Tham, Jordan Walsh.</p>
</div>
</div>
</body>
</html>
Journaljonathan.html
<!DOCTYPE html>
<html>
<head>
<title>Coffee Crack: Jonathan's Journal</title>
<meta charset="utf-8" />
<link rel="stylesheet" media="screen" href="style.css">
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<body>
<div id="wrapper">
<div id="topblock">
<a href="index.htm"><img style="border:0;" src="images/banner1.jpg"
alt="Coffee Crack Logo"></a>
</div>
<div id='nav'>
<ul class="top-level-menu">
<li><a href='index.htm'>Home</a></li>
<li>
<a href="#">Documents</a>
<ul class="second-level-menu">
<li><a href='doc/charter.pdf'><span>Project Charter</span></a></li>
<li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li>
The Almond
<li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li>
<li>
<a href="#">Weekly Journals</a>
<ul class="third-level-menu">
<li><a href='journalalex.html'>Alex's Journal</a></li>
<li><a href='journaljonathan.html'>Jonathan's
Journal</a></li>
<li><a href='journaljordan.html'>Jordan's Journal</a></li>
</ul>
</li>
<li><a href='doc/manual.pdf'><span>Manual</span></a></li>
<li><a href='doc/presentation.pdf'><span>Project
Presentation</span></a></li>
<li><a href='doc/report.pdf'><span>Formal Report</span></a></li>
</ul>
</li>
<li><a href='members.html'>Members</a></li>
<li><a href='gallery.html'>Gallery</a></li>
<li><a href='assessment.html'>Analysis</a></li>
</ul>
</div>
<div id="centerblock">
<h1>Jonathan's Journals:</h1>
<ul class="journal">
<li><a href='\doc\Journals\Jonathan Journal\Week1.pdf'>Week
1</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week2.pdf'>Week
2</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week3.pdf'>Week
3</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week4.pdf'>Week
4</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week5.pdf'>Week
5</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week6.pdf'>Week
6</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week7.pdf'>Week
7</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week8.pdf'>Week
8</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week9.pdf'>Week
9</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week10.pdf'>Week
10</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week11.pdf'>Week
11</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week12.pdf'>Week
12</a></li>
<li><a href='\doc\Journals\Jonathan Journal\Week13.pdf'>Week
13</a></li>
</ul>
</div>
<div id="footer">
<p>ITCS Capstone &copy;2015 All rights reserved. Alex Chung,
Jonathan Tham, Jordan Walsh.</p>
The Almond
</div>
</div>
</body>
</html>
Journaljordan.html
<!DOCTYPE html>
<html>
<head>
<title>Coffee Crack Jordan's Journal</title>
<meta charset="utf-8" />
<link rel="stylesheet" media="screen" href="style.css">
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<body>
<div id="wrapper">
<div id="topblock">
<a href="index.htm"><img style="border:0;" src="images/banner1.jpg"
alt="Coffee Crack Logo"></a>
</div>
<div id='nav'>
<ul class="top-level-menu">
<li><a href='index.htm'>Home</a></li>
<li>
<a href="#">Documents</a>
<ul class="second-level-menu">
<li><a href='doc/charter.pdf'><span>Project Charter</span></a></li>
<li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li>
<li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li>
<li>
<a href="#">Weekly Journals</a>
<ul class="third-level-menu">
<li><a href='journalalex.html'>Alex's Journal</a></li>
<li><a href='journaljonathan.html'>Jonathan's
Journal</a></li>
<li><a href='journaljordan.html'>Jordan's Journal</a></li>
</ul>
</li>
<li><a href='doc/manual.pdf'><span>Manual</span></a></li>
<li><a href='doc/presentation.pdf'><span>Project
Presentation</span></a></li>
<li><a href='doc/report.pdf'><span>Formal Report</span></a></li>
</ul>
</li>
<li><a href='members.html'>Members</a></li>
<li><a href='gallery.html'>Gallery</a></li>
<li><a href='assessment.html'>Analysis</a></li>
</ul>
</div>
<div id="centerblock">
<h1>Jordan's Journals:</h1>
<ul class="journal">
<li><a href='\doc\Journals\Jordan Journal\Week1.pdf'>Week
1</a></li>
The Almond
<li><a href='\doc\Journals\Jordan Journal\Week2.pdf'>Week
2</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week3.pdf'>Week
3</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week4.pdf'>Week
4</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week5.pdf'>Week
5</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week6.pdf'>Week
6</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week7.pdf'>Week
7</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week8.pdf'>Week
8</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week9.pdf'>Week
9</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week10.pdf'>Week
10</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week11.pdf'>Week
11</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week12.pdf'>Week
12</a></li>
<li><a href='\doc\Journals\Jordan Journal\Week13.pdf'>Week
13</a></li>
</ul>
</div>
<div id="footer">
<p>ITCS Capstone &copy;2015 All rights reserved. Alex Chung,
Jonathan Tham, Jordan Walsh.</p>
</div>
</div>
</body>
</html>
Assessment.html
<!DOCTYPE html>
<html>
<head>
<title>Coffee Crack Analytics</title>
<meta charset="utf-8" />
<link rel="stylesheet" media="screen" href="style.css">
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<body>
<div id="wrapper">
<div id="topblock">
<a href="index.htm"><img style="border:0;" src="images/banner1.jpg"
alt="Coffee Crack Logo"></a>
</div>
<div id='nav'>
<ul class="top-level-menu">
<li><a href='index.htm'>Home</a></li>
<li>
The Almond
<a href="#">Documents</a>
<ul class="second-level-menu">
<li><a href='doc/charter.pdf'><span>Project Charter</span></a></li>
<li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li>
<li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li>
<li>
<a href="#">Weekly Journals</a>
<ul class="third-level-menu">
<li><a href='journalalex.html'>Alex's Journal</a></li>
<li><a href='journaljonathan.html'>Jonathan's
Journal</a></li>
<li><a href='journaljordan.html'>Jordan's Journal</a></li>
</ul>
</li>
<li><a href='doc/manual.pdf'><span>Manual</span></a></li>
<li><a href='doc/presentation.pdf'><span>Project
Presentation</span></a></li>
<li><a href='doc/report.pdf'><span>Formal Report</span></a></li>
</ul>
</li>
<li><a href='members.html'>Members</a></li>
<li><a href='gallery.html'>Gallery</a></li>
<li><a href='assessment.html'>Analysis</a></li>
</ul>
</div>
<div id="centerblock">
<h1>Analysis:</h1>
<p>
<h2>Statement of Need</h2>
<p>At the end, I have provided the background for why this I important. But to
get to the point, here is what I need from your team:
We will provide you with our Active Directory password database. This does not
contain our passwords, but the “hashes” of them. I will also provide you with a
list of “privileged” account names. These are accounts for which the risk of a
weak password is higher (Sysadmins, service accounts etc.).
<p>Goal: We need to know if our passwords are weak BEFORE the hackers do.
<h3>Requirements:</h3>
<p>1) We need a system that will crack Active Directory (NTLM) hashes and report
on accounts with weak passwords.
<p>2) All data, and the system itself, must be securely handled at all times.
<p>3) The system must be relatively small, quiet, cool, low power.
<p>4) We need weekly reports from the system
<h3>Optional:</h3>
<p>Can we tell if people are re-using their old password with slight variation
over and over every time they “change” it?
<p>Can you securely automate the extraction of passwords from Active Directory?
<p>Detailed Requirements
<p>Please feel free to flesh these out, ask for more details, or tell us if they
cannot be accomplished.
<p>Secure Handling
<p>The Active Directory password data, and the passwords being cracked by the
systems are HIGHLY sensitive. It is bad to have weak passwords. It is worse to
collect them all in one place, crack them, and then lose that to attackers.
<p>This means that the system must:
<p>1) Be secured against theft and encrypted so that it is stolen no one can get
the data.
<p>2) If it is connected to the network, it must be hardened against attack.
The Almond
<p>3) The password for any accounts used to access this system need to be strong.
<h2>Conclusion:</h2>
<p>Our goal was to come up with a device which was energy efficient and also make
it capable of cracking hashes.
We can safely conclude that the set up that we have been working on is much more
energy efficient compared to a set up with a powerful graphics card. We were able
to use a computer that our client put together and use it as a comparison to how
our set up works. The dedicated graphics card that is mainly used in the computer
needs a lot more energy to run while running the software that we use for our
project. Because the graphics card in the computer is dedicated, it also runs a
lot more quickly when it’s running the software.
</p>
</div>
<div id="footer">
<p>ITCS Capstone &copy;2015 All rights reserved. Alex Chung,
Jonathan Tham, Jordan Walsh.</p>
</div>
</div>
</body>
</html>
Style.css
#wrapper
{
width:960px;
margin: 0 auto;
}
body
{
font: 100% "Lucida Sans Unicode", "Lucida Grande", sans-serif;
line-height: 2;
color: White;
background-repeat: repeat-x;
background-color: #A87553;
background-image: url("images/background2.png");
}
h1
{
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
margin: 20px;
}
#navblock
{
font-family: Bradley Hand ITC;
font-size: 150%;
height:20px;
width:960px;
float: left;
}
#centerblock
{
width:960px;
float: left;
}
The Almond
#footer
{
width:960px;
float: left;
}
#nav {
border: none;
border: 0px;
margin: 0px;
padding: 0px;
font: Bradley Hand ITC;
font-size: 25px;
font-weight: bold;
width: 960px;
float: left;
}
#pic
{
width: 200px;
float:left;
}
#bio
{
width: 760px;
float:left;
}
.fancy img
{
display: block;
float: left;
width: 200px;
height: auto;
}
.third-level-menu
{
position: absolute;
top: 0;
right: -150px;
width: 150px;
list-style: none;
padding: 0;
margin: 0;
display: none;
}
.third-level-menu > li
{
height: 30px;
background: #333333;
}
.third-level-menu > li:hover { background: grey; }
.second-level-menu
{
z-index: 999999;
position: absolute;
top: 30px;
The Almond
left: 0;
width: 192px;
list-style: none;
padding: 0;
margin: 0;
display: none;
}
.second-level-menu > li
{
text-align: left;
position: relative;
height: 30px;
background: #333333;
}
.second-level-menu > li:hover { background: grey; }
.top-level-menu
{
list-style: none;
padding: 0;
margin: 0;
}
.top-level-menu > li
{
position: relative;
float: left;
height: 30px;
width: 192px;
background: #333333;
text-align: center;
}
.top-level-menu > li:hover { background: #2580a2; }
.top-level-menu li:hover > ul
{
/* On hover, display the next level's menu */
display: inline;
}
/* Menu Link Styles */
.top-level-menu a /* Apply to all links inside the multi-level menu */
{
font: bold 14px Arial, Helvetica, sans-serif;
color: #FFFFFF;
text-decoration: none;
padding: 0 0 0 10px;
/* Make the link cover the entire list item-container */
display: block;
line-height: 30px;
}
.top-level-menu a:hover
The Almond
{
color: #000000;
}
The Almond
CODE:
#!/usr/bin/env perl
#
#
#
#
#
#
____
__
__
____
_
/ ___| ___
/ _| / _| ___
___ / ___| _ __ __ _
___ | | __
| |
/ _ \ | |_ | |_ / _ \ / _ \| |
| '__|/ _` | / __|| |/ /
| |___| (_) || _|| _|| __/| __/| |___ | | | (_| || (__ |
<
\____|\___/ |_| |_|
\___| \___| \____||_|
\__,_| \___||_|\_\
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
CRAP script - Coffeecrack Reporting And Processing script.
For AMD cards with oclHashcat 1.32
Updated 2015-04-08
Get the latest version at: https://github.com/Jordan2586/CoffeeCrack/
Copyright (C) 2015 Jordan Walsh <[email protected]>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
use
use
use
use
warnings;
strict;
Cwd;
Switch; #Package libswitch-perl required
my (@path, #Contains what directories should be scanned for .hash files
@files, #Contains files found when scanning directories
@done, #Contains contents of .done file
$hashcat, #Location of hashcat executable
$dict, #location of dictionary
$mask, #Location of masks
$out, #Location of output file
$pot, #Location of hashcat pot file
$html, #Location of completed reports
$date, #Current date/time for reports
$sel, #Selection of menu 1
$sel2, #Selection of menu 2
$mode, #Hash type
$attack, #Attack Mode
$switch, #Optional switches
$usernames, #0 = no users in outfile 1 = users in outfile.
$timer, #Keeps track how long a test has been going for. (in seconds)
$length, #Average password length
$found, #Number of found hashes
$total, #Number of total hashes
The Almond
$perc, #percent of the found hashes
$small, #amount of users who have small passwords
@smallusers, #users who have small passwords.
$symbols, #amount of users who dont have symbols
@symbolsusers, #users who have no symbols in their passwords.
$numbers, #amount of users who dont have numbers in their passwords.
@numbersusers, #users who dont have numbers in their passwords.
$figlet, #ASCII art
@lines, #Stores each line from outfile
@currentline, #Stores info from the current @lines, separated at
@hash, #Stores all hash values from outfile
@pass, #Stores all passwords from outfile
@user); #Stores all users from outfile
#Set default variables
@path = ('/ftp', cwd());
$hashcat = glob('~/oclHashcat-1.32/oclHashcat64.bin');
$pot = glob('~/oclHashcat.pot');
$out = glob('~/out.txt');
$mask = glob('~/coffeecrack.hcmask');
$dict = glob('~/dict');
$html = ('/var/www/html'); #/var/www/html in ubuntu, /var/www in debian
$mode = ('1000');
$attack = ('0');
$switch = ('');
$figlet = `figlet CoffeeCrack`; #package figlet required
&mymenu();
sub mymenu #Menu options for myswitch()
{
`touch $pot`;
`touch .done`;
`sed -i '\/\^\\s\*\$\/d' .done`; #Removes empty lines in done file.
'/^$/ d'
system("clear");
print ("$figlet");
print ("*** CoffeeCrack Reporting And Processing script ***\n\n");
&myformat("1) About","");
&myformat("2) Edit Options","");
&myformat("3) View completed files","");
&myformat("4) View reports (in browser)","");
&myformat("5) Autorun","");
&myformat("6) RUN!!!","");
print "\n";
&myswitch();
}
sub mymenu2 #Menu options for myswitch2()
{
system("clear");
print ("*** CoffeeCrack Reporting And Processing script ***\n\n");
&myformat("1) Back to main menu","");
print "\n";
&myformat("2) Edit Hashcat Location","$hashcat");
The Almond
&myformat("3) Edit pot file location","$pot");
&myformat("4) Edit dictionary location","$dict");
&myformat("5) Edit masks location","$mask");
&myformat("6) Edit output file location","$out");
&myformat("7) Edit reports location","$html");
print "\n";
&myformat("8) Edit paths to scan","@path");
&myformat("9) Edit hash type","$mode");
&myformat("10) Edit attack type","$attack");
&myformat("11) Edit additional switches","$switch");
print "\n";
&myformat("12) Clear pot file",`wc -l $pot|cut -d ' ' -f1`);
&myformat("13) Clear completed files",`wc -l .done|cut -d ' ' -f1`);
print "\n";
&myswitch2();
}
sub myswitch
{
print ("Make a selection: ");
chomp ($sel = <STDIN>);
switch ($sel)
{
case 1
{ system("clear"); #About
system ("echo 'The Crap menu provides an
easy to use interface to process hashes using
Hashcat, and create reports, saving them to the local web server.
Once GIT has been installed, you can download the latest version
of the crap script by typing:
git clone https://github.com/Jordan2586/CoffeeCrack
You can update the scripts by entering the CoffeeCrack directory
and typing:
git pull
By default, Crap scans 2 directories for .hash files: /ftp and the
directory which crap was run in. Once a file has been processed, its
name will be placed in a file called .done, so that it is not
processed a second time. This done file can be deleted manually, or
in the “Edit Options” menu. The “Edit Options” menu will also allow
you to specify the location of hashcat, the attack mode of hashcat,
the location of the reports, among other options. The information
provided on the right side of the menu are the current value(s) of
that option, or its current size if applicable. Note that changing
these values will not change the defaults that are set in the script
itself. The Crap menu is able to detect whether or not usernames are
included in the hash file, and is able to include that information
in the generated report.
Press q to quit.'|less");
}
case 2
{&mymenu2();} #Edit Options
The Almond
case 3
case 4
#View reports (in browser)
{ system("clear"); #View completed files
open(my $fh, "<", ".done") or die "$!";
print <$fh>;
close $fh or die "$!";
print "\nPress ENTER to continue";
<STDIN>;}
{ `/usr/bin/firefox https://127.0.0.1`;}
case 5
{ system("clear"); #Autorun
while (1==1)
{&myhash();
sleep(30);} }
case 6
{ system("clear"); #RUN!!!
&myhash();}
case "exit" {exit;}
case "quit" {exit;}
case "alex" {$figlet = `figlet Greasy Midget`;} #totally not
an easter egg.
else
{print "Invalid selection.\n";
&myswitch();}
}
&mymenu();
}
sub myswitch2
{
print ("Make a selection: ");
chomp ($sel2 = <STDIN>);
switch ($sel2)
{
case 1
{&mymenu();} #Back to main menu
case 2
{ system("clear"); #Edit Hashcat Location
print "Enter the full path for
oclHashcat32.bin or oclHashcat64.bin: \n";
chomp ($hashcat = <STDIN>);}
case 3
{ system("clear"); #Edit pot file location
print "Enter the location of the hashcat
pot file:\n";
chomp ($pot = <STDIN>);}
case 4
{ system("clear"); #Edit dictionary location
print "Enter the location of the dictionary
file or dictionary folder:\n";
chomp ($dict = <STDIN>);}
case 5
{ system("clear"); #Edit masks location
The Almond
print "Enter the location of mask file mask
folder:\n";
chomp ($mask = <STDIN>);}
case 6
{ system("clear"); #Edit output file
location
print "Enter the full path for the output
file:\n";
chomp ($out = <STDIN>);}
case 7
{ system("clear"); #Edit output file
location
print "Enter the path to put completed
reports:\n";
chomp ($html = <STDIN>);}
case 8
{ system("clear"); #Edit paths to scan
print "Enter the path(s) to look for .hash
files.\n";
print "Seperate paths with space:\n";
chomp (@path = split(' ',<STDIN>));}
case 9
{ system("clear"); #Edit hash type
print "Enter the hash type you want to
use.\n";
print "Go to
http://hashcat.net/wiki/doku.php?id=oclhashcat for
print "Hint:
print ("Make
chomp ($mode
details.\n";
NTLM=1000, MD5=0\n";
a selection: \n");
= <STDIN>);}
case 10
{ system("clear"); #Edit attack type
print "0 = Straight\n1 = Combination\n3 =
Brute-force/mask attack\n6 = Hybrid dict + mask\n7 = Hybrid mask + dict\nEnter
the attack mode:\n";
chomp ($attack = <STDIN>);}
case 11
{ system("clear"); #Edit additional
switches
print "Enter any additional switches:\n";
chomp ($switch = <STDIN>);}
case 12
{ system("clear"); #Clear pot file
`rm $pot`;
`touch $pot`;
print "The pot file has been
cleared.\nPress ENTER to continue";
<STDIN>;}
case 13
{ system("clear"); #Clear completed files
`rm .done`;
`touch .done`;
print "The done file has been
cleared.\nPress ENTER to continue";
<STDIN>;}
case "exit" {exit;}
The Almond
case "quit" {exit;}
else
{print "Invalid selection.\n";
&myswitch2();}
}
&mymenu2();
}
sub myhash
{
open(my $fh, "<", ".done") or die "$!";
while(<$fh>)
{
push @done, $_;
}
close $fh or die "$!";
foreach (@path)
{
push @files,`find $_ -maxdepth 1 -name '*.hash'`;
}
foreach (@files)
{
if ($_ ~~ @done)
{
chomp $_;
print "Found the file \"$_\" (already processed.)\n";
}
else
{
chomp $_;
print "Found the file \"$_\"\n";
`rm $out`;
`touch $out`;
$switch = ('');
$usernames = ((`head -n 1 $_`) =~ tr/:/:/); #detects if
there are users in the input file
if ($usernames == 1)
{
$switch = "--username";
}
switch ($attack)
{
case 0 #Straight attack (dictionary)
{chomp ($timer = `date +"%s"`);
system("$hashcat -m $mode -a
$attack $switch -o $out $_ $dict");}
case 1 #Combination Attack (2 dictionaries)
{chomp ($timer = `date +"%s"`);
system("$hashcat -m $mode -a
$attack $switch -o $out $_ $dict $dict");}
case 3 #Brute force/mask attack (mask only)
{chomp ($timer = `date +"%s"`);
The Almond
system("$hashcat -m $mode -a
$attack $switch -o $out $_ $mask");}
case 6 #Hybrid dict + mask
{chomp ($timer = `date +"%s"`);
system("$hashcat -m $mode -a
$attack $switch -o $out $_ $dict $mask");}
case 7 #Hybrid mask + dict
{chomp ($timer = `date +"%s"`);
system("$hashcat -m $mode -a
$attack $switch -o $out $_ $mask $dict");}
else
{print "Invalid mode
selected.";
&mymenu;}
}
`echo '$_' >> .done`;
if ($usernames == 1)
{
`touch .temp`;
`$hashcat --username --show $_ > .temp`;
`mv .temp $out`;
`sed -i '\/\\x0d/g' $out`; #Fixes hashcat's
end of lines
`sed -i '1d' $out`;
}
`sed -i '\/\\x0d/g' $out`; #Fixes hashcat's end of lines
$total = `wc -l $_|cut -d ' ' -f1`;
&report;
}
}
@done = (); #reset variables back to default
@files = ();
}
sub report
{
@lines = ();
@user = ();
@hash = ();
@pass = ();
@currentline = ();
$length = ();
$perc = ();
$small = (0);
@smallusers = ();
$symbols = (0);
@symbolsusers = ();
$numbers = (0);
@numbersusers = ();
open (my $fh, "<", $out) or die "$!";
while (<$fh>)
{
The Almond
$_ =~ s/\$/\\\$/g; #Adds escape characters to passwords that
cause problems.
$_ =~ s/\"/\\\"/g;
$_ =~ s/\:/\/g; #Changes split character to BELL (0x07)
if ($usernames == 1)
{
$_ =~ s/\:/\/; #do it again if required.
}
#(This is to protect against
users with : in their password.)
if ($_ =~ m/\S/) #Yet another check for whitespace
{
push @lines, $_;
}
}
close $fh or die "$!";
foreach (@lines)
{
@currentline = (split(/\/, $_));
if ($usernames != 1) #without usernames
{
push @hash, $currentline[0];
push @pass, $currentline[1];
$length += length($currentline[1]);
if (length($currentline[1]) < 6)
{
$small++;
}
if ($currentline[1] !~ m/[a..z|A..Z|0..9]/)
{
$symbols++;
}
if ($currentline[1] !~ m/\d+/)
{
$numbers++;
}
}
if ($usernames == 1) #with usernames
{
push @user, $currentline[0];
push @hash, $currentline[1];
push @pass, $currentline[2];
$length += length($currentline[2]);
if (length($currentline[2]) < 6)
{
$small++;
push @smallusers, $currentline[0];
}
if ($currentline[2] !~ m/[a..z|A..Z|0..9]/)
{
$symbols++;
push @symbolsusers, $currentline[0];
}
if ($currentline[2] !~ m/\d+/)
The Almond
{
$numbers++;
push @numbersusers, $currentline[0];
}
}
}
$found = (scalar @pass);
$length = ($length / $found);
$length = (sprintf "%.2f", $length); #round to 2 decimals
$perc = (($found / $total) * 100);
$perc = (sprintf "%.2f", $perc);
chomp ($date = `date +"%F %T"`);
chomp ($timer = `date +"%s"` - $timer);
$timer = ($timer / 60); #seconds to minutes
$timer = (sprintf "%.2f", $timer);
`touch "$html/Report at $date\.html"`;
`echo '<!DOCTYPE html>
<html>
<head>
<style>
table, th, td {
border: 1px solid black;
border-collapse: collapse;
}
th, td {
padding: 5px;
}
</style>
<h1>Report of file $out at $date.</h1>
</head>
<body>
<p><b>We found $found of the $total hashes. ($perc %) </b><br/>
<b>The average password length is $length characters. </b><br/>
<b>It took $timer minutes to process the hashes.</b><br/>
<b>$small of users have passwords under 6 characters.</b> (@smallusers) <br/>
<b>$symbols of users have no symbols in their passwords.</b> (@symbolsusers)
<br/>
<b>$numbers of users have no numbers in their passwords.</b> (@numbersusers)
<br/> </p></hr></br>
<table style="width:100%">' >> "$html/Report at $date\.html"`;
if ($usernames == 0) #no usernames
{
`echo "<tr>
<th>Hash</th>
<th>Password</th>
</tr>" >> "$html/Report at $date\.html"`;
for (my $i=0; $i <= $#hash; $i++)
{
`echo "<tr><td>$hash[$i]</td>" >> "$html/Report at
$date\.html"`;
`echo "<td>$pass[$i]</td></tr>" >> "$html/Report at
$date\.html"`;
}
}
The Almond
if ($usernames == 1) #usernames
{
`echo "<tr>
<th>Username</th>
<th>Hash</th>
<th>Password</th>
</tr>" >> "$html/Report at $date\.html"`;
for (my $i=0; $i <= $#hash; $i++)
{
`echo "<tr><td>$user[$i]</td>" >> "$html/Report at
$date\.html"`;
`echo "<td>$hash[$i]</td>" >> "$html/Report at
$date\.html"`;
`echo "<td>$pass[$i]</td></tr>" >> "$html/Report at
$date\.html"`;
}
}
`echo "</table>
</body>
</html>" >> "$html/Report at $date\.html"`;
}
sub myformat #Formats 2 strings to align left & right on the same line
{
format STDOUT =
@<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<@>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
"$_[0]", "$_[1]"
.
write();
}
The Almond