[Coffee Crack] SAIT Polytechnic Formal Report [The Almond Box] Jordan Walsh, Alex Chung, Jonathan Tham The Almond TABLE OF CONTENTS TABLE OF CONTENTS ............................................................................................................................................................. 2 EXECUTIVE SUMMARY .......................................................................................................................................................... 3 PROJECT VISION ..................................................................................................................................................................... 4 PROJECT PURPOSE ................................................................................................................................................................. 5 PROBLEM / OPPORTUNITY................................................................................................................................................................. 5 PROJECT DESCRIPTION ...................................................................................................................................................................... 5 KEY STAKEHOLDERS .......................................................................................................................................................................... 5 PROJECT SCOPE...................................................................................................................................................................... 6 SCOPE ............................................................................................................................................................................................ 6 OUT OF SCOPE................................................................................................................................................................................. 6 PROJECT OBJECTIVES ............................................................................................................................................................. 7 PROJECT TEAM....................................................................................................................................................................... 8 PROJECT STAKEHOLDERS....................................................................................................................................................... 9 RISK ASSESSMENT................................................................................................................................................................ 10 PROJECT SCHEDULE ............................................................................................................................................................. 11 PROJECT FACILITIES AND RESOURCES ................................................................................................................................. 12 PROJECT BUDGET................................................................................................................................................................. 13 EQUIPMENT AND FACILITIES ............................................................................................................................................................. 13 OPERATING COSTS ......................................................................................................................................................................... 13 ACTUAL COST ................................................................................................................................................................................ 13 INTELLECTUAL PROPERTY .................................................................................................................................................... 14 INITIAL PROPOSITION ...................................................................................................................................................................... 14 FINAL DECISION: ............................................................................................................................................................................ 14 CHALLENGES ........................................................................................................................................................................ 15 ACHIEVEMENTS ................................................................................................................................................................... 16 RECOMENDATIONS ............................................................................................................................................................. 17 LESSONS LEARNED ............................................................................................................................................................... 18 CONCLUSION ....................................................................................................................................................................... 19 ACKNOWLEDGEMENT ......................................................................................................................................................... 20 REFERENCES ......................................................................................................................................................................... 21 APPENDIX............................................................................................................................................................................. 22 GLOSSARY: .................................................................................................................................................................................... 22 PROJECT WEBSITE: ......................................................................................................................................................................... 22 CODE: .......................................................................................................................................................................................... 38 The Almond Section 1 EXECUTIVE SUMMARY The purpose of this project is to develop a service which assesses the strength of passwords that are used by consumers. Team CoffeeCrack will be providing this service through a device using hardware that will be compatible with a chosen software. One of the major issues that companies and regular consumers run into is the use of passwords and how secure they are. The CoffeeCrack team, represented by Jordan Walsh, Alex Chung and Jonathan Tham, will provide a service that will critique how secure these passwords are using Open Source software and hardware that is selected for compatible with the software. Our target for this project is to be able to make the device, named The Almond Box, as small as possible yet giving efficient performance. We strive to have The Almond Box completed by the end of April of 2015. The Almond Section 2 PROJECT VISION Security has been an issue that businesses of all kinds had to face for years. One security issue is employees using simple passwords that give access to their workstation or other company related tools which are used on a daily basis. No matter how well companies try to implement rules and conditions, employees still use passwords that are convenient to them, which are passwords that they will most likely remember. These passwords pose a tremendous amount of security concerns. Should any information get out about the company, devastating events are expected to follow. In this project, we will have a device that assesses passwords and a guide on how to use the device showing how easy and simple it is to operate the product. We expect the device to be small and light, but also quiet yet efficient. Additionally, we want to compare whether or not energy efficiency is worth the effort when assessing the strengths of passwords for companies. The Almond Section 3 PROJECT PURPOSE Too many people have too weak passwords. This can be a liability to many companies, and typical password control policies provide only limited protection. The purpose of the Almond Box is to assess the strength of a set of passwords and return a report of its findings. The Almond Box will be a powerful mini PC that will be easy to transport and use a minimal amount of power. PROBLEM / OPPORTUNITY Businesses today have a high concern over how well their security is. This project will surface the strength of passwords used by employees within the business. One of the main priorities of this project is to make the device small and as efficient and quiet as possible. This will also give an opportunity to produce a device that will use less energy than an average computer. PROJECT DESCRIPTION The project will consist of a list of commonly used passwords and/or passwords that actual people might use. How we assess the strength of the passwords used will be based on how quickly the device is able to crack the password being used. The company can then take action on the employee depending on the report on password strengths. The reduced consumption of energy will also help save the company a little bit of money on the use of energy while using this device. KEY STAKEHOLDERS The four key stakeholders for this project are as follows: Stakeholders Project Manager Client Performing Organization Sponsor Comment Jonathan Tham, Jordan Walsh, Alex Chung Michael McDonnell Jonathan Tham, Jordan Walsh, Alex Chung Michael McDonnell The Almond Section 4 PROJECT SCOPE The project will include the integration of open source password cracking software onto a small, efficient and powerful PC. The password hashes will be accepted by either local media or over the network. The PC will then provide a report on the processed passwords indicating how strong they are. SCOPE Within this project we will be aiming to deliver a small portable device that assesses passwords by using a preexisting database with open source or free software to evaluate how protective a single person's password is while providing a quiet yet energy efficient performance. Our end goal is to be able to make the device work with or without having it to connect to a network. OUT OF SCOPE - Updating hardware - integrating different software - Producing multiple copies of the device - Automated Process - Distributed assessment of two or more software The Almond Section 5 PROJECT OBJECTIVES Our main goals of this project will act as a guideline for us to successfully keep on track to our final product. This ensures that we will be able to maintain a steady pace and have a product that is complete. The objectives that we must meet are: Finding a coding language that is easy to understand and utilize by April 2015 Finding the proper hardware that is compatible with the coding language by April 2015 Keeping cost as low as possible by April 2015 Making sure that the device is running efficiently and quietly by April 2015 Creating a method that is understandable for the standard consumer use by April 2015 The Almond Section 6 PROJECT TEAM The team for Project Almond is made up of three members coming from the SAIT Polytechnic ITCS program. Their respective roles for the project are as follows: Member Alex Chung Jonathan Tham Jordan Walsh Role Hardware Assembler and Software Tester Website designer and Prep/setup Researcher for Hardware/Software The Almond Section 7 PROJECT STAKEHOLDERS We were able to obtain this project by way of request from a client. As a group that is working for a client, we strive to fulfill the required features for the device and hope to also implement other features which the client has requested at the side. The project will be sponsored by our client who will also be guiding us along the way. Stakeholder Jonathan, Alex, Jordan Colin Chamberlain Michael McDonnell Role or Influence Employees/Project managers Assistant Client The Almond Section 8 RISK ASSESSMENT Every project is bound to run into some sort of problem and potential risks are involved. The following is a list of risks that could potentially occur during the execution of our project. Project Risk Assessment Risk 1 – Software/Hardware compatibility Mitigation Strategy … Risk 2 – Conflicting group ideas Mitigation Strategy … Risk 3 – Inadequate communication between members Mitigation Strategy Probability Impact Severity e.g. High, Medium, Low e.g. High, Medium, Low e.g. High, Medium, Low medium high medium Research and ensure that the software and hardware will be compatible. low medium low Communication among members, giving reminders of what the task is at hand high high high Keep communication among members constant with updates and discuss progression of the project Risk 4 – Conflict in budget Mitigation Strategy low high high Making sure that the hardware isn't overly expensive and that it fits within the budget that is given. Hope for no compatibility issues between software and hardware. Risk 5 – Scope creep Mitigation Strategy low medium high Prioritize what we set out to do with the project. The Almond Section 9 PROJECT SCHEDULE We have compiled a Gantt chart outlining the course of how our project will be broken up into. The research and development of the project will begin starting in January, which will run through to April. Our major tasks that we must fulfill is to research software which will be used for the project, finding hardware that will be able to support the software, and making the device energy efficient, quiet, and small. We must understand how the software works and be able to use it. Finding the hardware comes after the software we are using is confirmed. Please refer to the attached Gantt chart. The Almond Section 10 PROJECT FACILITIES AND RESOURCES To develop The Almond Box, we will require a facility that offers an electrical outlet, space to work, and preferably an internet connection. We will also need hardware resources: a mini PC, keyboard, mouse and monitor. (see budget for details) Additionally, our sponsor Michael had lent us a piece of hardware to benchmark the same tests running the same version and OS and compare it to the laptop provided. This is to prove whether or not Energy efficiency is effective when assessing password strengths. The Almond Section 11 PROJECT BUDGET We are considering a few options for the PC hardware. Before making a solid decision we need to research software, compatibilities and optimizations before we invest in something. The will be no software costs, as it is part of the project’s scope to exclusively use open source or free software. Peripherals for the Almond Box will be provided by SAIT or the project’s members. EQUIPMENT AND FACILITIES The primary expense will be the PC hardware. Several of the PC assets will be provided by SAIT. Item PC Hardware Cost <$600 OPERATING COSTS The operational costs of The Almond Box should be minimal. The following is the operational costs of a few options we are considering for hardware. Item Raspberry pi B+ Intel NUC (Haswell) Gigabyte Brix Zotec Zbox Plus Custom built PC Wattage <2 <30 <37 <50 <200 Rate $0.0779/kWH $0.0779/kWH $0.0779/kWH $0.0779/kWH $0.0779/kWH Cost $0.0001558/hr $0.002337/hr $0.0028823/hr $0.003895/hr $0.01158/hr ACTUAL COST The actual cost of the hardware: Item Laptop Cost of energy: Wattage Rate ~30-33W $0.0779/kWH Cost $549.99 $0.002337 The Almond Section 12 INTELLECTUAL PROPERTY INITIAL PROPOSITION The Intellectual Property can go to either party between the sponsor and us, the team that is providing the service. The Intellectual Property for this project is based around services overall rather than the final product. Therefore, the Intellectual Property will be assigned to the performing organization. If the sponsor wishes to have a part in the IP, a meeting and documentation will then be required for legal issues. Due to the use of Open-Source software, the product is not saleable on its own. There is nothing patentable. FINAL DECISION: After talking it over with our sponsor, the final decision came out to a mutual agreement of leaving the Intellectual Property talk out of the project. We as a team were fine with the Intellectual property going either way, but after discussion, we came to the conclusion of have the services being open for the public to use and look at, making it open source. As fresh graduates, we feel that it will not be a good idea to have a service in our names, but we do find that it can be useful to have it as open source for future development and such. We would be recognized for our work which could give us a groundwork for our reputation in the industry, which we find more important. The Almond Section 13 CHALLENGES Over the past several months that we have worked on The Almond, we ran into several challenges which have hindered us very slightly. Some of these challenges include: Understanding the Software of choice and its functions Understanding how masks work in oclHashCat General website issues Multiple hardware issues GPU Crashes A login issue near the end of the project Getting the script to function properly The Almond Section 14 ACHIEVEMENTS Despite the challenges we have faced, we have accomplished a lot in these four months working on The Almond. Some of these accomplishments are as follows: Getting a functional laptop with the software implemented to work. Running our first test on real world NTLM hashes and getting some decent results. (Approx. 32% of passwords cracked) Understanding the different methods that we can use to assess passwords, such as brute forces and masks. Getting better results because of the understanding of the different methods and how to use them. Getting the script to function and generate reports in HTML. Getting another PC to test the difference between the laptop and the borrowed PC. Getting the opportunity to do this project since the 3rd semester. The Almond Section 15 RECOMENDATIONS Some recommendations that we will suggest is for anyone who wants to pursue something similar to this project or want to improve on this project are as follows: This project has rather large learning curve, if anyone is to attempt this, they should have a huge desire to learn new things. Pick the right hardware for the software you choose. The hardware/software decision is like a landmine field. Finding hardware that works with the software is difficult and may take a lot of time. Do a lot of research ahead of time and ensure they function with each other. Get a sponsor! Having a sponsor is probably the best thing you’ll ever get to experience. Communicate with your sponsor. Always keep some form of communication between your group and your sponsor. Communication is important! The Almond Section 16 LESSONS LEARNED We’ve all learned various lessons within these 4 months. These are some of the lessons we all learned to prevent the same mistakes from happening in the future: Do not run certain word list generators for too long, it may clog the memory and prevent anything from actually running. Pay careful attention to Colin when learning about Gantt charts, Otherwise you will struggle when making the project Gantt chart and updating it. Don’t forget important dates with your sponsor. If you’re doing Perl scripts for your project, review your old Perl notes from Semester 2. When running oclHashCat, make sure what switches do what and how they function. If not, you may end up crashing your laptop constantly. The usage of team viewer does not work with oclHashCat. It will crash if you’re connected via team viewer and run a test. The Almond Section 17 CONCLUSION Our goal was to come up with a device which was energy efficient and also make it capable of cracking hashes. We can safely conclude that the set up that we have been working on is much more energy efficient compared to a set up with a powerful graphics card. We were able to use a computer that our client put together and use it as a comparison to how our set up works. The dedicated graphics card that is mainly used in the computer needs a lot more energy to run while running the software that we use for our project. Because the graphics card in the computer is dedicated, it also runs a lot more quickly when it’s running the software. The Almond Section 18 ACKNOWLEDGEMENT OCLHashcat – For providing the software we needed to run through this project with minimal issues. Michael McDonnell – Big thanks to Michael, our sponsor and guide throughout our journey. Without his initial request, we would have been stuck searching for a project to do. Michael’s assistance was truly great. He has helped us out with getting a method put together, providing useful information, and giving suggestions about what we can do. Christopher McNeil – Big thanks to Christopher for being there for us. He has given us many suggestions as a past graduate on what we should do during our time at SAIT. Colin Chamberlain – For being a big help with keeping us on track with the project and providing us the resources and facility we needed to do this project. W3Schools – a site that helped with creating our website. Truly an amazing source to help with crafting a simple and easy website of our own. Fancybox – a simple and easy gallery display for websites. Fancybox is open for anyone to use as long as it is for non-profit purposes. PerlMonks.org – A good website with lots of Perl guidance. The Almond Section 19 REFERENCES http://hashcat.net/oclhashcat/ http://hashcat.net/wiki/doku.php?id=hashcat_utils http://hashcat.net/wiki/doku.php?id=oclhashcat http://www.ncix.com/detail/lenovo-thinkpad-edge-e545-a6-5350m-5c-93689-1205.htm http://en.wikipedia.org/wiki/Password_cracking http://technet.microsoft.com/en-us/library/cc784090(v=ws.10).aspx http://insights.scorpionsoft.com/bid/329695/The-Most-Recent-Password-Security-Compliance-Guidelines https://xato.net/passwords/more-top-worst-passwords/#.VLF9VivF98E http://www.darknet.org.uk/2008/02/password-cracking-wordlists-and-tools-for-brute-forcing/ http://www.adeptus-mechanicus.com/codex/crkpass/crkpass.php http://tiptopsecurity.com/password-cracking-101-how-hackers-get-your-passwords/ http://security.stackexchange.com/questions/9567/modern-high-quality-password-dictionary http://www.defenceindepth.net/2010/05/password-wordlists-and-dictionaries.html https://crackstation.net/ https://www.hashkiller.co.uk/ https://forum.hashkiller.co.uk/ https://blog.skullsecurity.org/ https://wiki.skullsecurity.org/index.php?title=Main_Page https://downloads.skullsecurity.org/passwords/ http://packetstormsecurity.com/Crackers/wordlists/ https://github.com/danielmiessler/SecLists/tree/master/Passwords http://hashes.org/public.php http://www.onlinehashcrack.com/list-cracked-hash.php?h=ntlm http://golubev.com/gpuest.htm http://www.w3schools.com/html/html_images.asp http://www.w3schools.com/tags/ref_colorpicker.asp http://www.w3schools.com/cssref/pr_text_text-align.asp http://fancybox.net/ http://floatboxjs.com/options http://stackoverflow.com/questions/9100344/pure-css-multi-level-drop-down-menu http://www.perlmonks.org/ The Non-Designer’s Design Book The Almond Section 20 APPENDIX GLOSSARY: OS – Operating System CRAP – Coffeecrack Reporting and Processing GPU – Graphics Processing Unit NTLM – NT Lan Manager - Authentication method used in modern windows OSs WPA – Wi-Fi Protected Access HTML – Hyper Text Markup Language PROJECT WEBSITE: Index.htm <!DOCTYPE html> <html> <head> <title>Coffee Crack Home</title> <meta charset="utf-8" /> <link rel="stylesheet" media="screen" href="style.css"> <link rel="shortcut icon" href="favicon.ico"/> </head> <body> <div id="wrapper"> <div id="topblock"> <a href="index.htm"><img style="border:0;" src="images/banner1.jpg" alt="Coffee Crack Logo"></a> </div> <div id='nav'> <ul class="top-level-menu"> <li><a href='index.htm'>Home</a></li> <li> <a href="#">Documents</a> <ul class="second-level-menu"> <li><a href='doc/charter.pdf'><span>Project Charter</span></a></li> <li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li> <li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li> <li> <a href="#">Weekly Journals</a> <ul class="third-level-menu"> <li><a href='journalalex.html'>Alex's Journal</a></li> <li><a href='journaljonathan.html'>Jonathan's Journal</a></li> <li><a href='journaljordan.html'>Jordan's Journal</a></li> </ul> </li> <li><a href='doc/manual.pdf'><span>Manual</span></a></li> The Almond <li><a href='doc/presentation.pdf'><span>Project Presentation</span></a></li> <li><a href='doc/report.pdf'><span>Formal Report</span></a></li> </ul> </li> <li><a href='members.html'>Members</a></li> <li><a href='gallery.html'>Gallery</a></li> <li><a href='assessment.html'>Analysis</a></li> </ul> </div> <div id="centerblock"> <h1>About:</h1> <p>The purpose of this project is to develop a service which assesses the strength of passwords that are used by consumers. Team CoffeeCrack will be providing this service through a device using hardware that will be compatible with a chosen software.</p> <p>One of the major issues that companies and regular consumers run into is the use of passwords and how secure they are. The CoffeeCrack team, represented by Jordan Walsh, Alex Chung and Jonathan Tham, will provide a service that will critique how secure these passwords are using Open Source software and hardware that is selected for compatible with the software. Our target for this project is to be able to make the device, named The Almond Box, as small as possible yet giving efficient performance. We strive to have The Almond Box completed by the end of April of 2015. </p> </div> <div id="footer"> <p>ITCS Capstone ©2015 All rights reserved. Alex Chung, Jonathan Tham, Jordan Walsh.</p> </div> </div> </body> </html> Members.html <!DOCTYPE html> <html> <head> <title>Coffee Crack Group Members</title> <meta charset="utf-8" /> <link rel="stylesheet" media="screen" href="style.css"> <link rel="shortcut icon" href="favicon.ico"/> </head> <body> <div id="wrapper"> <div id="topblock"> <a href="index.htm"><img style="border:0;" src="images/banner1.jpg" alt="Coffee Crack Logo"></a> </div> <div id='nav'> <ul class="top-level-menu"> <li><a href='index.htm'>Home</a></li> The Almond <li> <a href="#">Documents</a> <ul class="second-level-menu"> <li><a href='doc/charter.pdf'><span>Project Charter</span></a></li> <li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li> <li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li> <li> <a href="#">Weekly Journals</a> <ul class="third-level-menu"> <li><a href='journalalex.html'>Alex's Journal</a></li> <li><a href='journaljonathan.html'>Jonathan's Journal</a></li> <li><a href='journaljordan.html'>Jordan's Journal</a></li> </ul> </li> <li><a href='doc/manual.pdf'><span>Manual</span></a></li> <li><a href='doc/presentation.pdf'><span>Project Presentation</span></a></li> <li><a href='doc/report.pdf'><span>Formal Report</span></a></li> </ul> </li> <li><a href='members.html'>Members</a></li> <li><a href='gallery.html'>Gallery</a></li> <li><a href='assessment.html'>Analysis</a></li> </ul> </div> <div id="centerblock"> <h1>Members:</h1> <img src="images/team.jpg" alt="Team" style="height:530px"> <h3><p>Alex Chung:</p></h3> <div id="pic"><img src="images/alex.jpg" alt="Alex" style="height:200px"></div> <div id="bio"><p>My background with technology started with a simple PC running windows 98. I mainly used it to play video games at first but after I grew up, I slowly started gaining an interest in technology. When I started taking several computer courses, this helped me further my interest with hardware at first but it also brought up a software side as well. At first I wanted to go into Computer Engineering, but after some thought, IT was my choice for my career path.</p></div> <div><p>I chose the IT program at SAIT as it lets me further my passion into technology, and software. Over my years at SAIT, I’ve developed more skills and experiences than I would have in high school. I’ve even started to come up with possible ideas from random technology I see in stores. These experiences and skills I’ve gained have made me think of technology differently than before when I was young. The computer systems path in the IT program was more flexible for my way of thinking and I hope the software development will be the same regarding software and coding.</p> <p>In the capstone group, I was responsible for testing and troubleshooting the software that we were using. Using various open-source hash files and supplied hash files as test material in order to generate a rough report. </p> </div> <h3><p>Jonathan Tham:</p></h3> <div id="pic"><img src="images/jon.jpg" alt="Jon" style="height:200px"></div> The Almond <div id="bio"><p>Over the years, up until i was about the age of 16 and 17, I started playing around with some software and command prompt. I never really learned how to use command promt properly, but I read about commands and how they work. Very easy stuff now, but back then, it was a complete mystery. It was time for graduation from High School and now I had to choose what i wanted to study. My top picks were IT or Psychology.</p></div> <div><p>My main pick was IT, but I had a great interest in Psychology. Since I was so curious about Psychology, I made the choice of going into Psychology at Mount Royal University. While attending Mount Royal, I took the chance of taking other areas of interest. Since I was already in Psychology, I took some courses in Sociology since they closely relate to one another. I weighed out my options and found that with Psychology, I would have to take a longer journey if I wanted to make a career out of it.</p> <p>I made the choice of going to IT after two and a half years in Psychology. I didn't mind the change since Psychology can be used anywhere. IT had more to offer in terms of skills and training, so i jumped into SAIT as soon as I possibly could. Presently about to graduate from ITCS, I find that there are many things I am now able to do, and how these skills can carry onto many industries in society. My journey is only starting, and SAIT has offered me a great opportunity to jump start my career. The vast amount of techonology that I am able to work with gets me excited. There are so many things that I can occupy my time with and so many opportunities of learning new skills. IT is truly one of the best decisions I've ever made in my life.</p></div> <h3><p>Jordan Walsh:</p></h3> <div id="pic"><img src="images/jordan.jpg" alt="Jordan" style="height:200px"></div> <div id="bio"><p>Jordan was born and raised right here in Calgary, and is currently attending SAIT Polytechnic, and majoring in Computer Systems. After graduating high school, Jordan worked at Wal-Mart for a while before coming to SAIT. He always had a passion for technology, whether it was building a new computer or playing with Linux distributions. He hopes that after SAIT, he will be able to get a job in the IT field, with advancement opportunities. He hopes that one day he will be a system administrator.</p></div> </div> <div id="footer"> <p>ITCS Capstone ©2015 All rights reserved. Alex Chung, Jonathan Tham, Jordan Walsh.</p> </div> </div> </body> </html> Gallery.html <!DOCTYPE html> <html> <head> <title>Coffee Crack Gallery</title> <meta charset="utf-8" /> <link rel="stylesheet" media="screen" href="style.css"> <link rel="shortcut icon" href="favicon.ico"/> <script type="text/javascript" src="http://code.jquery.com/jquerylatest.min.js"></script> The Almond <script type="text/javascript" src="fancybox/lib/jquery.mousewheel3.0.6.pack.js"></script> <link rel="stylesheet" href="fancybox/source/jquery.fancybox.css?v=2.1.5" type="text/css" media="screen" /> <script type="text/javascript" src="fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script> <link rel="stylesheet" href="fancybox/source/helpers/jquery.fancyboxbuttons.css?v=1.0.5" type="text/css" media="screen" /> <script type="text/javascript" src="fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5"></script> <script type="text/javascript" src="fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.6"></script> <script type="text/javascript" src="thumb.js"></script> <link rel="stylesheet" href="fancybox/source/helpers/jquery.fancyboxthumbs.css?v=1.0.7" type="text/css" media="screen" /> <script type="text/javascript" src="fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7"></script> </head> <body> <div id="wrapper"> <div id="topblock"> <a href="index.htm"><img style="border:0;" src="images/banner1.jpg" alt="Coffee Crack Logo"></a> </div> <div id='nav'> <ul class="top-level-menu"> <li><a href='index.htm'>Home</a></li> <li> <a href="#">Documents</a> <ul class="second-level-menu"> <li><a href='doc/charter.pdf'><span>Project Charter</span></a></li> <li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li> <li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li> <li> <a href="#">Weekly Journals</a> <ul class="third-level-menu"> <li><a href='journalalex.html'>Alex's Journal</a></li> <li><a href='journaljonathan.html'>Jonathan's Journal</a></li> <li><a href='journaljordan.html'>Jordan's Journal</a></li> </ul> </li> <li><a href='doc/manual.pdf'><span>Manual</span></a></li> <li><a href='doc/presentation.pdf'><span>Project Presentation</span></a></li> <li><a href='doc/report.pdf'><span>Formal Report</span></a></li> </ul> </li> <li><a href='members.html'>Members</a></li> <li><a href='gallery.html'>Gallery</a></li> <li><a href='assessment.html'>Analysis</a></li> </ul> </div> </br> </br> <div class="fancy"> The Almond <a class="fancybox-thumb" rel="fancybox-thumb" href="images/work.jpg" title="Typical Day"> <img src="images/work.jpg" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/poweron.jpg" title="Rough day"> <img src="images/poweron.jpg" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/watt.jpg" title="Initial energy usage while in rest."> <img src="images/watt.jpg" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/set.jpg" title="Setup"> <img src="images/set.jpg" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/test1.png" title="Password cracking test"> <img src="images/test1.png" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/kernel.jpg" title="Kernel problems"> <img src="images/kernel.jpg" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/Progressmeeting.jpg" title="Progress Meetings"> <img src="images/Progressmeeting.jpg" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/watt2.jpg" title="Energy consumption during test."> <img src="images/watt2.jpg" alt="" /> </a> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/alexworking.jpg" title="Alex working on our client's computer"> <img src="images/alexworking.jpg" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/comparisonjpg" title="Using our client's computer for a comparison on efficiency."> <img src="images/comparison.jpg" alt="" /> </a> <a class="fancybox-thumb" rel="fancybox-thumb" href="images/stats.jpg" title="Energy consumption during test on our client's computer."> <img src="images/stats.jpg" alt="" /> </a> </div> <div id="footer"> <p>ITCS Capstone ©2015 All rights reserved. Alex Chung, Jonathan Tham, Jordan Walsh.</p> </div> </div> </body> </html> The Almond Journalalex.html <!DOCTYPE html> <html> <head> <title>Coffee Crack: Alex's Journal</title> <meta charset="utf-8" /> <link rel="stylesheet" media="screen" href="style.css"> <link rel="shortcut icon" href="favicon.ico"/> </head> <body> <div id="wrapper"> <div id="topblock"> <a href="index.htm"><img style="border:0;" src="images/banner1.jpg" alt="Coffee Crack Logo"></a> </div> <div id='nav'> <ul class="top-level-menu"> <li><a href='index.htm'>Home</a></li> <li> <a href="#">Documents</a> <ul class="second-level-menu"> <li><a href='doc/charter.pdf'><span>Project Charter</span></a></li> <li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li> <li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li> <li> <a href="#">Weekly Journals</a> <ul class="third-level-menu"> <li><a href='journalalex.html'>Alex's Journal</a></li> <li><a href='journaljonathan.html'>Jonathan's Journal</a></li> <li><a href='journaljordan.html'>Jordan's Journal</a></li> </ul> </li> <li><a href='doc/manual.pdf'><span>Manual</span></a></li> <li><a href='doc/presentation.pdf'><span>Project Presentation</span></a></li> <li><a href='doc/report.pdf'><span>Formal Report</span></a></li> </ul> </li> <li><a href='members.html'>Members</a></li> <li><a href='gallery.html'>Gallery</a></li> <li><a href='assessment.html'>Analysis</a></li> </ul> </div> <div id="centerblock"> <h1>Alex's Journals:</h1> <ul class="journal"> <li><a href='\doc\Journals\Alex Journal\Week1.pdf'>Week 1</a></li> <li><a href='\doc\Journals\Alex Journal\Week2.pdf'>Week 2</a></li> <li><a href='\doc\Journals\Alex Journal\Week3.pdf'>Week 3</a></li> The Almond <li><a href='\doc\Journals\Alex Journal\Week4.pdf'>Week 4</a></li> <li><a href='\doc\Journals\Alex Journal\Week5.pdf'>Week 5</a></li> <li><a href='\doc\Journals\Alex Journal\Week6.pdf'>Week 6</a></li> <li><a href='\doc\Journals\Alex Journal\Week7.pdf'>Week 7</a></li> <li><a href='\doc\Journals\Alex Journal\Week8.pdf'>Week 8</a></li> <li><a href='\doc\Journals\Alex Journal\Week9.pdf'>Week 9</a></li> <li><a href='\doc\Journals\Alex Journal\Week10.pdf'>Week 10</a></li> <li><a href='\doc\Journals\Alex Journal\Week11.pdf'>Week 11</a></li> <li><a href='\doc\Journals\Alex Journal\Week12.pdf'>Week 12</a></li> <li><a href='\doc\Journals\Alex Journal\Week13.pdf'>Week 13</a></li> </ul> </div> <div id="footer"> <p>ITCS Capstone ©2015 All rights reserved. Alex Chung, Jonathan Tham, Jordan Walsh.</p> </div> </div> </body> </html> Journaljonathan.html <!DOCTYPE html> <html> <head> <title>Coffee Crack: Jonathan's Journal</title> <meta charset="utf-8" /> <link rel="stylesheet" media="screen" href="style.css"> <link rel="shortcut icon" href="favicon.ico"/> </head> <body> <div id="wrapper"> <div id="topblock"> <a href="index.htm"><img style="border:0;" src="images/banner1.jpg" alt="Coffee Crack Logo"></a> </div> <div id='nav'> <ul class="top-level-menu"> <li><a href='index.htm'>Home</a></li> <li> <a href="#">Documents</a> <ul class="second-level-menu"> <li><a href='doc/charter.pdf'><span>Project Charter</span></a></li> <li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li> The Almond <li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li> <li> <a href="#">Weekly Journals</a> <ul class="third-level-menu"> <li><a href='journalalex.html'>Alex's Journal</a></li> <li><a href='journaljonathan.html'>Jonathan's Journal</a></li> <li><a href='journaljordan.html'>Jordan's Journal</a></li> </ul> </li> <li><a href='doc/manual.pdf'><span>Manual</span></a></li> <li><a href='doc/presentation.pdf'><span>Project Presentation</span></a></li> <li><a href='doc/report.pdf'><span>Formal Report</span></a></li> </ul> </li> <li><a href='members.html'>Members</a></li> <li><a href='gallery.html'>Gallery</a></li> <li><a href='assessment.html'>Analysis</a></li> </ul> </div> <div id="centerblock"> <h1>Jonathan's Journals:</h1> <ul class="journal"> <li><a href='\doc\Journals\Jonathan Journal\Week1.pdf'>Week 1</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week2.pdf'>Week 2</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week3.pdf'>Week 3</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week4.pdf'>Week 4</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week5.pdf'>Week 5</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week6.pdf'>Week 6</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week7.pdf'>Week 7</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week8.pdf'>Week 8</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week9.pdf'>Week 9</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week10.pdf'>Week 10</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week11.pdf'>Week 11</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week12.pdf'>Week 12</a></li> <li><a href='\doc\Journals\Jonathan Journal\Week13.pdf'>Week 13</a></li> </ul> </div> <div id="footer"> <p>ITCS Capstone ©2015 All rights reserved. Alex Chung, Jonathan Tham, Jordan Walsh.</p> The Almond </div> </div> </body> </html> Journaljordan.html <!DOCTYPE html> <html> <head> <title>Coffee Crack Jordan's Journal</title> <meta charset="utf-8" /> <link rel="stylesheet" media="screen" href="style.css"> <link rel="shortcut icon" href="favicon.ico"/> </head> <body> <div id="wrapper"> <div id="topblock"> <a href="index.htm"><img style="border:0;" src="images/banner1.jpg" alt="Coffee Crack Logo"></a> </div> <div id='nav'> <ul class="top-level-menu"> <li><a href='index.htm'>Home</a></li> <li> <a href="#">Documents</a> <ul class="second-level-menu"> <li><a href='doc/charter.pdf'><span>Project Charter</span></a></li> <li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li> <li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li> <li> <a href="#">Weekly Journals</a> <ul class="third-level-menu"> <li><a href='journalalex.html'>Alex's Journal</a></li> <li><a href='journaljonathan.html'>Jonathan's Journal</a></li> <li><a href='journaljordan.html'>Jordan's Journal</a></li> </ul> </li> <li><a href='doc/manual.pdf'><span>Manual</span></a></li> <li><a href='doc/presentation.pdf'><span>Project Presentation</span></a></li> <li><a href='doc/report.pdf'><span>Formal Report</span></a></li> </ul> </li> <li><a href='members.html'>Members</a></li> <li><a href='gallery.html'>Gallery</a></li> <li><a href='assessment.html'>Analysis</a></li> </ul> </div> <div id="centerblock"> <h1>Jordan's Journals:</h1> <ul class="journal"> <li><a href='\doc\Journals\Jordan Journal\Week1.pdf'>Week 1</a></li> The Almond <li><a href='\doc\Journals\Jordan Journal\Week2.pdf'>Week 2</a></li> <li><a href='\doc\Journals\Jordan Journal\Week3.pdf'>Week 3</a></li> <li><a href='\doc\Journals\Jordan Journal\Week4.pdf'>Week 4</a></li> <li><a href='\doc\Journals\Jordan Journal\Week5.pdf'>Week 5</a></li> <li><a href='\doc\Journals\Jordan Journal\Week6.pdf'>Week 6</a></li> <li><a href='\doc\Journals\Jordan Journal\Week7.pdf'>Week 7</a></li> <li><a href='\doc\Journals\Jordan Journal\Week8.pdf'>Week 8</a></li> <li><a href='\doc\Journals\Jordan Journal\Week9.pdf'>Week 9</a></li> <li><a href='\doc\Journals\Jordan Journal\Week10.pdf'>Week 10</a></li> <li><a href='\doc\Journals\Jordan Journal\Week11.pdf'>Week 11</a></li> <li><a href='\doc\Journals\Jordan Journal\Week12.pdf'>Week 12</a></li> <li><a href='\doc\Journals\Jordan Journal\Week13.pdf'>Week 13</a></li> </ul> </div> <div id="footer"> <p>ITCS Capstone ©2015 All rights reserved. Alex Chung, Jonathan Tham, Jordan Walsh.</p> </div> </div> </body> </html> Assessment.html <!DOCTYPE html> <html> <head> <title>Coffee Crack Analytics</title> <meta charset="utf-8" /> <link rel="stylesheet" media="screen" href="style.css"> <link rel="shortcut icon" href="favicon.ico"/> </head> <body> <div id="wrapper"> <div id="topblock"> <a href="index.htm"><img style="border:0;" src="images/banner1.jpg" alt="Coffee Crack Logo"></a> </div> <div id='nav'> <ul class="top-level-menu"> <li><a href='index.htm'>Home</a></li> <li> The Almond <a href="#">Documents</a> <ul class="second-level-menu"> <li><a href='doc/charter.pdf'><span>Project Charter</span></a></li> <li><a href='doc/gantt.pdf'><span>Gantt Chart</span></a></li> <li><a href='doc/meeting.pdf'><span>Meeting Agenda</span></a></li> <li> <a href="#">Weekly Journals</a> <ul class="third-level-menu"> <li><a href='journalalex.html'>Alex's Journal</a></li> <li><a href='journaljonathan.html'>Jonathan's Journal</a></li> <li><a href='journaljordan.html'>Jordan's Journal</a></li> </ul> </li> <li><a href='doc/manual.pdf'><span>Manual</span></a></li> <li><a href='doc/presentation.pdf'><span>Project Presentation</span></a></li> <li><a href='doc/report.pdf'><span>Formal Report</span></a></li> </ul> </li> <li><a href='members.html'>Members</a></li> <li><a href='gallery.html'>Gallery</a></li> <li><a href='assessment.html'>Analysis</a></li> </ul> </div> <div id="centerblock"> <h1>Analysis:</h1> <p> <h2>Statement of Need</h2> <p>At the end, I have provided the background for why this I important. But to get to the point, here is what I need from your team: We will provide you with our Active Directory password database. This does not contain our passwords, but the “hashes” of them. I will also provide you with a list of “privileged” account names. These are accounts for which the risk of a weak password is higher (Sysadmins, service accounts etc.). <p>Goal: We need to know if our passwords are weak BEFORE the hackers do. <h3>Requirements:</h3> <p>1) We need a system that will crack Active Directory (NTLM) hashes and report on accounts with weak passwords. <p>2) All data, and the system itself, must be securely handled at all times. <p>3) The system must be relatively small, quiet, cool, low power. <p>4) We need weekly reports from the system <h3>Optional:</h3> <p>Can we tell if people are re-using their old password with slight variation over and over every time they “change” it? <p>Can you securely automate the extraction of passwords from Active Directory? <p>Detailed Requirements <p>Please feel free to flesh these out, ask for more details, or tell us if they cannot be accomplished. <p>Secure Handling <p>The Active Directory password data, and the passwords being cracked by the systems are HIGHLY sensitive. It is bad to have weak passwords. It is worse to collect them all in one place, crack them, and then lose that to attackers. <p>This means that the system must: <p>1) Be secured against theft and encrypted so that it is stolen no one can get the data. <p>2) If it is connected to the network, it must be hardened against attack. The Almond <p>3) The password for any accounts used to access this system need to be strong. <h2>Conclusion:</h2> <p>Our goal was to come up with a device which was energy efficient and also make it capable of cracking hashes. We can safely conclude that the set up that we have been working on is much more energy efficient compared to a set up with a powerful graphics card. We were able to use a computer that our client put together and use it as a comparison to how our set up works. The dedicated graphics card that is mainly used in the computer needs a lot more energy to run while running the software that we use for our project. Because the graphics card in the computer is dedicated, it also runs a lot more quickly when it’s running the software. </p> </div> <div id="footer"> <p>ITCS Capstone ©2015 All rights reserved. Alex Chung, Jonathan Tham, Jordan Walsh.</p> </div> </div> </body> </html> Style.css #wrapper { width:960px; margin: 0 auto; } body { font: 100% "Lucida Sans Unicode", "Lucida Grande", sans-serif; line-height: 2; color: White; background-repeat: repeat-x; background-color: #A87553; background-image: url("images/background2.png"); } h1 { font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; margin: 20px; } #navblock { font-family: Bradley Hand ITC; font-size: 150%; height:20px; width:960px; float: left; } #centerblock { width:960px; float: left; } The Almond #footer { width:960px; float: left; } #nav { border: none; border: 0px; margin: 0px; padding: 0px; font: Bradley Hand ITC; font-size: 25px; font-weight: bold; width: 960px; float: left; } #pic { width: 200px; float:left; } #bio { width: 760px; float:left; } .fancy img { display: block; float: left; width: 200px; height: auto; } .third-level-menu { position: absolute; top: 0; right: -150px; width: 150px; list-style: none; padding: 0; margin: 0; display: none; } .third-level-menu > li { height: 30px; background: #333333; } .third-level-menu > li:hover { background: grey; } .second-level-menu { z-index: 999999; position: absolute; top: 30px; The Almond left: 0; width: 192px; list-style: none; padding: 0; margin: 0; display: none; } .second-level-menu > li { text-align: left; position: relative; height: 30px; background: #333333; } .second-level-menu > li:hover { background: grey; } .top-level-menu { list-style: none; padding: 0; margin: 0; } .top-level-menu > li { position: relative; float: left; height: 30px; width: 192px; background: #333333; text-align: center; } .top-level-menu > li:hover { background: #2580a2; } .top-level-menu li:hover > ul { /* On hover, display the next level's menu */ display: inline; } /* Menu Link Styles */ .top-level-menu a /* Apply to all links inside the multi-level menu */ { font: bold 14px Arial, Helvetica, sans-serif; color: #FFFFFF; text-decoration: none; padding: 0 0 0 10px; /* Make the link cover the entire list item-container */ display: block; line-height: 30px; } .top-level-menu a:hover The Almond { color: #000000; } The Almond CODE: #!/usr/bin/env perl # # # # # # ____ __ __ ____ _ / ___| ___ / _| / _| ___ ___ / ___| _ __ __ _ ___ | | __ | | / _ \ | |_ | |_ / _ \ / _ \| | | '__|/ _` | / __|| |/ / | |___| (_) || _|| _|| __/| __/| |___ | | | (_| || (__ | < \____|\___/ |_| |_| \___| \___| \____||_| \__,_| \___||_|\_\ # # # # # # # # # # # # # # # # # # CRAP script - Coffeecrack Reporting And Processing script. For AMD cards with oclHashcat 1.32 Updated 2015-04-08 Get the latest version at: https://github.com/Jordan2586/CoffeeCrack/ Copyright (C) 2015 Jordan Walsh <[email protected]> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. use use use use warnings; strict; Cwd; Switch; #Package libswitch-perl required my (@path, #Contains what directories should be scanned for .hash files @files, #Contains files found when scanning directories @done, #Contains contents of .done file $hashcat, #Location of hashcat executable $dict, #location of dictionary $mask, #Location of masks $out, #Location of output file $pot, #Location of hashcat pot file $html, #Location of completed reports $date, #Current date/time for reports $sel, #Selection of menu 1 $sel2, #Selection of menu 2 $mode, #Hash type $attack, #Attack Mode $switch, #Optional switches $usernames, #0 = no users in outfile 1 = users in outfile. $timer, #Keeps track how long a test has been going for. (in seconds) $length, #Average password length $found, #Number of found hashes $total, #Number of total hashes The Almond $perc, #percent of the found hashes $small, #amount of users who have small passwords @smallusers, #users who have small passwords. $symbols, #amount of users who dont have symbols @symbolsusers, #users who have no symbols in their passwords. $numbers, #amount of users who dont have numbers in their passwords. @numbersusers, #users who dont have numbers in their passwords. $figlet, #ASCII art @lines, #Stores each line from outfile @currentline, #Stores info from the current @lines, separated at @hash, #Stores all hash values from outfile @pass, #Stores all passwords from outfile @user); #Stores all users from outfile #Set default variables @path = ('/ftp', cwd()); $hashcat = glob('~/oclHashcat-1.32/oclHashcat64.bin'); $pot = glob('~/oclHashcat.pot'); $out = glob('~/out.txt'); $mask = glob('~/coffeecrack.hcmask'); $dict = glob('~/dict'); $html = ('/var/www/html'); #/var/www/html in ubuntu, /var/www in debian $mode = ('1000'); $attack = ('0'); $switch = (''); $figlet = `figlet CoffeeCrack`; #package figlet required &mymenu(); sub mymenu #Menu options for myswitch() { `touch $pot`; `touch .done`; `sed -i '\/\^\\s\*\$\/d' .done`; #Removes empty lines in done file. '/^$/ d' system("clear"); print ("$figlet"); print ("*** CoffeeCrack Reporting And Processing script ***\n\n"); &myformat("1) About",""); &myformat("2) Edit Options",""); &myformat("3) View completed files",""); &myformat("4) View reports (in browser)",""); &myformat("5) Autorun",""); &myformat("6) RUN!!!",""); print "\n"; &myswitch(); } sub mymenu2 #Menu options for myswitch2() { system("clear"); print ("*** CoffeeCrack Reporting And Processing script ***\n\n"); &myformat("1) Back to main menu",""); print "\n"; &myformat("2) Edit Hashcat Location","$hashcat"); The Almond &myformat("3) Edit pot file location","$pot"); &myformat("4) Edit dictionary location","$dict"); &myformat("5) Edit masks location","$mask"); &myformat("6) Edit output file location","$out"); &myformat("7) Edit reports location","$html"); print "\n"; &myformat("8) Edit paths to scan","@path"); &myformat("9) Edit hash type","$mode"); &myformat("10) Edit attack type","$attack"); &myformat("11) Edit additional switches","$switch"); print "\n"; &myformat("12) Clear pot file",`wc -l $pot|cut -d ' ' -f1`); &myformat("13) Clear completed files",`wc -l .done|cut -d ' ' -f1`); print "\n"; &myswitch2(); } sub myswitch { print ("Make a selection: "); chomp ($sel = <STDIN>); switch ($sel) { case 1 { system("clear"); #About system ("echo 'The Crap menu provides an easy to use interface to process hashes using Hashcat, and create reports, saving them to the local web server. Once GIT has been installed, you can download the latest version of the crap script by typing: git clone https://github.com/Jordan2586/CoffeeCrack You can update the scripts by entering the CoffeeCrack directory and typing: git pull By default, Crap scans 2 directories for .hash files: /ftp and the directory which crap was run in. Once a file has been processed, its name will be placed in a file called .done, so that it is not processed a second time. This done file can be deleted manually, or in the “Edit Options” menu. The “Edit Options” menu will also allow you to specify the location of hashcat, the attack mode of hashcat, the location of the reports, among other options. The information provided on the right side of the menu are the current value(s) of that option, or its current size if applicable. Note that changing these values will not change the defaults that are set in the script itself. The Crap menu is able to detect whether or not usernames are included in the hash file, and is able to include that information in the generated report. Press q to quit.'|less"); } case 2 {&mymenu2();} #Edit Options The Almond case 3 case 4 #View reports (in browser) { system("clear"); #View completed files open(my $fh, "<", ".done") or die "$!"; print <$fh>; close $fh or die "$!"; print "\nPress ENTER to continue"; <STDIN>;} { `/usr/bin/firefox https://127.0.0.1`;} case 5 { system("clear"); #Autorun while (1==1) {&myhash(); sleep(30);} } case 6 { system("clear"); #RUN!!! &myhash();} case "exit" {exit;} case "quit" {exit;} case "alex" {$figlet = `figlet Greasy Midget`;} #totally not an easter egg. else {print "Invalid selection.\n"; &myswitch();} } &mymenu(); } sub myswitch2 { print ("Make a selection: "); chomp ($sel2 = <STDIN>); switch ($sel2) { case 1 {&mymenu();} #Back to main menu case 2 { system("clear"); #Edit Hashcat Location print "Enter the full path for oclHashcat32.bin or oclHashcat64.bin: \n"; chomp ($hashcat = <STDIN>);} case 3 { system("clear"); #Edit pot file location print "Enter the location of the hashcat pot file:\n"; chomp ($pot = <STDIN>);} case 4 { system("clear"); #Edit dictionary location print "Enter the location of the dictionary file or dictionary folder:\n"; chomp ($dict = <STDIN>);} case 5 { system("clear"); #Edit masks location The Almond print "Enter the location of mask file mask folder:\n"; chomp ($mask = <STDIN>);} case 6 { system("clear"); #Edit output file location print "Enter the full path for the output file:\n"; chomp ($out = <STDIN>);} case 7 { system("clear"); #Edit output file location print "Enter the path to put completed reports:\n"; chomp ($html = <STDIN>);} case 8 { system("clear"); #Edit paths to scan print "Enter the path(s) to look for .hash files.\n"; print "Seperate paths with space:\n"; chomp (@path = split(' ',<STDIN>));} case 9 { system("clear"); #Edit hash type print "Enter the hash type you want to use.\n"; print "Go to http://hashcat.net/wiki/doku.php?id=oclhashcat for print "Hint: print ("Make chomp ($mode details.\n"; NTLM=1000, MD5=0\n"; a selection: \n"); = <STDIN>);} case 10 { system("clear"); #Edit attack type print "0 = Straight\n1 = Combination\n3 = Brute-force/mask attack\n6 = Hybrid dict + mask\n7 = Hybrid mask + dict\nEnter the attack mode:\n"; chomp ($attack = <STDIN>);} case 11 { system("clear"); #Edit additional switches print "Enter any additional switches:\n"; chomp ($switch = <STDIN>);} case 12 { system("clear"); #Clear pot file `rm $pot`; `touch $pot`; print "The pot file has been cleared.\nPress ENTER to continue"; <STDIN>;} case 13 { system("clear"); #Clear completed files `rm .done`; `touch .done`; print "The done file has been cleared.\nPress ENTER to continue"; <STDIN>;} case "exit" {exit;} The Almond case "quit" {exit;} else {print "Invalid selection.\n"; &myswitch2();} } &mymenu2(); } sub myhash { open(my $fh, "<", ".done") or die "$!"; while(<$fh>) { push @done, $_; } close $fh or die "$!"; foreach (@path) { push @files,`find $_ -maxdepth 1 -name '*.hash'`; } foreach (@files) { if ($_ ~~ @done) { chomp $_; print "Found the file \"$_\" (already processed.)\n"; } else { chomp $_; print "Found the file \"$_\"\n"; `rm $out`; `touch $out`; $switch = (''); $usernames = ((`head -n 1 $_`) =~ tr/:/:/); #detects if there are users in the input file if ($usernames == 1) { $switch = "--username"; } switch ($attack) { case 0 #Straight attack (dictionary) {chomp ($timer = `date +"%s"`); system("$hashcat -m $mode -a $attack $switch -o $out $_ $dict");} case 1 #Combination Attack (2 dictionaries) {chomp ($timer = `date +"%s"`); system("$hashcat -m $mode -a $attack $switch -o $out $_ $dict $dict");} case 3 #Brute force/mask attack (mask only) {chomp ($timer = `date +"%s"`); The Almond system("$hashcat -m $mode -a $attack $switch -o $out $_ $mask");} case 6 #Hybrid dict + mask {chomp ($timer = `date +"%s"`); system("$hashcat -m $mode -a $attack $switch -o $out $_ $dict $mask");} case 7 #Hybrid mask + dict {chomp ($timer = `date +"%s"`); system("$hashcat -m $mode -a $attack $switch -o $out $_ $mask $dict");} else {print "Invalid mode selected."; &mymenu;} } `echo '$_' >> .done`; if ($usernames == 1) { `touch .temp`; `$hashcat --username --show $_ > .temp`; `mv .temp $out`; `sed -i '\/\\x0d/g' $out`; #Fixes hashcat's end of lines `sed -i '1d' $out`; } `sed -i '\/\\x0d/g' $out`; #Fixes hashcat's end of lines $total = `wc -l $_|cut -d ' ' -f1`; &report; } } @done = (); #reset variables back to default @files = (); } sub report { @lines = (); @user = (); @hash = (); @pass = (); @currentline = (); $length = (); $perc = (); $small = (0); @smallusers = (); $symbols = (0); @symbolsusers = (); $numbers = (0); @numbersusers = (); open (my $fh, "<", $out) or die "$!"; while (<$fh>) { The Almond $_ =~ s/\$/\\\$/g; #Adds escape characters to passwords that cause problems. $_ =~ s/\"/\\\"/g; $_ =~ s/\:/\/g; #Changes split character to BELL (0x07) if ($usernames == 1) { $_ =~ s/\:/\/; #do it again if required. } #(This is to protect against users with : in their password.) if ($_ =~ m/\S/) #Yet another check for whitespace { push @lines, $_; } } close $fh or die "$!"; foreach (@lines) { @currentline = (split(/\/, $_)); if ($usernames != 1) #without usernames { push @hash, $currentline[0]; push @pass, $currentline[1]; $length += length($currentline[1]); if (length($currentline[1]) < 6) { $small++; } if ($currentline[1] !~ m/[a..z|A..Z|0..9]/) { $symbols++; } if ($currentline[1] !~ m/\d+/) { $numbers++; } } if ($usernames == 1) #with usernames { push @user, $currentline[0]; push @hash, $currentline[1]; push @pass, $currentline[2]; $length += length($currentline[2]); if (length($currentline[2]) < 6) { $small++; push @smallusers, $currentline[0]; } if ($currentline[2] !~ m/[a..z|A..Z|0..9]/) { $symbols++; push @symbolsusers, $currentline[0]; } if ($currentline[2] !~ m/\d+/) The Almond { $numbers++; push @numbersusers, $currentline[0]; } } } $found = (scalar @pass); $length = ($length / $found); $length = (sprintf "%.2f", $length); #round to 2 decimals $perc = (($found / $total) * 100); $perc = (sprintf "%.2f", $perc); chomp ($date = `date +"%F %T"`); chomp ($timer = `date +"%s"` - $timer); $timer = ($timer / 60); #seconds to minutes $timer = (sprintf "%.2f", $timer); `touch "$html/Report at $date\.html"`; `echo '<!DOCTYPE html> <html> <head> <style> table, th, td { border: 1px solid black; border-collapse: collapse; } th, td { padding: 5px; } </style> <h1>Report of file $out at $date.</h1> </head> <body> <p><b>We found $found of the $total hashes. ($perc %) </b><br/> <b>The average password length is $length characters. </b><br/> <b>It took $timer minutes to process the hashes.</b><br/> <b>$small of users have passwords under 6 characters.</b> (@smallusers) <br/> <b>$symbols of users have no symbols in their passwords.</b> (@symbolsusers) <br/> <b>$numbers of users have no numbers in their passwords.</b> (@numbersusers) <br/> </p></hr></br> <table style="width:100%">' >> "$html/Report at $date\.html"`; if ($usernames == 0) #no usernames { `echo "<tr> <th>Hash</th> <th>Password</th> </tr>" >> "$html/Report at $date\.html"`; for (my $i=0; $i <= $#hash; $i++) { `echo "<tr><td>$hash[$i]</td>" >> "$html/Report at $date\.html"`; `echo "<td>$pass[$i]</td></tr>" >> "$html/Report at $date\.html"`; } } The Almond if ($usernames == 1) #usernames { `echo "<tr> <th>Username</th> <th>Hash</th> <th>Password</th> </tr>" >> "$html/Report at $date\.html"`; for (my $i=0; $i <= $#hash; $i++) { `echo "<tr><td>$user[$i]</td>" >> "$html/Report at $date\.html"`; `echo "<td>$hash[$i]</td>" >> "$html/Report at $date\.html"`; `echo "<td>$pass[$i]</td></tr>" >> "$html/Report at $date\.html"`; } } `echo "</table> </body> </html>" >> "$html/Report at $date\.html"`; } sub myformat #Formats 2 strings to align left & right on the same line { format STDOUT = @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<@>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> "$_[0]", "$_[1]" . write(); } The Almond
© Copyright 2024