0

目前,我正在简化在安全审计中提取 Windows 密码哈希的过程。就我个人而言,我希望在进行审计时更轻松地生成已恢复用户及其密码的列表。我认为它对于尝试比较和生成大量数据的其他人也很有用。

所以这里是要点:

当我从 Windows 系统文件中提取所有数据时,我将它们简化为格式 user:hash,其中哈希是 NTLM 哈希,例如“a87f3a357d73085c45f9416be5787e86”。

然后我将使用 oclHashcat 并尝试破解哈希,无论是字典还是暴力破解,都没有关系。我生成所有恢复的哈希的输出,但是 Hashcat 以 hash:password 格式生成它们。

现在这是我的问题以及我想要输入的内容 - 我想在给定两个输入文件的情况下将输出生成为 user:password。考虑到我可以有数百个散列但只有几个恢复的密码,尝试对列表进行排序是没有用的。

我不确定哪种数据结构对我最有利。数组对于大表来说效率太低了。我研究了序列化,并且一直在探索哈希映射和哈希表的使用。鉴于散列的大小,我没有任何运气实现这些方法,或者我这样做不正确。

目前我正在像这样运行程序:

program [user:hash file] [hash:password file] -o [user:password output]

我正在有效地尝试像这样(简要地)运行程序:

Load Files

// user:hash file
For each line, split by ':' delimiter
 before delimiter = table1.user
 after delimiter = table1.hash

// hash:password file
For each line, split by ':' delimiter
 before delimiter = table2.hash
 after delimiter = table2.password

// generate user:password file
Check each entry of table1 vs table2
 if table1.hash = table2.hash
  table1.user =  output.user
  table2.password = output.password
  print to output "output.user:output.password"

我只是想找出一种有效的方法来跟踪每一行并将必要的数据提取到我可以轻松跟踪的数据结构中。

如果我需要澄清任何事情,请告诉我。任何帮助表示赞赏!

4

2 回答 2

1

我会为我的数据结构做这个

std::map<std::string,std::string> hash_user_map;

不遍历表 1 中的所有用户和哈希

For each user in table1
hash_user_map[table1.hash] = table1.user;

没有使用 table2 中的哈希查看所有破解密码

std::string user = hash_user_map[table2.hash];
std::cout << user << ":" << table2.password << "\n;
于 2012-11-28T22:56:43.670 回答
0

我决定使用 shell 脚本,并使用关联的数组来匹配所需的数据。

注意:这个程序的大部分处理我的哈希文件的格式。查看脚本中的注释。

#!/bin/bash
# Signus
# User-Password Hash Comparison Tool v1.0
# Simple utility that allows for the comparison between a file with a 'user:hash' format to a separate file with a 'hash:password' format. The comparison matches the hashes and returns an output file in the format 'user:password'

# Example of 'user:hash' -> george:c21cfaebe1d69ac9e2e4e1e2dc383bac
# Example of 'hash:password' -> c21cfaebe1d69ac9e2e4e1e2dc383bac:password
# 'user:hash' obtained from creddump suite: http://code.google.com/p/creddump/
# Note: Used custom 'dshashes.py' file: http://ptscripts.googlecode.com/svn/trunk/dshashes.py
# 'hash:password' obtained from ocl-Hashcat output

usage="Usage: $0 [-i user:hash input] [-t hash:password input] [-o output]"

declare -a a1
declare -a a2
declare -A o

index1=0
index2=0
countA1=0
countA2=0
matchCount=0

if [ -z "$*" ]; then
  echo $usage
    exit 1
fi

if [ $# -ne 6 ]; then
    echo "Error: Invalid number of arguments."
    echo $usage
    exit 1
fi

echo -e
echo "---Checking Files---"
while getopts ":i:t:o:" option; do
    case $option in
        i) inputFile1="$OPTARG"
        if [ ! -f $inputFile1 ]; then
            echo "Unable to find or open file: $inputFile1"
            exit 1
        fi
        echo "Reading...$inputFile1"
        ;;
        t) inputFile2="$OPTARG"
        if [ ! -f $inputFile2 ]; then
            echo "Unable to find or open file: $inputFile2"
            exit 1
        fi
        echo "Reading...$inputFile2"
        ;;
        o) outputFile="$OPTARG"
        echo "Writing...$outputFile"
        ;;
        [?]) echo $usage >&2
            exit 1
        ;;
    esac
done
shift $(($OPTIND-1))


#First read the files and cut each line into an array
echo -e
echo "---Reading Files---"
while read LINE
do
    a1[$index1]="$LINE"
    index1=$(($index1+1))
    countA1=$(($countA1+1))
done < $inputFile1
echo "Read $countA1 lines in $inputFile1"

while read LINE
do
    a2[$index2]="$LINE"
    index2=$(($index2+1))
    countA2=$(($countA2+1))
done < $inputFile2
echo "Read $countA2 lines in $inputFile2"


#Then cut each item out of the array and store it into separate variables
echo -e
echo "Searching for Matches..."
for (( j=0; j<${#a2[@]}; j++ ))
do
    hash2=$(echo ${a2[$j]} | cut -d: -f1)
    pword=$(echo ${a2[$j]} | cut -d: -f2)

    for (( i=0; i<${#a1[@]}; i++ ))
    do
        us=$(echo ${a1[$i]} | cut -d: -f1)
        hash1=$(echo ${a1[$i]} | cut -d: -f2)

        if [ "$hash2" = "$hash1" ]; then
            matchCount=$(($matchCount+1))
            o["$us"]=$pword
            echo -e "Match Found[$matchCount]: \t Username:$us  \t  Password:$pword" 
            break
        fi

    done
done

echo -e "Matches Found: $matchCount\n" >> $outputFile
for k in ${!o[@]}
do
    echo -e "Username: $k  \t  Password: ${o[$k]}" >> $outputFile
done
echo -e "\nWrote $matchCount lines to $outputFile"

unset o
于 2013-01-31T07:44:52.313 回答