New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Weak admin password detection #40

Merged
merged 1 commit into from Mar 17, 2017

Conversation

Projects
None yet
6 participants
@pocallaghan
Contributor

pocallaghan commented Feb 13, 2017

Create two new commands for attempting to brute force crack admin
passwords and api keys.

@gwillem

This comment has been minimized.

Show comment
Hide comment
@gwillem

gwillem Feb 13, 2017

Contributor

Nice!! @frosit, would you have a clue about the (possibly unrelated) test error?

Contributor

gwillem commented Feb 13, 2017

Nice!! @frosit, would you have a clue about the (possibly unrelated) test error?

@vdloo

This comment has been minimized.

Show comment
Hide comment
@vdloo

vdloo Feb 14, 2017

Member

perhaps related to this

Member

vdloo commented Feb 14, 2017

perhaps related to this

@frosit

This comment has been minimized.

Show comment
Hide comment
@frosit

frosit Feb 14, 2017

Collaborator

nice, @gwillem i will take a look at it later today

Collaborator

frosit commented Feb 14, 2017

nice, @gwillem i will take a look at it later today

@pocallaghan

This comment has been minimized.

Show comment
Hide comment
@pocallaghan

pocallaghan Feb 15, 2017

Contributor

As you merged the bootstrap fix, I'll rebase this later today, fingers crossed everything should pass...

Contributor

pocallaghan commented Feb 15, 2017

As you merged the bootstrap fix, I'll rebase this later today, fingers crossed everything should pass...

Add password hacker.
Create two new commands for attempting to brute force crack admin
passwords and api keys.
@gwillem

This comment has been minimized.

Show comment
Hide comment
@gwillem

gwillem Feb 22, 2017

Contributor

Test with:

mkdir -p ~/.n98-magerun/modules
curl -Lks https://github.com/pocallaghan/hypernode-magerun/archive/feature/password-hacker.tar.gz | tar xz -C ~/.n98-magerun/modules
# for hypernode test only:
alias magerun='/usr/local/bin/magerun --skip-root-check --root-dir=/data/web/public'
magerun hypernode:crack:admin-passwords --help
magerun hypernode:crack:admin-passwords --active --force --rulesets=best64 1000 special vendors -v

Which would yield

+-------+-------------------------------------------------------------------+---------+----------+
| User  | Hash                                                              | Cracked | Password |
+-------+-------------------------------------------------------------------+---------+----------+
| admin | 709e94f1c8d64796a801afc06f714335:keQDOhV2YF3mUoaXxfRpR8mWcHt4CkZc | No      |          |
| user  | fd67b8bb20ceb349a77693f999a140f6:VGTq3WnsqCgYx8tRVY5KA7HCQB3UBmmr | Yes     | test123  |
+-------+-------------------------------------------------------------------+---------+----------+
Cracking Completed in 1 second.
Contributor

gwillem commented Feb 22, 2017

Test with:

mkdir -p ~/.n98-magerun/modules
curl -Lks https://github.com/pocallaghan/hypernode-magerun/archive/feature/password-hacker.tar.gz | tar xz -C ~/.n98-magerun/modules
# for hypernode test only:
alias magerun='/usr/local/bin/magerun --skip-root-check --root-dir=/data/web/public'
magerun hypernode:crack:admin-passwords --help
magerun hypernode:crack:admin-passwords --active --force --rulesets=best64 1000 special vendors -v

Which would yield

+-------+-------------------------------------------------------------------+---------+----------+
| User  | Hash                                                              | Cracked | Password |
+-------+-------------------------------------------------------------------+---------+----------+
| admin | 709e94f1c8d64796a801afc06f714335:keQDOhV2YF3mUoaXxfRpR8mWcHt4CkZc | No      |          |
| user  | fd67b8bb20ceb349a77693f999a140f6:VGTq3WnsqCgYx8tRVY5KA7HCQB3UBmmr | Yes     | test123  |
+-------+-------------------------------------------------------------------+---------+----------+
Cracking Completed in 1 second.
@peterjaap
@peterjaap

This comment has been minimized.

Show comment
Hide comment
@peterjaap

peterjaap Feb 24, 2017

Collaborator

After adding the rockyou.txt word list, the cracking takes a lot longer, thereby hitting a process timeout within Symfony Console component (which throws Symfony\Component\Process\Exception\ProcessTimedOutException), so you need to update Engine/Hashcat.php on line 50 to;

$process->setTimeout(0)->setIdleTimeout(0)->run();

Or similar.

Collaborator

peterjaap commented Feb 24, 2017

After adding the rockyou.txt word list, the cracking takes a lot longer, thereby hitting a process timeout within Symfony Console component (which throws Symfony\Component\Process\Exception\ProcessTimedOutException), so you need to update Engine/Hashcat.php on line 50 to;

$process->setTimeout(0)->setIdleTimeout(0)->run();

Or similar.

@peterjaap

This comment has been minimized.

Show comment
Hide comment
@peterjaap

peterjaap Feb 24, 2017

Collaborator

I guess that the 'special' list can never contain too much words. Maybe also parse cms_page and cms_block content to words and append those?
Maybe also;

  • company address
  • sales email addresses (for customer service, general, etc)
  • look up Facebook page based on firstname+lastname and parse all their posts :trollface:
Collaborator

peterjaap commented Feb 24, 2017

I guess that the 'special' list can never contain too much words. Maybe also parse cms_page and cms_block content to words and append those?
Maybe also;

  • company address
  • sales email addresses (for customer service, general, etc)
  • look up Facebook page based on firstname+lastname and parse all their posts :trollface:
@JeroenBoersma

This comment has been minimized.

Show comment
Hide comment
@JeroenBoersma

JeroenBoersma Feb 24, 2017

Contributor

generation + show command would be nice...
this would make using docker a lot easier, removes dependency hell

Contributor

JeroenBoersma commented Feb 24, 2017

generation + show command would be nice...
this would make using docker a lot easier, removes dependency hell

@peterjaap

This comment has been minimized.

Show comment
Hide comment
@peterjaap

peterjaap Mar 16, 2017

Collaborator

@pocallaghan @gwillem so.... are we merging this or what? 😄

Collaborator

peterjaap commented Mar 16, 2017

@pocallaghan @gwillem so.... are we merging this or what? 😄

@gwillem

This comment has been minimized.

Show comment
Hide comment
@gwillem

gwillem Mar 17, 2017

Contributor

You're right.. let's roll! Will distribute this on our platform shortly. After we fixed the Magereport outage.
Again, kudo's to @pocallaghan for producing this very nice module!

Contributor

gwillem commented Mar 17, 2017

You're right.. let's roll! Will distribute this on our platform shortly. After we fixed the Magereport outage.
Again, kudo's to @pocallaghan for producing this very nice module!

@gwillem gwillem merged commit e88cb52 into Hypernode:master Mar 17, 2017

@gwillem

This comment has been minimized.

Show comment
Hide comment
@gwillem

gwillem Mar 17, 2017

Contributor

Both php5 & 7:

Starting test 'Hypernode\PasswordCracker\Mutator\ToggleAtTest::testUMutate with data set #2 ('T6', 'abc', 'abc')'.
E
Time: 1.53 seconds, Memory: 30.00MB
There was 1 error:
1) Hypernode\PasswordCracker\Mutator\ToggleAtTest::testUMutate with data set #2 ('T6', 'abc', 'abc')
Uninitialized string offset: 6
/home/travis/build/Hypernode/hypernode-magerun/src/Hypernode/PasswordCracker/Mutator/ToggleAt.php:33
/home/travis/build/Hypernode/hypernode-magerun/tests/Hypernode/PasswordCracker/Mutator/AbstractMutatorTest.php:30
FAILURES!
Tests: 183, Assertions: 203, Errors: 1.
The command "vendor/bin/phpunit --debug --stop-on-error --stop-on-failure" exited with 2.

@pocallaghan what version did you test with?

Travis has:

$ php --version
PHP 7.0.17 (cli) (built: Mar 17 2017 12:37:36) ( ZTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.17, Copyright (c) 1999-2017, by Zend Technologies
    with Xdebug v2.5.0, Copyright (c) 2002-2016, by Derick Rethans
$ composer --version
Composer version 1.4.1 2017-03-10 09:29:45
Contributor

gwillem commented Mar 17, 2017

Both php5 & 7:

Starting test 'Hypernode\PasswordCracker\Mutator\ToggleAtTest::testUMutate with data set #2 ('T6', 'abc', 'abc')'.
E
Time: 1.53 seconds, Memory: 30.00MB
There was 1 error:
1) Hypernode\PasswordCracker\Mutator\ToggleAtTest::testUMutate with data set #2 ('T6', 'abc', 'abc')
Uninitialized string offset: 6
/home/travis/build/Hypernode/hypernode-magerun/src/Hypernode/PasswordCracker/Mutator/ToggleAt.php:33
/home/travis/build/Hypernode/hypernode-magerun/tests/Hypernode/PasswordCracker/Mutator/AbstractMutatorTest.php:30
FAILURES!
Tests: 183, Assertions: 203, Errors: 1.
The command "vendor/bin/phpunit --debug --stop-on-error --stop-on-failure" exited with 2.

@pocallaghan what version did you test with?

Travis has:

$ php --version
PHP 7.0.17 (cli) (built: Mar 17 2017 12:37:36) ( ZTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.17, Copyright (c) 1999-2017, by Zend Technologies
    with Xdebug v2.5.0, Copyright (c) 2002-2016, by Derick Rethans
$ composer --version
Composer version 1.4.1 2017-03-10 09:29:45

@gwillem gwillem changed the title from Add password hacker. to Weak admin password detection Mar 23, 2017

@peterjaap

This comment has been minimized.

Show comment
Hide comment
@peterjaap

peterjaap Mar 29, 2017

Collaborator

Since #42 fixes this, we can now merge this?

Collaborator

peterjaap commented Mar 29, 2017

Since #42 fixes this, we can now merge this?

@gwillem

This comment has been minimized.

Show comment
Hide comment
@gwillem

gwillem Mar 29, 2017

Contributor

It was already merged! Yesterday deployed on all Hypernodes. We're preparing a release statement and instructions, stay tuned

Contributor

gwillem commented Mar 29, 2017

It was already merged! Yesterday deployed on all Hypernodes. We're preparing a release statement and instructions, stay tuned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment