Merge pull request #473 from m-1-k-3/pw-cracking

JTR crack multiple hash types
e-m-b-a · Feb 7, 2023 · 868e96d · 868e96d
2 parents 77bdbe1 + 51be7d0
commit 868e96d
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 12 deletions.
diff --git a/helpers/helpers_emba_print.sh b/helpers/helpers_emba_print.sh
@@ -76,12 +76,12 @@ module_log_init()
 module_title()
 {
   local MODULE_TITLE
-  MODULE_TITLE="$1"
+  MODULE_TITLE="${1:-}"
   local MODULE_TITLE_FORMAT
   MODULE_TITLE_FORMAT="[""${BLUE}""+""${NC}""] ""${CYAN}""${BOLD}""$MODULE_TITLE""${NC}""\\n""${BOLD}""=================================================================""${NC}"
-  echo -e "\\n\\n""$MODULE_TITLE_FORMAT"
+  echo -e "\\n\\n""$MODULE_TITLE_FORMAT" || true
   if [[ "${2:-}" != "no_log" ]] ; then
-    echo -e "$(format_log "$MODULE_TITLE_FORMAT")" | tee -a "$LOG_FILE" >/dev/null
+    echo -e "$(format_log "$MODULE_TITLE_FORMAT")" | tee -a "$LOG_FILE" >/dev/null || true
     if [[ $LOG_GREP -eq 1 ]] ; then
       write_grep_log "$MODULE_TITLE" "MODULE_TITLE"
     fi
@@ -95,8 +95,8 @@ sub_module_title()
   SUB_MODULE_TITLE="${1:-}"
   local SUB_MODULE_TITLE_FORMAT
   SUB_MODULE_TITLE_FORMAT="\\n""${BLUE}""==>""${NC}"" ""${CYAN}""$SUB_MODULE_TITLE""${NC}""\\n-----------------------------------------------------------------"
-  echo -e "$SUB_MODULE_TITLE_FORMAT"
-  echo -e "$(format_log "$SUB_MODULE_TITLE_FORMAT")" | tee -a "$LOG_FILE" >/dev/null
+  echo -e "$SUB_MODULE_TITLE_FORMAT" || true
+  echo -e "$(format_log "$SUB_MODULE_TITLE_FORMAT")" | tee -a "$LOG_FILE" >/dev/null || true
   if [[ $LOG_GREP -eq 1 ]] ; then
     SUB_MODULE_COUNT=$((SUB_MODULE_COUNT + 1))
     write_grep_log "$SUB_MODULE_TITLE" "SUB_MODULE_TITLE"

diff --git a/modules/S108_stacs_password_search.sh b/modules/S108_stacs_password_search.sh
@@ -32,9 +32,16 @@ S108_stacs_password_search()
   local MESSAGE=""
 
   if command -v stacs > /dev/null ; then
-    stacs --skip-unprocessable --rule-pack "$STACS_RULES_DIR"/credential.json "$FIRMWARE_PATH" > "$STACS_LOG_FILE" || true
+    stacs --skip-unprocessable --rule-pack "$STACS_RULES_DIR"/credential.json "$FIRMWARE_PATH" 2> "$TMP_DIR"/stacs.err 1> "$STACS_LOG_FILE" || true
+
+    if [[ -f "$TMP_DIR"/stacs.err ]]; then
+      print_ln
+      print_output "[*] STACS log:"
+      tee -a "$LOG_FILE" < "$TMP_DIR"/stacs.err
+    fi
 
     if [[ -f "$STACS_LOG_FILE" && $(jq ".runs[0] .results[] | .message[]" "$STACS_LOG_FILE" | wc -l) -gt 0 ]]; then
+      print_ln
       ELEMENTS_="$(jq ".runs[0] .results[] .message.text" "$STACS_LOG_FILE" | wc -l)"
       print_output "[+] Found $ORANGE$ELEMENTS_$GREEN credential areas:"
       write_csv_log "Message" "PW_PATH" "PW_HASH" "PW_HASH_real"

diff --git a/modules/S109_jtr_local_pw_cracking.sh b/modules/S109_jtr_local_pw_cracking.sh
@@ -29,7 +29,7 @@ S109_jtr_local_pw_cracking()
   local JTR_FINAL_STAT=""
   local CRACKED_HASH=""
   local CRACKED=0
-  local JTR_TIMEOUT="60m"
+  local JTR_TIMEOUT="3600"
 
   # This module waits for S108_stacs_password_search
   # check emba.log for S108_stacs_password_search starting
@@ -69,7 +69,58 @@ S109_jtr_local_pw_cracking()
       print_output "[*] Starting jtr with a runtime of $ORANGE$JTR_TIMEOUT$NC on the following data:"
       tee -a "$LOG_FILE" < "$LOG_PATH_MODULE"/jtr_hashes.txt
       print_ln
-      timeout --preserve-status --signal SIGINT "$JTR_TIMEOUT" john --progress-every=120 "$LOG_PATH_MODULE"/jtr_hashes.txt | tee -a "$LOG_FILE" || true
+      john --progress-every=120 "$LOG_PATH_MODULE"/jtr_hashes.txt 2>&1 | tee -a "$LOG_FILE" || true &
+      PID="$!"
+      COUNT=0
+      while [[ "$COUNT" -le "$JTR_TIMEOUT" ]];do
+        ((COUNT+=1))
+        if ! pgrep john > /dev/null; then
+          # if no john process is running it means we are finished with cracking passwords
+          # and we can exit the while loop for waiting
+          break
+        fi
+        sleep 1
+      done
+      if [[ "$COUNT" -ge "$JTR_TIMEOUT" ]]; then
+        # we are running out of time and kill john
+        kill "$PID" || true
+      fi
+
+      # lets check our log if we can find further hashes
+      mapfile -t JTR_FORMATS < <(grep "option to force loading hashes of that type instead" "$LOG_FILE" || true)
+
+      # if we have further hashes we are processing these now
+      if [[ "${#JTR_FORMATS[@]}" -gt 0 ]] && [[ "$COUNT" -lt "$JTR_TIMEOUT" ]] ; then
+        print_ln
+        print_output "[*] Further password hashes detected:"
+        for JTR_FORMAT in "${JTR_FORMATS[@]}"; do
+          JTR_FORMAT="$(echo "$JTR_FORMAT" | cut -d '=' -f2 | awk '{print $1}' | tr -d '"' )"
+          print_output "$(indent "$(orange "Detected hash type: $JTR_FORMAT")")"
+        done
+
+        for JTR_FORMAT in "${JTR_FORMATS[@]}"; do
+          print_ln
+          echo "[*] COUNT: $COUNT"
+          JTR_FORMAT="$(echo "$JTR_FORMAT" | cut -d '=' -f2 | awk '{print $1}' | tr -d '"' )"
+          print_output "[*] Testing password hash types $ORANGE$JTR_FORMAT$NC"
+          john --format="$JTR_FORMAT" --progress-every=120 "$LOG_PATH_MODULE"/jtr_hashes.txt 2>&1 | tee -a "$LOG_FILE" || true &
+          PID="$!"
+
+          while [[ "$COUNT" -le "$JTR_TIMEOUT" ]];do
+            ((COUNT+=1))
+            if ! pgrep john > /dev/null; then
+              # if no john process is running it means we are finished with cracking passwords
+              # and we can exit the while loop for waiting
+              break
+            fi
+            sleep 1
+          done
+          if [[ "$COUNT" -ge "$JTR_TIMEOUT" ]]; then
+            # we are running out of time and kill john
+            kill "$PID" || true
+          fi
+        done
+      fi
       print_ln
       NEG_LOG=1
 

diff --git a/modules/S12_binary_protection.sh b/modules/S12_binary_protection.sh
@@ -96,7 +96,7 @@ S12_binary_protection()
         FILE=$(print_path "$FILE")
 
         printf "\t%-22.22s  %-25.25s  %-20.20s  %-20.20s  %-20.20s  %-20.20s  %-20.20s  %-5.5s  %s\n" \
-          "$RELRO" "$CANARY" "$NX" "$PIE" "$RPATH" "$RUNPATH" "$SYMBOLS" "$FORTIFY" "$FILE" | tee -a "$TMP_DIR"/s12.tmp
+          "$RELRO" "$CANARY" "$NX" "$PIE" "$RPATH" "$RUNPATH" "$SYMBOLS" "$FORTIFY" "$FILE" | tee -a "$TMP_DIR"/s12.tmp || true
         BIN_PROT_COUNTER=$((BIN_PROT_COUNTER+1))
       fi
     done

diff --git a/modules/S15_bootloader_check.sh b/modules/S15_bootloader_check.sh
@@ -253,9 +253,9 @@ check_bootloader()
   local OBSD_FILE1=""
   local OBSD_FILE2=""
   # mapfile -t OBSD_PATH1 < <(mod_path "/usr/mdec/biosboot")
-  mapfile -t OBSD_PATH1 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/usr/mdec/biosboot")
+  mapfile -t OBSD_PATH1 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/usr/mdec/biosboot" || true)
   # mapfile -t OBSD_PATH2 < <(mod_path "/boot")
-  mapfile -t OBSD_PATH2 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot")
+  mapfile -t OBSD_PATH2 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot" || true)
   for OBSD_FILE1 in "${OBSD_PATH1[@]}" ; do
     for OBSD_FILE2 in "${OBSD_PATH2[@]}" ; do
       if [[ -f "$OBSD_FILE2" ]] && [[ -f "OBSD_FILE2" ]] ; then

diff --git a/modules/S26_kernel_vuln_verifier.sh b/modules/S26_kernel_vuln_verifier.sh
@@ -245,7 +245,7 @@ S26_kernel_vuln_verifier()
     if [[ -d "$LOG_DIR""/firmware" ]]; then
       print_output "[*] Identify kernel modules symbols ..."
       find "$LOG_DIR/firmware" -name "*.ko" -exec readelf -a {} \; | grep FUNC | sed 's/.*FUNC//' | \
-        awk '{print $4}' | sed 's/\[\.\.\.\]//' >> "$LOG_PATH_MODULE"/symbols.txt
+        awk '{print $4}' | sed 's/\[\.\.\.\]//' >> "$LOG_PATH_MODULE"/symbols.txt || true
     fi
 
     uniq "$LOG_PATH_MODULE"/symbols.txt > "$LOG_PATH_MODULE"/symbols_uniq.txt