Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add no cleanup to jtr modules #11570

Merged
merged 2 commits into from Mar 22, 2019
Merged

add no cleanup to jtr modules #11570

merged 2 commits into from Mar 22, 2019

Conversation

@h00die
Copy link
Contributor

h00die commented Mar 16, 2019

There are times when running the jtr aux modules you don't want to delete the temporary files. Cases like debugging, or exporting the DB in a friendly format to run john elsewhere.

This PR adds an advanced option to not delete the temporary files. It was brought to light in #11294 by @7043mcgeep

msf5 auxiliary(analyze/jtr_aix) > set DeleteTempFiles false
DeleteTempFiles => false
msf5 auxiliary(analyze/jtr_aix) > run

[*] Hashes Written out to /tmp/hashes_tmp20190316-9080-bxdiqo
[*] Wordlist file written out to /tmp/jtrtmp20190316-9080-t8w0ee
[*] Cracking descrypt hashes in normal wordlist mode...
Using default input encoding: UTF-8
[*] Cracking descrypt hashes in single mode...
Using default input encoding: UTF-8
[*] Cracking descrypt hashes in incremental mode (Digits)...
Using default input encoding: UTF-8
[*] Cracked Passwords this run:
[+] des_password:password
[*] Auxiliary module execution completed
msf5 auxiliary(analyze/jtr_aix) > cat /tmp/hashes_tmp20190316-9080-bxdiqo
[*] exec: cat /tmp/hashes_tmp20190316-9080-bxdiqo

des_password:rEK1ecacw.7.c:::::24:
msf5 auxiliary(analyze/jtr_aix) > set DeleteTempFiles true
DeleteTempFiles => true
msf5 auxiliary(analyze/jtr_aix) > run

[*] Hashes Written out to /tmp/hashes_tmp20190316-9080-mcnfhb
[*] Wordlist file written out to /tmp/jtrtmp20190316-9080-1iwdlg
[*] Cracking descrypt hashes in normal wordlist mode...
Using default input encoding: UTF-8
[*] Cracking descrypt hashes in single mode...
Using default input encoding: UTF-8
[*] Cracking descrypt hashes in incremental mode (Digits)...
Using default input encoding: UTF-8
[*] Cracked Passwords this run:
[+] des_password:password
[*] Auxiliary module execution completed
msf5 auxiliary(analyze/jtr_aix) > cat /tmp/hashes_tmp20190316-9080-mcnfhb
[*] exec: cat /tmp/hashes_tmp20190316-9080-mcnfhb

cat: /tmp/hashes_tmp20190316-9080-mcnfhb: No such file or directory
@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Mar 16, 2019

okay,inthatbrainybrain-foodphilosophyway,everythingistemporary

Copy link
Contributor

bcoles left a comment

I joke about temp files, but if there's a reason for not deleting them, then perhaps there's a use case here suggesting temp files aren't appropriate? (Evidently, I haven't looked at the backstory to this PR closely).

Is there a use for storing any of these temp files as loot ? store_loot returns the file path, which would allow further operations on the file.

lib/msf/core/auxiliary/jtr.rb Outdated Show resolved Hide resolved
@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Mar 17, 2019

Prior to the big jtr cleanup, the files were written to temp but never deleted. Seemed sloppy, as there isn't much use for them after the module runs other than when I was debugging my own modules.
However, with the 12c module, its come to my attention that it may be useful to NOT delete the files so that you could use them against john by hand (outside of msf).

Creds currently has an output function, but since we're doing some altering of the hash to make it in a JTR accepted format, this functionality isn't 1:1.

I don't think its worth putting them in loot since theyre already in creds, just in a different format, and running the module multiple times (maybe with a different wordlist file) may create multiple loots of the same file.

@busterb busterb self-assigned this Mar 22, 2019
@busterb busterb merged commit 49b936f into rapid7:master Mar 22, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
busterb added a commit that referenced this pull request Mar 22, 2019
@busterb

This comment has been minimized.

Copy link
Member

busterb commented Mar 22, 2019

Seems reasonable to me, unless we made it easier to store the raw hashes in creds so there was a 1:1 way to get the original information back. The debug feature is handy if nothing else.

@busterb

This comment has been minimized.

Copy link
Member

busterb commented Mar 22, 2019

Release Notes

This adds an advanced option DeleteTempFiles that, when set to 'false', instructs password-cracking modules to not delete temporary work files after they have completed.

@jmartin-r7 jmartin-r7 added the msf5 label Mar 22, 2019
@jmartin-r7

This comment has been minimized.

Copy link
Member

jmartin-r7 commented Mar 22, 2019

Marked msf5 as JTR modernization PRs are not yet backported to 4.x.

@busterb

This comment has been minimized.

Copy link
Member

busterb commented Mar 22, 2019

Nice, thanks!

@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Mar 22, 2019

FYI, last night I started the work to make a creds save type command that will export everything to jtr format as well, but it will do all hashes whereas this is much more specific

@h00die h00die deleted the h00die:nodeletejohn branch Nov 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.