Monday, September 24, 2012

Education: HackingDojo

It has been a while since my last post as usual.  I have been working on getting my CCNA, but I am dealing with so many vendors/projects/work that I may have to do that at the end of the year.  It has been a good journey since I set up the CCNA hardware.  Next, I took the VMware ESXi course which was a fun experience.  I saw the benefit of storage vmotion which is awesome when you want to clean up your virtual machines that are on local disk of your ESX/ESXi servers.  However, you have to have the full license (ENTERPRISE) in order to use it.  Very expensive in my opinion but it is worth it.  VMware is a great company even though they have little Linux (Workstation) support. 

Next, I signed up to the HackingDojo by Thomas Wilhelm.  You can sign up for 150 dollars a month.  I think they have added a subscription where you can pay about 1000-1200 dollars for a lifetime subscription.  I subscribed for two months to keep myself sharp on my offensive skills.  I really liked the course and I think given enough time, it will be one of the best courses out there.   A little rundown of the course is that you have a 6 levels that you must reach.  You can start wherever you would like but I started at the Shodan level which is basically the 2nd level.  In order to advance to the next level you must pass an exam.   You are given about 48-hours to pass the exam.  You can schedule an attempt for the next level at any time.  However, I would suggest (and so would Thomas) that you look at the videos and read the forums to learn the lessons of the current level.  In addition to the videos, you were able to skype with a teacher who is highly qualified so he/she can answer questions and further explain any lessons you have trouble with.  Also, they would answer any personal questions you had such as career questions and suggestions.  Very helpful in my opinion.  I had a lot of experience already in a lot of the topics since I have already passed the OSCP, OSCE and GPEN courses.  However, the topic of password attacking (local and remote) was definitely an eye opener.  I thought I had a grasp however, as usual there are most aspects to learn.  It was actually stated on one my favorite sites, EthicalHacker.Net.  The url is "http://www.ethicalhacker.net/content/view/341/2/".  The short of it is that when you have hashed passwords that you want to crack, you have to take into account that you may be dealing with a password that was encoded in base64 instead of unicode before it was hashed.  

It seems that you run into that situation when you have passwords with special characters since it is based on words from different countries ( Japan, Germany, France, China, Africa, etc).  The special characters may sometimes be change to base64 substitution and then, hashed into SHA-1 or SHA384, SHA512, MD5, DES, 3DES, etc.  There is no way to tell if it was a base64 or unicode used in the hash so you have to try both.  Of course, Thomas has his students do homework assignments.  He gave a list of hashes to break and he gave you hints of the password origins such as  Germany or Africa.  I struggled a while until I setup a couple of scripts that converted wordlists I found from the Internet. 



Wordlists:
http://www.cotse.com/tools/wordlists1.htm
http://www.cotse.com/tools/wordlists2.htm
http://g0tmi1k.blogspot.gr/2011/06/dictionaries-wordlists.html?m=1
http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.dicts.info/uddl.php
http://www.isdpodcast.com/resources/62k-common-passwords/
http://packetstormsecurity.org/Crackers/wordlists/

There are more wordlists on the Internet of course but I just wanted to list a few urls as examples.   Once you have collected relevant wordlists, you need to convert the words with special characters to UNICODE and BASE64.  Depending on the length of your wordlists, it will usually take a while.  Once that is done, you have to use the new "converted" wordlists against the given hashes.  You can use JTR [John the Ripper (http://www.openwall.com/john/)] or even use your own coding to test against the hashes.   In addition, to help with the wordlists, you can use programs such as cewl (http://www.digininja.org/projects/cewl.php) and rsmangler (http://www.digininja.org/projects/rsmangler.php).  I had the most success using the "cewl" tool.  It was very effective for me but I invite you to check it out for yourself. 

I also learned more about passive information gathering.  There is a lot of information about a person, group or organization on the Internet that you can find for free or a small fee.  The best tool for this kind of recon work is of course Google.  You can actually search a web cached version of a website which is helpful if you have a scope that limits your interaction with a target website.  You can use it with the url: "http://webcache.googleusercontent.com/search?q=cache:www.testtargetsite.com".  You can also use the "wayback" site: "http://archive.org/web/web.php" to find older versions of the target site if it is available.  These are some of the sites I used to find information on targets:

https://www.google.com
http://www.zabasearch.com/
http://www.dogpile.com/
http://www.zoominfo.com/
http://www.spokeo.com/
http://www.alexa.com/
http://www.zoominfo.com/


Again, there are more sites to use but I had success with those sites.  In conclusion, I have to say, the HackingDojo is a course to take if you want to learn more about hacking and penetration testing.  I was very happy with the course and I learned a lot.  I wanted to take a pause from the course, so I can sharpen my python skills.  I want to take the course from SecurityTube: "http://securitytube-training.com/certifications/securitytube-python-scripting-expert/".  It looks like I will be a better python programmer after taking a course like that.  I will try to provide info once I have started the course.  Till next time.  Oh, here are the conversion scripts.  I am sure there are better ways to script these, but again, I am a work in progress. 

Conversion Scripts

#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
#-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
# Name:          splitdictionary.py                                                                                                                    
# Original Author:        Agoonie                                                                                                                          
# The script is to pull dictionaries and grab words. Then, it converts the words to base64 if they have special character entities...           
# Created:       08/25/2012                                                                                                                               
# Last Edited:   08292012                                                                                                                               
# Version Num:   1                                                                                                                                         
# Requirements:  Written and tested in Python 2.65                                                                                    
#   CREDIT:                                                                                                                   
#      I used information from all of the following:                                                                                   
#      Author: J-rock                                                                                                             
#      J-rock Script:  base64_to_text.py                                                                                                                      
#      gomputor.wordpress.com/2008/09/27/search-replace-multiple-words-or-characters-with-python/                                       
#      http://wiki.webz.cz/dict/                                                                                                   
#      http://www.dicts.info/uddl.php                                                                                               
#      stackoverflow.com/questions/6116978/python-replace-multiple-strings                                                            
#      docs.python.org/library/stdtypes.html                                                                                       
#-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
'''

import re,string
import os,sys
import os.path

codes = {'"': '&#34;', '&': '&#38;', '<': '&#60;', '>': '&#62;',
                '¡': '&#161;', '¢': '&#162;', '£': '&#163;', '¤': '&#164;',
                '¥': '&#165;', '¦': '&#166;', '§': '&#167;', '¨': '&#168;',
                '©': '&#169;', 'ª': '&#170;', '«': '&#171;', '¬': '&#172;',
                '­': '&#173;', '®': '&#174;', '¯': '&#175;', '°': '&#176;',
                '±': '&#177;', '²': '&#178;', '³': '&#179;', '´': '&#180;',
                'µ': '&#181;', '¶': '&#182;', '·': '&#183;', '¸': '&#184;',
                '¹': '&#185;', 'º': '&#186;', '»': '&#187;', '¼': '&#188;',
                '½': '&#189;', '¾': '&#190;', '¿': '&#191;', 'À': '&#192;',
                'Á': '&#193;', 'Â': '&#194;', 'Ã': '&#195;', 'Ä': '&#196;',
                'Å': '&#197;', 'Æ': '&#198;', 'Ç': '&#199;', 'È': '&#200;',
                'É': '&#201;', 'Ê': '&#202;', 'Ë': '&#203;', 'Ì': '&#204;',
                'Í': '&#205;', 'Î': '&#206;', 'Ï': '&#207;', 'Ð': '&#208;',
                'Ñ': '&#209;', 'Ò': '&#210;', 'Ó': '&#211;', 'Ô': '&#212;',
                'Õ': '&#213;', 'Ö': '&#214;', '×': '&#215;', 'Ø': '&#216;',
                'Ù': '&#217;', 'Ú': '&#218;', 'Û': '&#219;', 'Ü': '&#220;',
                'Ý': '&#221;', 'Þ': '&#222;', 'ß': '&#223;', 'à': '&#224;',
                'á': '&#225;', 'â': '&#226;', 'ã': '&#227;', 'ä': '&#228;',
                'å': '&#229;', 'æ': '&#230;', 'ç': '&#231;', 'è': '&#232;',
                'é': '&#233;', 'ê': '&#234;', 'ë': '&#235;', 'ì': '&#236;',
                'í': '&#237;', 'î': '&#238;', 'ï': '&#239;', 'ð': '&#240;',
                'ñ': '&#241;', 'ò': '&#242;', 'ó': '&#243;', 'ô': '&#244;',
                'õ': '&#245;', 'ö': '&#246;', '÷': '&#247;', 'ø': '&#248;',
                'ù': '&#249;', 'ú': '&#250;', 'û': '&#251;', 'ü': '&#252;',
                'ý': '&#253;', 'þ': '&#254;', 'ÿ': '&#255;', 'Œ': '&#338;',
                'œ': '&#339;', 'Š': '&#352;', 'š': '&#353;', 'Ÿ': '&#376;',
                'ƒ': '&#402;', 'ˆ': '&#710;', '˜': '&#732;', 'Α': '&#913;',
                'Β': '&#914;', 'Γ': '&#915;', 'Δ': '&#916;', 'Ε': '&#917;',
                'Ζ': '&#918;', 'Η': '&#919;', 'Θ': '&#920;', 'Ι': '&#921;',
                'Κ': '&#922;', 'Λ': '&#923;', 'Μ': '&#924;', 'Ν': '&#925;',
                'Ξ': '&#926;', 'Ο': '&#927;', 'Π': '&#928;', 'Ρ': '&#929;',
                'Σ': '&#931;', 'Τ': '&#932;', 'Υ': '&#933;', 'Φ': '&#934;',
                'Χ': '&#935;', 'Ψ': '&#936;', 'Ω': '&#937;', 'α': '&#945;',
                'β': '&#946;', 'γ': '&#947;', 'δ': '&#948;', 'ε': '&#949;',
                'ζ': '&#950;', 'η': '&#951;', 'θ': '&#952;', 'ι': '&#953;',
                'κ': '&#954;', 'λ': '&#955;', 'μ': '&#956;', 'ν': '&#957;',
                'ξ': '&#958;', 'ο': '&#959;', 'π': '&#960;', 'ρ': '&#961;',
                'ς': '&#962;', 'σ': '&#963;', 'τ': '&#964;', 'υ': '&#965;',
                'φ': '&#966;', 'χ': '&#967;', 'ψ': '&#968;', 'ω': '&#969;',
                'ϑ': '&#977;', 'ϒ': '&#978;', 'ϖ': '&#982;', '–': '&#8211;',
                '—': '&#8212;', '‘': '&#8216;', '’': '&#8217;', '‚': '&#8218;',
                '“': '&#8220;', '”': '&#8221;', '„': '&#8222;', '†': '&#8224;',
                '‡': '&#8225;', '•': '&#8226;', '…': '&#8230;', '‰': '&#8240;',
                '′': '&#8242;', '″': '&#8243;', '‹': '&#8249;', '›': '&#8250;',
                '‾': '&#8254;', '⁄': '&#8260;', '€': '&#8364;', 'ℑ': '&#8465;',
                '℘': '&#8472;', 'ℜ': '&#8476;', '™': '&#8482;', 'ℵ': '&#8501;',
                '←': '&#8592;', '↑': '&#8593;', '→': '&#8594;', '↓': '&#8595;',
                '↔': '&#8596;', '↵': '&#8629;', '⇐': '&#8656;', '⇑': '&#8657;',
                '⇒': '&#8658;', '⇓': '&#8659;', '⇔': '&#8660;', '∀': '&#8704;',
                '∂': '&#8706;', '∃': '&#8707;', '∅': '&#8709;', '∇': '&#8711;',
                '∈': '&#8712;', '∉': '&#8713;', '∋': '&#8715;', '∏': '&#8719;',
                '∑': '&#8721;', '−': '&#8722;', '∗': '&#8727;', '√': '&#8730;',
                '∝': '&#8733;', '∞': '&#8734;', '∠': '&#8736;', '∧': '&#8743;',
                '∨': '&#8744;', '∩': '&#8745;', '∪': '&#8746;', '∫': '&#8747;',
                '∴': '&#8756;', '∼': '&#8764;', '≅': '&#8773;', '≈': '&#8776;',
               '≠': '&#8800;', '≡': '&#8801;', '≤': '&#8804;', '≥': '&#8805;',
                '⊂': '&#8834;', '⊃': '&#8835;', '⊄': '&#8836;', '⊆': '&#8838;',
                '⊇': '&#8839;', '⊕': '&#8853;', '⊗': '&#8855;', '⊥': '&#8869;',
                '⋅': '&#8901;', '⌈': '&#8968;', '⌉': '&#8969;', '⌊': '&#8970;',
                '⌋': '&#8971;', '〈': '&#9001;', '〉': '&#9002;'}

def replace_all(text,dic):
    for k,v in dic.items():
        text = text.replace(k,v)
    return text

if len(sys.argv) != 3:
    print "[+] Usage: ./filename [wordlist-to-split] [newwordlist]"
    sys.exit(1)

wordlist= sys.argv[1]
finallist = sys.argv[2]
mywordlist = []
finalwordlist = []

if os.path.exists(wordlist):
    print "I have found your wordlist!\n\n" + wordlist + "\n\n"
    file = open(wordlist,'r').read()
    words = re.split(r'[\t,\n,\s]', file)
    for word in words:
        mywordlist.append(word)
else:
    print "I cannot find the file! "

mywordlist = list(set(mywordlist))
mywordlist.sort()

filename = "tempname.txt"
f = open(filename,'w')
f.write("\n".join(mywordlist))
f.close

akey =[]
for key,value in codes.iteritems():
    akey.append(key)

for line in mywordlist:
    finalwordlist.append(replace_all(line,codes))
    for char in akey:
        if char in line:
            finalwordlist.append(line)

finalwordlist = list(set(finalwordlist))
finalwordlist.sort()
g = open(finallist,'w')
g.write("\n".join(finalwordlist))
g.close

os.remove("tempname.txt")
print "Your new file is done and it is called " + finallist



#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
#-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
# Name:          splitdictionary.py                                                                                                                    
# Original Author:        Agoonie                                                                                                                          
# The script is to pull dictionaries, grab words from docs in a directory. Then, it converts the words to base64 if they have special character entities...           
# Created:       08/25/2012                                                                                                                               
# Last Edited:   08292012                                                                                                                               
# Version Num:   1                                                                                                                                         
# Requirements:  Written and tested in Python 2.65                                                                                    
#   CREDIT:                                                                                                                   
#      I used information from all of the following:                                                                                   
#      Author: J-rock                                                                                                             
#      J-rock Script:  base64_to_text.py                                                                                                                      
#      gomputor.wordpress.com/2008/09/27/search-replace-multiple-words-or-characters-with-python/                                       
#      http://wiki.webz.cz/dict/                                                                                                   
#      http://www.dicts.info/uddl.php                                                                                               
#      stackoverflow.com/questions/6116978/python-replace-multiple-strings                                                            
#      docs.python.org/library/stdtypes.html                                                                                       
#-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
'''

import re,string
import os,sys
import os.path
import glob

codes = {'"': '&#34;', '&': '&#38;', '<': '&#60;', '>': '&#62;',
                '¡': '&#161;', '¢': '&#162;', '£': '&#163;', '¤': '&#164;',
                '¥': '&#165;', '¦': '&#166;', '§': '&#167;', '¨': '&#168;',
                '©': '&#169;', 'ª': '&#170;', '«': '&#171;', '¬': '&#172;',
                '­': '&#173;', '®': '&#174;', '¯': '&#175;', '°': '&#176;',
                '±': '&#177;', '²': '&#178;', '³': '&#179;', '´': '&#180;',
                'µ': '&#181;', '¶': '&#182;', '·': '&#183;', '¸': '&#184;',
                '¹': '&#185;', 'º': '&#186;', '»': '&#187;', '¼': '&#188;',
                '½': '&#189;', '¾': '&#190;', '¿': '&#191;', 'À': '&#192;',
                'Á': '&#193;', 'Â': '&#194;', 'Ã': '&#195;', 'Ä': '&#196;',
                'Å': '&#197;', 'Æ': '&#198;', 'Ç': '&#199;', 'È': '&#200;',
                'É': '&#201;', 'Ê': '&#202;', 'Ë': '&#203;', 'Ì': '&#204;',
                'Í': '&#205;', 'Î': '&#206;', 'Ï': '&#207;', 'Ð': '&#208;',
                'Ñ': '&#209;', 'Ò': '&#210;', 'Ó': '&#211;', 'Ô': '&#212;',
                'Õ': '&#213;', 'Ö': '&#214;', '×': '&#215;', 'Ø': '&#216;',
                'Ù': '&#217;', 'Ú': '&#218;', 'Û': '&#219;', 'Ü': '&#220;',
                'Ý': '&#221;', 'Þ': '&#222;', 'ß': '&#223;', 'à': '&#224;',
                'á': '&#225;', 'â': '&#226;', 'ã': '&#227;', 'ä': '&#228;',
                'å': '&#229;', 'æ': '&#230;', 'ç': '&#231;', 'è': '&#232;',
                'é': '&#233;', 'ê': '&#234;', 'ë': '&#235;', 'ì': '&#236;',
                'í': '&#237;', 'î': '&#238;', 'ï': '&#239;', 'ð': '&#240;',
                'ñ': '&#241;', 'ò': '&#242;', 'ó': '&#243;', 'ô': '&#244;',
                'õ': '&#245;', 'ö': '&#246;', '÷': '&#247;', 'ø': '&#248;',
                'ù': '&#249;', 'ú': '&#250;', 'û': '&#251;', 'ü': '&#252;',
                'ý': '&#253;', 'þ': '&#254;', 'ÿ': '&#255;', 'Œ': '&#338;',
                'œ': '&#339;', 'Š': '&#352;', 'š': '&#353;', 'Ÿ': '&#376;',
                'ƒ': '&#402;', 'ˆ': '&#710;', '˜': '&#732;', 'Α': '&#913;',
                'Β': '&#914;', 'Γ': '&#915;', 'Δ': '&#916;', 'Ε': '&#917;',
                'Ζ': '&#918;', 'Η': '&#919;', 'Θ': '&#920;', 'Ι': '&#921;',
                'Κ': '&#922;', 'Λ': '&#923;', 'Μ': '&#924;', 'Ν': '&#925;',
                'Ξ': '&#926;', 'Ο': '&#927;', 'Π': '&#928;', 'Ρ': '&#929;',
                'Σ': '&#931;', 'Τ': '&#932;', 'Υ': '&#933;', 'Φ': '&#934;',
                'Χ': '&#935;', 'Ψ': '&#936;', 'Ω': '&#937;', 'α': '&#945;',
                'β': '&#946;', 'γ': '&#947;', 'δ': '&#948;', 'ε': '&#949;',
                'ζ': '&#950;', 'η': '&#951;', 'θ': '&#952;', 'ι': '&#953;',
                'κ': '&#954;', 'λ': '&#955;', 'μ': '&#956;', 'ν': '&#957;',
                'ξ': '&#958;', 'ο': '&#959;', 'π': '&#960;', 'ρ': '&#961;',
                'ς': '&#962;', 'σ': '&#963;', 'τ': '&#964;', 'υ': '&#965;',
                'φ': '&#966;', 'χ': '&#967;', 'ψ': '&#968;', 'ω': '&#969;',
                'ϑ': '&#977;', 'ϒ': '&#978;', 'ϖ': '&#982;', '–': '&#8211;',
                '—': '&#8212;', '‘': '&#8216;', '’': '&#8217;', '‚': '&#8218;',
                '“': '&#8220;', '”': '&#8221;', '„': '&#8222;', '†': '&#8224;',
                '‡': '&#8225;', '•': '&#8226;', '…': '&#8230;', '‰': '&#8240;',
                '′': '&#8242;', '″': '&#8243;', '‹': '&#8249;', '›': '&#8250;',
                '‾': '&#8254;', '⁄': '&#8260;', '€': '&#8364;', 'ℑ': '&#8465;',
                '℘': '&#8472;', 'ℜ': '&#8476;', '™': '&#8482;', 'ℵ': '&#8501;',
                '←': '&#8592;', '↑': '&#8593;', '→': '&#8594;', '↓': '&#8595;',
                '↔': '&#8596;', '↵': '&#8629;', '⇐': '&#8656;', '⇑': '&#8657;',
                '⇒': '&#8658;', '⇓': '&#8659;', '⇔': '&#8660;', '∀': '&#8704;',
                '∂': '&#8706;', '∃': '&#8707;', '∅': '&#8709;', '∇': '&#8711;',
                '∈': '&#8712;', '∉': '&#8713;', '∋': '&#8715;', '∏': '&#8719;',
                '∑': '&#8721;', '−': '&#8722;', '∗': '&#8727;', '√': '&#8730;',
                '∝': '&#8733;', '∞': '&#8734;', '∠': '&#8736;', '∧': '&#8743;',
                '∨': '&#8744;', '∩': '&#8745;', '∪': '&#8746;', '∫': '&#8747;',
                '∴': '&#8756;', '∼': '&#8764;', '≅': '&#8773;', '≈': '&#8776;',
               '≠': '&#8800;', '≡': '&#8801;', '≤': '&#8804;', '≥': '&#8805;',
                '⊂': '&#8834;', '⊃': '&#8835;', '⊄': '&#8836;', '⊆': '&#8838;',
                '⊇': '&#8839;', '⊕': '&#8853;', '⊗': '&#8855;', '⊥': '&#8869;',
                '⋅': '&#8901;', '⌈': '&#8968;', '⌉': '&#8969;', '⌊': '&#8970;',
                '⌋': '&#8971;', '〈': '&#9001;', '〉': '&#9002;'}

def replace_all(text,dic):
    for k,v in dic.items():
        text = text.replace(k,v)
    return text

if len(sys.argv) != 2:
    print "[+] Usage: ./filename directory"
    sys.exit(1)

path = sys.argv[1]
mywordlist = []
finalwordlist = []

for wordlist in glob.glob(os.path.join(path,'*.txt')):
    file = open(wordlist,'r').read()
    words = re.split(r'[\t,\n,\s]', file)
    for word in words:
        mywordlist.append(word)
    (filepath, ffilename) = os.path.split(wordlist)
    finallist = "c_"+ffilename
    mywordlist = list(set(mywordlist))
    mywordlist.sort()
    filename = "tempname.txt"
    f = open(filename,'w')
    f.write("\n".join(mywordlist))
    f.close
    akey =[]
    for key,value in codes.iteritems():
            akey.append(key)
    for line in mywordlist:
        finalwordlist.append(replace_all(line,codes))
        for char in akey:
            if char in line:
                finalwordlist.append(line)
    finalwordlist = list(set(finalwordlist))
    finalwordlist.sort()
    g = open(finallist,'w')
    g.write("\n".join(finalwordlist))
    g.close
    os.remove("tempname.txt")
    print "Your new file is done and it is called " + finallist

No comments:

Post a Comment