Intent - SAM File Credential Cracking

This program will attempt to read Windows SAM file, parse the file, and launch an attack against the hashed credentials. The current attacks rely on an online lookup of leaked or precomputed hashes through a API provided by https://api.leakdb.net/ and a text file dictionary of common passwords.

Usage

Execute python3 init.py and a GUI file browse dialog will allow for the selection of a Windows SAM file. Cracking output and results will be output to the console.

Interpreter and Libraries

Python Interpreter Version 3.x

Author: Thomas Jones

Last Modified: 12/6/2015

Academic Context

This is my personal project for MET CS 521 Information Structures in Python Project. All code is an course related academic exercise. This is an academic hash cracking exercise based on existing attack algorithms so I am going to simulate password attacks. This is not intended nor warranted for any use. These tasks have all been accomplished by more experience developers. Please feel free to ask me questions, but understand that this code might never see a production ready level of functionality.

The SAM file and common_password_list.txt dictionary are contrived test files. The dictionary is nowhere near extensive for significant key-space hash attacks.

Dependencies / Python Libraries Used

binascii hashlib sqlite3 urllib string json time queue threading unittest os tkinter

Unit Test

TestHashedCredentials.py

Attribution and Citation:

Learned to use a main function and protect against execution in modules from: Guido van Rossum blog in 2003 https://www.artima.com/weblogs/viewpost.jsp?thread=4829

Learned to use os.path for basic file verification from a StackOverflow thread: https://stackoverflow.com/questions/82831/check-whether-a-file-exists-using-python

Example SAM file found online from KPMG Advisory N.V https://www.win.tue.nl/~aeb/linux/hh/Hackers_Hut_Windows_passwords.pdf

Adopted LeakDB lookup from: https://blog.abusix.com/2013/07/08/using-leakdb-for-compromised-password-hashes/

tkinter Entry() technique adapted from: https://effbot.org/zone/tkinter-geometry.htm

NTLM Hash generation algorithm modified from: https://www.trustedsec.com/march/generate-an-ntlm-hash-in-3-lines-of-python/

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
.idea		.idea
DictionaryAttack.py		DictionaryAttack.py
GUI_BrowseAndAttack.py		GUI_BrowseAndAttack.py
GlobalValues.py		GlobalValues.py
HashedCredential.py		HashedCredential.py
OnlineLookupAttack.py		OnlineLookupAttack.py
README.md		README.md
SAM		SAM
TestHashedCredential.py		TestHashedCredential.py
_init_.py		_init_.py
common_password_list.txt		common_password_list.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Intent - SAM File Credential Cracking

Usage

Interpreter and Libraries

Author: Thomas Jones

Academic Context

Dependencies / Python Libraries Used

Unit Test

Attribution and Citation:

About

Releases

Packages

Languages

ThomasJonesSecurity/METCS521

Folders and files

Latest commit

History

Repository files navigation

Intent - SAM File Credential Cracking

Usage

Interpreter and Libraries

Author: Thomas Jones

Academic Context

Dependencies / Python Libraries Used

Unit Test

Attribution and Citation:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages