arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-22 08:08:10 +00:00
Code Issues Releases Wiki Activity

Updated radmin3_to_hashcat.pl to support multiple users

Browse Source 
I tried to keep much of the hash extraction code the same. The main changes are it detects the file encoding to deal with ASCII vs. UTF16-LE, it strips out any header info in the registry dump, and then it breaks up the registry for each radmin3 user so that it can then loop through them to generate the hash.
This commit is contained in:
Matt Weir 2024-09-18 22:07:32 -04:00
parent 6716447dfc
commit 6264e6412d
1 changed files with 217 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
tools/radmin3_to_hashcat.pl
View File

@ -48,6 +48,8 @@
use strict;
use warnings;
use utf8;
use Encode;
use Encode::Guess;
#
@ -93,71 +95,121 @@ if (! open ($fh, "<", $file_name))
binmode ($fh);
my $file_content = "";
# Strip out any leading info from the registry file or the registry dumping program
# Then break up the registry keys into an array so each one can be processed if there are multiple
# Radmin users
my @sections;
my $current_section = '';
{
local $/ = undef;
local $/; # Enable slurp mode
my $file_info = <$fh>;
$file_content = <$fh>;
# Registry dumps are often UTF-16LE, but some programs might dump
# it as a different format
my $enc = guess_encoding($file_info, qw/ ascii cp1252 iso-8859-1 utf-8 UTF-16LE /);
# Decode using the encoding detected
$file_info = decode($enc->name, $file_info);
# Split lines, handling both Unix and Windows line endings
my @lines = split /\r?\n/, $file_info;
# Read the file line by line
foreach my $line (@lines) {
chomp $line;
# Check if the line is a section header
if ($line =~ /^\[HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Radmin\\v3\.0\\Server\\Parameters\\Radmin Security\\/) {
# If we already have a section, push it to the array
if ($current_section) {
push @sections, $current_section;
}
# Start a new section with the header
$current_section = "$line\n";
}
elsif ($current_section) {
# If we are in a section, continue adding lines to it
if ($line =~ /^\[.*\]$/) {
# New section starts, save the current one
push @sections, $current_section;
$current_section = '';
} else {
# Add data to the current section
$current_section .= "$line\n";
}
}
}
}
close ($fh);
# Push the last section if there was one
if ($current_section) {
push @sections, $current_section;
}
close $fh;
if (!@sections) {
print STDERR "ERROR: Did not find any Radmin users in the file'\n";
if (length ($file_content) < 5 + 0) # replace 0 with minimum expected length
{
exit (1);
}
# Loop over the data
my $file_content = '';
while($file_content=shift(@sections)) {
if (length ($file_content) < 5 + 0) # replace 0 with minimum expected length
{
print STDERR "ERROR: File size of file '$file_name' is invalid\n";
exit (1);
}
}
$file_content =~ s/[\x00]//g; # this could be true if UTF16 + BOM are being used
$file_content =~ s/[\x00]//g; # this could be true if UTF16 + BOM are being used
my $prefix_idx = index ($file_content, $REGISTRY_PREFIX);
my $prefix_idx = index ($file_content, $REGISTRY_PREFIX);
if ($prefix_idx < 0)
{
if ($prefix_idx < 0)
{
print STDERR "ERROR: Could not find the key '=hex:' within the file content\n";
exit (1);
}
}
$file_content = substr ($file_content, $prefix_idx + length ($REGISTRY_PREFIX));
$file_content = substr ($file_content, $prefix_idx + length ($REGISTRY_PREFIX));
# $file_content =~ s/[ \r\n,\\]//g;
# $file_content =~ s/[ \r\n,\\]//g;
# we could also remove every character that is not an hexadecimal symbol:
$file_content =~ s/[^0-9a-fA-F]//g;
# we could also remove every character that is not an hexadecimal symbol:
$file_content =~ s/[^0-9a-fA-F]//g;
$file_content = pack ("H*", $file_content);
$file_content = pack ("H*", $file_content);
# final length check (needed ?):
# final length check (needed ?):
my $file_content_len = length ($file_content);
my $file_content_len = length ($file_content);
if ($file_content_len < 2 + 1 + 2 + 1 + 2 + 32 + 2 + 256 + 2 + 256) # replace with min length
{
if ($file_content_len < 2 + 1 + 2 + 1 + 2 + 32 + 2 + 256 + 2 + 256) # replace with min length
{
print STDERR "ERROR: File content of file '$file_name' is too short\n";
exit (1);
}
}
my $user = "";
my $salt = "";
my $verifier = "";
# loop over the data:
my $found_user = 0;
my $found_modulus = 0;
my $found_generator = 0;
my $found_salt = 0;
my $found_verifier = 0;
my $user = "";
my $salt = "";
my $verifier = "";
my $found_user = 0;
my $found_modulus = 0;
my $found_generator = 0;
my $found_salt = 0;
my $found_verifier = 0;
for (my $i = 0; $i < $file_content_len; $i += 4)
{
for (my $i = 0; $i < $file_content_len; $i += 4)
{
if ($i + 4 > $file_content_len)
{
print STDERR "ERROR: Unexpected EOF (end of file) in file '$file_name'\n";
@ -241,49 +293,50 @@ for (my $i = 0; $i < $file_content_len; $i += 4)
$found_verifier = 1;
}
}
}
if ($found_user == 0)
{
if ($found_user == 0)
{
print STDERR "ERROR: No user name found in file '$file_name'\n";
exit (1);
}
}
if ($found_modulus == 0)
{
if ($found_modulus == 0)
{
print STDERR "ERROR: No modulus found in file '$file_name'\n";
exit (1);
}
}
if ($found_generator == 0)
{
if ($found_generator == 0)
{
print STDERR "ERROR: No generator found in file '$file_name'\n";
exit (1);
}
}
if ($found_salt == 0)
{
if ($found_salt == 0)
{
print STDERR "ERROR: No salt found in file '$file_name'\n";
exit (1);
}
}
if ($found_verifier == 0)
{
if ($found_verifier == 0)
{
print STDERR "ERROR: No verifier found in file '$file_name'\n";
exit (1);
}
}
#
# Output:
#
#
# Output:
#
print sprintf ("\$radmin3\$%s*%s*%s\n",
print sprintf ("\$radmin3\$%s*%s*%s\n",
$user,
$salt,
$verifier);
}