-
Notifications
You must be signed in to change notification settings - Fork 23
/
README.txt
196 lines (136 loc) · 7.17 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
Methods to Generate Keyboard Walks for Password Cracking
Author: Rich Kelley, rk5devmail[A T]gmail[D O T]com, @RGKelley5
More info at: www.bytesdarkly.com
--------------------------------------------------------
Overview
--------
The "Method 1 - Tree Walks" folder contains the following files:
- QwertyTreeWalker.py
- qwerty_graph.py
The "Method 2 - Combinator Script" folder contains the following files:
- 4_Walk_seed.txt
- Combinator.py
- walk.rule
Method 1 Usage
--------------
Version 2.0.0 of QwertyTreeWalker supports two modes to display output, stdout and write-to-files
The main process will parse the qwerty_graph datastructure provided, and split the work among a
number of worker processes. Each worker process will output a file with the walks generated. If the
file size exceeds 524288000 bytes then a new file will be created to continue output. Output by default
will be located in an OUTPUT folder located in the same directory QwertyTreeWalker.py is being run.
Commandline Arguments:
----------------------
usage: QwertyTreeWalker.py [-h] [-l [L]] [-p [P]] [-x] [-H] [--stdout][--noplain][file_name]
Generate walks for Qwerty Keyboard
positional arguments:
file_name File with adjacency list of format {'letter':{'direction': 'letter connected'}}
optional arguments:
-h, --help show this help message and exit
-l [L], -length [L] Walk length
-p [P], -processes [P] Number of processses to divide work
-x, -exclude Will trigger prompt for link exclude list
-H, -hash Output NTLM hash
--stdout Output to screen
--noplain Do not print plain text hash
EXAMPLE - Interactive Mode:
python QwertyTreeWalker.py qwerty_graph.txt -l 16 -p 7
Executing the above command will drop you into an interactive status prompt and begin output keyboard walks of length 16 to files located in {working dir}/OUTPUT.
Interative Prompt:
------------------
**********************************************************************
***************** WARNING: This may take a while *********************
***************** Type: [S]tatus [Q]uit ******************************
**********************************************************************
[ 8-step walk STARTED at: 2014-07-22-131636 with 8 workers ]
7134.00000000 walks/sec Walks: 19889 Walks Left: 57548663119
Once the run is completed (or the user has exited the program with the Q command) the interactive prompt will look like this
**********************************************************************
***************** WARNING: This may take a while *********************
***************** Type: [S]tatus [Q]uit ******************************
**********************************************************************
[ 8-step walk STARTED at: 2014-07-22-131636 with 8 workers ]
7134.00000000 walks/sec Walks: 19889 Walks Left: 57548663119
[ 8-step walk ENDED at: 2014-07-22-131652 ]
Writing files. Please wait this could take several minutes. [Done]
[Run Stats]
Elasped Time: 0.271800001462 minutes
9988.00000000 walks/sec/worker
162164 walks generated
Example STDOUT:
python QwertyTreeWalker.py qwerty_graph.txt -l 16 -p 1 --stdout > 16_Walk.txt
Executing the above command will output the following to 16_Walk.txt. NOTE: This will probably NOT complete in your lifetime. Porting this to use GPUs might be able to though. If anyone tries using GPUs please share your results.
...
$bhu8.;[=\`zxXAw
$bhu8.;[=\`zxXAs
$bhu8.;[=\`zxXA`
$bhu8.;[=\`zxXAS
$bhu8.;[=\`zxXA=
$bhu8.;[=\`zxXAx
$bhu8.;[=\`zxXAq
$bhu8.;[=\`zxXA"
$bhu8.;[=\`zxXAa
$bhu8.;[=\`zxXA`
$bhu8.;[=\`zxXAZ
$bhu8.;[=\`zxXAQ
...
Some notes on usage:
--------------------
1. When using the -p option with --stdout you may only use 1 process. Since the processes are non-blocking you will get gibberish instead of walks when using multiple processes
2. The -x option is used for pruning the graph. You will be prompted (shown below) for a csv list of edges to exclude from parsing.
[1] diag_up_right
[2] right
[3] diag_up_left
[4] up
[5] shift_right
[6] diag_down_left
[7] diag_down_right
[8] shift_loop
[9] shift_left
[10] shift_diag_up_left
[11] down
[12] shift_down
[13] shift_up
[14] shift_diag_down_right
[15] shift_diag_down_left
[16] shift_diag_up_right
[17] loop
[18] left
Enter Links to exclude as csv (EX:1,2,3)
>> 2,3,4
3. The -H and --noplain options are there for testing purposes incase you want to generate a combination of hashes and plain text walks.
Method 2 Usage
--------------
Commandline Arguments:
----------------------
usage: Combinator.py [-h] [-l [L]] [file_name]
Combinator: Combine strings into arbitrary length strings
positional arguments:
file_name File with strings of same length
optional arguments:
-h, --help show this help message and exit
-l [L], -length [L] Length of final strings
EXAMPLE: To create a dictionary of keyboard walks of length 16 the best results come from combining the seed file into length 8 and then into a 16 length file.
python Combinator.py 4_Walk_seed.txt -l 8 > 8_Walk.txt
python Combinator.py 8_Walk.txt -l 16 > 16_Walk.txt
Executing the above commands should generate a file of around 5GB in size. Then you can input the resulting 16_Walk.txt file and walk.rule file into a password cracker. NOTE: The walk.rule rules were written for oclHashcat, but may work in other crackers such as John.
Analysis Tools:
---------------
The WalkCheck.py script can be used to detected keyboard walks in a word list. It's more of a proof of concept, but can be useful for analysis.
Commandline Arguments:
----------------------
WalkCheck.py - Checks strings and detects keyboard walks
usage: WalkCheck.py [-h] [-l [L]] [-strict] [-loop] [-stats]
[graph_file_name] [input]
Check if string(s) are keyboard walks
positional arguments:
graph_file_name File with adjacency list of format {'letter':
{'direction': 'letter connected'}}
input File name or single string to check
optional arguments:
-h, --help show this help message and exit
-l [L], -length [L] Walk length
-strict Only find exact walks of length specified by -l option
-loop Consider adjacent dublicate letters as walks
-stats Do some calculations
EXAMPLE: python WalkCheck.py qwerty_graph.txt rockyou.txt -l 8
The above command will print out all the words in rockyou.txt that contain keyboard walks of length 8.