hashpals / search-that-hash Goto Github PK

Currently, some of the hashcat command outputs are being directed to the amazon DB. We need to make sure it doesn't get mixed up.

STH takes >1 second to run on cold bootup

Hi,

Came across the script on reddit, was trying to crack hash from HTB's delivery machine. Just before it proceeds there's an error saying None: No such file or directory

On Phonebook's web challenge:

Tested on Pop! OS 20.04 LTS:

┌──(umar_0x01@b0x)-[~/HTB]
└─$ cat /etc/*release
DISTRIB_ID=Pop
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Pop!_OS 20.04 LTS"
NAME="Pop!_OS"
VERSION="20.04 LTS"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
LOGO=distributor-logo-pop-os

Let me know if you need more details, the hashes, or if it's an error on my side.

Thanks!

Currently the entire hashcat file is not included in code coverage. This is because we'd need hashcat to run the tests against it.

Instead, we can use pytest-mock to mock Hashcat and develop tests based on this.

PyPi either doesn't include the .pem file with it, or something else is going wrong. We need to fix it so nitrxgen works with it.

Currently, the color scheme with cmd makes it really hard to view the hash. We should make it so it can easily be read:

Currently this happens:

➜ sth
Error. No hashes were inputted. Use the help menu --help

❯ sth -vvv -g -f hash.txt
2021-02-28 10:45:25 Saturnus root[9275] DEBUG Updated logging level
2021-02-28 10:45:25 Saturnus root[9275] INFO Called config updater
2021-02-28 10:45:25 Saturnus root[9275] DEBUG Hashes are from file
2021-02-28 10:45:25 Saturnus root[9275] DEBUG Called NTH to get hash types
2021-02-28 10:45:25 Saturnus root[9275] INFO Returning config
2021-02-28 10:45:25 Saturnus urllib3.connectionpool[9275] DEBUG Starting new HTTPS connection (1): av5b81zg3k.execute-api.us-east-2.amazonaws.com:443
2021-02-28 10:45:26 Saturnus urllib3.connectionpool[9275] DEBUG https://av5b81zg3k.execute-api.us-east-2.amazonaws.com:443 "GET /prod/lookup HTTP/1.1" 200 907
Traceback (most recent call last):
  File "/home/hydra/.local/bin/sth", line 8, in <module>
    sys.exit(main())
  File "/home/hydra/.local/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/home/hydra/.local/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/home/hydra/.local/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/hydra/.local/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/home/hydra/.local/lib/python3.9/site-packages/search_that_hash/__main__.py", line 89, in main
    cracking_handler = handler.Handler(config)
  File "/home/hydra/.local/lib/python3.9/site-packages/search_that_hash/cracker/handler.py", line 21, in __init__
    self.sth_results, self.config = sth.Sth_api.crack(self, config)
  File "/home/hydra/.local/lib/python3.9/site-packages/search_that_hash/cracker/sth_mod/sth.py", line 27, in crack
    output = response.json()["body"]
KeyError: 'body'

Where

❯ cat hash.txt
$2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6

We already have verbose flags, just need to add in the statements :)

After it's done, sit there for a few seconds so people can read it

Currently STH will only output the hash type when found in our database. Most if not all of the third-party websites/APIs we use also output the hash type when found, so it should be easy to implement.

It currently returns []

Originally posted by @Jayy001 in #21 (comment)

• Offliine mode
• Accessible Mode
• Typehints
• Comments
• Documentation
• Possible Google search?
• Documentation on adding APIS <---- VERY IMPORTANT
• Exit when an API returns True
• Colour scheme
• Design README
• Import Name-That-Hash and use it
• Release on PyPi
• Create Setuptools to release on AUR
• Make it as an API <---- VERY IMPORTANT (writing tests will help with this)
• Writie Tests
• Create GitHub action to run tests

• #50
• Fast API #49

so "-g", "--greppable"

The function is:

• Running STH
• Printing the output or appending it to greppable
• Running all other APIs
• printing the output or appending to greppable

It should look like this (imo):

• Multi-thread called STH (note: store all found hashes for printing + greppable in one variable), if not greppable and if not all hashes to search have not been found in STH return to main()
• In main print all that's found so far
• multi-thread run all other APIs (a 2nd time).
• Return to main with the one output variable
• Either call Greppable or pretty print it depending on user args

Installed sth via pip
Command used to test:

1. sth -t 279412f945939ba78ce0758d3fd83daa
2. sth -t 279412f945939ba78ce0758d3fd83daa --greppable

I've attached a screenshot that will explain the issue! :)

Assuming that hashcat cracking is very slow, present the user with an interface like:

1. Bcrypt
2. Sha256
3. sha512

And let the user select which one to try first. Don't show this in greppable mode.

Currently, if the hash is not able to be found, you receive:

Text: Could not find hash

It should still display the hash type which is pulled from Name-That-Hash

Most databases use a single type of hash, if we manually input that single type we can search all hash APIs for that type and then just crack that one type :)

When using verbose mode it should output the website/API that successfully found the plaintext of the hash. It should also say which website/APIs didn't find the hash in their database.

The APi can return something unverified, such as this:

NTH should ask the user "This is unverified (we can't prove that the hash == this plaintext). We can continue searching if you want? Y/N".

Using the PyPi installation of sth, it displays that it's failed for seemingly for no reason, when the hash has been cracked. Log:
https://pastebin.com/v2mcCctQ

By default, the script uses the unoptimised kernels, by adding -O to:

> hashcat -m 0 -w 4 -b --quiet
Hashmode: 0 - MD5

Speed.#1.........:  4996.0 MH/s (170.43ms) @ Accel:64 Loops:1024 Thr:1024 Vec:1

> hashcat -m 0 -w 4 -b --quiet -O
Hashmode: 0 - MD5

Speed.#1.........:  9154.5 MH/s (90.30ms) @ Accel:64 Loops:1024 Thr:1024 Vec:1

http://www.nitrxgen.net/md5db/ is one of the third-party website/APIs and it currently doesn't work in STH. It works when visiting the URL in the browser, but it always says Failed when running STH. Run sth -t "5f4dcc3b5aa765d61d8327deb882cf99" --greppable for an example.

It prints nothing at all :-(

• Macports (reserved for https://github.com/harens if they want)
• Homebrew (reserved for https://github.com/harens if they want)

config = {'api': True, 'api_keys': {'STH': None}, 'greppable': True, 'hashcat': False, ...}

    def crack(config):
        to_del = []
        url = "https://av5b81zg3k.execute-api.us-east-2.amazonaws.com/prod/lookup"
        payload = json.dumps({"Hash": list(config["hashes"].keys())})
        headers = {"Content-Type": "application/json"}
    
        try:
            response = requests.request(
                "GET", url, headers=headers, data=payload, timeout=config["timeout"]
            )
>       except ReadTimeout:
E       NameError: name 'ReadTimeout' is not defined

search_that_hash/cracker/sth_mod/sth.py:23: NameError

Also, set it to 3 seconds -- 2 seconds seems to be breaking it :)

https://github.com/HashPals/Name-That-Hash/releases/tag/1.4.0

Using the popular API in name-that-hash, create a new API and argument to only search hashes if they appear in the most popular set. This is useful for Ciphey!

Use function self.push() in cracking.py

See @SkeletalDemise , the code to push to the DB is never called.

If you want to use hashcat on windows you have to specify the PATH of where the hashcat binary is located,

Also, for the wordlist, we need to make it OS dependant as windows uses \ not /

Why the try; except, add a comment to explain? At least except <Error> so we know the reason why the error is happening?

Originally posted by @bee-san in #38 (comment)

Adding -o will output the result to a file in the format hash:plain

STH should automatically rate limit requests made to third-party website/APIs so ideally #67 doesn't happen. For example http://md5.my-addr.com says Using of our online md5 database is limited in time with 15-20 requests, otherwise IP will be blocked permanently. on their site. STH should not make a request if the rate limit has been reached for a specific website/API.

The program does not notify the user when no hashes are found.

Some of the third-party website/APIs will temporarily ban your IP from inputting too many hashes in a day. STH should display this when it finds an error from a third-party website/API related to this.

An example is https://www.cmd5.org/, when it temporarily bans you it will output Please log in ! whenever you try to search any hash. STH should catch that error and say to the user that they were temporarily banned from that certain website.