forked from openwall/john
-
Notifications
You must be signed in to change notification settings - Fork 0
/
apop2john.py
executable file
·66 lines (53 loc) · 2.09 KB
/
apop2john.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/usr/bin/env python
# This software is Copyright (c) 2021 Mark Silinio <mark.silinio-at-gmail.com>,
# and it is hereby released to the general public under the following terms:
# Redistribution and use in source and binary forms, with or without
# modification, are permitted.
#
# Extract and format POP3 APOP challenge/responses for password cracking with JtR
# Usage: ./apop2john.py <pcap files>
#
# This script depends on Scapy (https://scapy.net)
# To install: pip install --user scapy
try:
from scapy.all import *
except ImportError:
print("scapy is missing, run 'pip install --user scapy' to install it!")
exit(1)
from binascii import hexlify
from sys import argv
import os
import re
if len(argv) < 2:
print('Usage: ./apop2john.py <pcap files>')
exit(1)
filenames = argv[1:]
for filename in filenames:
capture_file = rdpcap(filename)
apop_salt = {}
apop_hash = {}
apop_user = {}
for packet in capture_file:
if not TCP in packet or (packet.sport != 110 and packet.dport != 110):
continue
pkt = bytes(packet[TCP].payload)
if packet.sport == 110 and re.search(b'\+OK\ .*\ \<.+\>', pkt):
src_ip = packet[IP].src
dst_ip = packet[IP].dst
res = re.search(b'\+OK\ .*\ (\<.+\>)', pkt)
apop_salt[(src_ip, dst_ip)] = res.group(1).strip()
elif packet.dport == 110 and re.search(b'APOP\ .+\ (.+)', pkt):
src_ip = packet[IP].dst
dst_ip = packet[IP].src
res = re.search(b'APOP\ (.+)\ (.+)', pkt)
apop_user[(src_ip, dst_ip)] = res.group(1).strip()
apop_hash[(src_ip, dst_ip)] = res.group(2).strip()
for ips_s, salt in apop_salt.items():
for ips_h, ahash in apop_hash.items():
for ips_u, user in apop_user.items():
if (ips_s == ips_h == ips_u):
print('{user}:$dynamic_1017${hash}$HEX${salt}'.format(
user=user.decode('utf-8'),
hash=ahash.decode('utf-8'),
salt=hexlify(salt).decode('utf-8')
))