Created
November 30, 2011 02:07
-
-
Save endeav0r/1407656 to your computer and use it in GitHub Desktop.
Takes a case-insensitive plaintext (perhaps from a LM hash) and a corresponding NT hash, and finds the appropriate case-sensitive password
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import hashlib | |
| import sys | |
| if len(sys.argv) != 3 : | |
| print("usage: " + sys.argv[0] + " <CASE_INSENSITIVE_PASSWORD> <NTLM_HASH>") | |
| sys.exit(-1) | |
| def nt_hash (plaintext) : | |
| return hashlib.new('md4', plaintext.encode('utf-16le')).hexdigest() | |
| def check_plaintext (plaintext) : | |
| if nt_hash(plaintext) == sys.argv[2] : | |
| return True | |
| return False | |
| def swap_case (plaintext, place) : | |
| if plaintext[place] == plaintext[place].lower() : | |
| plaintext = plaintext[:place] + plaintext[place].upper() + plaintext[place+1:] | |
| else : | |
| plaintext = plaintext[:place] + plaintext[place].lower() + plaintext[place+1:] | |
| return plaintext | |
| def case_pass (password) : | |
| for i in range(2**(len(password))) : | |
| casepass = password | |
| place = 0 | |
| while i > 0 : | |
| if i % 2 == 1 : | |
| casepass = swap_case(casepass, place) | |
| i = int(i/2) | |
| place += 1 | |
| if check_plaintext(casepass) : | |
| print("found password: " + casepass + " " + nt_hash(casepass)) | |
| return | |
| case_pass(sys.argv[1]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment