• Stars
    star
    140
  • Rank 261,473 (Top 6 %)
  • Language
    Python
  • Created over 10 years ago
  • Updated almost 9 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generate Keyboard Walk Dictionaries for cracking
    Methods to Generate Keyboard Walks for Password Cracking

    Author: Rich Kelley, rk5devmail[A T]gmail[D O T]com, @RGKelley5
    
    More info at: www.bytesdarkly.com
    
--------------------------------------------------------

Overview
--------

The "Method 1 - Tree Walks" folder contains the following files:
- QwertyTreeWalker.py
- qwerty_graph.py

The "Method 2 - Combinator Script" folder contains the following files:
- 4_Walk_seed.txt
- Combinator.py
- walk.rule


Method 1 Usage
--------------

    Version 2.0.0 of QwertyTreeWalker supports two modes to display output, stdout and write-to-files
    
    The main process will parse the qwerty_graph datastructure provided, and split the work among a
    number of worker processes. Each worker process will output a file with the walks generated. If the 
    file size exceeds 524288000 bytes then a new file will be created to continue output. Output by default
    will be located in an OUTPUT folder located in the same directory QwertyTreeWalker.py is being run. 
    
    Commandline Arguments:
    ----------------------
    usage: QwertyTreeWalker.py [-h] [-l [L]] [-p [P]] [-x] [-H] [--stdout][--noplain][file_name]

    Generate walks for Qwerty Keyboard

    positional arguments:
      file_name             File with adjacency list of format {'letter':{'direction': 'letter connected'}}

    optional arguments:
      -h, --help                show this help message and exit
      -l [L], -length [L]       Walk length
      -p [P], -processes [P]    Number of processses to divide work
      -x, -exclude              Will trigger prompt for link exclude list
      -H, -hash                 Output NTLM hash
      --stdout                  Output to screen
      --noplain                 Do not print plain text hash

    EXAMPLE - Interactive Mode:
    
    python QwertyTreeWalker.py qwerty_graph.txt -l 16 -p 7
    
    Executing the above command will drop you into an interactive status prompt and begin output keyboard walks of length 16 to files located in {working dir}/OUTPUT.
    
    Interative Prompt:
    ------------------
    
    **********************************************************************
    ***************** WARNING: This may take a while *********************
    ***************** Type: [S]tatus [Q]uit ******************************
    **********************************************************************


    [ 8-step walk STARTED at:       2014-07-22-131636 with 8 workers ]
    7134.00000000 walks/sec  Walks: 19889 Walks Left: 57548663119
    
    Once the run is completed (or the user has exited the program with the Q command) the interactive prompt will look like this
    
    **********************************************************************
    ***************** WARNING: This may take a while *********************
    ***************** Type: [S]tatus [Q]uit ******************************
    **********************************************************************


    [ 8-step walk STARTED at:       2014-07-22-131636 with 8 workers ]
    7134.00000000 walks/sec  Walks: 19889 Walks Left: 57548663119
    [ 8-step walk ENDED at:         2014-07-22-131652 ]

    Writing files. Please wait this could take several minutes. [Done]

            [Run Stats]
                    Elasped Time: 0.271800001462 minutes
                    9988.00000000 walks/sec/worker
                    162164 walks generated
                    
    Example STDOUT:
    
    python QwertyTreeWalker.py qwerty_graph.txt -l 16 -p 1 --stdout > 16_Walk.txt
    
    Executing the above command will output the following to 16_Walk.txt. NOTE: This will probably NOT complete in your lifetime. Porting this to use GPUs might be able to though. If anyone tries using GPUs please share your results.  
    
    ...
    $bhu8.;[=\`zxXAw
    $bhu8.;[=\`zxXAs
    $bhu8.;[=\`zxXA`
    $bhu8.;[=\`zxXAS
    $bhu8.;[=\`zxXA=
    $bhu8.;[=\`zxXAx
    $bhu8.;[=\`zxXAq
    $bhu8.;[=\`zxXA"
    $bhu8.;[=\`zxXAa
    $bhu8.;[=\`zxXA`
    $bhu8.;[=\`zxXAZ
    $bhu8.;[=\`zxXAQ
    ...
    
    Some notes on usage:
    --------------------
    
    1. When using the -p option with --stdout you may only use 1 process. Since the processes are non-blocking you will get gibberish instead of walks when using multiple processes
    
    2. The -x option is used for pruning the graph. You will be prompted (shown below) for a csv list of edges to exclude from parsing. 
    
        [1] diag_up_right
        [2] right
        [3] diag_up_left
        [4] up
        [5] shift_right
        [6] diag_down_left
        [7] diag_down_right
        [8] shift_loop
        [9] shift_left
        [10] shift_diag_up_left
        [11] down
        [12] shift_down
        [13] shift_up
        [14] shift_diag_down_right
        [15] shift_diag_down_left
        [16] shift_diag_up_right
        [17] loop
        [18] left
        Enter Links to exclude as csv (EX:1,2,3)
        >> 2,3,4
    
    3. The -H and --noplain options are there for testing purposes incase you want to generate a combination of hashes and plain text walks. 
    
    
Method 2 Usage
--------------

    Commandline Arguments:
    ----------------------
    usage: Combinator.py [-h] [-l [L]] [file_name]

        Combinator: Combine strings into arbitrary length strings

        positional arguments:
          file_name            File with strings of same length

        optional arguments:
          -h, --help           show this help message and exit
          -l [L], -length [L]  Length of final strings
          
    EXAMPLE: To create a dictionary of keyboard walks of length 16 the best results come from combining the seed file into length 8 and then into a 16 length file.

    python Combinator.py 4_Walk_seed.txt -l 8 > 8_Walk.txt
    python Combinator.py 8_Walk.txt -l 16 > 16_Walk.txt

    Executing the above commands should generate a file of around 5GB in size. Then you can input the resulting 16_Walk.txt file and walk.rule file into a password cracker. NOTE: The walk.rule rules were written for oclHashcat, but may work in other crackers such as John. 



Analysis Tools:
---------------

The WalkCheck.py script can be used to detected keyboard walks in a word list. It's more of a proof of concept, but can be useful for analysis.


    Commandline Arguments:
    ----------------------
    WalkCheck.py - Checks strings and detects keyboard walks
    
    usage: WalkCheck.py [-h] [-l [L]] [-strict] [-loop] [-stats]
                    [graph_file_name] [input]

    Check if string(s) are keyboard walks

    positional arguments:
      graph_file_name      File with adjacency list of format {'letter':
                           {'direction': 'letter connected'}}
      input                File name or single string to check

    optional arguments:
      -h, --help           show this help message and exit
      -l [L], -length [L]  Walk length
      -strict              Only find exact walks of length specified by -l option
      -loop                Consider adjacent dublicate letters as walks
      -stats               Do some calculations

    EXAMPLE: python WalkCheck.py qwerty_graph.txt rockyou.txt -l 8 

    The above command will print out all the words in rockyou.txt that contain keyboard walks of length 8.