Mercurial > hg > anonet-resdb

comparison contrib/splice3/LINUX/manual @ 626:ed8cff39b9a7 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added splice3 to resdb/contrib
author d3v11 <d3v11@d3v11.ano>
date Fri, 23 Sep 2011 00:12:08 -0500
parents
children bd1f56c22102
comparison
equal deleted inserted replaced
625:ad10fd05ee0e 626:ed8cff39b9a7
1 .TH splice3 "1" "sep 2011" "splice3" "Brute Force Utilities"
2 .SH
3 NAME
4 splice3 - manual page for splice3
5
6 .SH
7 DESCRIPTION
8
9 Brute Force Utilities For The Linux Shell.
10
11 .SH
12 OPTIONS
13 -h, --help show the help message and exit
14
15 -c, Parse passwords to this command
16 .br
17 Command must contain regexp PASSWORD.
18 .br
19 splice3 -c"command PASSWORD"
20
21 -d Path to custom dictionary(wordlist)
22 .br
23 splice3 -d"/home/user/wordlist"
24 .br
25 If this option is unset then splice3
26 .br
27 will use its default dictionary.
28
29 --rtfm Show manual page and exit
30
31 -r Path to restore file
32 .br
33 splice3 -r"/home/user/splice3.save"
34 .br
35 DO NOT USE MODIFIED OR NON-SPLICE
36 .br
37 SAVE FILES.
38
39 -s Directory path to create save file
40 .br
41 splice3 -s"/home/user"
42
43 -t Test output of -c's command
44 .br
45 splice3 -t"All OK"
46
47 --time Manipulate timed iterations
48 .br
49 splice3 can pause its attack for
50 .br
51 a specified amount of seconds per
52 .br
53 every specified amount of iterations.
54 .br
55 splice3 --time="12, 360"
56 .br
57 The above will tell splice3 to pause
58 .br
59 360 seconds after trying every 12 passwords.
60
61 -u Path to username list
62 .br
63 splice3 -u"/home/user/userlist"
64 .br
65 If you use this command the regexp
66 .br
67 `USERNAME' will be required in the
68 .br
69 given -c command. See -c flag for
70 .br
71 details.
72
73 .br
74 --exh-l Use an exhaustive attack with letters only
75
76 .br
77 --exh-n Use an exhaustive attack with numbers only
78
79 .br
80 --exh-s Use an exhaustive attack with special characters only
81
82 .br
83 --exh-ln Use an exhaustive attack with letters and numbers only
84
85 .br
86 --exh-ls Use an exhaustive attack with letters and special
87 .br
88 characters only
89
90 .br
91 --exh-ns Use an exhaustive attack with numbers and special
92 .br
93 characters only
94
95 --exh-lns Use an exhaustive attack with all characters
96
97 --exh-custom Use an exhaustive attack with custom characters
98 .br
99 splice3 --exh-custom='character list'
100
101 --stdout Print only passwords to stdout
102
103 -A Use alphabetical mixing module
104
105 -B Use backwards module
106
107 -C Use alternating caps module
108
109 -L Use "L337" speak module
110
111 -M Use MD5 module
112
113 -N Use numerical mixing module
114
115 -R Use regular words module
116
117 -S Use special mixing module
118
119 -U Use custom mixing module
120 .br
121 splice3 -U"/home/user/list"
122
123 --wep-5 Use 5 char WEP module
124 .br
125 splice3 will strip 5 char words
126 .br
127 from the dictionary and convert
128 .br
129 them to WEP compatible passwords.
130
131 --wep-13 Use 13 char WEP module
132 .br
133 splice3 will strip 13 char words
134 .br
135 from the dictionary and convert
136 .br
137 them to WEP compatible passwords.
138
139 --letters Use letter characters
140
141 --numbers Use number characters
142
143 --specials Use special characters
144
145 --no-char Override character usage
146
147 --custom Use custom characters
148 .br
149 splice3 --custom="/home/user/list"
150
151 --deshadow Crack shadow hash sums
152
153 --getshadow Get the shadow info for a user
154 .br
155 splice3 --getshadow="username"
156 .br
157 See deshadow below for details.
158
159 --setshadow Use the shadow info from a file
160 .br
161 splice3 --setshadow="/home/user/shadow"
162 .br
163 See deshadow below for details.
164
165 --se-create a weird modular dictionary option.
166 .br
167 splice3 will create concatenated words from
168 .br
169 dictionary as "splice3.se" and then load
170 .br
171 it with selected modules.
172
173 --create Create a dictionary and exit. splice3
174 .br
175 will create a dictionary with a user
176 .br
177 selected wordlist and the selected
178 .br
179 Modules. The new dictionary will be
180 .br
181 created in your current directory as
182 .br
183 splice3.create
184
185 -v, --version Show splice3's version number and exit
186
187 --debug Enable debugging
188 .br
189 Allows debugging and traceback reporting from splice3.
190
191 .SH
192 DICTIONARIES
193
194 splice3 comes equipped with its own dictionary but is
195 .br
196 designed to use custom dictionaries as well. The
197 .br
198 dictionary should be in the following format: a plain
199 .br
200 text file with one word per line, no spaces between
201 .br
202 words, letters only. You do not have to follow the
203 .br
204 above guideline exactly but it is strongly suggested.
205 .br
206 IE:
207
208 ============= NOT ACTUAL LINE ON FILE ===============
209 .br
210 qwerty
211 .br
212 john
213 .br
214 linux
215 .br
216 newpass
217 .br
218 princess
219 .br
220 hacker
221 .br
222 ============= NOT ACTUAL LINE ON FILE ===============
223
224 .SH
225 USERNAMES
226
227 splice3 is capable of cycling through usernames as it
228 .br
229 would a dictionary. There is no default username list
230 .br
231 on splice3. The username list should be in the
232 .br
233 following format: a plain text file with one word per
234 .br
235 line, no spaces between words, letters only. You do
236 .br
237 not have to follow the above guideline exactly but it
238 .br
239 is strongly suggested.
240 .br
241 IE:
242
243 ============= NOT ACTUAL LINE ON FILE ===============
244 .br
245 john
246 .br
247 admin
248 .br
249 root
250 .br
251 david
252 .br
253 fred
254 .br
255 ============= NOT ACTUAL LINE ON FILE ===============
256
257 .SH
258 SAVING AND RESTORING
259
260 splice3 is capable of restarting where it was stopped
261 .br
262 by using the -r switch followed by the full path to
263 .br
264 a splice3.save file. DO NOT modify these files or
265 .br
266 splice3 may receive an error or not load at all.
267 .br
268 When restoring, if you set the -t switch you must
269 .br
270 manually set it again or splice3 will not test for
271 .br
272 specified output. If saving splice3's status, then
273 .br
274 splice3 will save to the specified directory as
275 .br
276 splice3.save. If splice3.save already exists it will
277 .br
278 be overwritten so change the name of any original
279 .br
280 copies if you want to keep them. If saving a splice3
281 .br
282 session you should stop the process using the
283 .br
284 appropriate terminal feature before killing splice3
285 .br
286 to avoid corrupting the save file.
287
288 -s "/path/to/save/directory/"
289
290 -r "/path/to/splice3.save/"
291 .SH
292 MODULES
293
294 -A -B -C -L -M -N -R -S -U --wep-5 --wep-13
295 .br
296 splice3 comes equipped with several modules that mangle
297 .br
298 the words in the selected dictionary to create probable
299 .br
300 password combinations. You may use as many of these
301 .br
302 modules as you want. Some modules can take a few or more
303 .br
304 minutes to enhance a dictionary depending on the size
305 .br
306 of the selected dictionary.
307
308 -A Alphabetical Mixing Module:
309 .br
310 This module puts several combinations of alphabet
311 .br
312 characters inside the words in the selected
313 .br
314 dictionary. IE:
315
316 pZassword
317 .br
318 pCatssword
319 .br
320 passworKd
321 .br
322 passwoJrLd
323 .br
324 ...
325
326 -B Backwards Module:
327 .br
328 This module creates backwards words from the
329 .br
330 selected dictionary. IE:
331
332 drowssap
333 .br
334 ...
335
336 -C Capitalization Module:
337 .br
338 This module recreates the words in the selected
339 .br
340 dictionary with alternating capitalizations.
341 .br
342 IE:
343
344 Password
345 .br
346 PAssword
347 .br
348 PaSsWoRd
349 .br
350 pAsSwOrD
351 .br
352 passwoRD
353 .br
354 ...
355
356 -L L337 Speak Module:
357 .br
358 This module converts the words in the selected
359 .br
360 dictionary to several versions of "l337 speak".
361 .br
362 IE:
363
364 p4ssword
365 .br
366 p455w0rd
367 .br
368 pa5sword
369 .br
370 ps@$$word
371 .br
372 ...
373
374 -N Numerical Mixing Module:
375 .br
376 This module puts several combinations of number
377 .br
378 characters inside the words in the selected
379 .br
380 dictionary. IE:
381
382 p2assword
383 .br
384 p5a8ssword
385 .br
386 passwor0d
387 .br
388 passwo6r9d
389 .br
390 ...
391
392 -R Regular Words Module:
393 .br
394 This module tells splice3 to use the words in a
395 .br
396 selected dictionary as they are listed.
397
398
399 -S Special Mixing Module:
400 .br
401 This module puts several combinations of special
402 .br
403 characters inside the words in the selected
404 .br
405 dictionary. IE:
406
407 p!assword
408 .br
409 p@a$ssword
410 .br
411 passwor(d
412 .br
413 passwo-r+d
414 .br
415 ...
416
417 -U Custom Mixing Module:
418 .br
419 This module puts several combinations of user
420 .br
421 selected characters inside the words from the
422 .br
423 selected character list. IE:
424
425 p!assword
426 .br
427 p@a$ssword
428 .br
429 passwor(d
430 .br
431 passwo-r+d
432 .br
433 ...
434
435 -U's list should only contain one character per
436 .br
437 line on a plain text file. If you select this
438 .br
439 module then modules -A, -N, -S will be ignored.
440 .br
441 IE:
442
443 ============= NOT ACTUAL LINE ON FILE ===============
444 .br
445 j
446 .br
447 1
448 .br
449 @
450 .br
451 0
452 .br
453 z
454 .br
455 ============= NOT ACTUAL LINE ON FILE ===============
456
457 If -A, -N, and/or -S options are selected then
458 .br
459 the modules will be combined. IE:
460
461 pZa!ssword
462 .br
463 p0atssword
464 .br
465 passwor7d
466 .br
467 passwo*rLd
468 .br
469 ...
470
471 -M MD5 Module:
472 .br
473 This module generates md5 hash sums for
474 .br
475 words listed in the selected dictionary.
476 .br
477 IE:
478
479 5912d7bfd10f631f1715bf85bbb72d97
480 .br
481 966e8fda594333563c02fa4b69765a5e
482 .br
483 900bc885d7553375aec470198a9514f3
484 .br
485 97f014516561ef487ec368d6158eb3f4
486 .br
487 ...
488
489
490 --wep-* WEP Modules:
491 .br
492 these two modules strip 5 or 13 character
493 .br
494 words from the selected dictionary and produce
495 .br
496 WEP compatible hex passwords.
497
498 .SH
499 CHARACTERS
500
501 splice3 appends alternating character tags to the beginning
502 .br
503 and/or ending of each password. By default splice3 will use
504 .br
505 all standard keyboard characters but you can choose to use
506 .br
507 specific combinations. If one or more of the following
508 .br
509 options is omitted then only the selected options will be
510 .br
511 used ; they will be combined.
512
513 --letters Use letter characters
514 .br
515 Apassword
516 .br
517 passwordA
518 .br
519 abCpassword
520 .br
521 passwordxYz
522 .br
523 ...
524
525 --numbers Use numbers characters
526 .br
527 1password
528 .br
529 password1
530 .br
531 123password
532 .br
533 password098
534 .br
535 ...
536
537 --specials Use specials characters
538 .br
539 $password
540 .br
541 password^
542 .br
543 %)!password
544 .br
545 password#*@
546 .br
547 ...
548
549 --custom Use custom characters from a list
550 .br
551 $password
552 .br
553 password^
554 .br
555 %)!password
556 .br
557 password#*@
558 .br
559 ...
560
561 --custom list should only contain one character per
562 .br
563 line on a plain text file. If you select this
564 .br
565 module then other character flags will be ignored.
566 .br
567 If the custom list matches the selected dictionary
568 .br
569 then splice3 will run in exhaustive mode.
570 .br
571 IE:
572
573 ============= NOT ACTUAL LINE ON FILE ===============
574 .br
575 j
576 .br
577 1
578 .br
579 @
580 .br
581 0
582 .br
583 z
584 .br
585 ============= NOT ACTUAL LINE ON FILE ===============
586
587 --letters, --numbers, and/or --specials
588 .br
589 Apassword6&
590 .br
591 7passwordA
592 .br
593 a*Cpassword9
594 .br
595 a}password0Yz
596 .br
597 ...
598
599 .SH
600 DESHADOW
601
602 splice3 comes with its own small program to compare a created hash
603 .br
604 sum, those found in /etc/shadow with an existing one given through
605 .br
606 user input. When using the deshadow option you will need to set
607 .br
608 exactly one of the --getshadow or --setshadow options. There is no
609 .br
610 need to use the -c CMD or the -t TEST flags when using this option
611 .br
612 because the values for each will be preset.
613
614 --getshadow Get the shadow info for a user
615 .br
616 see examples below for usage details.
617
618 --setshadow Use the shadow info from a file. This file should be
619 .br
620 in plain text and contain only one line with the
621 .br
622 following syntax:
623
624 ============= NOT ACTUAL LINE ON FILE ===============
625 .br
626 $HashingMethod$SaltValue$ActualHashItself
627
628 ============= NOT ACTUAL LINE ON FILE ===============
629
630 If you need to see an example Shadow entry you may
631 .br
632 use the following command:
633
634 cat /etc/shadow | grep -i "$USER"
635
636 .SH
637 EXHAUSTIVE
638
639 splice3 is capable of mounting a standard exhaustive attack.
640 .br
641 An exhaustive attack is a sure\-fire method to crack any
642 .br
643 password but this can also take large amounts of time
644 .br
645 depending on the length of a password. If it's necessary to
646 .br
647 use an exhaustive bruteforcing algorithm you may do so with
648 .br
649 one of the following options:
650
651 --exh-l
652 .br
653 This attack uses only letters.
654
655 --exh-n
656 .br
657 This attack uses only numbers.
658
659 --exh-s
660 .br
661 This attack uses only special characters.
662
663 --exh-ln
664 .br
665 This attack uses only letters and numbers.
666
667 --exh-ls
668 .br
669 This attack uses only letters and special characters.
670
671 --exh-ns
672 .br
673 This attack uses only numbers and special characters.
674
675 --exh-lns
676 .br
677 This attack uses all characters.
678
679 .SH
680 STDOUT
681
682 splice3 has the option to skip the command and test flags
683 .br
684 and print only the created passwords to stdout. This is a
685 .br
686 useful flag if you're going to pipe the output to stdin
687 .br
688 on another program.
689
690 --stdout
691 .br
692 The output will look similar to the following:
693 .br
694 password
695 .br
696 qwerty
697 .br
698 123magick
699 .br
700 newpass
701 .br
702 john1965
703
704 .SH
705 REGEXP
706
707 splice3 can create some regexp type functions
708 .br
709 using existing options:
710
711 splice3 --command='echo onePASSWORDthree' --test='onetwothree' --exh-l
712
713 splice3 -c 'echo johnPASSWORD65' --test='john1965' --exh-custom='MyList.txt'
714
715 splice3 --command='echo ilovePASSWORD' -R --no-char --test='iloveqwerty'
716
717 you may also want to see --se-create for more specific attacks.
718
719 .SH
720 CONTROLS
721
722 splice3 contains some options worth going over again.
723
724 --command='<insert command> PASSWORD' #must contain regexp 'PASSWORD'
725
726 --time='10, 1' #timed iterations
727
728 --custom='file.txt', -U 'file.txt', --dictionary='file.txt',
729 .br
730 --exh-custom='file.txt' #custom wordlists and/or character lists
731
732 --no-char #useful flag to only use the generated wordlist
733 .br
734 #no characters will be appended to the passwords
735
736 --stdout #prints only passwords
737
738 --debug #helps to troubleshoot
739
740 .SH
741 EXAMPLES
742
743 splice3 -c"unrar -pPASSWORD t file.rar" -t"All OK" -ACLNRS
744
745 splice3 -c"sshpass -pPASSWORD ssh user@host" -d"wordlist" -L
746
747 splice3 -c"smbclient -L 192.168.1.0 -Uusername%PASSWORD" -L
748
749 splice3 --deshadow --getshadow="root" -ACLNRS
750
751 splice3 --deshadow --setshadow="/home/user/shadow.txt" -ACLNRS
752
753 splice3\\
754 .br
755 --command='echo PASSWORD | aircrack-ng -b 00:11:22:33:44:55 -w - *.cap'\\
756 .br
757 --wep-5 --wep-13 --no-char --dictionary='MyWords.txt'\\
758 .br
759 --test='KEY FOUND'
760
761 splice3 -c"curl --user <user[:PASSWORD]> https://www.example.com" -R
762
763 .SH
764 LICENSE
765
766 This program is free software: you can redistribute it and/or modify
767 .br
768 it under the terms of the GNU General Public License as published by
769 .br
770 the Free Software Foundation, either version 3 of the License, or
771 .br
772 (at your option) any later version.
773
774 This program is distributed in the hope that it will be useful,
775 .br
776 but WITHOUT ANY WARRANTY; without even the implied warranty of
777 .br
778 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
779 .br
780 GNU General Public License for more details.
781
782 You should have received a copy of the GNU General Public License
783 .br
784 along with this program. If not, see <http://www.gnu.org/licenses/>.