Mercurial > hg > anonet-resdb

diff contrib/splicex/src/manual @ 688:2e33b56d4f0d draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SpliceX improvements
author resdb <resdb@d3v11-VM.(none)>
date Sun, 23 Oct 2011 08:31:11 -0500
parents
children 24a6ba1d8657
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/splicex/src/manual	Sun Oct 23 08:31:11 2011 -0500
@@ -0,0 +1,758 @@
+.TH SpliceX "" "" "" ""
+                    __________        _ _         __  __    ______
+                   / / / / ___| _ __ | (_) ___ ___\\ \\/ /   / / / /
+                  / / / /\\___ \\| '_ \\| | |/ __/ _ \\\\  /   / / / /
+                 / / / /  ___) | |_) | | | (_|  __//  \\  / / / /
+                /_/_/_/  |____/| .__/|_|_|\\___\\___/_/\\_\\/_/_/_/
+                               |_|
+ 
+                     .:Brute Force Utilities For GNU/Linux:.
+
+
+       SpliceX is free software: you can redistribute it and/or modify it under
+       the terms of the GNU General Public License as published by the Free
+       Software Foundation, either version 3 of the License, or (at your option)
+       any later version.
+
+       SpliceX is distributed in the hope that it will be useful, but WITHOUT
+       ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+       FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+       for more details. <http://www.gnu.org/licenses/>
+
+
+
+.SH
+OPTIONS
+
+--help                Show help display and exit
+
+--command             Parse passwords to this command
+
+--dictionary          Path to custom dictionary(wordlist)
+
+--rtfm                Show manual page and exit
+
+--restore             Path to restore file
+
+--save                Directory path to create save file
+
+--test                Test output of command
+
+--time                Manipulate timed iterations
+
+--usernames           Path to username list
+
+--exh-l               Use an exhaustive attack with letters only
+
+--exh-n               Use an exhaustive attack with numbers only
+
+--exh-s               Use an exhaustive attack with special characters only
+
+--exh-ln              Use an exhaustive attack with letters and numbers only
+
+--exh-ls              Use an exhaustive attack with letters and special
+                      characters only
+
+--exh-ns              Use an exhaustive attack with numbers and special
+                      characters only
+
+--exh-all             Use an exhaustive attack with all characters
+
+--exh-custom          Use an exhaustive attack with custom characters
+
+--stdout              Print only passwords to stdout
+
+-A                    Use alphabetical mixing module
+
+-B                    Use backwords module
+
+-C                    Use alternating caps module
+
+-L                    Use "L337" speak module
+
+-M                    Use MD5 module
+
+-N                    Use numerical mixing module
+
+-R                    Use regular words module
+
+-S                    Use special mixing module
+
+--mix-custom          Use custom mixing module
+
+--wep-5               Use 5 character WEP module
+
+--wep-13              Use 13 character WEP module
+
+--wep-*               Use 5 and 13 character WEP module
+
+--letters             Use letter characters
+
+--numbers             Use number characters
+
+--specials            Use special characters
+
+--char-all            Use all characters
+
+--no-char             Override character usage
+
+--char-length         Start and end with set character lengths
+
+--custom              Use custom characters
+
+--deshadow            Crack shadow hash sums
+
+--get-shadow          Get the shadow info for a user
+
+--set-shadow          Use the shadow info from a file
+
+--se-module           Use the social engineering module
+
+--create              Create a dictionary
+
+--debug               Enable debugging
+
+.SH
+DICTIONARIES
+
+splicex comes equipped with its own dictionary but is
+.br
+designed to use custom dictionaries as well. The
+.br
+dictionary should be in the following format: a plain
+.br
+text file with one word per line, no spaces between
+.br
+words, letters only. You do not have to follow the
+.br
+above guideline exactly but it is strongly suggested.
+.br
+IE:
+
+============= NOT ACTUAL LINE ON FILE ===============
+.br
+qwerty
+.br
+john
+.br
+linux
+.br
+newpass
+.br
+princess
+.br
+hacker
+.br
+============= NOT ACTUAL LINE ON FILE ===============
+
+.SH
+USERNAMES
+
+splicex is capable of cycling through usernames as it
+.br
+would a dictionary. There is no default username list
+.br
+on splicex. The username list should be in the 
+.br
+following format: a plain text file with one word per 
+.br
+line, no spaces between words, letters only. You do 
+.br
+not have to follow the above guideline exactly but it
+.br
+is strongly suggested.
+.br
+IE:
+
+============= NOT ACTUAL LINE ON FILE ===============
+.br
+john
+.br
+admin
+.br
+root
+.br
+david
+.br
+fred
+.br
+============= NOT ACTUAL LINE ON FILE ===============
+
+.SH
+SAVING AND RESTORING
+
+splicex is capable of restarting where it was stopped
+.br
+by using the --restore switch followed by the full path to
+.br
+a splicex.save file. DO NOT modify these files or
+.br
+splicex may receive an error or not load at all. 
+.br
+When restoring, if you set the --test switch you must
+.br
+manually set it again or splicex will not test for
+.br
+specified output. If saving splicex's status, then
+.br
+splicex will save to the specified directory as
+.br
+splicex.save. If splicex.save already exists it will
+.br
+be overwritten so change the name of any original
+.br
+copies if you want to keep them. If saving a splicex
+.br
+session you should stop the process using the
+.br
+appropriate terminal feature before killing splicex
+.br
+to avoid corrupting the save file.
+
+--save="/path/to/save/directory/"
+
+--restore="/path/to/splicex.save/"
+.SH
+MODULES
+
+-A -B -C -L -M -N -R -S --mix-custom --wep-5 --wep-13 --wep-* --se-module
+.br
+splicex comes equipped with several modules that mangle
+.br
+the words in the selected dictionary to create probable
+.br
+password combinations. You may use as many of these
+.br
+modules as you want. Some modules can take a few or more
+.br
+minutes to enhance a dictionary depending on the size
+.br
+of the selected dictionary.
+
+-A Alphabetical Mixing Module:
+.br
+This module puts several combinations of alphabet
+.br
+characters inside the words in the selected
+.br
+dictionary. IE:
+
+pZassword
+.br
+pCatssword
+.br
+passworKd
+.br
+passwoJrLd
+.br
+...
+
+-B Backwards Module:
+.br
+This module creates backwards words from the
+.br
+selected dictionary. IE:
+
+drowssap
+.br
+...
+
+-C Capitalization Module:
+.br
+This module recreates the words in the selected
+.br
+dictionary with alternating capitalizations.
+.br
+IE:
+ 
+Password
+.br
+PAssword
+.br
+PaSsWoRd
+.br
+pAsSwOrD
+.br
+passwoRD
+.br
+...
+
+-L L337 Speak Module:
+.br
+This module converts the words in the selected
+.br
+dictionary to several versions of "l337 speak".
+.br
+IE:
+
+p4ssword
+.br
+p455w0rd
+.br
+pa5sword
+.br
+ps@$$word
+.br
+...
+ 
+-N Numerical Mixing Module:
+.br
+This module puts several combinations of number
+.br
+characters inside the words in the selected
+.br
+dictionary. IE:
+
+p2assword
+.br
+p5a8ssword
+.br
+passwor0d
+.br
+passwo6r9d
+.br
+...
+
+-R Regular Words Module:
+.br
+This module tells splicex to use the words in a
+.br
+selected dictionary as they are listed.
+
+
+-S Special Mixing Module:
+.br
+This module puts several combinations of special
+.br
+characters inside the words in the selected
+.br
+dictionary. IE:
+
+p!assword
+.br
+p@a$ssword
+.br
+passwor(d
+.br
+passwo-r+d
+.br
+...
+
+--mix-custom Custom Mixing Module:
+.br
+This module puts several combinations of user
+.br
+selected characters inside the words from the
+.br
+selected character list. IE:
+
+p!assword
+.br
+p@a$ssword
+.br
+passwor(d
+.br
+passwo-r+d
+.br
+...
+
+--mix-custom's list should only contain one character per
+.br
+line on a plain text file. If you select this
+.br
+module then modules -A, -N, -S will be ignored.
+.br
+IE:
+
+============= NOT ACTUAL LINE ON FILE ===============
+.br
+j
+.br
+1
+.br
+@
+.br
+0
+.br
+z
+.br
+============= NOT ACTUAL LINE ON FILE ===============
+
+If -A, -N, and/or -S options are selected then
+.br
+the modules will be combined. see also --char-all. IE:
+
+pZa!ssword
+.br
+p0atssword
+.br
+passwor7d
+.br
+passwo*rLd
+.br
+...
+
+-M MD5 Module:
+.br
+This module generates md5 hash sums for
+.br
+words listed in the selected dictionary.
+.br
+IE:
+
+5912d7bfd10f631f1715bf85bbb72d97
+.br
+966e8fda594333563c02fa4b69765a5e
+.br
+900bc885d7553375aec470198a9514f3
+.br
+97f014516561ef487ec368d6158eb3f4
+.br
+...
+
+
+--wep-*, --wep-5, --wep-13 WEP Modules:
+.br
+these two modules strip 5 or 13 character
+.br
+words from the selected dictionary and produce
+.br
+WEP compatible hex passwords. If your dictionary
+.br
+does not contain 5 or 13 character words then
+.br
+splicex will likely give an error.
+
+
+--se-module Social Engineering Module:
+.br
+see the social engineering section below for
+.br
+details.
+
+.SH
+CHARACTERS 
+
+splicex appends alternating character tags to the beginning
+.br
+and/or ending of each password. By default splicex will use
+.br
+all standard keyboard characters but you can choose to use
+.br
+specific combinations. If one or more of the following
+.br
+options is omitted then only the selected options will be
+.br
+used ; they will be combined.
+
+--letters Use letter characters
+.br
+Apassword
+.br
+passwordA
+.br
+abCpassword
+.br
+passwordxYz
+.br
+...
+
+--numbers Use numbers characters
+.br
+1password
+.br
+password1
+.br
+123password
+.br
+password098
+.br
+...
+
+--specials Use specials characters
+.br
+$password
+.br
+password^
+.br
+%)!password
+.br
+password#*@
+.br
+...
+
+--custom Use custom characters from a list
+.br
+$password
+.br
+password^
+.br
+%)!password
+.br
+password#*@
+.br
+...
+
+--custom list should only contain one character per
+.br
+line on a plain text file. If you select this
+.br
+module then other character flags will be ignored.
+.br
+If the custom list matches the selected dictionary
+.br
+then splicex will run in exhaustive mode.
+.br
+IE:
+
+============= NOT ACTUAL LINE ON FILE ===============
+.br
+j
+.br
+1
+.br
+@
+.br
+0
+.br
+z
+.br
+============= NOT ACTUAL LINE ON FILE ===============
+
+--letters, --numbers, and/or --specials
+.br
+Apassword6&
+.br
+7passwordA
+.br
+a*Cpassword9
+.br
+a}password0Yz
+.br
+...
+
+--no-char Override character usage
+.br
+This option tells splicex not to make
+.br
+any character additions to passwords.
+
+--char-length Start and end with set character lengths
+.br
+This option tells splicex to start and stop with a set
+.br
+amount of characters. IE:
+
+The following will start with one character added and
+.br
+end with 3:
+.br
+splicex --char-length='1, 3'
+
+The following will generate only 6 character passwords:
+.br
+splicex --exh-custom='MyCharacters.txt' --char-length='6, 6'
+
+.SH
+SOCIAL ENGINEERING
+
+--se-module Social Engineering Module:
+.br
+splicex is equipped with a social engineering module to create
+.br
+concatenated words from the selected dictionary. This module
+.br
+allows for "Module Stacking". IE, if you select other other
+.br
+modules when setting this flag then compiled words will also
+.br
+be incorporated into the algorithm as if they appeared on the
+.br
+the selected dictionary itself.
+
+.SH
+DESHADOW
+
+splicex comes with its own small program to compare a created hash
+.br
+sum, those found in /etc/shadow with an existing one given through
+.br
+user input. When using the deshadow option you will need to set
+.br
+exactly one of the --get-shadow or --set-shadow options. There is no
+.br
+need to use the --command or the --test flags when using this option
+.br
+because the values for each will be preset.
+
+--get-shadow Get the shadow info for a user
+.br
+see examples below for usage details.
+
+--set-shadow Use the shadow info from a file. This file should be
+.br
+in plain text and contain only one line with the
+.br
+following syntax:
+
+============= NOT ACTUAL LINE ON FILE ===============
+.br
+$HashingMethod$SaltValue$ActualHashItself
+
+============= NOT ACTUAL LINE ON FILE ===============
+
+If you need to see an example Shadow entry you may
+.br
+use the following command:
+
+cat /etc/shadow | grep -i "$USER"
+
+.SH
+EXHAUSTIVE
+
+splicex is capable of mounting a standard exhaustive attack.
+.br
+An exhaustive attack is a sure\-fire method to crack any
+.br
+password but this can also take large amounts of time
+.br
+depending on the length of a password. If it's necessary to
+.br
+use an exhaustive bruteforcing algorithm you may do so with
+.br
+one of the following options:
+
+--exh-l
+.br
+This attack uses only letters.
+
+--exh-n
+.br
+This attack uses only numbers.
+
+--exh-s
+.br
+This attack uses only special characters.
+
+--exh-ln
+.br
+This attack uses only letters and numbers.
+
+--exh-ls
+.br
+This attack uses only letters and special characters.
+
+--exh-ns
+.br
+This attack uses only numbers and special characters.
+
+--exh-all
+.br
+This attack uses all characters.
+
+--exh-custom
+.br
+This attack uses custom characters in a character list. IE:
+.br
+--exh-custom='CharList.txt'
+.br
+A character list should be in the following syntax:
+
+============= NOT ACTUAL LINE ON FILE ===============
+.br
+j
+.br
+1
+.br
+@
+.br
+0
+.br
+z
+.br
+============= NOT ACTUAL LINE ON FILE ===============
+
+.SH
+STDOUT
+
+splicex has the option to skip the command and test flags
+.br
+and print only the created passwords to stdout. This is a
+.br
+useful flag if you're going to pipe the output to stdin
+.br
+on another program.
+
+--stdout
+.br
+The output will look similar to the following:
+.br
+password
+.br
+qwerty
+.br
+123magick
+.br
+newpass
+.br
+john1965
+
+.SH
+REGEXP
+
+splicex can create some regexp type functions
+.br
+using existing options:
+
+splicex --command='echo onePASSWORDthree' --test='onetwothree' --exh-l
+
+splicex --command='echo johnPASSWORD65' --test='john1965' --exh-custom='MyList.txt'
+
+splicex --command='echo ilovePASSWORD' -R --no-char --test='iloveqwerty'
+
+you may also want to see --se-module for more specific attacks.
+
+.SH
+CONTROLS
+
+splicex contains some options worth going over again.
+
+--command='<insert command> PASSWORD' #must contain regexp 'PASSWORD'
+
+--time='10, 1' #timed iterations
+
+--custom='file.txt', -U 'file.txt', --dictionary='file.txt', 
+.br
+--exh-custom='file.txt' #custom wordlists and/or character lists
+
+--no-char #useful flag to only use the generated wordlist
+.br
+#no characters will be appended to the passwords
+
+--stdout #prints only passwords
+
+--debug #helps to troubleshoot
+
+.SH
+EXAMPLES
+
+splicex --command="unrar -pPASSWORD t file.rar" --test="All OK" -R
+
+splicex --command="sshpass -pPASSWORD ssh user@host" --dictionary="wordlist" -L
+
+splicex --command="smbclient -L 192.168.1.0 -Uusername%PASSWORD" -L
+
+splicex --deshadow --get-shadow="root" -R
+
+splicex --deshadow --set-shadow="/home/user/shadow.txt" -R
+
+splicex\\
+.br 
+--command="echo PASSWORD | aircrack-ng -b 00:11:22:33:44:55 -w - *.cap"\\
+.br
+--wep-5 --wep-13 --no-char --dictionary='MyWords.txt'\\
+.br
+--test='KEY FOUND'
+
+splicex --command='curl --user <user[:PASSWORD]> https://www.example.com' -R
+