Class: Metasploit::Framework::PasswordCracker::Wordlist

Inherits:

Object

• Object
• Metasploit::Framework::PasswordCracker::Wordlist

Includes:

ActiveModel::Validations

Defined in:

lib/metasploit/framework/password_crackers/wordlist.rb

Constant Summary

MUTATIONS =

A mapping of the mutation substitution rules

{
    '@' => 'a',
    '0' => 'o',
    '3' => 'e',
    '$' => 's',
    '7' => 't',
    '1' => 'l',
    '5' => 's'
}

Instance Attribute Summary

• #appenders ⇒ Array

  An array of strings to append to each word.

• #custom_wordlist ⇒ String

  The path to a custom wordlist file to include.

• #mutate ⇒ TrueClass, FalseClass
• #prependers ⇒ Array

  An array of strings to prepend to each word.

• #use_common_root ⇒ TrueClass, FalseClass
• #use_creds ⇒ TrueClass, FalseClass
• #use_db_info ⇒ TrueClass, FalseClass
• #use_default_wordlist ⇒ TrueClass, FalseClass
• #use_hostnames ⇒ TrueClass, FalseClass
• #workspace ⇒ Mdm::Workspace

  The workspace this cracker is for.

Instance Method Summary

• #each_appended_word(word = '') {|word| ... } ⇒ void

  This method takes a word, and appends each word from the appenders list and yields the new words.

• #each_base_word {|word| ... } ⇒ void

  This method checks all the attributes set on the object and calls the appropriate enumerators for each option and yields the results back up the call-chain.

• #each_cred_word {|word| ... } ⇒ void

  This method searches all saved Credentials in the database and yields all passwords, usernames, and realm names it finds.

• #each_custom_word {|word| ... } ⇒ void

  This method reads the file provided as custom_wordlist and yields the expanded form of each word in the list.

• #each_database_word {|word| ... } ⇒ void

  This method searches the notes in the current workspace for DB instance names, database names, table names, and column names gathered from live database servers.

• #each_default_word {|word| ... } ⇒ void

  This method yields expanded words taken from the default john wordlist that we ship in the data directory.

• #each_hostname_word {|word| ... } ⇒ void

  This method yields the expanded words out of all the hostnames found in the current workspace.

• #each_mutated_word(word = '') {|word| ... } ⇒ void

  This method checks to see if the user asked for mutations.

• #each_prepended_word(word = '') {|word| ... } ⇒ void

  This method takes a word, and prepends each word from the prependers list and yields the new words.

• #each_root_word {|word| ... } ⇒ void

  This method reads the common_roots.txt wordlist expands any words in the list and yields them.

• #each_word {|word| ... } ⇒ void

  This method wraps around all the other enumerators.

• #expanded_words(word = '') {|expanded| ... } ⇒ void

  This method takes a string and splits it on non-word characters and the underscore.

• #initialize(attributes = {}) ⇒ Wordlist constructor

  A new instance of Wordlist.

• #mutate_word(word) ⇒ Array<String>

  This method takes a word and applies various mutation rules to that word and returns an array of all the mutated forms.

• #mutation_keys ⇒ Array<Array>

  A getter for a memoized version of the mutation keys list.

• #to_file(max_len = 0) ⇒ Rex::Quickfile

  This method takes all the options provided and streams the generated wordlist out to a Rex::Quickfile and returns the Rex::Quickfile.

• #valid! ⇒ void

  Raise an exception if the attributes are not valid.

Constructor Details

#initialize(attributes = {}) ⇒ Wordlist

Returns a new instance of Wordlist.

Parameters:

• attributes (Hash{Symbol => String,nil}) (defaults to: {})

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 92

def initialize(attributes={})
  attributes.each do |attribute, value|
    public_send("#{attribute}=", value)
  end
  @appenders  ||= []
  @prependers ||= []
end

Instance Attribute Details

#appenders ⇒ Array

Returns an array of strings to append to each word.

Returns:

• (Array) —

  an array of strings to append to each word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 23

def appenders
  @appenders
end

#custom_wordlist ⇒ String

Returns the path to a custom wordlist file to include.

Returns:

• (String) —

  the path to a custom wordlist file to include

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 27

def custom_wordlist
  @custom_wordlist
end

#mutate ⇒ TrueClass, FalseClass

Returns:

• (TrueClass) —

  if you want each word mutated as it is added

• (FalseClass) —

  if you do not want each word mutated

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 32

def mutate
  @mutate
end

#prependers ⇒ Array

Returns an array of strings to prepend to each word.

Returns:

• (Array) —

  an array of strings to prepend to each word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 36

def prependers
  @prependers
end

#use_common_root ⇒ TrueClass, FalseClass

Returns:

• (TrueClass) —

  if you want to use the common root words wordlist

• (FalseClass) —

  if you do not want to use the common root words wordlist

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 41

def use_common_root
  @use_common_root
end

#use_creds ⇒ TrueClass, FalseClass

Returns:

• (TrueClass) —

  if you want to seed the wordlist with existing credential data from the database

• (FalseClass) —

  if you do not want to seed the wordlist with existing credential data from the database

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 46

def use_creds
  @use_creds
end

#use_db_info ⇒ TrueClass, FalseClass

Returns:

• (TrueClass) —

  if you want to seed the wordlist with looted database names and schemas

• (FalseClass) —

  if you do not want to seed the wordlist with looted database names and schemas

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 51

def use_db_info
  @use_db_info
end

#use_default_wordlist ⇒ TrueClass, FalseClass

Returns:

• (TrueClass) —

  if you want to use the default wordlist

• (FalseClass) —

  if you do not want to use the default wordlist

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 56

def use_default_wordlist
  @use_default_wordlist
end

#use_hostnames ⇒ TrueClass, FalseClass

Returns:

• (TrueClass) —

  if you want to seed the wordlist with existing hostnames from the database

• (FalseClass) —

  if you do not want to seed the wordlist with existing hostnames from the database

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 61

def use_hostnames
  @use_hostnames
end

#workspace ⇒ Mdm::Workspace

Returns the workspace this cracker is for.

Returns:

• (Mdm::Workspace) —

  the workspace this cracker is for.

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 65

def workspace
  @workspace
end

Instance Method Details

#each_appended_word(word = '') {|word| ... } ⇒ void

This method returns an undefined value.

This method takes a word, and appends each word from the appenders list and yields the new words.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 105

def each_appended_word(word='')
  yield word
  appenders.each do |suffix|
    yield "#{word}#{suffix}"
  end
end

#each_base_word {|word| ... } ⇒ void

This method returns an undefined value.

This method checks all the attributes set on the object and calls the appropriate enumerators for each option and yields the results back up the call-chain.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 118

def each_base_word
  # Make sure are attributes are all valid first!
  valid!

  # Yield the expanded form of each line of the custom wordlist if one was given
  if custom_wordlist.present?
    each_custom_word do |word|
      yield word unless word.blank?
    end
  end

  # Yield each word from the common root words list if it was selected
  if use_common_root
    each_root_word do |word|
      yield word unless word.blank?
    end
  end

  # If the user has selected use_creds we yield each password, username, and realm name
  # that currently exists in the database.
  if use_creds
    each_cred_word do |word|
      yield word unless word.blank?
    end
  end

  if use_db_info
    each_database_word do |word|
      yield word unless word.blank?
    end
  end

  if use_default_wordlist
    each_default_word do |word|
      yield word unless word.blank?
    end
  end

  if use_hostnames
    each_hostname_word do |word|
      yield word unless word.blank?
    end
  end

end

#each_cred_word {|word| ... } ⇒ void

This method returns an undefined value.

This method searches all saved Credentials in the database and yields all passwords, usernames, and realm names it finds.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 169

def each_cred_word
  # We don't want all Private types here. Only Passwords make sense for inclusion in the wordlist.
  Metasploit::Credential::Password.all.each do |password|
    yield password.data
  end

  Metasploit::Credential::Public.all.each do |public|
    yield public.username
  end

  Metasploit::Credential::Realm.all.each do |realm|
    yield realm.value
  end
end

#each_custom_word {|word| ... } ⇒ void

This method returns an undefined value.

This method reads the file provided as custom_wordlist and yields the expanded form of each word in the list.

Yield Parameters:

• word (String) —

  the expanded word, and the word itself

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 189

def each_custom_word
  ::File.open(custom_wordlist, "rb") do |fd|
    fd.each_line do |line|
      yield line.chomp
      expanded_words(line) do |word|
        yield word unless line.chomp == word
      end
    end
  end
end

#each_database_word {|word| ... } ⇒ void

This method returns an undefined value.

This method searches the notes in the current workspace for DB instance names, database names, table names, and column names gathered from live database servers. It yields each one that it finds.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 207

def each_database_word
  # Yield database, table and column names from any looted database schemas
  workspace.notes.where('ntype like ?', '%.schema%').each do |note|
    expanded_words(note.data['DBName']) do |word|
      yield word
    end

    note.data['Tables'].each do |table|
      expanded_words(table['TableName']) do |word|
        yield word
      end

      table['Columns'].each do |column|
        expanded_words(column['ColumnName']) do |word|
          yield word
        end
      end
    end
  end

  # Yield any capture MSSQL Instance names
  workspace.notes.where(['ntype=?', 'mssql.instancename']).each do |note|
    expanded_words(note.data['InstanceName']) do |word|
      yield word
    end
  end
end

#each_default_word {|word| ... } ⇒ void

This method returns an undefined value.

This method yields expanded words taken from the default john wordlist that we ship in the data directory.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 240

def each_default_word
  ::File.open(default_wordlist_path, "rb") do |fd|
    fd.each_line do |line|
      expanded_words(line) do |word|
        yield word
      end
    end
  end
end

#each_hostname_word {|word| ... } ⇒ void

This method returns an undefined value.

This method yields the expanded words out of all the hostnames found in the current workspace.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 255

def each_hostname_word
  workspace.hosts.all.each do |host|
    unless host.name.nil?
      expanded_words(host.name) do |word|
        yield nil
      end
    end
  end
end

#each_mutated_word(word = '') {|word| ... } ⇒ void

This method returns an undefined value.

This method checks to see if the user asked for mutations. If mutations have been enabled, then it creates all the unique mutations and yields each result.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 271

def each_mutated_word(word='')
  mutants = [ ]

  # Run the mutations only if the option is set
  if mutate
    mutants = mutants + mutate_word(word)
  end

  mutants << word
  mutants.uniq.each do |mutant|
    yield mutant
  end
end

#each_prepended_word(word = '') {|word| ... } ⇒ void

This method returns an undefined value.

This method takes a word, and prepends each word from the prependers list and yields the new words.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 290

def each_prepended_word(word='')
  yield word
  prependers.each do |prefix|
    yield "#{prefix}#{word}"
  end
end

#each_root_word {|word| ... } ⇒ void

This method returns an undefined value.

This method reads the common_roots.txt wordlist expands any words in the list and yields them.

Yield Parameters:

• word (String) —

  the expanded word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 302

def each_root_word
  ::File.open(common_root_words_path, "rb") do |fd|
    fd.each_line do |line|
      expanded_words(line) do |word|
        yield word
      end
    end
  end
end

#each_word {|word| ... } ⇒ void

This method returns an undefined value.

This method wraps around all the other enumerators. It processes all of the options and yields each word generated by the options selected.

Yield Parameters:

• word (String) —

  the word to write out to the wordlist file

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 318

def each_word
  each_base_word do |base_word|
    each_mutated_word(base_word) do |mutant|
      each_prepended_word(mutant) do |prepended|
        yield prepended
      end

      each_appended_word(mutant) do |appended|
        yield appended
      end
    end
  end
end

#expanded_words(word = '') {|expanded| ... } ⇒ void

This method returns an undefined value.

This method takes a string and splits it on non-word characters and the underscore. It does this to find likely distinct words in the string. It then yields each ‘word’ found this way.

Parameters:

• word (String) (defaults to: '') —

  the string to split apart

Yield Parameters:

• expanded (String) —

  the expanded words

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 339

def expanded_words(word='')
  word.split(/[\W_]+/).each do |expanded|
    yield expanded
  end
end

#mutate_word(word) ⇒ Array<String>

This method takes a word and applies various mutation rules to that word and returns an array of all the mutated forms.

Parameters:

• word (String) —

  the word to apply the mutations to

Returns:

• (Array<String>) —

  An array containing all the mutated forms of the word

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 350

def mutate_word(word)
  results = []
  # Iterate through combinations to create each possible mutation
  mutation_keys.each do |iteration|
    next if iteration.flatten.empty?
    intermediate = word.dup
    subsititutions = iteration.collect { |key| MUTATIONS[key] }
    intermediate.tr!(subsititutions.join, iteration.join)
    results << intermediate
  end
  results.flatten.uniq
end

#mutation_keys ⇒ Array<Array>

A getter for a memoized version of the mutation keys list

Returns:

• (Array<Array>) —

  a 2D array of all mutation combinations

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 366

def mutation_keys
  @mutation_keys ||= generate_mutation_keys
end

#to_file(max_len = 0) ⇒ Rex::Quickfile

This method takes all the options provided and streams the generated wordlist out to a Rex::Quickfile and returns the Rex::Quickfile.

Parameters:

• max_len (Integer) (defaults to: 0) —

  max length of a word in the wordlist, 0 default for ignored value

Returns:

• (Rex::Quickfile) —

  The Rex::Quickfile object that the wordlist has been written to

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 375

def to_file(max_len = 0)
  valid!
  wordlist_file = Rex::Quickfile.new("jtrtmp")
  each_word do |word|
    wordlist_file.puts max_len == 0 ? word : word[0...max_len]
  end
  wordlist_file
end

#valid! ⇒ void

This method returns an undefined value.

Raise an exception if the attributes are not valid.

Raises:

• (Invalid) —

  if the attributes are not valid on this scanner

# File 'lib/metasploit/framework/password_crackers/wordlist.rb', line 388

def valid!
  unless valid?
    raise Metasploit::Framework::PasswordCracker::InvalidWordlist.new(self)
  end
  nil
end