opennms_hash_cracker

Python script to extract and bruteforce OpenNMS password hashes in users.xml

GPL-3.0 License

Stars
17
View Code on GitHub
Ecosystems: Python

OpenNMS Password Cracker

This script ingests a "users.xml" file from an OpenNMS installation and extracts the hashes and salts, then runs a standard dictionary attack against them.

The default hashing scheme for OpenNMS uses a 16byte salt and 100,000 iterations of SHA256.

There's a blogpost explaining the reasoning behind the tool and the steps taken in figuring out the hashes here:

https://blog.ropnop.com/cracking-opennms-password-hashes/

Example Usage

The OpenNMS source code has an example "users.xml" file here. This file is included in the repo as test_users.xml. A test wordlist with the known plaintexts is also included in test_wordlist.txt.

To use:

$ python opennms_crack.py
Usage: opennms_crack.py <users.xml file> <wordlist file>

$ python opennms_crack.py test_users.xml test_wordlist.txt
[+] Extracting Hashes...
[+] Extracted 4 user hashes
[+] Running crack with test_wordlist.txt...

[*] Cracked!	tempuser : mike
[*] Cracked!	admin : admin
[*] Cracked!	rtc : rtc

[*] ...done

Enjoy! @ropnop

Related Projects
smartbrute

Password spraying and bruteforcing tool for Active Directory Domain Services

16 Jul 2021 334
shadowcrack

CLI Tool for cracking Linux /etc/shadow hashed passwords

13 Oct 2016 4
passphrase-wordlist

Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords

05 Dec 2017 1,206
Replicant

A password cracking IRC bot

20 Jun 2012 15
The-Planetary-Assault-System

Fire and forget password cracking and complexity analysis.

30 Jun 2012 35
DPAT

Domain Password Audit Tool for Pentesters

22 Nov 2016 882
hashID

Software to identify the different types of hashes -

10 Jan 2013 1,333
DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding de...

01 Jan 2021 5,270
Brute-Force-Login

Proof -Of-Concept Brute Force Login on a web-site with a good dictionary of words

04 Apr 2018 260
brutekrag

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

05 Jun 2017 32
pycurity

Python Security Scripts

27 Oct 2017 243
ZIP-Password-BruteForcer

Zip File Password Cracking with Using Password List !

19 Apr 2018 176
password-smelter

PASSWORDS, NED! IN AN OPEN FIEEEELD!!

06 May 2021 14
Hash-Buster

Crack hashes in seconds.

03 Jul 2017 1,728
Hash-Cracker

Python Script for Hash Cracking | Coded By Sir.4m1R

25 May 2018 21