/// <summary>
/// The fitness function for a candidate Markov model. It uses the number of accounts
/// cracked as the fitness.
///
/// This method is thread-safe, so you can run it in parallel.
/// </summary>
/// <param name="phenome">The Markov model to evaluate.</param>
/// <returns>The fitness of the Markov model (number of passwords cracked).</returns>
public FitnessInfo Evaluate(MarkovChain phenome)
{
// The score is the number of accounts cracked.
// Since some passwords are reused across multiple
// accounts, a particular password may be worth more
// than 1.
double score = 0;
// This is how many unique passwords were cracked.
int uniques = 0;
// Track previous guesses so we don't count duplicates.
HashSet <string> guessed = new HashSet <string>();
// The model gets a fixed number of guesses.
for (int i = 0; i < _guesses; i++)
{
// Generate a guess
var guess = phenome.Activate();
// If the model already guessed this password previously,
// just skip it.
if (guessed.Contains(guess))
{
continue;
}
double count = 0;
PasswordInfo temp;
// If the database is hashed, then we need to hash the guess.
if (_md5 != null)
{
lock (_md5)
count = _md5.InDatabase(guess);
}
// If it's plaintext, we can simply look it up in the dictionary.
else
{
if (Passwords.TryGetValue(guess, out temp))
{
count = temp.Reward;
}
}
// If the password was in the dictionary, then this model guessed
// it correctly.
if (count > 0)
{
// Add the number of accounts cracked to the model's score.
score += count;
uniques++;
// Add this password to the list of total found passwords.
lock (FoundPasswords)
FoundPasswords.Add(guess);
// Add the guess to the list of previous guesses for this model.
// Ideally, we'd like to add passwords that weren't in the database
// so we could skip those too, but for large guess sizes it will
// take up too much memory.
guessed.Add(guess);
}
}
_evalCount++;
// Return the fitness as the number of accounts cracked. The alternative
// fitness is the unique accounts cracked. You can try switching
// these two around to see which gets better performance.
return(new FitnessInfo(score, uniques));
}
public override void analyzeFile()
{
try
{
using (var sr = new StreamReader(this.stm))
{
string line;
while ((line = sr.ReadLine()) != null)
{
var parametro = string.Empty;
var tipo = string.Empty;
var valor = string.Empty;
try
{
parametro = line.Split(new char[] { ':' })[0];
tipo = line.Split(new char[] { ':' })[1];
int entryPoint = parametro.Length + 1 + tipo.Length + 1;
valor = line.Substring(entryPoint, line.Length - entryPoint);
}
catch
{
return;
}
if (string.IsNullOrEmpty(valor))
{
continue;
}
switch (parametro.ToLower())
{
case "shell working directory":
case "remoteapplicationprogram":
case "remoteapplicationname":
case "remoteapplicationcmdline":
FoundPaths.AddUniqueItem(valor, true);
break;
case "full address":
FoundServers.AddUniqueItem(new ServersItem(valor, "RDP file Analysis"));
break;
case "gatewayhostname":
FoundServers.AddUniqueItem(new ServersItem(valor.Split(new char[] { ':' })[0],
"RDP file Analysis"));
break;
case "alternate shell":
FoundPaths.AddUniqueItem(valor, true);
var softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor);
FoundMetaData.Applications.AddUniqueItem(!string.IsNullOrEmpty(softName)
? new ApplicationsItem(softName)
: new ApplicationsItem(valor));
break;
case "username":
FoundUsers.AddUniqueItem(valor, true);
break;
case "domain":
break;
case "password":
FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "RDP Password"));
break;
case "password 51":
FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "RDP Password (Type 51)"));
break;;
}
}
}
}
catch (Exception e)
{
System.Diagnostics.Debug.WriteLine(e.ToString());
}
}
public override void analyzeFile()
{
try
{
StreamReader sr = new StreamReader(this.stm);
string line = string.Empty;
while ((line = sr.ReadLine()) != null)
{
string parametro = string.Empty;
string valor = string.Empty;
try
{
parametro = line.Split(new char[] { '=' })[0];
int entryPoint = parametro.Length + 1;
valor = line.Substring(entryPoint, line.Length - entryPoint);
}
catch
{
continue;
}
if (string.IsNullOrEmpty(valor))
{
continue;
}
if (parametro.ToString().ToLower().StartsWith("Address".ToLower()))
{
string ipOrHost = valor.Split(new char[] { ':' })[0];
FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis"));
}
else if (parametro.ToString().ToLower().StartsWith("HttpBrowserAddress".ToLower()))
{
string ipOrHost = valor.Split(new char[] { ':' })[0];
FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis"));
}
else if (parametro.ToString().ToLower().StartsWith("TcpBrowserAddress".ToLower()))
{
string ipOrHost = valor.Split(new char[] { ':' })[0];
FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis"));
}
else if (parametro.ToString().ToLower().StartsWith("Username".ToLower()))
{
FoundUsers.AddUniqueItem(valor, true);
}
else if (parametro.ToString().ToLower().StartsWith("ClearPassword".ToLower()))
{
FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "ICA Clear password"));
}
else if (parametro.ToString().ToLower().StartsWith("Password".ToLower()))
{
FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "ICA password"));
}
else if ((parametro.ToString().ToLower().StartsWith("PersistentCachePath".ToLower())) ||
(parametro.ToString().ToLower().StartsWith("WorkDirectory".ToLower())) ||
(parametro.ToString().ToLower().StartsWith("InitialProgram".ToLower()))
)
{
FoundPaths.AddUniqueItem(valor, true);
string user = PathAnalysis.ExtractUserFromPath(valor);
if (user != string.Empty)
{
FoundUsers.AddUniqueItem(user, true);
}
string softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor);
if (!string.IsNullOrEmpty(valor))
{
FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(softName));
}
else
{
FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(valor));
}
}
else if (parametro.ToString().ToLower().StartsWith("IconPath".ToLower()))
{
FoundPaths.AddUniqueItem(valor, true);
string user = PathAnalysis.ExtractUserFromPath(valor);
if (user != string.Empty)
{
FoundUsers.AddUniqueItem(user, true);
}
string softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor);
if (!string.IsNullOrEmpty(valor))
{
FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(softName));
}
else
{
FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(valor));
}
}
else if (parametro.ToString().ToLower().StartsWith("SSLProxyHost".ToLower()))
{
string ipOrHost = valor.Split(new char[] { ':' })[0];
if (ipOrHost != "*")
{
FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis"));
}
}
}
}
catch (Exception e)
{
System.Diagnostics.Debug.WriteLine(e.ToString());
}
}
