/// <summary> /// The fitness function for a candidate Markov model. It uses the number of accounts /// cracked as the fitness. /// /// This method is thread-safe, so you can run it in parallel. /// </summary> /// <param name="phenome">The Markov model to evaluate.</param> /// <returns>The fitness of the Markov model (number of passwords cracked).</returns> public FitnessInfo Evaluate(MarkovChain phenome) { // The score is the number of accounts cracked. // Since some passwords are reused across multiple // accounts, a particular password may be worth more // than 1. double score = 0; // This is how many unique passwords were cracked. int uniques = 0; // Track previous guesses so we don't count duplicates. HashSet <string> guessed = new HashSet <string>(); // The model gets a fixed number of guesses. for (int i = 0; i < _guesses; i++) { // Generate a guess var guess = phenome.Activate(); // If the model already guessed this password previously, // just skip it. if (guessed.Contains(guess)) { continue; } double count = 0; PasswordInfo temp; // If the database is hashed, then we need to hash the guess. if (_md5 != null) { lock (_md5) count = _md5.InDatabase(guess); } // If it's plaintext, we can simply look it up in the dictionary. else { if (Passwords.TryGetValue(guess, out temp)) { count = temp.Reward; } } // If the password was in the dictionary, then this model guessed // it correctly. if (count > 0) { // Add the number of accounts cracked to the model's score. score += count; uniques++; // Add this password to the list of total found passwords. lock (FoundPasswords) FoundPasswords.Add(guess); // Add the guess to the list of previous guesses for this model. // Ideally, we'd like to add passwords that weren't in the database // so we could skip those too, but for large guess sizes it will // take up too much memory. guessed.Add(guess); } } _evalCount++; // Return the fitness as the number of accounts cracked. The alternative // fitness is the unique accounts cracked. You can try switching // these two around to see which gets better performance. return(new FitnessInfo(score, uniques)); }
public override void analyzeFile() { try { using (var sr = new StreamReader(this.stm)) { string line; while ((line = sr.ReadLine()) != null) { var parametro = string.Empty; var tipo = string.Empty; var valor = string.Empty; try { parametro = line.Split(new char[] { ':' })[0]; tipo = line.Split(new char[] { ':' })[1]; int entryPoint = parametro.Length + 1 + tipo.Length + 1; valor = line.Substring(entryPoint, line.Length - entryPoint); } catch { return; } if (string.IsNullOrEmpty(valor)) { continue; } switch (parametro.ToLower()) { case "shell working directory": case "remoteapplicationprogram": case "remoteapplicationname": case "remoteapplicationcmdline": FoundPaths.AddUniqueItem(valor, true); break; case "full address": FoundServers.AddUniqueItem(new ServersItem(valor, "RDP file Analysis")); break; case "gatewayhostname": FoundServers.AddUniqueItem(new ServersItem(valor.Split(new char[] { ':' })[0], "RDP file Analysis")); break; case "alternate shell": FoundPaths.AddUniqueItem(valor, true); var softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor); FoundMetaData.Applications.AddUniqueItem(!string.IsNullOrEmpty(softName) ? new ApplicationsItem(softName) : new ApplicationsItem(valor)); break; case "username": FoundUsers.AddUniqueItem(valor, true); break; case "domain": break; case "password": FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "RDP Password")); break; case "password 51": FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "RDP Password (Type 51)")); break;; } } } } catch (Exception e) { System.Diagnostics.Debug.WriteLine(e.ToString()); } }
public override void analyzeFile() { try { StreamReader sr = new StreamReader(this.stm); string line = string.Empty; while ((line = sr.ReadLine()) != null) { string parametro = string.Empty; string valor = string.Empty; try { parametro = line.Split(new char[] { '=' })[0]; int entryPoint = parametro.Length + 1; valor = line.Substring(entryPoint, line.Length - entryPoint); } catch { continue; } if (string.IsNullOrEmpty(valor)) { continue; } if (parametro.ToString().ToLower().StartsWith("Address".ToLower())) { string ipOrHost = valor.Split(new char[] { ':' })[0]; FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis")); } else if (parametro.ToString().ToLower().StartsWith("HttpBrowserAddress".ToLower())) { string ipOrHost = valor.Split(new char[] { ':' })[0]; FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis")); } else if (parametro.ToString().ToLower().StartsWith("TcpBrowserAddress".ToLower())) { string ipOrHost = valor.Split(new char[] { ':' })[0]; FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis")); } else if (parametro.ToString().ToLower().StartsWith("Username".ToLower())) { FoundUsers.AddUniqueItem(valor, true); } else if (parametro.ToString().ToLower().StartsWith("ClearPassword".ToLower())) { FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "ICA Clear password")); } else if (parametro.ToString().ToLower().StartsWith("Password".ToLower())) { FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "ICA password")); } else if ((parametro.ToString().ToLower().StartsWith("PersistentCachePath".ToLower())) || (parametro.ToString().ToLower().StartsWith("WorkDirectory".ToLower())) || (parametro.ToString().ToLower().StartsWith("InitialProgram".ToLower())) ) { FoundPaths.AddUniqueItem(valor, true); string user = PathAnalysis.ExtractUserFromPath(valor); if (user != string.Empty) { FoundUsers.AddUniqueItem(user, true); } string softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor); if (!string.IsNullOrEmpty(valor)) { FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(softName)); } else { FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(valor)); } } else if (parametro.ToString().ToLower().StartsWith("IconPath".ToLower())) { FoundPaths.AddUniqueItem(valor, true); string user = PathAnalysis.ExtractUserFromPath(valor); if (user != string.Empty) { FoundUsers.AddUniqueItem(user, true); } string softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor); if (!string.IsNullOrEmpty(valor)) { FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(softName)); } else { FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(valor)); } } else if (parametro.ToString().ToLower().StartsWith("SSLProxyHost".ToLower())) { string ipOrHost = valor.Split(new char[] { ':' })[0]; if (ipOrHost != "*") { FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis")); } } } } catch (Exception e) { System.Diagnostics.Debug.WriteLine(e.ToString()); } }