- Carnivore - Predator
- Formerly known as THC HackSuite, Carnivore - Predator stands at the forefront of cutting-edge cybersecurity tools, redefining the landscape of penetration testing with unparalleled innovation. Designed to empower ethical hackers, security professionals, and enthusiasts alike, Carnivore - Predator is the ultimate Pentest CMS that puts you in command.
THC AntiHash Introduction
This documentation details the functionality of the THC AntiHash (thc_ah) module.
THC AntiHash is a bruteforce module designed for retrieving encrypted passwords. It supports bruteforcing both md5 and sha1 hashes, whether salted or unsalted.
Interface Parameters
- Hash: The encrypted password string.
- Salted: Indicates whether the password is salted.
- Structure: Specifies the structure of the password before encryption (salt+password or password+salt).
- Salt: The salt used for creating the password.
- Encryption: Specifies the encryption algorithm (sha1, md5, or auto-detect).
- Wordlist: Selection menu containing the names of wordlists from the Wordlists folder.
ModGlue Variables
- $_CONTEXT['thc_ah']['logfile']: (string) Absolute path to the module's log file.
- $_CONTEXT['thc_ah']['hashdetect']: (string) Absolute path to the module's hash detection properties file.
- $_CONTEXT['thc_ah']['hashdetectfunc']: (string) Absolute path to the module's hash detection function file.
- $_CONTEXT['thc_ah']['wordlistdata']: (array) Data of the wordlist, with each password on a new line.
- $_CONTEXT['thc_ah']['encoding_func']: (string) Absolute path to the module's encryption function file.
- $_CONTEXT['thc_ah']['password']: (string) Last used password.
- $_CONTEXT['thc_ah']['hash']: (string) User-specified hash.
- $_CONTEXT['thc_ah']['saltstructure']: (string) User-specified salted password structure.
- $_CONTEXT['thc_ah']['saltstring']: (string) User-specified salt.
- $_CONTEXT['thc_ah']['wordlist']: (string) Absolute path to the wordlist file located in the Wordlists folder.
- $_CONTEXT['thc_ah']['hashlength']: (int) Character length of the hash.
- $_CONTEXT['thc_ah']['attackresult']: (boolean) Indicates whether the password was found in the wordlist. If true, $_CONTEXT['thc_ah']['password'] contains the correct password.
Resource Settings
- Time Limit: PHP default
- Memory Limit: PHP default
Expanding THC AntiHash
THC AntiHash's functionality can be expanded by adding new hashing algorithms to the hash_detect.php file located in the module's root folder.
To add a new algorithm, use the following syntax:
$_CONTEXT['hashes']['HASH_ALGORITHM'] = array(EXPECTED_HASH_LENGTH, "PHP_HASHING_FUNCTION");HASH_ALGORITHM: The name of the hashing algorithm (e.g., sha1, md5).
EXPECTED_HASH_LENGTH: The length required to detect the algorithm in auto-detect mode.
PHP_HASHING_FUNCTION: The name of the PHP hashing function.
You can add both native PHP encryption functions or create your own. All functions must accept a single parameter, the string to be encrypted.
For example, to create a custom encryption function called bogus that generates 16-character hashes, add the following line:
$_CONTEXT['hashes']['bogus'] = array(16, "bogus");If bogus is not a native PHP function, Carnivore will search for and include bogus.php from the module's root folder. This file must contain a function called Bogus() to handle the encryption.
Note that if multiple algorithms produce hashes of the same length, auto-detection will fail.
Dependencies
N/A
Known Issues
This module utilizes dictionary attack bruteforcing, which can be resource-intensive. If you encounter time limit or memory issues, consider adjusting the module's settings.