<p align="center"> <img src="https://shuck.sh/images/shucksh-192x192.png" alt="Shuck.sh"/> </p>

:closed_lock_with_key: ShuckNT : Shuck hash before trying to crack it | Shuck.sh's script

ShuckNT is the script of Shuck.sh online service for on-premise use (try it online!). It is design to dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard (DES).

Algorithms / formats supported :

• MSCHAPv2
• NET(NT)LM
• (LM|NT)HASH
• PPTP-VPN $99$
• All with any challenge value!

ShuckNT rely on hash shucking principle to optimize challenge-response cracking and exploitability.

Password shucking is a method of stripping layers off an updated password hash, removing the benefits of its new password hashing algorithm and reverting it to its weaker algorithm. Password shucking can be used by an attacker against old rehashed passwords or pre-hash passwords, enabling them to strip away or "shuck" off the strong outer password hashing algorithm.

From a list of input tokens, ShuckNT provides :

• The NT-hash instantly (pass-the-hash ready) through a smart-research in the HaveIBeenPwned latest database (if present);
• The Crack.Sh ready-to-use optimized token, to pay less or nothing if NT-hash not found in HIBP-DB;
• Several converted formats to try to crack them via other tools (hashcat, jtr, CloudCracker, etc.) :
  • Hashcat mode 5500: to crack NetNTLMv1 to plaintext (unpredictable result, depend on wordlists, masks, rules...);
  • Hashcat mode 27000: to shuck NetNTLMv1 to NT-hash (unpredictable result / depend on NT-wordlists...);
  • Hashcat mode 14000: to shuck NetNTLMv1 to DES-keys then NT-hash (100% result / time needed);
• All the details of the dissection of the challenge-response (PT1/2/3, K1/2/3, CT1/2/3, HIBP occurences/candidates, LMresp, NTresp, challenges, etc.).

:mag: How it works?

Behind Shuck.sh's script ShuckNT is simply an efficient and optimized binary-search for DES-keys collisions from a subset of NT-hashes candidate, whose last two bytes are known, in custom-reversed-binary HIBP's database.

During a security assessment (limited in time), if you capture ~100 NetNTLMv1 (with or without ESS) via a tool such as Responder, the search for the corresponding NT-Hashes (if leaked on HIBP) only takes a few seconds via Shuck.sh/ShuckNT (~10s).

Shuck.sh's script ShuckNT takes care of simplifying by converting the cryptographic algorithm to a weaker form (without ESS if possible, in a free format for Crack.Sh or directly in NT-Hash format if leaked on HIBP). Thus a NetNTLMv1-ESS/SSP, PPTP VPN or MSCHAPv2 challenge (not-free and time-consuming on Crack.Sh) can potentially be shucked instantly for free!

The initial idea of Shuck.sh/ShuckNT was born from a desire to save time during security assessments for customers, not to rely on a third-party online service whose availability is not necessarily continuous and to be able to be locally autonomous.

:hammer: Installation of ShuckNT / Preparing the HIBP database

The installation process consists of:

• Get the ShuckNT project;
• Prepare HaveIBeenPwned database (one time only, takes several minutes) (these steps are to be carried out under a Unix/Linux environment):
  • Download the latest version of the HaveIBeenPwned database of NT-hashes ordered by hashes (several GB) (Mirror link or via torrent);
  • Extract this database via 7zip;
  • Reverse all the hashes of this database via ShuckNT script directly;
  • Sort all reversed-hashes;
  • Convert this new database into a binary format via ShuckNT script directly (or via the HIBP_PasswordList_Slimmer of my friend @JoshuaMart :));
• Enjoy ShuckNT!

Installation commands:

# Install dependencies
apt install p7zip-full php git

# Get ShuckNT tool
git clone https://github.com/yanncam/ShuckNT
cd ShuckNT

# Prepare HaveIBeenPwned database (one time only, takes several minutes)
## Download latest HIBP-DB (can take severals minutes...)
wget https://downloads.pwnedpasswords.com/passwords/pwned-passwords-ntlm-ordered-by-hash-v8.7z
## Extract HIBP-DB (can take severals minutes...)
7z e pwned-passwords-ntlm-ordered-by-hash-v8.7z
## Reverse all hashes (can take severals minutes...)
php shucknt.php -r pwned-passwords-ntlm-ordered-by-hash-v8.txt -t pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed
## Sort all reversed-hashes (can take severals minutes...)
sort pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed -o pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed-sorted
## Convert to binary format (can take severals minutes...)
php shucknt.php -b pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed-sorted -t pwned-passwords-ntlm-reversed-ordered-by-hash-v8.bin
## Free space to keep only pwned-passwords-ntlm-reversed-ordered-by-hash-v8.bin
rm -f pwned-passwords-ntlm-ordered-by-hash-v8.7z
rm -f pwned-passwords-ntlm-ordered-by-hash-v8.txt
rm -f pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed
rm -f pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed-sorted

# Enjoy ShuckNT via commandline, or web http://[HOST]/shucknt.php
php shucknt.php -h

The generation of the database in the format expected by ShuckNT is to be done under a Unix/Linux system.

The use of ShuckNT with a valid database has been tested under Windows/Linux with PHP7/8+.

Please note that ShuckNT use the PHP-OpenSSL extension with the DES-ECB algorithm. So for modern PHP version with OpenSSL3, enable the legacy provider.

Checksums for each steps :

$ sha1sum pwned-passwords-ntlm-*
225a993a908e3d73ffa68859c4f128e17359358e  pwned-passwords-ntlm-ordered-by-hash-v8.7z
4b6c4728c21f64d6a58c7b63d98dcf342c068407  pwned-passwords-ntlm-ordered-by-hash-v8.txt
88094c4a332ecfac9a15c23ba886194d1810b0b2  pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed
d5486dfbf960f36ff0e1cf313a1b80db5cd4137f  pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed-sorted
31a5c1b605cca5bcf71196c70f291c05aa3fe86c  pwned-passwords-ntlm-reversed-ordered-by-hash-v8.bin

$ sha256sum pwned-passwords-ntlm-*
ea83d536387e6b149f2e362bf7dfbf521523812611359f47620fd44dae9770ee  pwned-passwords-ntlm-ordered-by-hash-v8.7z
916cfd1772d24f2fe99aa5f37d4a465359c7b6f7d39f45ffbf27deca697b7116  pwned-passwords-ntlm-ordered-by-hash-v8.txt
76f9e101801dfc44489cad4edec5f14d634c2b4676bb9ffbc7e9968c9a5356a5  pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed
6ee13a35ed88e8073be088a20560cb9fefcc6d08e599241244eaee01dc053a44  pwned-passwords-ntlm-ordered-by-hash-v8.txt-reversed-sorted
ac2f6bf681fbe636b94f3ce3f2b594ef3d0af7671375478db1153874e8a5d873  pwned-passwords-ntlm-reversed-ordered-by-hash-v8.bin

:fire: Demonstration / Example / How to use?

ShuckNT is a standalone-PHP script without any dependencies. It can be used in CLI command-line or through a Web-Browser.

CLI command-line standalone script

Help, arguments and syntax:

$ php shucknt.php -h
 __ _                _        __  _____
/ _\ |__  _   _  ___| | __ /\ \ \/__   \
\ \| '_ \| | | |/ __| |/ //  \/ /  / /\/
_\ \ | | | |_| | (__|   </ /\  /  / /
\__/_| |_|\__,_|\___|_|\_\_\ \/   \/  v1.0
DES-based authentication token shucker (https://shuck.sh)
@author : ycam | @asafety.fr / @yann.cam

ShuckNT is design to dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard (DES).
Algorithms / formats supported :
        - NetNTLMv1(-ESS/SSP)
        - MSCHAPv2
        - NET(NT)LM
        - (LM|NT)HASH
        - PPTP-VPN $99$
        - All with any challenge value!

ShuckNT rely on "hash shucking" principle to optimize challenge-response cracking and exploitability.

From a list of input tokens, ShuckNT provides :
- The NT-hash instantly (pass-the-hash ready) through a smart-research in the HaveIBeenPwned latest database (if present);
- The Crack.Sh ready-to-use optimized token, to pay less or nothing if NT-hash not found in HIBP-DB;
- Several converted formats to try to crack them via other tools (hashcat, jtr, CloudCracker, etc.) :
        - Hashcat mode 5500 : to crack NetNTLMv1 to plaintext (unpredictable result, depend on wordlists, masks, rules...);
        - Hashcat mode 27000: to shuck NetNTLMv1 to NT-hash (unpredictable result / depend on NT-wordlists...);
        - Hashcat mode 14000: to shuck NetNTLMv1 to DES-keys then NT-hash (100% result / time needed);
- All the details of the dissection of the challenge-response (PT1/2/3, K1/2/3, CT1/2/3, HIBP occurences/candidates, LMresp, NTresp, challenges, etc.).

Use '-h' to print help.

usage: php shucknt.php  [-h] [-f tokens.txt] [-i 'tokenValue'] [-w wordlist.bin] [-o json|stdout|web] [-v]
                        [-r input_wordlist.txt] [-b input_wordlist_reversed_sorted.txt] [-r output_wordlist] [-j]

Arguments details:

        -h                      Print this help
        -f tokens.txt           Inpu