From 8c4cff3af3eb46d09a47f5d3f8383406651debda Mon Sep 17 00:00:00 2001
From: Ronald Farrer <canutethegreat@portkey.localdomain>
Date: Fri, 10 Feb 2023 17:24:40 -0800
Subject: [PATCH] Reworked core.

---
 aws/README.md                           | 21 +++++++---
 aws/env/hosts                           |  7 ----
 aws/files/hashcat-cloud.service         |  8 ++++
 aws/files/hashcat_start.j2              | 25 -----------
 aws/group_vars/{all => all.example}     |  0
 aws/roles/ec2_hashcat/tasks/main.yml    | 56 ++++++++++++++++++-------
 aws/{files => templates}/credentials.j2 |  0
 aws/templates/hashcat_start.j2          | 55 ++++++++++++++++++++++++
 8 files changed, 121 insertions(+), 51 deletions(-)
 delete mode 100644 aws/env/hosts
 create mode 100644 aws/files/hashcat-cloud.service
 delete mode 100644 aws/files/hashcat_start.j2
 rename aws/group_vars/{all => all.example} (100%)
 rename aws/{files => templates}/credentials.j2 (100%)
 create mode 100644 aws/templates/hashcat_start.j2

diff --git a/aws/README.md b/aws/README.md
index 0a08dee..88b60c1 100644
--- a/aws/README.md
+++ b/aws/README.md
@@ -1,12 +1,23 @@
 # hashcat-aws
 hashcat on aws
 
-To deploy, run:
-ansible-playbook hashcat.yml -i env/hosts -e group_vars/all 
+Setup:
+1. Edit env/hosts (see env/hosts.example)
+2. Edit group_vars/all (see group_vars/all.example)
+3. Set up your S3 bucket as follows:
+    A. MYBUCKETNAME/hashes/crackme (this is the hashcat-ready file that needs crack'n)
+    B. MYBUCKETNAME/hashes/crackme.type (this is the integer for hashcat to tell it the type; i.e. 22000 for WPA2)
+4. Create an AWS keypair and be sure to reference it in the env/hosts and group_vars/all files
+5. Create ~/.aws/credentials 
 
-To destroy *ALL*, run:
-ansible-playbook hashcat-destroy.yml -i env/hosts -e group_vars/all
+To deploy, run:
+ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook hashcat.yml -i env/hosts -e group_vars/all 
+
+To destroy *ALL* instances, run:
+ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook hashcat-destroy.yml -i env/hosts -e group_vars/all
+
+If not using the default/only AWS profile in ~/.aws/credentials, you can prepend: AWS_PROFILE=myawsprofile
 
 --
 
-On successful run the instance will self terminate.
+On successful run of hashcat.yml the instance will self terminate. If not use the hashcat-destroy.yml to destroy all instances.
diff --git a/aws/env/hosts b/aws/env/hosts
deleted file mode 100644
index 03335e4..0000000
--- a/aws/env/hosts
+++ /dev/null
@@ -1,7 +0,0 @@
-all:
-  hosts:
-  vars:
-    ansible_user: ubuntu
-    ansible_ssh_private_key_file: <your ssh key file>
-    ansible_ssh_common_args: -o StrictHostKeyChecking=no
-    plugin: aws_ec2, boto
diff --git a/aws/files/hashcat-cloud.service b/aws/files/hashcat-cloud.service
new file mode 100644
index 0000000..529be78
--- /dev/null
+++ b/aws/files/hashcat-cloud.service
@@ -0,0 +1,8 @@
+[Unit]
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/hashcat_start
+
+[Install]
+WantedBy=default.target
diff --git a/aws/files/hashcat_start.j2 b/aws/files/hashcat_start.j2
deleted file mode 100644
index 4d65094..0000000
--- a/aws/files/hashcat_start.j2
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-HASHCAT=/usr/local/hashcat/hashcat.bin
-WORDLIST=/mnt/wordlists/rockyou.txt
-RULES=/usr/local/hashcat/rules/best64.rule
-HANDSHAKES=/mnt/hs/
-TMP=/tmp/
-HOST=`/bin/hostname`
-
-# Download hashcat
-cd $TMP
-curl -s https://api.github.com/repos/hashcat/hashcat/releases/latest | jq '.assets[] | select(.name|match(".7z$")) | .browser_download_url' | sed 's/"/ /' | sed 's/"/ /' | wget -i -
-7zr x hashcat*.7z
-rm -f hashcat*.7z
-mv -f /tmp/hashcat* /usr/local/hashcat
-
-$HASHCAT -I >> $HANDSHAKES/hashcat-info-$HOST.log
-
-for hash in `ls -1 $HANDSHAKES/*.22000`
-do 
-	$HASHCAT -o $hash.cracked -a 0 -m 22000 $hash $WORDLIST -r $RULES
-done
-
-# shutdown instance so it can self-terminate
-shutdown -h now
diff --git a/aws/group_vars/all b/aws/group_vars/all.example
similarity index 100%
rename from aws/group_vars/all
rename to aws/group_vars/all.example
diff --git a/aws/roles/ec2_hashcat/tasks/main.yml b/aws/roles/ec2_hashcat/tasks/main.yml
index 446fdc4..920f258 100644
--- a/aws/roles/ec2_hashcat/tasks/main.yml
+++ b/aws/roles/ec2_hashcat/tasks/main.yml
@@ -1,9 +1,9 @@
-- name: Update repo list (update) and upgrade instance (upgrade)
+- name: Update repo list (apt update) and upgrade instance (apt upgrade)
   become: yes
   ansible.builtin.apt:
     update_cache: yes
 
-- name: Upgrade the OS (dist-upgrade)
+- name: Upgrade the OS (apt dist-upgrade)
   become: yes
   ansible.builtin.apt:
     upgrade: dist
@@ -14,12 +14,20 @@
     name: p7zip
     update_cache: yes
 
-- name: jq
+- name: Install jq
   become: yes
   ansible.builtin.apt:
     name: jq 
     update_cache: yes
 
+# usually included in the default install, but we'll make sure just in case...
+- name: Install tmux
+  become: yes
+  ansible.builtin.apt:
+    name: tmux 
+    update_cache: yes
+
+
 #- name: Install build-essential
 #  become: yes
 #  ansible.builtin.apt:
@@ -45,7 +53,8 @@
 
 - name: Copy hashcat_start script
   become: yes
-  ansible.builtin.copy:
+  #ansible.builtin.copy:
+  template:
     src: hashcat_start.j2
     dest: /usr/local/bin/hashcat_start
     owner: root
@@ -68,7 +77,8 @@
 
 - name: Copy AWS Credentials
   become: yes
-  ansible.builtin.copy:
+  #ansible.builtin.copy:
+  template:
     src: credentials.j2
     dest: /root/.aws/credentials
     owner: root
@@ -81,18 +91,36 @@
     dest: /etc/fstab
     line: '{{ item }}'
   with_items:
-    - 'goofys#{{ s3.bucket_name }}   {{ s3.mount_point }}        fuse     _netdev,allow_other,--file-mode=0660,--dir-mode=0770,--uid=1000,--gid=1000,--endpoint={{ s3.end_point }},noauto    0       0'
+    - 'goofys#{{ s3.bucket_name }}   {{ s3.mount_point }}        fuse     _netdev,allow_other,--file-mode=0660,--dir-mode=0770,--uid=1000,--gid=1000,--endpoint={{ s3.end_point }}    0       0'
 
 - name: Mount S3 bucket
-  become: yes
-  command: mount /mnt
-  args:
-    warn: no
   become: true
+  command: mount /mnt
+    #args:
+    #warn: no
 
-- name: Run hashcat
-  become: yes
-  shell: "(/usr/local/bin/hashcat_start >/dev/null 2>&1 &)"
-  ###command: "(/usr/local/bin/hashcat_start &)"
+- name: Copy .service
+  become: true
+  ansible.builtin.copy:
+    src: hashcat-cloud.service
+    dest: /etc/systemd/system/hashcat-cloud.service
+    owner: root
+    group: root
+    mode: '0644'
 
+- name: Tell systemd to reread configs 
+  become: true
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Enable .service
+  become: true
+  ansible.builtin.systemd:
+    state: stopped
+    enabled: true
+    name: hashcat-cloud
+
+- name: Reboot!
+  become: true
+  ansible.builtin.reboot:
 
diff --git a/aws/files/credentials.j2 b/aws/templates/credentials.j2
similarity index 100%
rename from aws/files/credentials.j2
rename to aws/templates/credentials.j2
diff --git a/aws/templates/hashcat_start.j2 b/aws/templates/hashcat_start.j2
new file mode 100644
index 0000000..104c20b
--- /dev/null
+++ b/aws/templates/hashcat_start.j2
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+HASHCAT=/usr/local/hashcat/hashcat.bin
+###WORDLIST=/mnt/wordlists/rockyou.txt
+###WORDLIST=/mnt/wordlists/crackstation.txt
+WORDLIST=/mnt/wordlists/xsukax-Wordlist-All.txt
+RULES=/usr/local/hashcat/rules/best64.rule
+###HASHTYPE=22000
+HASHES=/mnt/hashes/
+TMP=/tmp/
+HOST=`/bin/hostname`
+
+# Download hashcat
+cd $TMP
+curl -s https://api.github.com/repos/hashcat/hashcat/releases/latest | jq '.assets[] | select(.name|match(".7z$")) | .browser_download_url' | sed 's/"/ /' | sed 's/"/ /' | wget -i -
+7zr x hashcat*.7z
+rm -f hashcat*.7z
+mv -f /tmp/hashcat* /usr/local/hashcat
+
+if [ -e /mnt/hashcat ]; then
+	cp -f /mnt/hashcat/hashcat.restore /usr/local/hashcat/hashcat.restore 
+	cp -f /mnt/hashcat/hashcat.potfile /usr/local/hashcat/hashcat.potfile
+	cp -f /mnt/hashcat/hashcat.dictstat2 /usr/local/hashcat/hashcat.dictstat2
+	cp -f /mnt/hashcat/hashcat.log /usr/local/hashcat/hashcat.log
+fi
+
+$HASHCAT -I >> $HASHES/hashcat-info-$HOST.log
+
+cd /mnt/hashes/
+
+HASHTYPE=`cat /mnt/hashes/crackme.type`
+session="hashcat"
+tmux new-session -d -s $session
+window=0
+tmux rename-window -t $session:$window 'hashcat'
+tmux send-keys -t $session:$window "$HASHCAT -o crackme.cracked -a 0 -m $HASHTYPE crackme $WORDLIST -r $RULES -w 4" C-m
+
+sleep 60s
+
+while true
+do
+	pidof hashcat.bin > /dev/null 2>&1
+	retVal=$?
+	if [[ $retVal -ne 0 ]]; then
+		cp -f /usr/local/hashcat/hashcat.restore /mnt/hashcat/hashcat.restore
+		cp -f /usr/local/hashcat/hashcat.potfile /mnt/hashcat/hashcat.potfile
+		cp -f /usr/local/hashcat/hashcat.dictstat2 /mnt/hashcat/hashcat.dictstat2
+		cp -f /usr/local/hashcat/hashcat.log /mnt/hashcat/hashcat.log
+		# shutdown instance so it can self-terminate
+		shutdown -h now
+	fi
+	sleep 60s
+done
+
+