NML Says

Data Security 6

References for this Part

Model Solutions Previous Lesson

DS.5.0

Example 1. Input to John bftest
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex50]
└─# cat bftest
Adelaide:a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
Beatrice:a6979dc879a84b82499ca8719c46bf4f7ff03b70
Caroline:7110eda4d09e062aa5e4a390b0a572ac0d2c0220
Dorothea:59af431c63aed95587d38766c3ebc6f827d83e3d
Emmeline:a51dda7c7ff50b61eaea0444371f4a6a9301e501
Florence:c8d99c2f7cd5f432c163abcd422672b9f77550bb
Gretchen:efdb8f7f2fe9c47e34dfe1fb7c491d0638ec2d86
Hermione:7110eda4d09e062aa5e4a390b0a572ac0d2c0220
Isabella:59af431c63aed95587d38766c3ebc6f827d83e3d
Example 2. Console Output from the John Solution
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex50]
└─# john bftest
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "Raw-SHA1-AxCrypt"
Use the "--format=Raw-SHA1-AxCrypt" option to force loading these as that type instead
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "Raw-SHA1-Linkedin"
Use the "--format=Raw-SHA1-Linkedin" option to force loading these as that type instead
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "ripemd-160"
Use the "--format=ripemd-160" option to force loading these as that type instead
Warning: detected hash type "Raw-SHA1", but the string is also recognized as "has-160"
Use the "--format=has-160" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 9 password hashes with no different salts (Raw-SHA1 [SHA1 256/256 AVX2 8x])
Warning: no OpenMP support for this hash type, consider --fork=4
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
Almost done: Processing the remaining buffered candidate passwords, if any.
Proceeding with wordlist:/usr/share/john/password.lst
1234             (Caroline)     
1234             (Hermione)     
john             (Emmeline)     
test             (Adelaide)     
jake             (Florence)     
Proceeding with incremental:ASCII
fede             (Beatrice)     
emma             (Gretchen)     
7g 0:00:01:43  3/3 0.06776g/s 23659Kp/s 23659Kc/s 48008KC/s alilmide..alilmid3
7g 0:00:01:44  3/3 0.06711g/s 23666Kp/s 23666Kc/s 48014KC/s kheoot23..kheoot29
Fede             (Dorothea)     
Fede             (Isabella)     
9g 0:00:06:15 DONE 3/3 (2025-02-17 16:44) 0.02394g/s 23573Kp/s 23573Kc/s 47298KC/s Feds..Fed.
Use the "--show --format=Raw-SHA1" options to display all of the cracked passwords reliably
Session completed. 

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex50]
└─# john bftest --show
Adelaide:test
Beatrice:fede
Caroline:1234
Dorothea:Fede
Emmeline:john
Florence:jake
Gretchen:emma
Hermione:1234
Isabella:Fede

9 password hashes cracked, 0 left
Example 3. Content of Johns /root/.john/john.pot
1
2
3
4
5
6
7

$dynamic_26$7110eda4d09e062aa5e4a390b0a572ac0d2c0220:1234
$dynamic_26$a51dda7c7ff50b61eaea0444371f4a6a9301e501:john
$dynamic_26$a94a8fe5ccb19ba61c4c0873d391e987982fbbd3:test
$dynamic_26$c8d99c2f7cd5f432c163abcd422672b9f77550bb:jake
$dynamic_26$a6979dc879a84b82499ca8719c46bf4f7ff03b70:fede
$dynamic_26$efdb8f7f2fe9c47e34dfe1fb7c491d0638ec2d86:emma
$dynamic_26$59af431c63aed95587d38766c3ebc6f827d83e3d:Fede

One may wonder where te names in the john bftest --show are found from this.

DS.5.1

Example 4. Input files to hashcat
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex51]
└─# cat bftest2
d4656cd76152f93e6a70374ff9b0e54f84363d6a
a9993e364706816aba3e25717850c26c9cd0d89d
cd3f0c85b158c08a2b113464991810cf2cdfc387
ace445715d71cd2614bf1ab16ea3fda5162c15e3

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex51]
└─# cat bftest3
d4656cd76152f93e6a70374ff9b0e54f84363d6a
a9993e364706816aba3e25717850c26c9cd0d89d
cd3f0c85b158c08a2b113464991810cf2cdfc387
ace445715d71cd2614bf1ab16ea3fda5162c15e3
5316157bc1017ef46a8fda61701ba35618820814
6aed2d31b342216b8eb17efb38fea65acadba793
cc1a9d0c2908cf24d19ec516ead4bf9c57825d6f
82ac0b5f2b95574b3b9edb15fc58d8b9f1293646
Example 5. Terminal Output from Running Hashcat Solutions
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

# hashcat -m 100 bftest2 -a3 -1?l?u?d ?1?1?1
hashcat (v6.2.6) starting

OpenCL API (OpenCL 3.0 PoCL 6.0+debian  Linux, None+Asserts, RELOC, LLVM 18.1.8, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
============================================================================================================================================
* Device #1: cpu-haswell-Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2756/5577 MB (1024 MB allocatable), 4MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 4 digests; 4 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash

ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 1 MB

a9993e364706816aba3e25717850c26c9cd0d89d:abc
cd3f0c85b158c08a2b113464991810cf2cdfc387:666
ace445715d71cd2614bf1ab16ea3fda5162c15e3:a1a
d4656cd76152f93e6a70374ff9b0e54f84363d6a:NML

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 100 (SHA1)
Hash.Target......: bftest2
Time.Started.....: Mon Feb 17 16:25:49 2025 (0 secs)
Time.Estimated...: Mon Feb 17 16:25:49 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1 [3]
Guess.Charset....: -1 ?l?u?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   684.2 kH/s (2.22ms) @ Accel:512 Loops:62 Thr:1 Vec:8
Recovered........: 4/4 (100.00%) Digests (total), 4/4 (100.00%) Digests (new)
Progress.........: 126976/238328 (53.28%)
Rejected.........: 0/126976 (0.00%)
Restore.Point....: 0/3844 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-62 Iteration:0-62
Candidate.Engine.: Device Generator
Candidates.#1....: sar -> Xo7
Hardware.Mon.#1..: Temp: 69c Util: 24%

Started: Mon Feb 17 16:25:31 2025
Stopped: Mon Feb 17 16:25:51 2025

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex51]
└─# hashcat -m 100 bftest2 -a3 -1?l?u?d ?1?1?1 --show
d4656cd76152f93e6a70374ff9b0e54f84363d6a:NML
a9993e364706816aba3e25717850c26c9cd0d89d:abc
cd3f0c85b158c08a2b113464991810cf2cdfc387:666
ace445715d71cd2614bf1ab16ea3fda5162c15e3:a1a



┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex51]
└─# hashcat -m 100 bftest3 -a3 -1?l?u?d ?1?1?1?1 --increment --increment-min 3
hashcat (v6.2.6) starting

OpenCL API (OpenCL 3.0 PoCL 6.0+debian  Linux, None+Asserts, RELOC, LLVM 18.1.8, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
============================================================================================================================================
* Device #1: cpu-haswell-Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2756/5577 MB (1024 MB allocatable), 4MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 8 digests; 8 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Salt
* Brute-Force
* Raw-Hash

ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.

Watchdog: Temperature abort trigger set to 90c

INFO: Removed 4 hashes found as potfile entries.

Host memory required for this attack: 1 MB

Approaching final keyspace - workload adjusted.


Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 100 (SHA1)
Hash.Target......: bftest3
Time.Started.....: Mon Feb 17 16:29:04 2025 (0 secs)
Time.Estimated...: Mon Feb 17 16:29:04 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1 [3]
Guess.Charset....: -1 ?l?u?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/2 (50.00%)
Speed.#1.........: 42831.2 kH/s (2.20ms) @ Accel:512 Loops:62 Thr:1 Vec:8
Recovered........: 4/8 (50.00%) Digests (total), 0/8 (0.00%) Digests (new)
Progress.........: 238328/238328 (100.00%)
Rejected.........: 0/238328 (0.00%)
Restore.Point....: 3844/3844 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-62 Iteration:0-62
Candidate.Engine.: Device Generator
Candidates.#1....: se8 -> XQz
Hardware.Mon.#1..: Temp: 60c Util: 27%

6aed2d31b342216b8eb17efb38fea65acadba793:ditr
cc1a9d0c2908cf24d19ec516ead4bf9c57825d6f:ztfd
5316157bc1017ef46a8fda61701ba35618820814:otou
82ac0b5f2b95574b3b9edb15fc58d8b9f1293646:r2d2

Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 100 (SHA1)
Hash.Target......: bftest3
Time.Started.....: Mon Feb 17 16:29:04 2025 (0 secs)
Time.Estimated...: Mon Feb 17 16:29:04 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Mask.......: ?1?1?1?1 [4]
Guess.Charset....: -1 ?l?u?d, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 2/2 (100.00%)
Speed.#1.........: 54930.6 kH/s (2.07ms) @ Accel:512 Loops:62 Thr:1 Vec:8
Recovered........: 8/8 (100.00%) Digests (total), 4/8 (50.00%) Digests (new)
Progress.........: 4825088/14776336 (32.65%)
Rejected.........: 0/4825088 (0.00%)
Restore.Point....: 75776/238328 (31.79%)
Restore.Sub.#1...: Salt:0 Amplifier:0-62 Iteration:0-62
Candidate.Engine.: Device Generator
Candidates.#1....: s9EW -> X0m0
Hardware.Mon.#1..: Temp: 60c Util: 70%

Started: Mon Feb 17 16:29:02 2025
Stopped: Mon Feb 17 16:29:06 2025

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex51]
└─# hashcat -m 100 bftest3 -a3 -1?l?u?d ?1?1?1?1 --increment --increment-min 3 --show
d4656cd76152f93e6a70374ff9b0e54f84363d6a:NML
a9993e364706816aba3e25717850c26c9cd0d89d:abc
cd3f0c85b158c08a2b113464991810cf2cdfc387:666
ace445715d71cd2614bf1ab16ea3fda5162c15e3:a1a
5316157bc1017ef46a8fda61701ba35618820814:otou
6aed2d31b342216b8eb17efb38fea65acadba793:ditr
cc1a9d0c2908cf24d19ec516ead4bf9c57825d6f:ztfd
82ac0b5f2b95574b3b9edb15fc58d8b9f1293646:r2d2

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex51]
└─#
Example 6. Content of ~/.local/share/hashcat/hashcat.potfile
 1
 2
 3
 4
 5
 6
 7
 8
 9
10

┌──(root㉿d119cd163bf4)-[/home/shared/ds5/ex51]
└─# cat ~/.local/share/hashcat/hashcat.potfile
a9993e364706816aba3e25717850c26c9cd0d89d:abc
cd3f0c85b158c08a2b113464991810cf2cdfc387:666
ace445715d71cd2614bf1ab16ea3fda5162c15e3:a1a
d4656cd76152f93e6a70374ff9b0e54f84363d6a:NML
6aed2d31b342216b8eb17efb38fea65acadba793:ditr
cc1a9d0c2908cf24d19ec516ead4bf9c57825d6f:ztfd
5316157bc1017ef46a8fda61701ba35618820814:otou
82ac0b5f2b95574b3b9edb15fc58d8b9f1293646:r2d2

Todays