+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: cant decrypt ecryptfs hashstring (/thread-9336.html)
cant decrypt ecryptfs hashstring - matt99 - 06-24-2020
I used the tool ecryptfs2john to create a hash string from my ecryptfs wrapped-passphrase file - hashcat seems to use this format.
https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/ecryptfs2john.py
The plaintext password is "geheim123". So i get
Code:
$ecryptfs$0$1$af5329101a193c34$9a466af1ffe571e0My wrapped-passphrase looks like this (hexdump wrapped-passphrase -C):
Code:
00000000 3a 02 af 53 29 10 1a 19 3c 34 39 61 34 36 36 61 |:..S)...<49a466a|
00000010 66 31 66 66 65 35 37 31 65 30 2f 9c 74 4c 66 90 |f1ffe571e0/.tLf.|
00000020 c2 e2 db a3 a3 a5 17 21 89 d9 82 63 9e 42 db 5d |.......!...c.B.]|
00000030 96 5b 29 b8 bf e2 67 fa 49 e2 |.[)...g.I.|
0000003aSo i run hashcat with the following parameters:
Code:
hashcat64.exe -a0 -m 12200 encryptfs.txt pw.txtBut i only get 'Exhausted':
Code:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: eCryptfs
Hash.Target......: $ecryptfs$0$1$af5329101a193c34$9a466af1ffe571e0
Time.Started.....: Wed Jun 24 14:21:11 2020 (1 sec)
Time.Estimated...: Wed Jun 24 14:21:12 2020 (0 secs)
Guess.Base.......: File (pw.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 0 H/s (2.00ms)
Speed.Dev.#*.....: 0 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Candidates.#1....: geheim123 -> geheim123
HWMon.Dev.#1.....: Temp: 31c Fan: 28% Util: 95% Core:1911MHz Mem:4513MHz Bus:16RE: cant decrypt ecryptfs hashstring - Banaanhangwagen - 06-24-2020
The tool you used is the right one, the output seems also correct.
Your command seems ok, under the condition that the right password is in your wordlist.
You ran the wordlist, but you got the result "exhausted" meaning that correct password was not in your list.
(I did the exercise and i cracked it.)
RE: cant decrypt ecryptfs hashstring - matt99 - 06-25-2020
(06-24-2020, 10:35 PM)Karamba Wrote: You ran the wordlist, but you got the result "exhausted" meaning that correct password was not in your list.Yup, i know.
All in all, it was my fault: The plaintext password was wrong. Its working fine.