cant decrypt ecryptfs hashstring
#1
I used the tool ecryptfs2john to create a hash string from my ecryptfs wrapped-passphrase file - hashcat seems to use this format.

https://github.com/magnumripper/JohnTheR...fs2john.py



The plaintext password is "geheim123". So i get

Code:
$ecryptfs$0$1$af5329101a193c34$9a466af1ffe571e0



My wrapped-passphrase looks like this (hexdump wrapped-passphrase -C):



Code:
00000000  3a 02 af 53 29 10 1a 19  3c 34 39 61 34 36 36 61  |:..S)...<49a466a|

00000010  66 31 66 66 65 35 37 31  65 30 2f 9c 74 4c 66 90  |f1ffe571e0/.tLf.|

00000020  c2 e2 db a3 a3 a5 17 21  89 d9 82 63 9e 42 db 5d  |.......!...c.B.]|

00000030  96 5b 29 b8 bf e2 67 fa  49 e2                    |.[)...g.I.|

0000003a


So i run hashcat with the following parameters:
Code:
hashcat64.exe -a0 -m 12200 encryptfs.txt pw.txt

But i only get 'Exhausted':
Code:
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: eCryptfs
Hash.Target......: $ecryptfs$0$1$af5329101a193c34$9a466af1ffe571e0
Time.Started.....: Wed Jun 24 14:21:11 2020 (1 sec)
Time.Estimated...: Wed Jun 24 14:21:12 2020 (0 secs)
Guess.Base.......: File (pw.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:        0 H/s (2.00ms)
Speed.Dev.#*.....:        0 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Candidates.#1....: geheim123 -> geheim123
HWMon.Dev.#1.....: Temp: 31c Fan: 28% Util: 95% Core:1911MHz Mem:4513MHz Bus:16
Reply
#2
The tool you used is the right one, the output seems also correct.
Your command seems ok, under the condition that the right password is in your wordlist.
You ran the wordlist, but you got the result "exhausted" meaning that correct password was not in your list.

(I did the exercise and i cracked it.)
Reply
#3
(06-24-2020, 10:35 PM)Karamba Wrote: You ran the wordlist, but you got the result "exhausted" meaning that correct password was not in your list.
Yup, i know.

All in all, it was my fault: The plaintext password was wrong. Its working fine.
Reply