My practice attempt to decrypt a SHA-256 hash of an IP address
#11
I have no idea what your scripts are doing but they are doing it wrong. The hcmask file definitely does not allow leading zeros.
Reply
#12
I didn't write that paste, just grabbed it because it did the job. Smile

Works for me:

Code:
# Get the masks file.
$ wget -O ip.masks https://pastebin.com/raw/4HQ6C8gG
[...]

# For efficiency, select the line from that we expect to match our candidate IP.
$ cat ip.masks.selected
01234,012345,123456789,2?1?d.2?1?d.?d.?3?d

# Make sure it's actually in the original masks file we downloaded.
$ fgrep -f ip.masks.selected ip.masks
01234,012345,123456789,2?1?d.2?1?d.?d.?3?d

# Get the MD5 of the target IP.
$ echo -n '211.231.4.57' | md5sum
e317a1a7ddb93c835fed61923522bc98  -

# Verify that that's in the target hash file.
$ cat 211.231.4.57.hash
e317a1a7ddb93c835fed61923522bc98

# Run hashcat. The hash is cracked with the expected mask which is included in the file.
$ hashcat --potfile-path=/dev/null --quiet -m 0 -a 3 211.231.4.57.hash ip.masks.selected
e317a1a7ddb93c835fed61923522bc98:211.231.4.57

Also, undeath - that mask file *does* allow for leading zeroes - all the ones with .?1?2 or .?2?1. (And those could be valid IPs in some circumstances.)
~
Reply
#13
no, it doesn't. there are no instances of .?1 or .?2

and a "normal" IPv4 representation does not have leading zeros

I generated that hcmask file Tongue
Reply
#14
(02-27-2018, 06:29 PM)undeath Wrote: no, it doesn't. there are no instances of .?1 or .?2

That's what I get for not escaping my '?' in my egrep. Smile Then I have no idea why the OP got that as a hit.

(02-27-2018, 06:29 PM)undeath Wrote: and a "normal" IPv4 representation does not have leading zeros

I generated that hcmask file Tongue

"Normal" or not, they are accepted as perfectly valid in a variety of configurations and interfaces. Admittedly rare, but it's a thing.
~
Reply