Posts: 7
Threads: 1
Joined: Feb 2018
My practice attempt to decrypt a SHA-256 hash of an IP address. Has anyone here tried this?
https://github.com/djangofan/hashcat-crack-ip
I generated the SHA-256 hashed IP from this website:
https://passwordsgenerator.net/sha256-hash-generator/
I made 2 scripts (in the above Github repo):
1. crackit.sh : -a 1 left right
2. crackitBruteForce.sh : -a 3 ?d?d?d.?d?d?d.?d?d?d.?d?d?d
Am I doing this right? The process only seems to be using 1 CPU on the brute force attack. How do I get it to consume more CPU cores?
-Jon
Posts: 930
Threads: 4
Joined: Jan 2015
Your example in crackitBruteForce.sh will only match three-digits-per-octet IPs (111.111.111.111) and miss other possibilities (111.111.111.1, 1.1.1.1, 11.11.11.11, etc.)
This is closer:
https://pastebin.com/4HQ6C8gG
Are you using GPU? iff not, when using only CPU (-D 1), hashcat should use all cores.
~
Posts: 7
Threads: 1
Joined: Feb 2018
02-26-2018, 02:49 AM
(This post was last modified: 02-26-2018, 03:09 AM by djangofan.)
royce,
thanks for the answer! I still have 2 questions:
- your pastebin sample I am not understanding why you provide me with a 600 line file?
a. I tried and I got a match with this (in under 1 minute??) : ?d?d?d.?d?d?d.?d?d.?d?d?d . (3d.3d.2d.3d to match my sample ip: 208.187.32.155)?
b. how do I change this parameter to match 1-3 digits in each part of the ip address?
c. I tried using --increment but it didn't work . (perhaps my syntax was wrong? i was expecting each custom defined charset to be incremented 1-3 times) : hashcat ./hashedIPs.txt --outfile-format=2 -o outfile.txt -m 1400 --custom-charset1=?d?d?d --custom-charset2=?d?d?d --custom-charset3=?d?d?d --custom-charset4=?d?d?d --increment -a 3 ?1.?2.?3.?4
- 2. Not understanding your CPU suggestion: there is no mention of CPU/GPU in the 'hashcat --help' . I suppose perhaps I may be using GPU if my CPU only looks like 1 core is running?
Posts: 7
Threads: 1
Joined: Feb 2018
02-26-2018, 04:58 AM
(This post was last modified: 02-26-2018, 05:18 AM by djangofan.)
#1 I updated my repo and added a brute-force-patterns.txt file that I now iterate over, running hashcat once for each pattern. is this how people usually do this?
https://github.com/djangofan/hashcat-cra...teForce.sh
#2 With your advice, I figured out how to run on CPU instead of GPU. Wish the --help command would have explained it. I had to google it to verify.
Still don't have it working but I hope I am getting closer...
Posts: 7
Threads: 1
Joined: Feb 2018
Posts: 930
Threads: 4
Joined: Jan 2015
Couple of niggles:
- That larger file I linked to covers actual possible IP addresses. Many ?d?d?d (above 254) are invalid in an IP-address octet. So your masks will try many IPs that are not valid (if any octet has more than two digits).
- It's not "decrypting" - you're cracking, or hashing, to try to find a match. Decryption implies reversal of an encryption process, which is not how hashes work.
~
Posts: 7
Threads: 1
Joined: Feb 2018
thanks, yeah i noticed that, since it took 2 hours to run.
if I knew what you used for your 3 custom charsets on the command line, then using that file would be a lot easier.
Posts: 2,301
Threads: 11
Joined: Jul 2010
02-26-2018, 05:43 PM
(This post was last modified: 02-26-2018, 06:23 PM by undeath.)
the file linked above is a valid hcmask file and as such includes the custom character sets. For more info see
https://hashcat.net/wiki/doku.php?id=mas...mask_files
increment mode increments the mask only. It does not care about custom character sets. In fact, the character sets "?d", "?d?d" and "?d?d?d" are identical.
Posts: 7
Threads: 1
Joined: Feb 2018
(02-26-2018, 05:43 PM)undeath Wrote: the file linked above is a valid hcmask file and as such includes the custom character sets. For more info see https://hashcat.net/wiki/doku.php?id=mas...mask_files
increment mode increments the mask only. It does not care about custom character sets. In fact, the character sets "?d", "?d?d" and "?d?d?d" are identical.
thanks, I didnt know there was such a thing. i appreciate it very much!
Posts: 7
Threads: 1
Joined: Feb 2018
Ok, I updated my repo. The script, using royces hcmask file, is able to quickly guess the value of this ip:
211.231.004.057
But not this IP; this one fails to be guessed:
211.231.4.57