My practice attempt to decrypt a SHA-256 hash of an IP address
#1
My practice attempt to decrypt a SHA-256 hash of an IP address.  Has anyone here tried this?

   https://github.com/djangofan/hashcat-crack-ip


I generated the SHA-256 hashed IP from this website:  https://passwordsgenerator.net/sha256-hash-generator/

I made 2 scripts (in the above Github repo):
   1.  crackit.sh :  -a 1 left right
   2.  crackitBruteForce.sh :  -a 3 ?d?d?d.?d?d?d.?d?d?d.?d?d?d

Am I doing this right?  The process only seems to be using 1 CPU on the brute force attack.  How do I get it to consume more CPU cores?

-Jon
Reply
#2
Your example in crackitBruteForce.sh will only match three-digits-per-octet IPs (111.111.111.111) and miss other possibilities (111.111.111.1, 1.1.1.1, 11.11.11.11, etc.)

This is closer: https://pastebin.com/4HQ6C8gG

Are you using GPU? iff not, when using only CPU (-D 1), hashcat should use all cores.
~
Reply
#3
royce,
thanks for the answer!   I still have 2 questions:
  1.  your pastebin sample I am not understanding why you provide me with a 600 line file?
  a.  I tried and I got a match with this (in under 1 minute??) :   ?d?d?d.?d?d?d.?d?d.?d?d?d .  (3d.3d.2d.3d to match my sample ip: 208.187.32.155)?
  b.  how do I change this parameter to match 1-3 digits in each part of the ip address?
c. I tried using --increment but it didn't work . (perhaps my syntax was wrong? i was expecting each custom defined charset to be incremented 1-3 times) : hashcat ./hashedIPs.txt --outfile-format=2 -o outfile.txt -m 1400 --custom-charset1=?d?d?d --custom-charset2=?d?d?d --custom-charset3=?d?d?d --custom-charset4=?d?d?d --increment -a 3 ?1.?2.?3.?4

  1. 2.  Not understanding your CPU suggestion: there is no mention of CPU/GPU in the  'hashcat --help' .  I suppose perhaps I may be using GPU if my CPU only looks like 1 core is running?
Reply
#4
#1 I updated my repo and added a brute-force-patterns.txt file that I now iterate over, running hashcat once for each pattern. is this how people usually do this?
https://github.com/djangofan/hashcat-cra...teForce.sh

#2 With your advice, I figured out how to run on CPU instead of GPU. Wish the --help command would have explained it. I had to google it to verify.

Still don't have it working but I hope I am getting closer...
Reply
#5
Finally got it working. Thanks royce: https://github.com/djangofan/hashcat-crack-ip
Reply
#6
Couple of niggles:

- That larger file I linked to covers actual possible IP addresses. Many ?d?d?d (above 254) are invalid in an IP-address octet. So your masks will try many IPs that are not valid (if any octet has more than two digits).

- It's not "decrypting" - you're cracking, or hashing, to try to find a match. Decryption implies reversal of an encryption process, which is not how hashes work.
~
Reply
#7
thanks, yeah i noticed that, since it took 2 hours to run. 

if I knew what you used for your 3 custom charsets on the command line, then using that file would be a lot easier.
Reply
#8
the file linked above is a valid hcmask file and as such includes the custom character sets. For more info see https://hashcat.net/wiki/doku.php?id=mas...mask_files

increment mode increments the mask only. It does not care about custom character sets. In fact, the character sets "?d", "?d?d" and "?d?d?d" are identical.
Reply
#9
(02-26-2018, 05:43 PM)undeath Wrote: the file linked above is a valid hcmask file and as such includes the custom character sets. For more info see https://hashcat.net/wiki/doku.php?id=mas...mask_files

increment mode increments the mask only. It does not care about custom character sets. In fact, the character sets "?d", "?d?d" and "?d?d?d" are identical.


thanks,  I didnt know there was such a thing.   i appreciate it very much!
Reply
#10
Ok, I updated my repo. The script, using royces hcmask file, is able to quickly guess the value of this ip:
211.231.004.057
But not this IP; this one fails to be guessed:
211.231.4.57
Reply