07-16-2019, 01:57 PM
Hello!
I am interested in an old mozilla profile.
i have already tried using john via mozilla2john but he doesn't want to use graphics cores, only processor. I think we can do better.
So i am trying hashcat but not doing very well.
I don't think hashcat supports mozilla key3.db directly, however i think that this is only to decode username/password encrypted with 3DES.
Perhaps i can crack the 3DES directly?
I am using this as a reference of how it should work: https://github.com/lclevy/firepwd/blob/m...la_pbe.pdf
I can take a single entry from signons.sqlite and use a base64/ASN1 tool to get IV and cypher no problem.
I'm not sure how to put these into hashcat, 3DES takes two values, are these them?
Finally, 3DES plaintext is 24 characters exactly, padded using PKCS#7 standard apparently! i don't suppose there is a way to tell hashcat to do this for me? I can't seem to insert a hex value into a mask, for example:
-1 0x01 ?a?a?a?a?a?1?1..etc
results in an overflow, but the keyspace is only really 5 characters? it's no bigger (my intention is it is no bigger, but clearly i have misstepped!?)
also i'm a little confused as to how e.g. an email address that is longer than 24 characters could be stored in here so clearly i have gone wrong somewhere.
any help is appreciated.
I am interested in an old mozilla profile.
i have already tried using john via mozilla2john but he doesn't want to use graphics cores, only processor. I think we can do better.
So i am trying hashcat but not doing very well.
I don't think hashcat supports mozilla key3.db directly, however i think that this is only to decode username/password encrypted with 3DES.
Perhaps i can crack the 3DES directly?
I am using this as a reference of how it should work: https://github.com/lclevy/firepwd/blob/m...la_pbe.pdf
I can take a single entry from signons.sqlite and use a base64/ASN1 tool to get IV and cypher no problem.
I'm not sure how to put these into hashcat, 3DES takes two values, are these them?
Finally, 3DES plaintext is 24 characters exactly, padded using PKCS#7 standard apparently! i don't suppose there is a way to tell hashcat to do this for me? I can't seem to insert a hex value into a mask, for example:
-1 0x01 ?a?a?a?a?a?1?1..etc
results in an overflow, but the keyspace is only really 5 characters? it's no bigger (my intention is it is no bigger, but clearly i have misstepped!?)
also i'm a little confused as to how e.g. an email address that is longer than 24 characters could be stored in here so clearly i have gone wrong somewhere.
any help is appreciated.