15 KiB
15 KiB
Alle Zeiten sind in UTC +2 16:35
┌──(ericleh㉿kali-vm)-[~/DIF/U3]
└─$ sha256sum image.img
2d44cd82a23614c06795b8e2af802e9f0cf23249fbfd8c7d0023c088a3c32ce0 image.img
16:39
└─$ fdisk -l image.img
Disk image.img: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: C9C91594-26B4-4241-A6AC-99ED6689E164
Device Start End Sectors Size Type
image.img1 2048 4095 2048 1M BIOS boot
image.img2 4096 1054719 1050624 513M EFI System
image.img3 1054720 41940991 40886272 19.5G Linux filesystem
16:41
┌──(ericleh㉿kali-vm)-[~/DIF/U3]
└─$ sudo mkdir -p /mnt/image_mount
sudo mount -o ro,loop,offset=540016640 image.img /mnt/image_mount
17:07
└─$ ls /mnt/image_mount/home
dif
Benutzer: dif
└─$ cat /mnt/image_mount/etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
syslog:x:104:111::/home/syslog:/usr/sbin/nologin
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
tss:x:106:112:TPM software stack,,,:/var/lib/tpm:/bin/false
uuidd:x:107:115::/run/uuidd:/usr/sbin/nologin
tcpdump:x:108:116::/nonexistent:/usr/sbin/nologin
avahi-autoipd:x:109:118:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/usr/sbin/nologin
usbmux:x:110:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
rtkit:x:111:119:RealtimeKit,,,:/proc:/usr/sbin/nologin
dnsmasq:x:112:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
kernoops:x:113:65534:Kernel Oops Tracking Daemon,,,:/:/usr/sbin/nologin
avahi:x:114:121:Avahi mDNS daemon,,,:/run/avahi-daemon:/usr/sbin/nologin
cups-pk-helper:x:115:122:user for cups-pk-helper service,,,:/home/cups-pk-helper:/usr/sbin/nologin
whoopsie:x:116:123::/nonexistent:/bin/false
sssd:x:117:124:SSSD system user,,,:/var/lib/sss:/usr/sbin/nologin
speech-dispatcher:x:118:29:Speech Dispatcher,,,:/run/speech-dispatcher:/bin/false
nm-openvpn:x:119:125:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/usr/sbin/nologin
saned:x:120:127::/var/lib/saned:/usr/sbin/nologin
colord:x:121:128:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
geoclue:x:122:129::/var/lib/geoclue:/usr/sbin/nologin
pulse:x:123:130:PulseAudio daemon,,,:/run/pulse:/usr/sbin/nologin
gnome-initial-setup:x:124:65534::/run/gnome-initial-setup/:/bin/false
hplip:x:125:7:HPLIP system user,,,:/run/hplip:/bin/false
gdm:x:126:132:Gnome Display Manager:/var/lib/gdm3:/bin/false
dif:x:1000:1000:DIF,,,:/home/dif:/bin/bash
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
17:10:
└─$ sudo cat /mnt/image_mount/etc/shadow
[sudo] password for ericleh:
root:!:19105:0:99999:7:::
daemon:*:18912:0:99999:7:::
bin:*:18912:0:99999:7:::
sys:*:18912:0:99999:7:::
sync:*:18912:0:99999:7:::
games:*:18912:0:99999:7:::
man:*:18912:0:99999:7:::
lp:*:18912:0:99999:7:::
mail:*:18912:0:99999:7:::
news:*:18912:0:99999:7:::
uucp:*:18912:0:99999:7:::
proxy:*:18912:0:99999:7:::
www-data:*:18912:0:99999:7:::
backup:*:18912:0:99999:7:::
list:*:18912:0:99999:7:::
irc:*:18912:0:99999:7:::
gnats:*:18912:0:99999:7:::
nobody:*:18912:0:99999:7:::
systemd-network:*:18912:0:99999:7:::
systemd-resolve:*:18912:0:99999:7:::
systemd-timesync:*:18912:0:99999:7:::
messagebus:*:18912:0:99999:7:::
syslog:*:18912:0:99999:7:::
_apt:*:18912:0:99999:7:::
tss:*:18912:0:99999:7:::
uuidd:*:18912:0:99999:7:::
tcpdump:*:18912:0:99999:7:::
avahi-autoipd:*:18912:0:99999:7:::
usbmux:*:18912:0:99999:7:::
rtkit:*:18912:0:99999:7:::
dnsmasq:*:18912:0:99999:7:::
kernoops:*:18912:0:99999:7:::
avahi:*:18912:0:99999:7:::
cups-pk-helper:*:18912:0:99999:7:::
whoopsie:*:18912:0:99999:7:::
sssd:*:18912:0:99999:7:::
speech-dispatcher:!:18912:0:99999:7:::
nm-openvpn:*:18912:0:99999:7:::
saned:*:18912:0:99999:7:::
colord:*:18912:0:99999:7:::
geoclue:*:18912:0:99999:7:::
pulse:*:18912:0:99999:7:::
gnome-initial-setup:*:18912:0:99999:7:::
hplip:*:18912:0:99999:7:::
gdm:*:18912:0:99999:7:::
dif:$1$Al1JOy/e$nSQ5CgVYrz2WTfoeXQwH11:19105:0:99999:7:::
systemd-coredump:!*:19105::::::
17:24
┌──(ericleh㉿kali-vm)-[~/DIF/U3]
└─$ python passwordgenerator.py
┌──(ericleh㉿kali-vm)-[~/DIF/U3]
└─$ wc -l wordlist.txt
135000 wordlist.txt
┌──(ericleh㉿kali-vm)-[~/DIF/U3]
└─$ hashcat -m 500 -a 0 ~/DIF/U3/hash.txt ~/DIF/U3/wordlist.txt
hashcat (v6.2.6) starting
OpenCL API (OpenCL 3.0 PoCL 6.0+debian Linux, None+Asserts, RELOC, LLVM 17.0.6, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
============================================================================================================================================
* Device #1: cpu-penryn-12th Gen Intel(R) Core(TM) i5-12450H, 3800/7665 MB (1024 MB allocatable), 8MCU
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
ATTENTION! Pure (unoptimized) backend kernels selected.
Pure kernels can crack longer passwords, but drastically reduce performance.
If you want to switch to optimized kernels, append -O to your commandline.
See the above message to find out about the exact limits.
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 2 MB
Dictionary cache built:
* Filename..: /home/ericleh/DIF/U3/wordlist.txt
* Passwords.: 135000
* Bytes.....: 1080000
* Keyspace..: 135000
* Runtime...: 0 secs
[s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit => s
Session..........: hashcat
Status...........: Running
Hash.Mode........: 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5))
Hash.Target......: $1$Al1JOy/e$nSQ5CgVYrz2WTfoeXQwH11
Time.Started.....: Tue Apr 22 17:29:59 2025 (3 secs)
Time.Estimated...: Tue Apr 22 17:30:06 2025 (4 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/home/ericleh/DIF/U3/wordlist.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 18907 H/s (8.32ms) @ Accel:32 Loops:1000 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 57344/135000 (42.48%)
Rejected.........: 0/57344 (0.00%)
Restore.Point....: 57344/135000 (42.48%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1000
Candidate.Engine.: Device Generator
Candidates.#1....: 20ghe34 -> 20gii44
Hardware.Mon.#1..: Util: 58%
$1$Al1JOy/e$nSQ5CgVYrz2WTfoeXQwH11:22dif04
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 500 (md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5))
Hash.Target......: $1$Al1JOy/e$nSQ5CgVYrz2WTfoeXQwH11
Time.Started.....: Tue Apr 22 17:29:59 2025 (3 secs)
Time.Estimated...: Tue Apr 22 17:30:02 2025 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/home/ericleh/DIF/U3/wordlist.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 19006 H/s (8.37ms) @ Accel:32 Loops:1000 Thr:1 Vec:4
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 65792/135000 (48.73%)
Rejected.........: 0/65792 (0.00%)
Restore.Point....: 65536/135000 (48.55%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1000
Candidate.Engine.: Device Generator
Candidates.#1....: 22dhi21 -> 22edg31
Hardware.Mon.#1..: Util: 41%
Started: Tue Apr 22 17:29:56 2025
Stopped: Tue Apr 22 17:30:04 2025
┌──(ericleh㉿kali-vm)-[~/DIF/U3]
└─$ hashcat --show -m 500 ~/DIF/U3/hash.txt
$1$Al1JOy/e$nSQ5CgVYrz2WTfoeXQwH11:22dif04
Passwort: 22dif04
17:40
└─$ find /mnt/image_mount/home/dif -type f -user ericleh ! -path "/mnt/image_mount/home/dif/snap/firefox/*"
/mnt/image_mount/home/dif/.bash_history
/mnt/image_mount/home/dif/.profile
/mnt/image_mount/home/dif/.config/pulse/5234dc9dd5494db4a3710dc83b5ff2c2-default-source
/mnt/image_mount/home/dif/.config/pulse/5234dc9dd5494db4a3710dc83b5ff2c2-stream-volumes.tdb
/mnt/image_mount/home/dif/.config/pulse/5234dc9dd5494db4a3710dc83b5ff2c2-default-sink
/mnt/image_mount/home/dif/.config/pulse/cookie
/mnt/image_mount/home/dif/.config/pulse/5234dc9dd5494db4a3710dc83b5ff2c2-device-volumes.tdb
/mnt/image_mount/home/dif/.config/pulse/5234dc9dd5494db4a3710dc83b5ff2c2-card-database.tdb
/mnt/image_mount/home/dif/.config/dconf/user
/mnt/image_mount/home/dif/.config/gnome-initial-setup-done
/mnt/image_mount/home/dif/.config/evolution/sources/system-proxy.source
/mnt/image_mount/home/dif/.config/gtk-3.0/bookmarks
/mnt/image_mount/home/dif/.config/user-dirs.locale
/mnt/image_mount/home/dif/.config/ibus/bus/5234dc9dd5494db4a3710dc83b5ff2c2-unix-wayland-0
/mnt/image_mount/home/dif/.config/ibus/bus/5234dc9dd5494db4a3710dc83b5ff2c2-unix-1
/mnt/image_mount/home/dif/.config/ibus/bus/5234dc9dd5494db4a3710dc83b5ff2c2-unix-0
/mnt/image_mount/home/dif/.config/user-dirs.dirs
/mnt/image_mount/home/dif/Pictures/schuhschnabel.png
/mnt/image_mount/home/dif/Pictures/schuhschnabel.webp
/mnt/image_mount/home/dif/.cache/update-manager-core/meta-release
/mnt/image_mount/home/dif/.cache/thumbnails/large/f80e0d12ab84915a28fb5aaa29832109.png
/mnt/image_mount/home/dif/.cache/thumbnails/fail/gnome-thumbnail-factory/7ad2315dee392038413a28992f0f1450.png
/mnt/image_mount/home/dif/.cache/thumbnails/normal/9df09d24c588502c96b8b24092d3e31d.png
/mnt/image_mount/home/dif/.cache/event-sound-cache.tdb.5234dc9dd5494db4a3710dc83b5ff2c2.x86_64-pc-linux-gnu
/mnt/image_mount/home/dif/.cache/ubuntu-report/ubuntu.21.10
/mnt/image_mount/home/dif/.cache/gstreamer-1.0/registry.x86_64.bin
/mnt/image_mount/home/dif/.cache/tracker3/files/http%3A%2F%2Ftracker.api.gnome.org%2Fontology%2Fv3%2Ftracker%23Documents.db
/mnt/image_mount/home/dif/.cache/tracker3/files/last-crawl.txt
/mnt/image_mount/home/dif/.cache/tracker3/files/http%3A%2F%2Ftracker.api.gnome.org%2Fontology%2Fv3%2Ftracker%23Audio.db
/mnt/image_mount/home/dif/.cache/tracker3/files/http%3A%2F%2Ftracker.api.gnome.org%2Fontology%2Fv3%2Ftracker%23Software.db
/mnt/image_mount/home/dif/.cache/tracker3/files/ontologies.gvdb
/mnt/image_mount/home/dif/.cache/tracker3/files/http%3A%2F%2Ftracker.api.gnome.org%2Fontology%2Fv3%2Ftracker%23Video.db
/mnt/image_mount/home/dif/.cache/tracker3/files/meta.db
/mnt/image_mount/home/dif/.cache/tracker3/files/no-need-mtime-check.txt
/mnt/image_mount/home/dif/.cache/tracker3/files/http%3A%2F%2Ftracker.api.gnome.org%2Fontology%2Fv3%2Ftracker%23Pictures.db
/mnt/image_mount/home/dif/.cache/tracker3/files/locale-for-miner-apps.txt
/mnt/image_mount/home/dif/.cache/tracker3/files/first-index.txt
/mnt/image_mount/home/dif/.cache/tracker3/files/http%3A%2F%2Ftracker.api.gnome.org%2Fontology%2Fv3%2Ftracker%23FileSystem.db
/mnt/image_mount/home/dif/.cache/fontconfig/3917636d-c019-46a8-a24c-da108bcaf7e4-le64.cache-7
/mnt/image_mount/home/dif/.cache/fontconfig/CACHEDIR.TAG
/mnt/image_mount/home/dif/.cache/ibus/bus/registry
/mnt/image_mount/home/dif/.bashrc
/mnt/image_mount/home/dif/.bash_logout
/mnt/image_mount/home/dif/.sudo_as_admin_successful
/mnt/image_mount/home/dif/.gnupg/pubring.kbx
/mnt/image_mount/home/dif/.gnupg/trustdb.gpg
/mnt/image_mount/home/dif/.local/share/gnome-shell/gnome-overrides-migrated
/mnt/image_mount/home/dif/.local/share/gnome-shell/application_state
/mnt/image_mount/home/dif/.local/share/session_migration-ubuntu
/mnt/image_mount/home/dif/.local/share/gnome-settings-daemon/input-sources-converted
/mnt/image_mount/home/dif/.local/share/gvfs-metadata/root
/mnt/image_mount/home/dif/.local/share/gvfs-metadata/home-398431f8.log
/mnt/image_mount/home/dif/.local/share/gvfs-metadata/home
/mnt/image_mount/home/dif/.local/share/gvfs-metadata/root-6bbccab3.log
/mnt/image_mount/home/dif/.local/share/evolution/tasks/system/tasks.ics
/mnt/image_mount/home/dif/.local/share/evolution/addressbook/system/contacts.db
/mnt/image_mount/home/dif/.local/share/evolution/calendar/system/calendar.ics
/mnt/image_mount/home/dif/.local/share/keyrings/login.keyring
/mnt/image_mount/home/dif/.local/share/keyrings/user.keystore
/mnt/image_mount/home/dif/.local/share/Trash/files/schuhschnabel (copy).png
/mnt/image_mount/home/dif/.local/share/Trash/info/schuhschnabel (copy).png.trashinfo
/mnt/image_mount/home/dif/.local/share/nautilus/tags/ontologies.gvdb
/mnt/image_mount/home/dif/.local/share/nautilus/tags/meta.db
/mnt/image_mount/home/dif/.local/share/nautilus/tracker2-migration-complete
/mnt/image_mount/home/dif/.local/share/recently-used.xbel
/mnt/image_mount/home/dif/Downloads/firefox.tmp/tmpaddon
┌──(ericleh㉿kali-vm)-[/mnt/image_mount]
└─$ cd home/dif/Pictures
┌──(ericleh㉿kali-vm)-[/mnt/image_mount/home/dif/Pictures]
└─$ ls
schuhschnabel.png schuhschnabel.webp
┌──(ericleh㉿kali-vm)-[/mnt/image_mount/home/dif/Pictures]
└─$ open schuhschnabel.png
17:48
└─$ sudo umount -l /mnt/image_mount
17:50
┌──(ericleh㉿kali-vm)-[~/DIF/U3]
└─$ sha256sum image.img
2d44cd82a23614c06795b8e2af802e9f0cf23249fbfd8c7d0023c088a3c32ce0 image.img
---ENDE---