Left4Code/left4code.neocities.org
1
0
Fork 0
mirror of https://git.qwik.space/left4code/left4code.neocities.org.git synced 2025-07-28 00:13:38 +05:30
Code Issues Packages Projects Releases Wiki Activity

Hashcat and HashID changes

Browse Source
This commit is contained in:
Left4Code
2025-05-05 22:01:42 -04:00
parent 4d055f0712
commit 6a291e1aa6
8 changed files with 533 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
blogs/apr-17-2025.html
View File

@@ -110,7 +110,7 @@ autocmd FileType html inoremap ;b <b></b> <++><Esc>4ba
<p>This format is literally the entire basis for what I do.</p>
<p>From this point, all there is to do is expand, if you want a complete list of the remap macros I've made, they are <a href="https://git.i2pd.xyz/Left4Code/Dotfiles">on my Gitea</a>. Remember that some of these macros are for my specific CSS and will not work well otherwise unless they are modified.</p>
<p>From this point, all there is to do is expand, if you want a complete list of the remap macros I've made, they are <a href="https://git.qwik.space/Left4Code/Dotfiles">on my Gitea</a>. Remember that some of these macros are for my specific CSS and will not work well otherwise unless they are modified.</p>
<h4 id=">~{3.3}" class="blog-header">3.3 Table Creation and Generation with a Vim Macro</h4>
@@ -146,7 +146,7 @@ autocmd FileType html noremap ;T /&gt;([0-9]&lt;CR&gt;a~&lt;Esc&gt;2l"by/)&lt;Es
<h4 id=">~(4)" class="blog-header">4. Conclusion</h4>
<p>Again, all of these macros are 100% correctly "working on my machine bro!" so if you want to get them and change them around, they are <a href="https://git.i2pd.xyz/Left4Code/Dotfiles">here for your viewing displeasure</a>.</p>
<p>Again, all of these macros are 100% correctly "working on my machine bro!" so if you want to get them and change them around, they are <a href="https://git.qwik.space/Left4Code/Dotfiles">here for your viewing displeasure</a>.</p>
<h4 id=">~{4.1}" class="blog-header">4.1 Benefits of this Solution</h4>

2
blogs/mar-21-2025.html
View File

@@ -48,7 +48,7 @@
<div style="white-space: pre-wrap">
This "fix" gets the water out of the machine and lets you spin out your clothes. Don't make this the permanent fix for this unless you like operating your washing machine like a train conductor... It is fun though and I don't judge!
If you want to consult the official technician's manual for this washing machine, I managed to find revision A of the technical manual for the washer online in PDF form, it is <a href=https://git.i2pd.xyz/Left4Code/left4code.neocities.org/raw/branch/master/blogs/blog_files/mar-21-2025/W10403990A_Maytag.pdf>now on my gitea just view the pdf file</a> but if that link goes down, the original source is <a href=https://parts.alliancelaundry.com/files/docs/maytag-whirlpool/Tech-Sheet-W10403990-Rev-A.pdf>from here</a>, and if THAT goes down, the manual should be in a plastic bag inside your washing machine somewhere taped to the inside wall (you might have to take the washer apart to get to it.)
If you want to consult the official technician's manual for this washing machine, I managed to find revision A of the technical manual for the washer online in PDF form, it is <a href=https://git.qwik.space/Left4Code/left4code.neocities.org/raw/branch/master/blogs/blog_files/mar-21-2025/W10403990A_Maytag.pdf>now on my gitea just view the pdf file</a> but if that link goes down, the original source is <a href=https://parts.alliancelaundry.com/files/docs/maytag-whirlpool/Tech-Sheet-W10403990-Rev-A.pdf>from here</a>, and if THAT goes down, the manual should be in a plastic bag inside your washing machine somewhere taped to the inside wall (you might have to take the washer apart to get to it.)
The sections you will want to consult for information on how to get into manual operation mode are:

16
courses/digital_forensics.html
View File

@@ -3,7 +3,7 @@
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Left 4 Code</title>
<title>Left4Code - (Digital Forensics)</title>
<link rel="icon" type="image/x-icon" href="../favicon/favicon.ico">
<link rel="stylesheet" type="text/css" href='../style.css'>
</head>
@@ -29,7 +29,7 @@
<hr>
<p>[*Note*] This course got it's list of tools from <a href="https://tsurugi-linux.org/documentation_tsurugi_linux_tools_listing_2024.php">this Tsurugi Linux page</a> if this course ever becomes outdated (probably will unless I do community-submitted git integration) you can always find an updated list of tools there.</p>
<hr>
<p>[*Also Note*] Everything with a "[&#x2705;]" means the section exists and "[&#x274C;]" means it does not. [🛠️] means I'm currently working on it.</p>
<p>[*Also Note*] Everything with a "[&#x2705;]" means the section exists and "[&#x274C;]" means it does not. [🛠️] means I'm currently working on it and [⚔️] denotes a challenge CTF for that specific section.</p>
<hr>
</dl>
@@ -45,9 +45,11 @@
<hr>
<li><a href="hash_forensics/gtkhash.html">GtkHash &#8212; [&#x2705;]</a></li>
<li><a href="hash_forensics/shasum.html">sha*sum &#8212; [&#x2705;]</a></li>
<li><a href="itscoming.html">hashcat &#8212; [🛠️]</a></li>
<li><a href="itscoming.html">hashid &#8212; [&#x274C;]</a></li>
<li><a href="itscoming.html">OpenTimestamps &#8212; [&#x274C;]</a></li>
<li><a href="hash_forensics/hashid.html">hashid &#8212; [&#x2705;]</a></li>
<li><a href="hash_forensics/hashcat.html">hashcat &#8212; [&#x2705;]</a></li>
<hr>
<li><a href="https://git.qwik.space/left4code/L4C_Forensics_CTF/src/branch/master/Filesystem%20Imaging%20&%20hashing/hashing/CTF_HashMash">(HashMash) &#8212; [⚔️]</a></li>
<hr>
</ul>
<h3 class="blog-header">Data Acquisition</h3>
<ul>
@@ -91,6 +93,7 @@
<ul>
<li><a href="itscoming.html">etherscan &#8212; [&#x274C;]</a></li>
<li><a href="itscoming.html">blockchair &#8212; [&#x274C;]</a></li>
<li><a href="itscoming.html">OpenTimestamps &#8212; [&#x274C;]</a></li>
<li><a href="itscoming.html">WalletSleuth &#8212; [&#x274C;]</a></li>
</ul>
@@ -99,6 +102,9 @@
<ul>
<li><a href="metadata_forensics/mat2.html">mat2 &#8212; [&#x2705;]</a></li>
<li><a href="metadata_forensics/exiftool.html">ExifTool &#8212; [&#x2705;]</a></li>
<hr>
<li><a href="https://git.qwik.space/left4code/L4C_Forensics_CTF/src/branch/master/Metadata%20Forensics">(BKFLAG) &#8212; [⚔️]</a></li>
<hr>
</ul>
<h3 class="blog-header">Putting Together a Timeline & Report</h3>

369
courses/hash_forensics/hashcat.html Normal file
View File

@@ -0,0 +1,369 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="description" content="hashcat is a tool which is able to utilize either the CPU or GPU to recover passwords from hashes by guessing the password, hashing it, and comparing it to the hash the is attempting to be cracked or reversed.">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="Left4Code">
<meta name="keywords" content="Hashcat, hashcat, John the Ripper, JtR, princeprocessor, hashcat course">
<link rel="icon" type="image/x-icon" href="../../favicon/favicon.ico">
<title>Left4Code - (Courses) - {Hashcat}</title>
<link rel="stylesheet" type="text/css" href='../../style.css'>
</head>
<body>
<header>
<span>Left4Code</span>
</header>
<nav>
<div>
<a href="../../index.html">Home</a>
<a href="../../blog.html">Blog</a>
</div>
</nav>
<div class="container">
<section>
<h1 class="blog-header">Hashcat</h1>
<h3>--| Posted: 05-05-25</h3>
<h4 class="blog-header">Table of Contents</h4>
<div id="toc_container">
<hr>
<ul class="toc_list">
<li><a href="#>~(1)">1. Background Information</a></li>
<ul>
<li><a href="#>~{1.1}">1.1 Links Used on this Page</a></li>
</ul>
<li><a href="#>~(2)">2. What you need to know</a></li>
<li><a href="#>~(3)">3. Our Scenario for Using Hashcat.</a></li>
<li><a href="#>~(4)">4. Installing Hashcat and John the Ripper</a></li>
<li><a href="#>~(5)">5. Help with Hashcat</a></li>
<li><a href="#>~(6)">6. GPG Private key hash cracking With Hashcat and gpg2john</a></li>
<ul>
<li><a href="#>~{6.1}">6.1 Extracting the Hash.</a></li>
<li><a href="#>~{6.2}">6.2 Brute-Force Attack.</a></li>
<li><a href="#>~{6.3}"> 6.3 Dictionary Attack.</a></li>
</ul>
<li><a href="#>~(7)">7. Using GPUs</a></li>
<li><a href="#>~(8)">8. Conclusion</a></li>
</div>
<hr>
<h4 id=">~(1)" class="blog-header">1. Background Information</h4>
<p>hashcat is a tool which is able to utilize either the CPU or GPU to recover passwords from hashes by guessing the password, hashing it, and comparing it to the hash the is attempting to be "cracked" or reversed.</p>
<p>For this section of the course, I will discuss how to use hashcat to perform different types of attacks on a GPG secret key password. If you do not know what GPG is or have not used it before, it's easy to pick up. I have documented the important parts of using GPG for both asymmetric and symmetric encryption.</p>
<h4 id=">~{1.1}" class="blog-header">1.1 Links Used on this Page</h4>
<pre class="preformatted">
<a href="https://xkcd.com/538/">▶[https://xkcd.com/538/]</a>
◉───╡ Average Day at ABC Headquarters.
<a href="https://git.qwik.space/left4code/L4C_Forensics_CTF/src/branch/master/Filesystem Imaging & hashing/hashing/learning">▶[https://git.qwik.space/left4code/L4C_Forensics_CTF/src/branch/master/Filesystem Imaging & hashing/hashing/learning]</a>
◉───╡ Gitea learning files
<a href="https://www.howtogeek.com/658904/how-to-add-a-directory-to-your-path-in-linux/">▶[https://www.howtogeek.com/658904/how-to-add-a-directory-to-your-path-in-linux/]</a>
◉───╡ Adding hashcat to your PATH variable.
<a href="https://github.com/dboyd42/cheatsheets/blob/c2611772a5874d1a387d70baccaa01ab577cddc8/hashcat-blackHills_2018.pdf">▶[https://github.com/dboyd42/cheatsheets/blob/c2611772a5874d1a387d70baccaa01ab577cddc8/hashcat-blackHills_2018.pdf]</a>
◉───╡ BlackHills Hashcat Cheat Sheet.
<a href="https://hashcat.net/wiki/doku.php?id=example_hashes">▶[https://hashcat.net/wiki/doku.php?id=example_hashes]</a>
◉───╡ Hashcat Example Hashes Page.
<a href="https://github.com/hashstation/zip2hashcat/releases/tag/1.0">▶[https://github.com/hashstation/zip2hashcat/releases/tag/1.0]</a>
◉───╡ zip2hashcat download.
<a href="../../blogs/apr-19-2025.html">▶[https://left4code.neocities.org/blogs/apr-19-2025]</a>
◉───╡ My GPG Guide
<a href="https://reusablesec.blogspot.com/2014/12/tool-deep-dive-prince.html">▶[https://reusablesec.blogspot.com/2014/12/tool-deep-dive-prince.html]</a>
◉───╡ Old princeprocessor Blog Explaining Tool Use.
<a href="https://github.com/vpmv/princeprocessor">▶[https://github.com/vpmv/princeprocessor]</a>
◉───╡ vpmv's Re-write of princeprocessor in Go (Supports Separator)
<a href="https://vikaskumar.org/2024/01/14/hashcat-gpu-cluster-linux-setup.html">▶[https://vikaskumar.org/2024/01/14/hashcat-gpu-cluster-linux-setup.html]</a>
◉───╡ Entire Blog Installing and Using GPU drivers in Hashcat.
</pre>
<h4 id=">~(2)" class="blog-header">2. What you need to know</h4>
<p>1. basic understanding of the linux command line, specifically flags and output redirection just like the sha*sum section.</p>
<p>2. understanding of how to read manpages, you can type "man man" in your terminal to get an understanding.</p>
<p>3. a small bit of dedication to learn and follow along!</p>
<h4 id=">~(3)" class="blog-header">3. Our Scenario for Using Hashcat.</h4>
<p>Let's say you're doing a forensic investigation on someone who's using encryption to store data that is required to be known for the purposes of an investigation, the suspect isn't disclosing the password, so what can be done other than <a href="https://xkcd.com/538/">the obvious</a>?</p>
<p>this is where hashcat comes in. Hashcat allows a forensic investigator to crack the password used for encryption on a file or disk. It does this by first guessing a password through either a wordlist, brute-force, or other type of attack and hashing it. This generated hash is compared to the target hash and if they match, the password for the encryption is now known to the investigator.</p>
<p>as discussed earlier in the hashing section, any hash generated should be unique to that input that is used to create it, the word "Hi" should have it's own hash, and "Hello" should have it's own hash.</p>
<p>for the demonstration of using hashcat, <a href="https://git.qwik.space/left4code/L4C_Forensics_CTF/src/branch/master/Filesystem%20Imaging%20&%20hashing/hashing/learning">my gitea will contain a gpg private key, and a file encrypted with it's public key.</a> If you want to follow along with that I'm doing, then download them!</p>
<pre class="preformatted">
git clone https://git.qwik.space/left4code/L4C_Forensics_CTF </pre>
<p>then go to the "Filesystem Imaging & hashing" directory for the files, they're in the "learning" directory.</p>
<h4 id=">~(4)" class="blog-header">4. Installing Hashcat and John the Ripper</h4>
<p>Before I go into installing these, if you want to skip this section, all you need to do is install Kali Linux into a VM, all the tools are pre-built and the modules may work better in general.</p>
<p>To install hashcat, open a terminal and run the following command:</p>
<pre class="preformatted">
sudo apt install hashcat </pre>
<p>This will work if you are using apt as your package manager, if you are using another system change to your package manager accordingly.</p>
<p>We will be installing John the Ripper purely for the gpg2john.c program which will look through the GPG private key and pull out the password hash for the file which we can break with hashcat.</p>
<p>clone John the Ripper from the official git repo:</p>
<pre class="preformatted">
git clone https://github.com/openwall/john </pre>
<p>from there you can cd into the src directory and run</p>
<pre class="preformatted">
./configure && make </pre>
<p>if you get an error saying you don't have the necessary OpenSSL headers, you can specify --without-openssl after ./configure like this:</p>
<pre class="preformatted">
./configure --without-openssl && make </pre>
<p>if there is further errors, you may not have the gcc, build-essential or make packages installed and will need to install those.</p>
<p>you should now be able to move into the run directory which will now have the gpg2john program in it. To run it and test if it's working, you can run:</p>
<pre class="preformatted">
./gpg2john </pre>
<p>if you get output saying how to use gpg2john, then it's ready to go!</p>
<p>If you would like to run any of the programs in the /john/run directory from any other directory in the shell, you can add the directory to your path.</p>
<p>Assuming you cloned john to your Downloads directory, you can add it to your path like this:</p>
<pre class="preformatted">
export PATH=/home/&lt;your_user_name&gt;/Downloads/john/run:$PATH </pre>
<p>you should now be able to run:</p>
<pre class="preformatted">
echo $PATH </pre>
<p>and see that the entry for the john/run directory is in the path now. Remember that this directory's availability is only for this terminal session and will not work once you close your terminal or open another one. You will need to add the above command to the bottom of your .bashrc. <a href="https://www.howtogeek.com/658904/how-to-add-a-directory-to-your-path-in-linux/">this guide</a> outlines the process clearly and should be easy to follow. </p>
<h4 id=">~(5)" class="blog-header">5. Help with Hashcat</h4>
<p>Before I get into how to use Hashcat, I will link to a very nice cheatsheet from BlackHills infosec which shows all of the important commands that you will be using for password recovery. It is linked <a href="https://github.com/dboyd42/cheatsheets/blob/c2611772a5874d1a387d70baccaa01ab577cddc8/hashcat-blackHills_2018.pdf">here!</a></p>
<p>if you want to get help from the official source, you can run: </p>
<pre class="preformatted">
hashcat -h </pre>
<p>or</p>
<pre class="preformatted">
man hashcat </pre>
<p>to get official documentation information for using the program, the better you get at reading manpages, the more information you'll pick up that I don't talk about here.</p>
<h4 id=">~(6)" class="blog-header">6. GPG Private key hash cracking Hashcat and gpg2john</h4>
<p>This section will show how to use gpg2john and hashcat to crack a GPG private key's password and take over the identity of that user.</p>
<h4 id=">~{6.1}" class="blog-header">6.1 Extracting the Hash.</h4>
<p>First, you should extract the hash from the .asc file.</p>
<p>For this specific section, we will use "billy_sec.asc", it is meant to be easy to brute-force and is not a strong password at all. This is just to get the understanding of how to convert the hashes and everything.</p>
<p>for the purposes of this demonstration, the secret key file is provided, in a real-world scenario, this secret key file would not be easily accessible and would probably be behind another layer of encryption like LUKS.</p>
<p>after you have the .asc file, run gpg2john on it by using the following command:</p>
<pre class="preformatted">
gpg2john bill_sec.asc > &lt;hashfile_name&gt; </pre>
<p>this extracts the hash and puts the results in a file.</p>
<p>now since we're using hashcat, we need to do some modifications on the hash file before hashcat will accept it, so you need to open the hash file in your favorite text editor and change some things around.</p>
<p>before we do that, I would like to point you to the <a href="https://hashcat.net/wiki/doku.php?id=example_hashes">example hash page for hashcat</a>. You should reference this for the gpg hashes specifically, I had a lot of trouble actually getting hashcat to accept the hash, so don't get discouraged if it doesn't work immediately. </p>
<p>you will want to remove the parts of the hash that gpg2john generated which include the name of the key ("billy:" at the beginning) and remove the three ":" symbols at the end of the file and everything after that (:::billy (break this with hashcat------))</p>
<p>I will include the <a href="https://git.qwik.space/left4code/L4C_Forensics_CTF/src/branch/master/Filesystem%20Imaging%20&%20hashing/hashing/learning/new_bill.hash">hashfile that worked for me</a> so you can check the file differences.</p>
<p>A small note, on the hashcat examples page, anything marked with an "*" as an example means it's a feature in the beta build of hashcat only and is not available in normal hashcat.</p>
<h4 id=">~{6.2}" class="blog-header">6.2 Brute-Force Attack.</h4>
<p>To brute force the new hash we just generated and changed you need to run this command in this very specific order:</p>
<pre class="preformatted">
hashcat -m 17010 -a 3 new_bill.hash ?a?a?a </pre>
<p>To break this command down:</p>
<p>1. the -m 17010 is the gpg sha-1 hashcat module</p>
<p>2. the -a 3 specifies the brute-force method</p>
<p>3. ?a?a?a means try all possible characters within 3 key positions, an example of this would be "abc" or "C2E" as the password, I will show how to have more control over this functionality, especially when you don't know the potential length of characters in a hash that are being used.</p>
<p>after hashcat has turned through all of the possible combinations and finished, you can run the following command to see the hashes and decrypted password resulting from it:</p>
<pre class="preformatted">
hashcat -m 17010 -a 3 new_bill.hash ?a?a?a --show </pre>
<p>you should be able to deduce from the end of the output that the password is "123" as seen from "&lt;hash&gt;:123" inside hashcat.</p>
<p>if you didn't know the length of the password, you can use the <b>"-i"</b> flag and <b>"--incrment-min"</b> and <b>"--increment-max"</b> flags to specify what range of character length should be brute-forced.</p>
<pre class="preformatted">
hashcat -m 17010 -a 3 new_bill.hash -i --increment-min=1 --increment-max=4 ?a?a?a </pre>
<h4 id=">~{6.3}" class="blog-header"> 6.3 Dictionary Attack.</h4>
<p>Well.. Billy's private key password is leaked to literally everyone and is therefore able to be controlled by anyone! If you import this key into your GPG keyring as shown in my <a href="../../blogs/apr-19-2025.html">GPG guide</a> and export the public key, you can now hold Billy's identity hostage! If he doesn't have a revoke certificate for that key, he's done for.</p>
<p>Hey, wait.. Billy had some file encrypted with his public key didn't he? Let's decrypt it and see what it is!</p>
<p>Using GPG to decrypt the file and supplying the password</p>
<pre class="preformatted">
gpg &lt;file&gt; </pre>
<p>it gives a zip file, unzipping it presents a password-protected zip file and a text file with some chat logs in it. So we're not done yet. We will use <a href="https://github.com/hashstation/zip2hashcat/releases/tag/1.0">zip2hashcat</a> to get the hash for this zip file later.</p>
<p>Just clone the repository, and run the zip2hashcat binary on the zip file.</p>
<p>Billy seems to have bumped up security when it comes to this zip file, he could have made a phrase the password based using some of the words in the log. Standard brute forcing methods aren't going to cut it here.</p>
<p>In a case like this, what could be done is we could take the words from this text file, pick out the important ones and joiner words, then make a dictionary file with them.</p>
<p>For some background, in KeePassXC, there's a passphrase generator that will make a large password based on different words and supports separator characters too, like this for example:</p>
<pre class="preformatted">
Savor Spiny Shove Maroon Algebra Kindred Breezy </pre>
<p>From what I've seen, hashcat and John the Ripper are not equipped to handle passwords like this natively, and they do not seem to be able to generate a combination of words at a large scale.</p>
<p>Looking around, I found princeprocessor, which is an old hashcat module written in C which seemed to do what I wanted, you can look at <a href="https://reusablesec.blogspot.com/2014/12/tool-deep-dive-prince.html">this blog post about it all the way back in 2014</a> sadly, princeprocessor does not support character spacing, there's a 2 year old pull request for it that hasn't been satisfied yet. Not good.</p>
<p>But the day has been saved by <a href="https://github.com/vpmv/princeprocessor">vpmv! They re-wrote princeprocessor in Go and gave it separator functionality!</a></p>
<p>So that's the ticket, make the initial wordlist, then run it through princeprocessor with the amount of words you think could range in the chain, and generate the wordlist!</p>
<p>Word of warning though, it takes so much disk space for the password I created, so I'll just tell you the password, it's:</p>
<pre class="preformatted">
Jesse from Breaking Bad in Alaska flying Delta </pre>
<p>The wordlist could probably be cut down a lot if you were to run it through something else which checked each chain to see if it made grammatical sense and remove failing entries, but I don't know if that actually exists or not. But it would cut the wordlist down to probably megabytes in size compared to like 5 gigs.</p>
<p>For the record, this program is totally able to generate the password and with enough resources you would be able to crack this zip within a day with a couple GPUs</p>
<p>I was able to run this command and using grep, I checked and the password was there.</p>
<p>If you want to install this program for yourself, install the golang package and run:</p>
<pre class="preformatted">
go install github.com/vpmv/princeprocessor </pre>
<p>you'll find it in <b>/home/&lt;user&gt;/go/bin/ </b> then run ./princeprocessor to use it.</p>
<p>the command I used to generate the wordlist was this:</p>
<pre class="preformatted">
./princeprocessor -i &lt;initial_dictionary&gt; -n 8 -m 8 -o prince_dict.txt </pre>
<p>after you have your generated wordlist, you would run the following command using it:</p>
<pre class="preformatted">
hashcat -m 13600 -a 0 -w 3 &lt;princeprocessor_wordlist.txt&gt; &lt;zip_hash.txt&gt; </pre>
<h4 id=">~(7)" class="blog-header">7. Using GPUs</h4>
<p>I talked earlier about using GPUs for hash cracking. This is true, you should be using GPUs for hash cracking as it is much faster than user the CPU by default. However you need to do some things first before you can use the GPU, you can even combine the CPU and GPU together for cracking. <a href="https://vikaskumar.org/2024/01/14/hashcat-gpu-cluster-linux-setup.html">This guide shows the process for getting drivers nicely.</a> </p>
<p>To summarize this article for the drivers, if you're using Kali, drivers should work out of the box and all you will need to do is run:</p>
<pre class="preformatted">
hashcat -I </pre>
<p>to see the different devices hashcat has detected.</p>
<p>you would then run the command:</p>
<pre class="preformatted">
hashcat -D &lt;device_number&gt; </pre>
<p>before your command, this would use the device. If you want to use multiple devices, you just have to separate them by commas (,) to add them. An example of this would be:</p>
<pre class="preformatted">
hashcat -D 1,2 &lt;other_flags&gt; </pre>
<h4 id=">~(8)" class="blog-header">8. Conclusion</h4>
<p>Hashcat is a very advanced program for cracking hashes, I don't think I did it justice given what I've covered compared to the sheer scale of this program's abilities. I highly recommend you dive as far as you can into hashcat forum posts and the hashcat manual if you want more specific options or your individual situation was not covered in this course section.</p>
</section>
</div>
</body>
</html>

147
courses/hash_forensics/hashid.html Normal file
View File

@@ -0,0 +1,147 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="description" content="CONTENT">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="Left4Code">
<meta name="keywords" content="hashid, Hashid, hashID, hashif, Hashif, identify hash">
<link rel="icon" type="image/x-icon" href="../../favicon/favicon.ico">
<title>Left4Code - (Courses) - {hashID}</title>
<link rel="stylesheet" type="text/css" href='../../style.css'>
</head>
<body>
<header>
<span>Left4Code</span>
</header>
<nav>
<div>
<a href="../../index.html">Home</a>
<a href="../../blog.html">Blog</a>
</div>
</nav>
<div class="container">
<section>
<h1 class="blog-header">hashID</h1>
<h3>--| Posted: 05-06-25</h3>
<h4 class="blog-header">Table of Contents</h4>
<div id="toc_container">
<hr>
<ul class="toc_list">
<li><a href="#>~(1)">1. Background Information</a></li>
<ul>
<li><a href="#>~{1.1}">1.1 Links Used on this Page</a></li>
</ul>
<li><a href="#>~(2)">2. Installing hashID</a></li>
<li><a href="#>~(3)">3. Using hashID</a></li>
<ul>
<li><a href="#>~{3.1}">3.1 Determining Hashes Using Hashid</a></li>
<li><a href="#>~{3.2}">3.2 Outputting Hashes to a File</a></li>
<li><a href="#>~{3.3}">3.3 Hashcat and JtR Output Modes</a></li>
</ul>
<li><a href="#>~(4)">4. Conclusion</a></li>
</div>
<hr>
<h4 id=">~(1)" class="blog-header">1. Background Information</h4>
<p>hashID is a program that uses regular expressions (regex) to determine the type of hash provided from a string, this can be very useful to use when cracking hashes with either John the Ripper or Hashcat</p>
<p>I will show the different options that hashID offers.</p>
<h4 id=">~{1.1}" class="blog-header">1.1 Links Used on This Page</h4>
<pre class="preformatted">
<a href="https://github.com/psypanda/hashID">▶[https://github.com/psypanda/hashID]</a>
◉───╡ hashID Github link.
<a href="https://github.com/psypanda/hashID/releases">▶[https://github.com/psypanda/hashID/releases]</a>
◉───╡ hashID releases section on Github.</pre>
<h4 id=">~(2)" class="blog-header">2. Installing hashID</h4>
<p>Installing hashID is simple and can be installed on any system with python installed. You can install hashID directly using pip by running:</p>
<pre class="preformatted">
pip install hashid</pre>
<p>If you are using Kali or some ubuntu derivative, you can install it using aptitude.</p>
<pre class="preformatted">
sudo apt install hashid </pre>
<p>Additionally, you can clone the repository as shown in the github readme:</p>
<pre class="preformatted">
sudo apt-get install python3 git
git clone https://github.com/psypanda/hashid.git
cd hashid
sudo install -g 0 -o 0 -m 0644 doc/man/hashid.7 /usr/share/man/man7/
sudo gzip /usr/share/man/man7/hashid.7 </pre>
<p>If you would like a release file, you can get them <a href="https://github.com/psypanda/hashID/releases">here</a>.</p>
<p>*You may need to add hashID to your system path if you do not install it from a repository.</p>
<h4 id=">~(3)" class="blog-header">3. Using hashID</h4>
<p>hashID is very simple to use, the simple utilization of hashID is as follows:</p>
<pre class="preformatted">
hashid &lt;hash&gt; </pre>
<p>it's that simple, hashID will print out a list of potential hash algorithms that could have been used to generate the hash.</p>
<h4 id=">~{3.1}" class="blog-header">3.1 Determining Hashes Using Hashid</h4>
<p>Personally, when attempting to determine the hash algorithm used to generate a specific hash, the most common algorithms should be first be considered before the more exotic algorithms, for example, in hashID, a SHA256 hash will give multiple different false positives like Haval-256 and GOST. </p>
<h4 id=">~{3.2}" class="blog-header">3.2 Outputting Hashes to a File</h4>
<p>When using hashID by default, the program will default to standard output, which is the terminal. If you want the output of hashID to be put into a file, you can use the <b><i>-o</i></b> flag.</p>
<pre class="preformatted">
hashid &lt;hash&gt; -o &lt;output_file&gt; </pre>
<h4 id=">~{3.3}" class="blog-header">3.3 Hashcat and JtR Output Modes</h4>
<p>To output the different modes that both Hashcat and JtR support for each hash identifier.</p>
<p>you can use <b><i>-m</i></b> for hashID to output the hash mode number and you can use <b><i>-j</i></b> for the john the ripper identifier</p>
<p>I go over how to utilize the modes feature in the Hashcat tutorial which is after this one.</p>
<h4 id=">~(4)" class="blog-header">4. Conclusion</h4>
<p>hashID is a very simple and useful tool which should be used in combination with Hashcat or John the Ripper to accurately determine hash algorithms for cracking purposes.</p>
</section>
</div>
</body>
</html>

2
courses/hash_forensics/shasum.html
View File

@@ -68,7 +68,7 @@
<h4><b>3 —</b> File Metadata!</h4>
<pre class="preformatted">mat2 -s &lt;your_file&gt; | sha*sum</pre>
<h4><b>4 —</b> The Git Repo for this course!</h4>
<pre class="preformatted">wget https://git.i2pd.xyz/Left4Code/L4C_Forensics_CTF/ -O h1.html &amp;&amp; sha*sum $_</pre>
<pre class="preformatted">wget https://git.qwik.space/Left4Code/L4C_Forensics_CTF/ -O h1.html &amp;&amp; sha*sum $_</pre>
<p>Basically, you can hash whatever your heart desires if you're thinking hard enough. I'll manipulate some of the above examples to instead be forensics-oriented in the next section.</p>
<h3 class="blog-header">Some Techniques to Make Hashing Effective for Forensics</h3>

13
courses/metadata_forensics/exiftool.html
View File

@@ -94,19 +94,6 @@ Tag ID | Tag Name | Group | Writable
<h3 class="blog-header">Conclusion</h3>
<p>exiftool is such a massive utility that I obviously won't be able to cover everything it can do, but hopefully the exiftool.org forums and the man-pages will be enough for you to find what you need if it wasn't outlined here, but if you're doing forensics what I've written here is probably all you'll need for reading metadata for an investigation.</p>
<h3 class="blog-header">Challenge (BKFLAG)</h3>
<p>Let's have a little throw back to 2012 when <a href="https://archive.org/details/originalbkflimage">this fun image</a> showed up on a little web forum back in the day. It has the metadata and GPS location in it still (Cartwheel76 and Zubes, thank you!). To complete this challenge, follow these guidelines (or don't, figure something else out that solidifies all this learning!)</p>
<div style="white-space: pre-wrap">
<b>1)</b> Head over to the <a href=https://git.i2pd.xyz/Left4Code/L4C_Forensics_CTF/src/branch/master/Metadata%20Forensics>L4C Forensics Git Repository</a> for this course and download the gpg file in addition to the BKFL photo.
<b>2)</b> Use exiftool (and mat2 if you read the guide) to determine what kind of phone took the photo
<b>3)</b> Copy the phone exact model (ex. Oneplus 7 Pro) [The capitalization of the phone model matters!] from exiftool and paste it into the gpg decrypt prompt when you run gpg on the encrypted file from the terminal in order to decrypt it and claim your prize of 1 hackerman cat photo, YOU NEED GPG TO DO THIS!!
<pre class="preformatted">sudo apt install gpg</pre>
<pre class="preformatted">gpg BKFLAG.gpg</pre>
<b>4)</b> Modify the phone model to a different model of phone (or just say something funny or mess with the cat photo's metadata in whatever way you want)
</div>
</section>

4
index.html
View File

@@ -27,12 +27,12 @@
<h4>
</h4>
<h4>
<a href="https://git.i2pd.xyz/Left4Code">Gitea</a>
<a href="https://git.i2pd.xyz/Left4Code">Gitea</a> | <a href="https://git.qwik.space/Left4Code">[Mirror]</a>
</h4>
<hr>
<h4>
<a href="left4code_gpg.txt">Email & GPG Key</a> | <a href="blogs/apr-19-2025.html">How to Use GPG!</a>
<a href="left4code_gpg.txt">✉️ Email & GPG Key 🔑</a> | <a href="blogs/apr-19-2025.html">[-How to Use GPG!-]</a>
</h4>
<hr>
</section>