Last active
January 5, 2023 10:40
-
-
Save dolmen/91e1c1a2e9e0f79cc6866de65daa91db to your computer and use it in GitHub Desktop.
Convert OpenSSH known_hosts for hashcat processing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
kh-to-hashcat allows to convert an OpenSSH known_hosts hashed file to a | |
format that can be used with hashcat to recover hosts. | |
Note that as the know_hosts file usually contains multiple keys for each host | |
it is wise to filter the file to a single key type to filter redundant hashes. | |
Check this stat: | |
perl -nE '$c{$1}++ if /^\|1\|[^ ]+ ([^ ]+)/;END{say "$_: $c{$_}" for keys %c}' ~/.ssh/known_hosts | |
Usage: | |
grep ssh-rsa ~/.ssh/known_hosts | go run kh-to-hashcat.go > known_hosts.hashes.txt | |
hashcat -m 160 -a 3 --hex-salt known_hosts.hashes.txt ipv4.hcmask | |
This is a port of https://github.com/chris408/known_hosts-hashcat/blob/master/kh-converter.py | |
Author: Olivier Mengué <dolmen@cpan.org> | |
*/ | |
package main | |
import ( | |
"bufio" | |
"encoding/base64" | |
"fmt" | |
"os" | |
"strings" | |
) | |
func main() { | |
s := bufio.NewScanner(os.Stdin) | |
for s.Scan() { | |
line := s.Text() | |
if !strings.HasPrefix(line, "|1|") { | |
continue | |
} | |
entry, _, found := strings.Cut(line[3:], " ") | |
if !found { | |
continue | |
} | |
saltB64, hashB64, found := strings.Cut(entry, "|") | |
if !found { | |
continue | |
} | |
// fmt.Println(saltB64, hashB64) | |
salt := decB64(saltB64) | |
hash := decB64(hashB64) | |
// Output for processing with: hashcat -m 160 -a 3 --hex-salt converted_known_hosts ipv4.hcmask | |
fmt.Printf("%x:%x\n", hash, salt) | |
} | |
} | |
func decB64(s string) []byte { | |
o, err := base64.StdEncoding.DecodeString(s) | |
if err != nil { | |
panic(err) | |
} | |
return o | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment