Skip to content

Instantly share code, notes, and snippets.

@grutz
Created August 11, 2013 20:24
Show Gist options
  • Save grutz/6206693 to your computer and use it in GitHub Desktop.
Save grutz/6206693 to your computer and use it in GitHub Desktop.
CMIYC 2013: Challenge 9 PFX Crack
grutz@beelzebubba:2013-cmiyc-street-challenges_1-9$ tar -tvf Challenge9_street.tar.xz
drwxr-sr-x root/root 0 2013-08-01 20:12 Challenge9_street/
-rw-r--r-- root/root 329 2013-08-01 20:12 Challenge9_street/README
-rw-r--r-- root/root 67108864 2013-08-01 20:12 Challenge9_street/efs.dd
grutz@beelzebubba:2013-cmiyc-street-challenges_1-9$ cd Challenge9_street
grutz@beelzebubba:loop$ Challenge9_street$ cat README
The filesystem in this .dd image has some encrypted files within it.
If you recover any of the passwords needed to decrypt the files,
submit them like any other password crack (each plaintext on a line
by itself).
If you manage to decrypt the files, they will give you some hints
about some of the plaintexts used by Company3.
grutz@beelzebubba:Challenge9_street$ fdisk -l efs.dd
Disk Challenge9_street/efs.dd: 67 MB, 67108864 bytes
2 heads, 1 sectors/track, 65536 cylinders, total 131072 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x06d9f508
Device Boot Start End Blocks Id System
efs.dd1 128 125055 62464 7 HPFS/NTFS/exFAT
grutz@beelzebubba:Challenge9_street$ mkdir loop
grutz@beelzebubba:Challenge9_street$ sudo mount -o ro,loop,offset=65536 efs.dd loop
grutz@beelzebubba:Challenge9_street$ cd loop
grutz@beelzebubba:loop$ ls
backup $RECYCLE.BIN secret documents System Volume Information
grutz@beelzebubba:loop$ ls backup
63492B3A0CE6EF8BBFD60B8446C95A76D26E30C7 mabel.pfx
grutz@beelzebubba:loop$ ls secret\ documents/
dipper.txt mabel.txt shared.txt
grutz@beelzebubba:loop$ /opt/pw-crackers/jtr/JohnTheRipper/run/pfx2john backup/mabel.pfx
grutz@beelzebubba:loop$ /opt/pw-crackers/jtr/JohnTheRipper/run/pfx2john backup/mabel.pfx
mabel:$pfx$*2558*308209fa020103308209b606092a864886f70d010701a08209a7048209a33082099f3082060806092a864886f70d010701a08205f9048205f5308205f1308205ed060b2a864886f70d010c0a0102a08204fe308204fa301c060a2a864886f80be020207d0048204d8305d1ca9b208ecf652688134b1bea08c5d68657b01a28ee2405c3df2df8a098b85231b50d3d8587f3a68f7c23303cb2cd614ab69e9110fa3b9f7f6960a057c49a2f30abbbea2d4459fdef767365de4a29faed039d6c4a0662b73a32ba900dca20c64b1a63118b639e298bbc874cec74c42b5ca32b0fa0c88f5661eed640bd35e0f9fdd75b63a81eed2c64c46c94b8d2251bd67274c733f8dbcf63f3b80c86be5ea94cba8e6701498b6b6cd93dc2fb15186b00d621e2e2b69a22028aeebe1aa1ae968b39a74cbeab9ff7239dde62fe007e861cc056fd40e3bf84556ee47d692c2702ac21d3dfe1ae23d837b62ff07085b5db26cb549bf253615d16ac464a2c745d70df8cdd8e534db953097ffa2f263a588e3b27893b3f1bb0f34e981d8553ff675285d4bec52979b348a47f78be237fde3596b1238c4a4e3ec11ba463af944cc43bf38a1e2214d0c6674cdbcde10dfb5486b86ec85812c1f49d63dbd54124add3ed7705334109cee404eca6b36d1b94f334cbd3d7252cf36042b32992c593cebf6ae731e94c18a4d9f67d275659220839bcafb4577473dc9fe2d73a4fa3bfdd691e9fb849d88228e6e520bcdebc18abf86cbf6613dc0e6fa77cb8833b56a410d3438a2c8a6b0b5b3cc3ac2bf53b349dcf8895107eaea6b7b2584e1277a68e0e44582161ada000b0d04e7dbfcb51cb43d0ead47fe96b75fecb4283b7c7a9b057fedf9d32ccdcd416fe43a12c3bd14eb7210a20ce98af13f8c74ac8b88d2a260e44dc09f8e7942dbc0a31ab909292d6ab20e769f90727b50064b0d7625666bcef0b68343320a4e3ad8e3fc697428ecd17742fa2331b6c97c87674b692dcf6b2336c62a17e743c915a50a6a5a269148f9efa8945f0a6a6cb3a8c7ad583a1b7ef05d287a7fa3c6122280f3930808f96f7af9e51a366b64e2f98704fa6b5ad2b8808e8027c85bb9d40edcba2677e189378d8dd70a4634b739006cd151313285087553b7f3c45d938d63e62f3389346e786d9d98c168e39a3dc83fae8be2f0de266c4049dce5bf36612b2e718aabacf8048b8a764e14a7eb6468d9f4baafeedf0f56979e67d93e894fe28a9218b96925e0b671a9c2abdf2dba2f21d19ffd4d6a4ccc921bf223cec4e48c5e712f4aa4fd4fa438f3e5f63e4fd100d9a8e8f80d173aba61e939766d45438147ec08428c0a9a5ef2185953f097d91f8ad2570b5f6fc2306de321f53543e69e488dfeae2b950435cb6cb176d0f4df722a47780ad5dc663b03de0db5ebf227b493dc820e72cbf02709e0dbe49ffe59842c0eee11568d58a9673687f115a84fb3b58451daa8301ea7985fc4888a68097def56f3ba36f3bbe0d54a7507cfa694be6581f9ee39240dddc424179e2f25bf9d89d1aa950e7466e3dabcd5970367146dd63bcbd69b0b6d861dc8f28d6acf51c8b14401c0fcff555d09aac561ade9016c110a7d0d7aa7bfa5a92b6abed86c0dce1c50a67170e5e920dc7112e4453889ed68081a070fbe66ea29a4c4097efbddd8d800fa10ab913181db301306092a864886f70d0109153106040401000000305706092a864886f70d010914310370038002d0038006500390038002d0034003100660064002d0062003400630065002d006100380036003800620036003000330034006200660032306b06092b0601040182371101315e1e5c004d006900630072006f0073006f0066007400200045006e00680007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00303082038f06092a864886f70d010706a08203803082037c0201003082037506092a864886f70d010701301c060a2a864886f70d010c207d08082034874998debe490236fee2692efc7e1be935afae2ccacda0e69d3080bf5ed04e81bbcb2a3e03228a452c0856a6d1fc31d28dbfe2e94ccf47788e1e470c5775e7f9fa955ff82c87827e2b509174349e5e0037e4d28cbe5e7b05c642b5e1bb1b481ae5bcd230e1e60630284c6a52e75da43192b3f2a0704a0a01f99fb1c4e05e57754d072cc8c8430de995ad091ccb22f0647a04966e7cdee857e1082f83c30c18e50955089000b7de67c738bc08bbf25fa1f0285a885df0fd52eb1ea90052ee5ba5fc5808f9adf1df7487f6d0637d181dd4d817b9b6b3150cdfa89acdff2e123d82a6e03c2e1044434d95bfeb29fb647b74650404fe0b04612084e7a0645b5348d551b9d4d9368fd939a2a9509f68e5e24ba977d92a58af2ee4313247fb2fa3ce10ce563a2fa46a777b3f0d6e371cd39c862669e481fd6dba9480a27cf35f1d627f3b77d7adb1db5490252de1dea64a0328fdbbb050c5579f7695502781ab638c601036c7121e8c6a2644267e0f8c3d9b6c8c55aa374c958d5c458e684355cd4378637664a5d5071a1191c6f6568c233d6829a5d25b1bb603ce57f6c4d20fd3f6d479daa97dda788d963ea33f130e106e838c9c8b33c16f5cfb213e9ab53911bb825e5bcf42341ecbe953462047d6c8bbc26bf8471dc97566e3fdaf46cd1b74c31670ac31e0bd38452b9414a79cb21903d0d5523c51f4dd35714d8dbc1a4ef689e3bfc41716867d0473b4a1b3110810e8efdb1d742b5c740d9727fdfb74d23b6104ba206b5903e3a9c43b3e9768a42b4afded64ba0393689d81c4e92f8864e229ef07679a74b0abc9016579935aa5587dcd8961ae1b8854a7221d7156e7eaae79350a9bd3ea7dd6cd980e0e89ea6262135186a1299df861c4b73207444c75b9ecfbb5ad516affd533ff13dde3ee262c21d40a7f46978479b0b588cefdb7e64ccd0182cad341a1891347c3c2220ea4ed002bc633aeb29e5737d3b9b1ffce091e869843f2169ad86a4f435704e22e9d8687eee8a7e81aae223d274e28fab6303b301f300706052b0e03021a04145fd87aaa600a441a08dcab62a9a060c724297f1c0414e5b381d1b8d3efa39ced9d91a660d07bb8fa2d48020207d0
grutz@beelzebubba:loop$ /opt/pw-crackers/jtr/JohnTheRipper/run/pfx2john backup/mabel.pfx > chal9_pfx.hash
grutz@beelzebubba:loop$ john chal9_pfx.hash -pot:$KORE/kore2013.pot -sess:/tmp/chal9pfx -w:/opt/pw-crackers/wordlists/realworld/rockyou.txt
Loaded 1 password hash (PKCS12 (.pfx, .p12) [32/64])
guesses: 0 time: 0:00:00:12 0.18% (ETA: Sat Aug 3 11:42:23 2013) c/s: 2599 trying: 160988
guesses: 0 time: 0:00:00:32 0.40% (ETA: Sat Aug 3 12:04:37 2013) c/s: 2190 trying: renees
guesses: 0 time: 0:00:00:43 0.52% (ETA: Sat Aug 3 12:09:06 2013) c/s: 2109 trying: 10081993
guesses: 0 time: 0:00:02:55 1.96% (ETA: Sat Aug 3 12:20:05 2013) c/s: 1889 trying: toploader
waddles1 (mabel)
guesses: 1 time: 0:00:04:06 DONE (Sat Aug 3 09:55:23 2013) c/s: 1850 trying: waddles1
Use the "--show" option to display all of the cracked passwords reliably
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment