Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CMIYC 2013: Challenge 9 PFX Cracking
grutz@beelzebubba:loop$ backup$ openssl pkcs12 -in backup/mabel.pfx
Enter Import Password:
Mac verify error: invalid password?
grutz@beelzebubba:loop$ /opt/pw-crackers/jtr/JohnTheRipper/run/pfx2john backup/mabel.pfx
mabel:$pfx$*2558*308209fa020103308209b606092a864886f70d010701a08209a7048209a33082099f3082060806092a864886f70d010701a08205f9048205f5308205f1308205ed060b2a864886f70d010c0a0102a08204fe308204fa301c060a2a864886f80be020207d0048204d8305d1ca9b208ecf652688134b1bea08c5d68657b01a28ee2405c3df2df8a098b85231b50d3d8587f3a68f7c23303cb2cd614ab69e9110fa3b9f7f6960a057c49a2f30abbbea2d4459fdef767365de4a29faed039d6c4a0662b73a32ba900dca20c64b1a63118b639e298bbc874cec74c42b5ca32b0fa0c88f5661eed640bd35e0f9fdd75b63a81eed2c64c46c94b8d2251bd67274c733f8dbcf63f3b80c86be5ea94cba8e6701498b6b6cd93dc2fb15186b00d621e2e2b69a22028aeebe1aa1ae968b39a74cbeab9ff7239dde62fe007e861cc056fd40e3bf84556ee47d692c2702ac21d3dfe1ae23d837b62ff07085b5db26cb549bf253615d16ac464a2c745d70df8cdd8e534db953097ffa2f263a588e3b27893b3f1bb0f34e981d8553ff675285d4bec52979b348a47f78be237fde3596b1238c4a4e3ec11ba463af944cc43bf38a1e2214d0c6674cdbcde10dfb5486b86ec85812c1f49d63dbd54124add3ed7705334109cee404eca6b36d1b94f334cbd3d7252cf36042b32992c593cebf6ae731e94c18a4d9f67d275659220839bcafb4577473dc9fe2d73a4fa3bfdd691e9fb849d88228e6e520bcdebc18abf86cbf6613dc0e6fa77cb8833b56a410d3438a2c8a6b0b5b3cc3ac2bf53b349dcf8895107eaea6b7b2584e1277a68e0e44582161ada000b0d04e7dbfcb51cb43d0ead47fe96b75fecb4283b7c7a9b057fedf9d32ccdcd416fe43a12c3bd14eb7210a20ce98af13f8c74ac8b88d2a260e44dc09f8e7942dbc0a31ab909292d6ab20e769f90727b50064b0d7625666bcef0b68343320a4e3ad8e3fc697428ecd17742fa2331b6c97c87674b692dcf6b2336c62a17e743c915a50a6a5a269148f9efa8945f0a6a6cb3a8c7ad583a1b7ef05d287a7fa3c6122280f3930808f96f7af9e51a366b64e2f98704fa6b5ad2b8808e8027c85bb9d40edcba2677e189378d8dd70a4634b739006cd151313285087553b7f3c45d938d63e62f3389346e786d9d98c168e39a3dc83fae8be2f0de266c4049dce5bf36612b2e718aabacf8048b8a764e14a7eb6468d9f4baafeedf0f56979e67d93e894fe28a9218b96925e0b671a9c2abdf2dba2f21d19ffd4d6a4ccc921bf223cec4e48c5e712f4aa4fd4fa438f3e5f63e4fd100d9a8e8f80d173aba61e939766d45438147ec08428c0a9a5ef2185953f097d91f8ad2570b5f6fc2306de321f53543e69e488dfeae2b950435cb6cb176d0f4df722a47780ad5dc663b03de0db5ebf227b493dc820e72cbf02709e0dbe49ffe59842c0eee11568d58a9673687f115a84fb3b58451daa8301ea7985fc4888a68097def56f3ba36f3bbe0d54a7507cfa694be6581f9ee39240dddc424179e2f25bf9d89d1aa950e7466e3dabcd5970367146dd63bcbd69b0b6d861dc8f28d6acf51c8b14401c0fcff555d09aac561ade9016c110a7d0d7aa7bfa5a92b6abed86c0dce1c50a67170e5e920dc7112e4453889ed68081a070fbe66ea29a4c4097efbddd8d800fa10ab913181db301306092a864886f70d0109153106040401000000305706092a864886f70d010914310370038002d0038006500390038002d0034003100660064002d0062003400630065002d006100380036003800620036003000330034006200660032306b06092b0601040182371101315e1e5c004d006900630072006f0073006f0066007400200045006e00680007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00303082038f06092a864886f70d010706a08203803082037c0201003082037506092a864886f70d010701301c060a2a864886f70d010c207d08082034874998debe490236fee2692efc7e1be935afae2ccacda0e69d3080bf5ed04e81bbcb2a3e03228a452c0856a6d1fc31d28dbfe2e94ccf47788e1e470c5775e7f9fa955ff82c87827e2b509174349e5e0037e4d28cbe5e7b05c642b5e1bb1b481ae5bcd230e1e60630284c6a52e75da43192b3f2a0704a0a01f99fb1c4e05e57754d072cc8c8430de995ad091ccb22f0647a04966e7cdee857e1082f83c30c18e50955089000b7de67c738bc08bbf25fa1f0285a885df0fd52eb1ea90052ee5ba5fc5808f9adf1df7487f6d0637d181dd4d817b9b6b3150cdfa89acdff2e123d82a6e03c2e1044434d95bfeb29fb647b74650404fe0b04612084e7a0645b5348d551b9d4d9368fd939a2a9509f68e5e24ba977d92a58af2ee4313247fb2fa3ce10ce563a2fa46a777b3f0d6e371cd39c862669e481fd6dba9480a27cf35f1d627f3b77d7adb1db5490252de1dea64a0328fdbbb050c5579f7695502781ab638c601036c7121e8c6a2644267e0f8c3d9b6c8c55aa374c958d5c458e684355cd4378637664a5d5071a1191c6f6568c233d6829a5d25b1bb603ce57f6c4d20fd3f6d479daa97dda788d963ea33f130e106e838c9c8b33c16f5cfb213e9ab53911bb825e5bcf42341ecbe953462047d6c8bbc26bf8471dc97566e3fdaf46cd1b74c31670ac31e0bd38452b9414a79cb21903d0d5523c51f4dd35714d8dbc1a4ef689e3bfc41716867d0473b4a1b3110810e8efdb1d742b5c740d9727fdfb74d23b6104ba206b5903e3a9c43b3e9768a42b4afded64ba0393689d81c4e92f8864e229ef07679a74b0abc9016579935aa5587dcd8961ae1b8854a7221d7156e7eaae79350a9bd3ea7dd6cd980e0e89ea6262135186a1299df861c4b73207444c75b9ecfbb5ad516affd533ff13dde3ee262c21d40a7f46978479b0b588cefdb7e64ccd0182cad341a1891347c3c2220ea4ed002bc633aeb29e5737d3b9b1ffce091e869843f2169ad86a4f435704e22e9d8687eee8a7e81aae223d274e28fab6303b301f300706052b0e03021a04145fd87aaa600a441a08dcab62a9a060c724297f1c0414e5b381d1b8d3efa39ced9d91a660d07bb8fa2d48020207d0
grutz@beelzebubba:loop$ /opt/pw-crackers/jtr/JohnTheRipper/run/pfx2john backup/mabel.pfx > $KORE/chal9_pfx.hash
grutz@beelzebubba:loop$ john $KORE/chal9_pfx.hash -pot:$KORE/kore2013.pot -sess:/tmp/chal9pfx -w:/opt/pw-crackers/wordlists/realworld/rockyou.txt
Loaded 1 password hash (PKCS12 (.pfx, .p12) [32/64])
guesses: 0 time: 0:00:00:12 0.18% (ETA: Sat Aug 3 11:42:23 2013) c/s: 2599 trying: 160988
guesses: 0 time: 0:00:00:32 0.40% (ETA: Sat Aug 3 12:04:37 2013) c/s: 2190 trying: renees
guesses: 0 time: 0:00:00:43 0.52% (ETA: Sat Aug 3 12:09:06 2013) c/s: 2109 trying: 10081993
guesses: 0 time: 0:00:02:55 1.96% (ETA: Sat Aug 3 12:20:05 2013) c/s: 1889 trying: toploader
waddles1 (mabel)
guesses: 1 time: 0:00:04:06 DONE (Sat Aug 3 09:55:23 2013) c/s: 1850 trying: waddles1
Use the "--show" option to display all of the cracked passwords reliably
grutz@beelzebubba:loop$ openssl pkcs12 -nodes -in mabel.pfx
Enter Import Password:waddles1
MAC verified OK
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: 7300a378-8e98-41fd-b4ce-a868b6034bf2
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Key Attributes
X509v3 Key Usage: 10
-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQCapLxDmXEXxISA
M7EKO4CtKxhPmfTY0HWyP2TM8PEi8/jfCEMatIKtCRfP/R/viNbGmzdybOCnMDqy
GKsrPRb8kelyHV23ezHrd3Z4kBjh30U4zRACCUWQzxkijhVVfzrPeTxV7JPioAp0
ilsexGH4u2WNnFVmcxfyKN4luYQUpiV1UUtria9c8osFsaFbw0ZVixbqeMwvOaYp
LICGu7fEB9oMVT2ahATlPvKSHUYXZKl3Rx3q7gWXdxJhF7I1zAKGA4YvRGQo5baU
rANPyTHM0G9eoL667LkI/bOgF7G3/apyMMIZWRVZ8JkyNAEAm6+dYfBFHMX8cIqr
VUP0S9azAgMBAAECggEBAISdKplp13MDYoEyUussdb+KylFQ/IiF07ik5oNdR9yq
jcxtoGYhUEKlHpeNQTrABTbR2q20sr6M/HjH8NmmjLTRR/lFN53l9rwveRgQslXY
itsX91dXriFth+d7Is5ryforxFMHCxb4GZ8xGsz6qe2Mfpz+6Llvj6Rp6X8+ZQby
0bq0g1fFjoKprErSaiRsXacsdFGYNA9Zdg524aqMxGw9dGZvh6rBQ0OoN3W9iRlI
8ALHftFn0gmFmGZCFZiUnDZWy0PDYkrne5h0mis7xiLzovB89BQRIQiU2fo60wRx
TtRYWUPgU0RXep+56zPJjN1qA0dOt+srwmYJwX9VLsECgYEA1wAdpsn6SxZU5JXz
DLTTXgO8GvGLKdPUiR/zdqjh/nqPnswIYrHDkAH8rhUkYNxsPFrEhkvKj3WBVd+y
XWd+RFkFV00xcssRgX5e2yiYSXAYJKGOS0/zd0Js4ahsPBXajMbxBhJ/d8RB2AvR
ZfDAevFFOLv55TJslWiYTTpVAWECgYEAuCIdsSNW3vmaLeunLm/WKpkaqPzbXrKp
0gTN/lvHOckmKgrmvlH5dEcYSrzpcywHkzdE10UsPLEJX6fHfm+vRJ+qv+MPOu4D
Clja0SSJI0rg8STmqjOjOrBziZ+SJVN6hHuzxbgMjxU1MXkDCAemLoFBBbaKkaGn
hOycKQObjJMCgYEAoO3+Q90FU3T4wE0ZK1aiq8mB4G0SbJGZkbZvx07sMk5M+GDi
mfVTW5SRLUC4BSSYg6ixV5CdozoiQEP7v3x6/+/eVpV6QOGNTe9oUwUU0EtuVuTy
nJ7Qr2DyHQqzUVpOR3eV66Sm8t/dJTjbWUGW4a98z9WsXImcy00KSywxeqECgYEA
kqlZzQXA48kbrQfOGYaqpzNbsM32TO8xpD5/dOHVRYmaBFK6h0zzzFH0X1Mo/rtL
LU8QXgaSvaSlOrOAioyapaYncr+AGggKE+vCHmNjd+DkWi5yK48FrHFvFWcsGN7s
7yk4f3uhRTY3MDia2YJ+MvxwtgQ3StfffliX6XMeKlECgYEApZdig+LP1UUciQw+
ZnVhLEtuQ2VbKyurJlxuB7e5/rPv9fpzFh04GUoD0aZO6jcx7ppeYEwewV+49C62
EmcTTGFD/AC7qfzgKV6YZZ7s7heEhG+SLWHb67BVs/YCD0CuoHFotRD2TPLqCOF2
naogtUDqE40K8I7a5ym91bah4N4=
-----END PRIVATE KEY-----
Bag Attributes
localKeyID: 01 00 00 00
subject=/CN=mabel
issuer=/CN=mabel
-----BEGIN CERTIFICATE-----
MIIC+zCCAeOgAwIBAgIQegwksC2IMb5DasmLh5QWDzANBgkqhkiG9w0BAQUFADAQ
MQ4wDAYDVQQDEwVtYWJlbDAgFw0xMzA3MzAxOTQ2MzJaGA8yMTEzMDcwNjE5NDYz
MlowEDEOMAwGA1UEAxMFbWFiZWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCapLxDmXEXxISAM7EKO4CtKxhPmfTY0HWyP2TM8PEi8/jfCEMatIKtCRfP
/R/viNbGmzdybOCnMDqyGKsrPRb8kelyHV23ezHrd3Z4kBjh30U4zRACCUWQzxki
jhVVfzrPeTxV7JPioAp0ilsexGH4u2WNnFVmcxfyKN4luYQUpiV1UUtria9c8osF
saFbw0ZVixbqeMwvOaYpLICGu7fEB9oMVT2ahATlPvKSHUYXZKl3Rx3q7gWXdxJh
F7I1zAKGA4YvRGQo5baUrANPyTHM0G9eoL667LkI/bOgF7G3/apyMMIZWRVZ8Jky
NAEAm6+dYfBFHMX8cIqrVUP0S9azAgMBAAGjTzBNMBUGA1UdJQQOMAwGCisGAQQB
gjcKAwQwKQYDVR0RBCIwIKAeBgorBgEEAYI3FAIDoBAMDm1hYmVsQE1BLVdJTjcA
MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAGImLGuukHsSQ70RJRioNwoD
t6NuTd0Y2QVphpFzI17OPhYSAOQcubWvogRvCKfyOxZkqLBmqJOkDUCKFpqap+ri
Ws8xD/CK6hLlYePqeytjcjpy+JHft5lzdW4DYw2ZJwfROFG9sLbmz1hPhXRxwB95
zi6gD0wWxcFI7pxIW2M0Hb6ZQE0q5xcRz59SClXVrWTks6gqryhwW7QAUmeBuxrL
aqR2Kqd+tbcJ7/gTkUTEK6VA1tgar7Wvsypzv1g4hWs7rKpITD8DqmMUo+ro0P5u
ba5jg6y8dSkJTYjbSbYVDF7gYUf+TIuDmLUk+CnImxrgJs/d3L1O1oGVZQq/M+g=
-----END CERTIFICATE-----
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment