Lots of helpful syntax to help clean and format your dumps for cracking. In this section I am going to share some bash scripting commands and regular expressions which I find useful in password cracking. Most of the time, we find hashes to crack via shared pastes websites (the most popular of them being Pastebin.) Isolating the hashes by hand can be a time consuming process; for that reason we are going to use regular expressions to make our life easier! ## Extract md5 hashes ```bash egrep -oE '(^|[^a-fA-F0-9])[a-fA-F0-9]{32}([^a-fA-F0-9]|$)' *.txt | egrep -o '[a-fA-F0-9]{32}' > md5-hashes.txt ``` An alternative could be with sed ```bash sed -rn 's/.*[^a-fA-F0-9]([a-fA-F0-9]{32})[^a-fA-F0-9].*/1/p' *.txt > md5-hashes ``` > **Note:** The above regexes can be used for SHA1, SHA256 and other unsalted hashes represented in hex. The only thing you have to do is change the '{32}' to the corresponding length for your desired hash-type. ## Extract valid MySQL-Old hashes ```bash grep -e "[0-7][0-9a-f]{7}[0-7][0-9a-f]{7}" *.txt > mysql-old-hashes.txt ``` ## Extract blowfish hashes ```bash grep -e "$2a\$\08\$(.){75}" *.txt > blowfish-hashes.txt ``` ## Extract Joomla hashes ```bash egrep -o "([0-9a-zA-Z]{32}):(w{16,32})" *.txt > joomla.txt ``` ## Extract VBulletin hashes ```bash egrep -o "([0-9a-zA-Z]{32}):(S{3,32})" *.txt > vbulletin.txt ``` ## Extraxt phpBB3-MD5 ```bash egrep -o '$H$S{31}' *.txt > phpBB3-md5.txt ``` ## Extract Wordpress-MD5 ```bash egrep -o '$P$S{31}' *.txt > wordpress-md5.txt ``` ## Extract Drupal 7 ```bash egrep -o '$S$S{52}' *.txt > drupal-7.txt ``` ## Extract old Unix-md5 ```bash egrep -o '$1$w{8}S{22}' *.txt > md5-unix-old.txt ``` ## Extract md5-apr1 ```bash egrep -o '$apr1$w{8}S{22}' *.txt > md5-apr1.txt ``` ## Extract sha512crypt, SHA512(Unix) ```bash egrep -o '$6$w{8}S{86}' *.txt > sha512crypt.txt ``` ## Extract e-mails from text files ```bash grep -E -o "\b[a-zA-Z0-9.#?$*_-]+@[a-zA-Z0-9.#?$*_-]+.[a-zA-Z0-9.-]+\b" *.txt > e-mails.txt ``` ## Extract HTTP URLs from text files ```bash grep http | grep -shoP 'http.*?[" >]' *.txt > http-urls.txt ``` For extracting HTTPS, FTP and other URL format use: ```bash grep -E '(((https|ftp|gopher)|mailto)[.:][^ >" ]*|www.[-a-z0-9.]+)[^ .,; >">):]' *.txt > urls.txt` ``` > **Note:** if grep returns "Binary file (standard input) matches" use the following approaches  ```bash tr '[\000-\011\013-\037177-377]' '.' < *.log | grep -E "Your_Regex"` OR `# cat -v *.log | egrep -o "Your_Regex" ``` ## Extract Floating point numbers ```bash grep -E -o "^[-+]?[0-9]*.?[0-9]+([eE][-+]?[0-9]+)?quot; *.txt > floats.txt ``` ## Extract Social Security Number (SSN) ```bash grep -E -o "[0-9]{3}[ -]?[0-9]{2}[ -]?[0-9]{4}" *.txt > ssn.txt ``` ## Extract US Passport Number ```bash grep -E -o "[23][0-9]{8}" *.txt > us-pass-num.txt ``` ## Extract US Phone Numbers ```bash grep -Po 'd{3}[s-_]?d{3}[s-_]?d{4}' *.txt > us-phones.txt ``` ## Extract ISBN Numbers ```bash egrep -a -o "\bISBN(?:-1[03])?:? (?=[0-9X]{10}$|(?=(?:[0-9]+[- ]){3})[- 0-9X]{13}$|97[89][0-9]{10}$|(?=(?:[0-9]+[- ]){4})[- 0-9]{17}$)(?:97[89][- ]?)?[0-9]{1,5}[- ]?[0-9]+[- ]?[0-9]+[- ]?[0-9X]\b" *.txt > isbn.txt` ``` [[Home]]