Let me explain the history, you’ve just completed a password audit and from that audit, you will end up with two files:
- The first file contains the cracked passwords with the hash values (file1.txt)
- The first file contains the usernames with the hash values (file2.txt)
Obviously, the second file is the output from the pot file that hashcat produced, however, it’s not a very smart idea unless you are running this In a lab environment, therefore, it’s always best to keep the passwords separate from the usernames that are attached to them.
So lets call these files file1.txt (cracked hashes and passwords) and file2.txt (usernames and original hashes) as you can see below:
Extract hashes from both files
Get-Content file1.txt | ForEach-Object { ($_ -split ':')[0] } > hashes_from_file1.txt
Get-Content file2.txt | ForEach-Object { ($_ -split ':')[1] } > hashes_from_file2.txt
Compare hashes from both files to find matches
Compare-Object -ReferenceObject (Get-Content .\hashes_from_file1.txt) -DifferenceObject (Get-Content .\hashes_from_file2.txt) -IncludeEqual | Where-Object { $_.SideIndicator -eq '==' } | Select-Object -ExpandProperty InputObject > matching_hashes.txt
Extract usernames for associated hashes
$hashes = Get-Content .\matching_hashes.txt
Get-Content .\file2.txt | ForEach-Object {
$split = $_ -split ':'
if ($hashes -contains $split[1]) {
$split[0]
}
} | Out-File usernames_linked_to_hashes.txt