Let me explain the history, youβve just completed a password audit and from that audit, you will end up with two files:
- The first file contains the cracked passwords with the hash values (file1.txt)
- The first file contains the usernames with the hash values (file2.txt)
Obviously, the second file is the output from the pot file that hashcat produced, however, itβs not a very smart idea unless you are running this In a lab environment, therefore, itβs always best to keep the passwords separate from the usernames that are attached to them.
So lets call these files file1.txt (cracked hashes and passwords) and file2.txt (usernames and original hashes) as you can see below:
Extract hashes from both files
Get-Content file1.txt | ForEach-Object { ($_ -split ':')[0] } > hashes_from_file1.txt
Get-Content file2.txt | ForEach-Object { ($_ -split ':')[1] } > hashes_from_file2.txt
Compare hashes from both files to find matches
Compare-Object -ReferenceObject (Get-Content .\hashes_from_file1.txt) -DifferenceObject (Get-Content .\hashes_from_file2.txt) -IncludeEqual | Where-Object { $_.SideIndicator -eq '==' } | Select-Object -ExpandProperty InputObject > matching_hashes.txt
Extract usernames for associated hashes
$hashes = Get-Content .\matching_hashes.txt
Get-Content .\file2.txt | ForEach-Object {
$split = $_ -split ':'
if ($hashes -contains $split[1]) {
$split[0]
}
} | Out-File usernames_linked_to_hashes.txt