Added Nautilus scripts for cracking macOS passwords

2020-11-30 19:35:06 +01:00 · 2020-11-30 19:35:06 +01:00 · 8ab50b7c13
commit 8ab50b7c13
parent d570975707
6 changed files with 914 additions and 0 deletions
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/05a-E01-dump-SALTED-SHA1-v10.4-10.6
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/05a-E01-dump-SALTED-SHA1-v10.4-10.6
@ -0,0 +1,145 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05b-macOS/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05b-macOS/ (deprecated)
+#
+# FILE:
+#   05a-E01-dump-SALTED-SHA1-v10.4-10.6
+#
+# USAGE:
+#   Right klick on an EWF image (.E01) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Extracts the Hashes out of an older Mac OS X (10.4-10.6)
+#
+# REQUIREMENTS:
+#   bash, zenity, sleuthkit, awk, findutils, sed, grep and coreutils
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://...
+#
+# CREATED:
+#   21.06.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ----
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${IFIND_BIN}" "sleuthkit"
+check_dep "${FLS_BIN}" "sleuthkit"
+check_dep "${AWK_BIN}" "awk"
+check_dep "${ICAT_BIN}" "sleuthkit"
+check_dep "${FIND_BIN}" "findutils"
+check_dep "${SED_BIN}" "sed"
+check_dep "${GREP_BIN}" "grep"
+check_dep "${FCAT_BIN}" "sleuthkit"
+check_dep "${CUT_BIN}" "coreutils"
+
+check_ext "${SOURCE}" "[eE]01"
+
+check_tmp
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly OFFSET="$( choose_partition "${SOURCE}" | ${AWK_BIN} -F "_" '{ print $3; }' )"
+
+readonly HASHES="${TMP}/${OFFSET}-hashes.txt"
+
+#-------------------------------------------------------------------------------
+# Extract user plists and get the password with a little bit of command line
+#   kung fu.
+# Only HFS+ support is needed.
+#-------------------------------------------------------------------------------
+if ! [ -f "${HASHES}" ] ; then
+  USERS="$( ${IFIND_BIN} -o "${OFFSET}" -n "/private/var/db/dslocal/nodes/Default/users" "${SOURCE}" )"
+  for line in $( ${FLS_BIN} -o "${OFFSET}" "${SOURCE}" "${USERS}" | ${AWK_BIN} '$NF !~ /^_/ { print $(NF-1) $NF; }' ) ; do
+    ${ICAT_BIN} -o "${OFFSET}" "${SOURCE}" "${line%:*}" > "${TMP}/user-${line#*:}"
+  done
+
+  for plist in $( ${FIND_BIN} "${TMP}" -type f -iname "user-*.plist" -size +1k ) ; do
+    user="${plist#*user-}"
+    user="${user%.plist}"
+
+    GUID="$( ${SED_BIN} --silent '/generateduid/,/<\/array>/ p' "${plist}" \
+             | ${GREP_BIN} -F "<string>" \
+             | ${SED_BIN} --regexp-extended 's/<.?string>//g' \
+             | ${SED_BIN} --regexp-extended 's/[[:space:]]//g' )"
+
+    ${FCAT_BIN} -o "${OFFSET}" "/private/var/db/shadow/hash/${GUID}" "${SOURCE}" | ${CUT_BIN} -c 169-216 >> "${HASHES}"
+  done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashes.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHES}"
+
+exit 0
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/05b-E01-dump-SALTED-SHA1-v10.7
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/05b-E01-dump-SALTED-SHA1-v10.7
@ -0,0 +1,159 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05b-macOS/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05b-macOS/ (deprecated)
+#
+# FILE:
+#   05b-E01-dump-SALTED-SHA1-v10.7
+#
+# USAGE:
+#   Right klick on an EWF image (.E01) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Extracts the Hashes out of the last Mac OS X (10.7)
+#
+# REQUIREMENTS:
+#   bash, zenity, sleuthkit, awk, findutils, libplist-utils, sed, grep,
+#     coreutils and xxd
+#
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://...
+#
+# CREATED:
+#   21.06.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ----
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${IFIND_BIN}" "sleuthkit"
+check_dep "${FLS_BIN}" "sleuthkit"
+check_dep "${AWK_BIN}" "awk"
+check_dep "${ICAT_BIN}" "sleuthkit"
+check_dep "${FIND_BIN}" "findutils"
+check_dep "${PLUTIL_BIN}" "libplist-utils"
+check_dep "${SED_BIN}" "sed"
+check_dep "${GREP_BIN}" "grep"
+check_dep "${TR_BIN}" "coreutils"
+check_dep "${BASE64_BIN}" "coreutils"
+check_dep "${XXD_BIN}" "xxd"
+
+check_ext "${SOURCE}" "[eE]01"
+
+check_tmp
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly OFFSET="$( choose_partition "${SOURCE}" | ${AWK_BIN} -F "_" '{ print $3; }' )"
+
+readonly HASHES="${TMP}/${OFFSET}-hashes.txt"
+
+#-------------------------------------------------------------------------------
+# Extract user plists and get the password with a little bit of command line
+#   kung fu.
+# Only HFS+ support is needed.
+#-------------------------------------------------------------------------------
+if ! [ -f "${HASHES}" ] ; then
+  USERS="$( ${IFIND_BIN} -o "${OFFSET}" -n "/private/var/db/dslocal/nodes/Default/users" "${SOURCE}" )"
+  for line in $( ${FLS_BIN} -o "${OFFSET}" "${SOURCE}" "${USERS}" | ${AWK_BIN} '$NF !~ /^_/ { print $(NF-1) $NF; }' ) ; do
+    ${ICAT_BIN} -o "${OFFSET}" "${SOURCE}" "${line%:*}" > "${TMP}/user-${line#*:}"
+  done
+
+  for plist in $( ${FIND_BIN} "${TMP}" -type f -iname "user-*.plist" -size +1k ) ; do
+    user="${plist#*user-}"
+    user="${user%.plist}"
+
+    ${PLUTIL_BIN} --infile "${plist}" \
+      | ${SED_BIN} --silent '/ShadowHashData/,/<\/array>/ p' \
+      | ${GREP_BIN} --extended-regexp --invert-match "<.*>" \
+      | ${SED_BIN} --regexp-extended 's/[[:space:]]//g' \
+      | ${TR_BIN} --delete '\n' \
+      | ${BASE64_BIN} --decode \
+      > "${TMP}/shadowhashdata-${user}.plist"
+
+    ${PLUTIL_BIN} --infile "${TMP}/shadowhashdata-${user}.plist" \
+      | ${SED_BIN} --silent '/SALTED-SHA512/,/<\/data>/ p' \
+      | ${GREP_BIN} --extended-regexp --invert-match "<.*>" \
+      | ${SED_BIN} --regexp-extended 's/[[:space:]]//g' \
+      | ${BASE64_BIN} --decode \
+      | ${XXD_BIN} -bits -plain \
+      | ${TR_BIN} --delete '\n' \
+      >> "${HASHES}"
+  done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashes.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHES}"
+
+exit 0
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/05c-E01-dump-SALTED-SHA512-PBKDF2-v10.8-10.15
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/05c-E01-dump-SALTED-SHA512-PBKDF2-v10.8-10.15
@ -0,0 +1,181 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05b-macOS/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05b-macOS/ (deprecated)
+#
+# FILE:
+#   05c-E01-dump-SALTED-SHA512-PBKDF2-v10.8-10.15
+#
+# USAGE:
+#   Right klick on an EWF image (.E01) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Extracts the Hashes out of OS X and macOS (10.8+)
+#
+# REQUIREMENTS:
+#   bash, zenity, sleuthkit, awk, findutils, libplist-utils, sed, grep
+#     coreutils and xxd
+#
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://...
+#
+# CREATED:
+#   21.06.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ----
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${IFIND_BIN}" "sleuthkit"
+check_dep "${FLS_BIN}" "sleuthkit"
+check_dep "${AWK_BIN}" "awk"
+check_dep "${ICAT_BIN}" "sleuthkit"
+check_dep "${FIND_BIN}" "findutils"
+check_dep "${PLUTIL_BIN}" "libplist-utils"
+check_dep "${SED_BIN}" "sed"
+check_dep "${GREP_BIN}" "grep"
+check_dep "${TR_BIN}" "coreutils"
+check_dep "${BASE64_BIN}" "coreutils"
+check_dep "${TAIL_BIN}" "coreutils"
+check_dep "${XXD_BIN}" "xxd"
+check_dep "${CUT_BIN}" "coreutils"
+
+check_ext "${SOURCE}" "[eE]01"
+
+check_tmp
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly OFFSET="$( choose_partition "${SOURCE}" | ${AWK_BIN} -F "_" '{ print $3; }' )"
+
+readonly HASHES="${TMP}/${OFFSET}-hashes.txt"
+
+#-------------------------------------------------------------------------------
+# Extract user plists and get the password with a little bit of command line
+#   kung fu.
+# We need HFS+ support for 10.8-10.12 and
+#   APFS support for 10.13 and later!
+#-------------------------------------------------------------------------------
+if ! [ -f "${HASHES}" ] ; then
+  USERS="$( ${IFIND_BIN} -o "${OFFSET}" -n "/private/var/db/dslocal/nodes/Default/users" "${SOURCE}" )"
+  for line in $( ${FLS_BIN} -o "${OFFSET}" "${SOURCE}" "${USERS}" | ${AWK_BIN} '$NF !~ /^_/ { print $(NF-1) $NF; }' ) ; do
+    ${ICAT_BIN} -o "${OFFSET}" "${SOURCE}" "${line%:*}" > "${TMP}/user-${line#*:}"
+  done
+
+  for plist in $( ${FIND_BIN} "${TMP}" -type f -iname "user-*.plist" -size +1k ) ; do
+    user="${plist#*user-}"
+    user="${user%.plist}"
+
+    ${PLUTIL_BIN} --infile "${plist}" \
+      | ${SED_BIN} --silent '/ShadowHashData/,/<\/array>/ p' \
+      | ${GREP_BIN} --extended-regexp --invert-match "<.*>" \
+      | ${SED_BIN} --regexp-extended 's/[[:space:]]//g' \
+      | ${TR_BIN} --delete '\n' \
+      | ${BASE64_BIN} --decode \
+      > "${TMP}/shadowhashdata-${user}.plist"
+
+    ITERATION="$( ${PLUTIL_BIN} -i "${TMP}/shadowhashdata-${user}.plist" \
+                    | ${SED_BIN} -E -n '/SALTED-SHA512-PBKDF2/,/<\/dict>/ p' \
+                    | ${GREP_BIN} -F -A1 "iterations" \
+                    | ${TAIL_BIN} -n 1 \
+                    | ${SED_BIN} -E 's#[[:space:]]*</?integer>##g' )"
+
+    SALT="$( ${PLUTIL_BIN} -i "${TMP}/shadowhashdata-${user}.plist" \
+               | ${SED_BIN} -E -n '/SALTED-SHA512-PBKDF2/,/<\/dict>/ p' \
+               | ${SED_BIN} -n '/salt/,/<\/data>/ p' \
+               | ${GREP_BIN} -E -v "<.*>" \
+               | ${SED_BIN} -E 's/[[:space:]]//g' \
+               | ${BASE64_BIN} -d \
+               | ${XXD_BIN} -b -p \
+               | ${TR_BIN} -d '\n' )"
+
+    ENTROPY="$( ${PLUTIL_BIN} -i "${TMP}/shadowhashdata-${user}.plist" \
+                  | ${SED_BIN} -E -n '/SALTED-SHA512-PBKDF2/,/<\/dict>/ p' \
+                  | ${SED_BIN} -n '/entropy/,/<\/data>/ p' \
+                  | ${GREP_BIN} -E -v "<.*>" \
+                  | ${SED_BIN} -E 's/[[:space:]]//g' \
+                  | ${TR_BIN} -d '\n' \
+                  | ${BASE64_BIN} -d \
+                  | ${XXD_BIN} -b -p \
+                  | ${TR_BIN} -d '\n' \
+                  | ${CUT_BIN} -c 1-128 )"
+
+    echo "\$ml\$${ITERATION}\$${SALT}\$${ENTROPY}" >> "${HASHES}"
+  done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashes.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHES}"
+
+exit 0
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06a-fwh-SALTED-SHA1-hashcat-dict-v10.4-10.6
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06a-fwh-SALTED-SHA1-hashcat-dict-v10.4-10.6
@ -0,0 +1,143 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05b-macOS/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05b-macOS/ (deprecated)
+#
+# FILE:
+#   06a-fwh-SALTED-SHA1-hashcat-dict-10.4-10.6
+#
+# USAGE:
+#   Right click on file with hashes (fwh) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Starts hashcat with a dictionary and a rule on the choosen file with hashes.
+#
+# REQUIREMENTS:
+#   bash, zenity, coreutils and hashcat
+#
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://
+#
+# CREATED:
+#   22.06.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ----
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${CUT_BIN}" "coreutils"
+check_dep "${HASHCAT_BIN}" "hashcat"
+
+check_ext "${SOURCE}" "txt"
+
+# For development I have only used rockyou.txt.
+# TODO: choice of more dictionaties:
+#   https://github.com/danielmiessler/SecLists/tree/master/Passwords
+readonly DICTIONARY="/home/${USER}/hashcat/dictionaries/rockyou.txt"
+check_file "${DICTIONARY}" "rockyou.txt"
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly HASHCAT="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-hashcat-dictionary.txt"
+
+#-------------------------------------------------------------------------------
+# We need force if we use an intel GPU with "broken" OpenCL!
+#   (need some hours)
+#-------------------------------------------------------------------------------
+if [ ! -f "${HASHCAT}" ] ; then
+  ${GTERMINAL_BIN} --hide-menubar -- \
+    ${HASHCAT_BIN} \
+    --potfile-disable \
+    --hash-type 122 \
+    --attack-mode 0 \
+    --workload-profile 3 \
+    --optimized-kernel-enable \
+    --force \
+    --outfile "${HASHCAT}" \
+    "${SOURCE}" \
+    "${DICTIONARY}" \
+    --rules-file /usr/share/doc/hashcat/rules/dive.rule
+
+  ${SLEEP_BIN} 3
+
+  # We have to wait until ewfverify has finished...
+  while ${PGREP_BIN} --full "${HASHCAT_BIN}" > /dev/null 2>&1; do
+    ${SLEEP_BIN} 1
+  done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashcat.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHCAT}"
+
+exit 0
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06b-fwh-SALTED-SHA1-hashcat-dict-v10.7
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06b-fwh-SALTED-SHA1-hashcat-dict-v10.7
@ -0,0 +1,143 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05b_macOS/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05b_macOS/ (deprecated)
+#
+# FILE:
+#   06b-SALTED-SHA1-hashcat-dict-v10.7
+#
+# USAGE:
+#   Right click on file with hashes (fwh) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Starts hashcat with a dictionary and a rule on the choosen file with hashes.
+#
+# REQUIREMENTS:
+#   bash, zenity, coreutils and hashcat
+#
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://
+#
+# CREATED:
+#   22.06.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ----
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${CUT_BIN}" "coreutils"
+check_dep "${HASHCAT_BIN}" "hashcat"
+
+check_ext "${SOURCE}" "txt"
+
+# For development I have only used rockyou.txt.
+# TODO: choice of more dictionaties:
+#   https://github.com/danielmiessler/SecLists/tree/master/Passwords
+readonly DICTIONARY="/home/${USER}/hashcat/dictionaries/rockyou.txt"
+check_file "${DICTIONARY}" "rockyou.txt"
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly HASHCAT="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-hashcat-dictionary.txt"
+
+#-------------------------------------------------------------------------------
+# We need force if we use an intel GPU with "broken" OpenCL!
+#   (need many hours)
+#-------------------------------------------------------------------------------
+if [ ! -f "${HASHCAT}" ] ; then
+  ${GTERMINAL_BIN} --hide-menubar -- \
+    ${HASHCAT_BIN} \
+    --potfile-disable \
+    --hash-type 1722 \
+    --attack-mode 0 \
+    --workload-profile 3 \
+    --optimized-kernel-enable \
+    --force \
+    --outfile "${HASHCAT}" \
+    "${SOURCE}" \
+    "${DICTIONARY}" \
+    --rules-file /usr/share/doc/hashcat/rules/dive.rule
+
+  ${SLEEP_BIN} 3
+
+  # We have to wait until ewfverify has finished...
+  while ${PGREP_BIN} --full "${HASHCAT_BIN}" > /dev/null 2>&1; do
+    ${SLEEP_BIN} 1
+  done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashcat.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHCAT}"
+
+exit 0
--- a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06c-fwh-SALTED-SHA512-PBKDF2-hashcat-dict-v10.8-10.15
+++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/06c-fwh-SALTED-SHA512-PBKDF2-hashcat-dict-v10.8-10.15
@ -0,0 +1,143 @@
+#!/bin/bash
+#===============================================================================
+#
+# DIRECTORY:
+#   /home/*/.local/share/nautilus/scripts/05b_macOS/
+# OR
+#   /home/*/.gnome2/nautilus-sctipts/05b_macOS/ (deprecated)
+#
+# FILE:
+#   06c-SALTED-SHA512-PBKDF2-hashcat-dict-v10.8-10.15
+#
+# USAGE:
+#   Right click on file with hashes (fwh) and
+#   choose this nautilus script from the context menu.
+#
+# OPTIONS:
+#   none
+#
+# DESCRIPTION:
+#   Starts hashcat with a dictionary and a rule on the choosen file with hashes.
+#
+# REQUIREMENTS:
+#   bash, zenity, coreutils and hashcat
+#
+# BUGS:
+#   ---
+#
+# NOTES:
+#   Tested on
+#   - Debian 8+
+#   - Arch Linux
+#
+# AUTHOR:
+#   Patrick Neumann, patrick@neumannsland.de
+#
+# COMPANY:
+#   (privately)
+#
+# VERSION:
+#   0.9 (beta)
+#
+# LINK TO THE MOST CURRENT VERSIONS:
+#   https://
+#
+# CREATED:
+#   22.06.2020
+#
+# COPYRIGHT (C):
+#   2015-2020 - Patrick Neumann
+#
+# LICENSE:
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+# WARRANTY:
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# TODO:
+#   ----
+#
+# HISTORY:
+#   0.9 - Patrick Neumann - Initial (public) release
+#
+#===============================================================================
+
+#-------------------------------------------------------------------------------
+# Additional supported Distribution(s) (add before Library!).
+#-------------------------------------------------------------------------------
+# fred-report-templates have to be copied manually to!
+SUPPORTED_OSR="arch"
+
+#-------------------------------------------------------------------------------
+# Check for library (casualscripter_nautilus-scripts_functions.sh).
+#-------------------------------------------------------------------------------
+readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
+if [ ! -f "${LIBRARY}" ] ; then
+  zenity --error \
+         --text \
+         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
+  exit 1
+fi
+
+source "${LIBRARY}"
+
+#-------------------------------------------------------------------------------
+# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
+#-------------------------------------------------------------------------------
+check_dep "${CUT_BIN}" "coreutils"
+check_dep "${HASHCAT_BIN}" "hashcat"
+
+check_ext "${SOURCE}" "txt"
+
+# For development I have only used rockyou.txt.
+# TODO: choice of more AND MUCH SHORTER dictionaties:
+#   https://github.com/danielmiessler/SecLists/tree/master/Passwords
+readonly DICTIONARY="/home/${USER}/hashcat/dictionaries/rockyou.txt"
+check_file "${DICTIONARY}" "rockyou.txt"
+
+#-------------------------------------------------------------------------------
+# A little bit of configuration before the magic.
+#-------------------------------------------------------------------------------
+readonly HASHCAT="${DIRNAME}/$( ${BASENAME_BIN} "${SOURCE}" )-hashcat-dictionary.txt"
+
+#-------------------------------------------------------------------------------
+# We need force if we use an intel GPU with "broken" OpenCL!
+#   (need years!!!)
+#-------------------------------------------------------------------------------
+if [ ! -f "${HASHCAT}" ] ; then
+  ${GTERMINAL_BIN} --hide-menubar -- \
+    ${HASHCAT_BIN} \
+    --potfile-disable \
+    --hash-type 7100 \
+    --attack-mode 0 \
+    --workload-profile 3 \
+    --optimized-kernel-enable \
+    --force \
+    --outfile "${HASHCAT}" \
+    "${SOURCE}" \
+    "${DICTIONARY}" \
+    --rules-file /usr/share/doc/hashcat/rules/dive.rule
+
+  ${SLEEP_BIN} 3
+
+  # We have to wait until ewfverify has finished...
+  while ${PGREP_BIN} --full "${HASHCAT_BIN}" > /dev/null 2>&1; do
+    ${SLEEP_BIN} 1
+  done
+fi
+
+#-------------------------------------------------------------------------------
+# Display content of the resultfile "hashcat.txt".
+#-------------------------------------------------------------------------------
+display_resultfile "${HASHCAT}"
+
+exit 0