From 939032e41aed1cb4fe38940a29229cd727c31f51 Mon Sep 17 00:00:00 2001
From: BenediktMKuehne <bennimail.4spam@gmail.com>
Date: Mon, 13 May 2024 14:26:05 +0000
Subject: [PATCH 1/3] sort linux hashes to top

---
 modules/S108_stacs_password_search.sh |  2 +-
 modules/S109_jtr_local_pw_cracking.sh | 21 ++++++++++++---------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/modules/S108_stacs_password_search.sh b/modules/S108_stacs_password_search.sh
index cd1ceba7a..7ee221eeb 100755
--- a/modules/S108_stacs_password_search.sh
+++ b/modules/S108_stacs_password_search.sh
@@ -32,7 +32,7 @@ S108_stacs_password_search()
   local MESSAGE=""
 
   if command -v stacs > /dev/null ; then
-    stacs --debug --skip-unprocessable --rule-pack "${STACS_RULES_DIR}"/credential.json "${FIRMWARE_PATH}" 2> "${TMP_DIR}"/stacs.err 1> "${STACS_LOG_FILE}" || true
+    stacs --skip-unprocessable --rule-pack "${STACS_RULES_DIR}"/credential.json "${FIRMWARE_PATH}" 2> "${TMP_DIR}"/stacs.err 1> "${STACS_LOG_FILE}" || true
 
     if [[ -f "${TMP_DIR}"/stacs.err ]]; then
       print_ln
diff --git a/modules/S109_jtr_local_pw_cracking.sh b/modules/S109_jtr_local_pw_cracking.sh
index bf008e0c0..a340a68e2 100755
--- a/modules/S109_jtr_local_pw_cracking.sh
+++ b/modules/S109_jtr_local_pw_cracking.sh
@@ -70,17 +70,20 @@ S109_jtr_local_pw_cracking()
         # removing entries: root::0:0:99999:7:::
         continue
       fi
+      print_output "[*] Found password data ${ORANGE}${HASH}${NC} for further processing in ${ORANGE}${HASH_SOURCE}${NC}"
+      echo "${HASH}" >> "${LOG_PATH_MODULE}"/jtr_hashes.txt
+    done
 
-      if [[ -f "${LOG_PATH_MODULE}"/jtr_hashes.txt ]]; then
-        if ! grep -q "${HASH}" "${LOG_PATH_MODULE}"/jtr_hashes.txt; then
-          print_output "[*] Found password data ${ORANGE}${HASH}${NC} for further processing in ${ORANGE}${HASH_SOURCE}${NC}"
-          echo "${HASH}" >> "${LOG_PATH_MODULE}"/jtr_hashes.txt
-        fi
-      else
-        print_output "[*] Found password data ${ORANGE}${HASH}${NC} for further processing in ${ORANGE}${HASH_SOURCE}${NC}"
-        echo "${HASH}" >> "${LOG_PATH_MODULE}"/jtr_hashes.txt
+    # sort hashes and remove duplicates
+    if [[ -f "${LOG_PATH_MODULE}"/jtr_hashes.txt ]]; then
+      if [[ "$(wc -l < "${LOG_PATH_MODULE}"/jtr_hashes.txt)" -gt 2 && ! "$(grep -qE '\$.*\$.*' "${LOG_PATH_MODULE}"/jtr_hashes.txt)" ]]; then
+        # put top-suspects at the top 
+        sed -ne '/\$.*\$.*/!p' "${LOG_PATH_MODULE}"/jtr_hashes.txt > "${TMP_DIR}"/jtr_hashes.txt.tmp
+        sed -i -ne '/\$.*\$.*/p' "${LOG_PATH_MODULE}"/jtr_hashes.txt
+        cat "${TMP_DIR}"/jtr_hashes.txt.tmp >> "${LOG_PATH_MODULE}"/jtr_hashes.txt
       fi
-    done
+      sort -u --o "${LOG_PATH_MODULE}"/jtr_hashes.txt "${LOG_PATH_MODULE}"/jtr_hashes.txt
+    fi
 
     if [[ -f "${LOG_PATH_MODULE}"/jtr_hashes.txt ]]; then
       print_output "[*] Starting jtr with a runtime of ${ORANGE}${JTR_TIMEOUT}${NC} on the following data:"

From 0d754331e71736eeba4c7b2302f7c494f1f61388 Mon Sep 17 00:00:00 2001
From: BenediktMKuehne <bennimail.4spam@gmail.com>
Date: Thu, 16 May 2024 10:33:48 +0000
Subject: [PATCH 2/3] adjust

---
 modules/S109_jtr_local_pw_cracking.sh | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/modules/S109_jtr_local_pw_cracking.sh b/modules/S109_jtr_local_pw_cracking.sh
index a340a68e2..62360c38f 100755
--- a/modules/S109_jtr_local_pw_cracking.sh
+++ b/modules/S109_jtr_local_pw_cracking.sh
@@ -70,18 +70,18 @@ S109_jtr_local_pw_cracking()
         # removing entries: root::0:0:99999:7:::
         continue
       fi
-      print_output "[*] Found password data ${ORANGE}${HASH}${NC} for further processing in ${ORANGE}${HASH_SOURCE}${NC}"
-      echo "${HASH}" >> "${LOG_PATH_MODULE}"/jtr_hashes.txt
+
+      if echo "${HASH}" | grep -qE '\$.*\$.*'; then
+        # put ontop if linux-hash
+        sed -i "1s/^/${HASH}\n/" "${LOG_PATH_MODULE}"/jtr_hashes.txt
+      else
+        print_output "[*] Found password data ${ORANGE}${HASH}${NC} for further processing in ${ORANGE}${HASH_SOURCE}${NC}"
+        echo "${HASH}" >> "${LOG_PATH_MODULE}"/jtr_hashes.txt
+      fi
     done
 
-    # sort hashes and remove duplicates
+    # sort and make unique
     if [[ -f "${LOG_PATH_MODULE}"/jtr_hashes.txt ]]; then
-      if [[ "$(wc -l < "${LOG_PATH_MODULE}"/jtr_hashes.txt)" -gt 2 && ! "$(grep -qE '\$.*\$.*' "${LOG_PATH_MODULE}"/jtr_hashes.txt)" ]]; then
-        # put top-suspects at the top 
-        sed -ne '/\$.*\$.*/!p' "${LOG_PATH_MODULE}"/jtr_hashes.txt > "${TMP_DIR}"/jtr_hashes.txt.tmp
-        sed -i -ne '/\$.*\$.*/p' "${LOG_PATH_MODULE}"/jtr_hashes.txt
-        cat "${TMP_DIR}"/jtr_hashes.txt.tmp >> "${LOG_PATH_MODULE}"/jtr_hashes.txt
-      fi
       sort -u --o "${LOG_PATH_MODULE}"/jtr_hashes.txt "${LOG_PATH_MODULE}"/jtr_hashes.txt
     fi
 

From 98ed2515ab1a8d63b869b0270e92d334c4b50a7c Mon Sep 17 00:00:00 2001
From: Benedikt Kuehne <62940240+BenediktMKuehne@users.noreply.github.com>
Date: Thu, 23 May 2024 09:11:51 +0200
Subject: [PATCH 3/3] Update S109_jtr_local_pw_cracking.sh

---
 modules/S109_jtr_local_pw_cracking.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/S109_jtr_local_pw_cracking.sh b/modules/S109_jtr_local_pw_cracking.sh
index 62360c38f..b23c3d493 100755
--- a/modules/S109_jtr_local_pw_cracking.sh
+++ b/modules/S109_jtr_local_pw_cracking.sh
@@ -71,7 +71,7 @@ S109_jtr_local_pw_cracking()
         continue
       fi
 
-      if echo "${HASH}" | grep -qE '\$.*\$.*'; then
+      if [[ "${HASH}" == "\$"*"\$"* ]]; then
         # put ontop if linux-hash
         sed -i "1s/^/${HASH}\n/" "${LOG_PATH_MODULE}"/jtr_hashes.txt
       else