1. Cross searched syslog and auth.json, serialnumbers are in both files:
syslog: Product; Manufacturer; SerialNumber
auth.json: manufact
2. $grep SerialNumber: syslog |cut -d: -f6 >sn.txt
remove auth.json { "manufact": [ ] } save it as auth.txt
remove the quote $cut auth.txt -d'"' -f2 > auth_sn.txt
find the serail number only in one file
grep -v -f auth_sn.txt sn.txt
71DF5A33EFFDEA5B1882C9FBDC1240C6
3. MD5 hash
$hash-identifier
Possible Hashs:
[+] MD5
[+] Domain Cached Credentials - MD4(MD4(($pass)).(strtolower($username)))
Cyberchef Analyse hash:
Hash length: 32
Byte length: 16
Bit length: 128
Based on the length, this hash could have been generated by one of the following hashing functions:
MD5
MD4
MD2
HAVAL-128
RIPEMD-128
Snefru
Tiger-128
4. decoded as
kali@kali:~/0.htb/challenges/Forensics/USB_Ripper/usb-ripper$ hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt --show
71df5a33effdea5b1882c9fbdc1240c6:mychemicalromance