Añadiendo un termostato a la calefaccion por caldera/radiadores

Esta es la mejor guia (ver pg 11 en adelante) aunque tiene mal alguna numeracion

Otra guia super completa aunque los numeros de la explicacion al final tambien estan todos cambiados!?

Y otra foto

Creo que esta es la guia de mi caldera!

Top level, creo que el termostato (en el comedor) simplemente hace que el agua se mueva cuando la temperatura esta por debajo del punto fijado. No he leido como, si abriendo alguna de las llaves (o las dos, entrada y salida) y/o haciendo que el circulador (bomba se encienda) para que el agua circule. Pero bueno, creo que eso tambien hace que se encienda el gas.

Nota: Interesante, me lo estaba preguntando... pero como digo, la caldera tiene una bomba de agua para que circule el agua por los tubos, asi no hay que gastar agua para la operacion y ademas el agua que calientas ya estaba caliente (o no tan fria) como viniendo de la calle... Obvio pero...

Bueno, ahora si quiero anyadir otro termostato en la habitacion (el mio esta en el comedor) como lo hariamos de la forma mas simple?

1. La forma en la que esta pensado ahora es ajustar el radiador. Si la habitacion esta normalmente mas fria que el comedor, cierra un poco el del comedor y abre el de la habitacion, para compensar. La verdad es que eso funcionaria pero durante el dia no hace falta que la habitacion este caliente...
2. La otra forma seria poner otro termostato en la habitacion "en paralelo" con el del comedor. Si el termostato es basicamente un interruptor (que creo que lo es y esto parece confirmarlo) que se cierra cuando la temperatura cae por debajo del valor fijado, pues el de la habitacion estaria en paralelo y haria lo mismo. Cualquiera de los dos puede entonces activar la caldera. Vamos a ver si eso existe...
3. Una tercera forma es cambiar el termostato por otro que tenga funcion de sensing remota...
4. La ultima/mejor es anyadir un circuito de agua separado controlado por valvulas independientes, cada una controlada por el termostato correspondiente. Evidentemente este es el mas costoso de todos...

Seguramente pruebe #2 

PD.: Por cierto, este link es bueno explicando fallos de caldera.

Cracking my old Excel file encryption

 I got this very old file and can't remember what was my password! DARN!

So, here I am trying with what is out there (which seems pretty powerful). At the time of starting writing this I am (hopefully) half way. Have not been able to crack it yet. But will write here some of the key links/explanations I have found so far:

• Very simple intro from The Guardian on encryption jargon.
• FYI, I am working in Kali Linux.
• Used: Phython office2john.py file_you_want_to_crack > hash.txt This will extract the hash of the file.
• Now you could use something that uses a dictionary to try to crack it, like john --wordlist=/usr/share/wordlists/nmap.lst hash.txt
• But that may not be powerful enough (it wasn't for me) because I wasn't dumb enough to just use words for my password... So, we are now trying brute force attack (try every combination, basically) with hashcat (which is smarter than that). I am having problems using it though but here some interesting stuff as I learn along the way...
• Really nice example/explanation step by step of the whole encryption process and cracking approach. The Atom post he is referring to (that guy is a beast) is here.
• Ok, so after searching, I figure that 1/ I had to remove also the back file name in the hash and all the "::::" (I still had that) and 2/ can't run hashcat in VM Kali (basically needs intensive access to the HW which the VM is simply emulating).
• So, now I got the Hashcat version for Windows 10, but still not running. Issues seem related to the Intel OpenCL driver. You can run Hashcat -I and will give you the devices where it can run the cracking:

hashcat (v6.1.1) starting...

* Device #1: Unstable OpenCL driver detected!

OpenCL Info:

============

OpenCL Platform ID #1

  Vendor..: Intel(R) Corporation

  Name....: Intel(R) OpenCL HD Graphics

  Version.: OpenCL 2.1

  Backend Device ID #1

    Type...........: GPU

    Vendor.ID......: 8

    Vendor.........: Intel(R) Corporation

    Name...........: Intel(R) Iris(R) Plus Graphics

    Version........: OpenCL 2.1 NEO

    Processor(s)...: 64

    Clock..........: 1100

    Memory.Total...: 6450 MB (limited to 3225 MB allocatable in one block)

    Memory.Free....: 6386 MB

    OpenCL.Version.: OpenCL C 2.0

    Driver.Version.: 27.20.100.8280

OpenCL Platform ID #2

  Vendor..: Intel(R) Corporation

  Name....: Intel(R) OpenCL

  Version.: OpenCL 2.1 WINDOWS

  Backend Device ID #2

    Type...........: CPU

    Vendor.ID......: 8

    Vendor.........: Intel(R) Corporation

    Name...........: Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz

    Version........: OpenCL 2.1 (Build 0)

    Processor(s)...: 8

    Clock..........: 1300

    Memory.Total...: 16126 MB (limited to 4031 MB allocatable in one block)

    Memory.Free....: 16062 MB

    OpenCL.Version.: OpenCL C 2.0

    Driver.Version.: 2020.11.11.0.13_160000

It identifies both, the GPU (device 1) and the CPU (device 2). It doesn't seem to say "unstable driver" for the device #2. So I give it a shot to use that: hashcat -a0 -m9700 -D1 hashtest.txt

Using D1 tells him to use only CPU, not GPU and it started working!

hashcat (v6.1.1) starting...

./OpenCL/m09700_a0-optimized.cl: Pure kernel not found, falling back to optimized kernel

* Device #1: Unstable OpenCL driver detected!

This OpenCL driver has been marked as likely to fail kernel compilation or to produce false negatives.

You can use --force to override this, but do not report related errors.

OpenCL API (OpenCL 2.1 ) - Platform #1 [Intel(R) Corporation]

=============================================================

* Device #1: Intel(R) Iris(R) Plus Graphics, skipped

OpenCL API (OpenCL 2.1 WINDOWS) - Platform #2 [Intel(R) Corporation]

====================================================================

* Device #2: Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz, 16062/16126 MB (4031 MB allocatable), 8MCU

./OpenCL/m09700_a0-optimized.cl: Pure kernel not found, falling back to optimized kernel

Minimum password length supported by kernel: 0

Maximum password length supported by kernel: 15

Hashes: 1 digests; 1 unique digests, 1 unique salts

Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Rules: 1

Applicable optimizers applied:

* Optimized-Kernel

* Zero-Byte

* Precompute-Init

* Not-Iterated

* Single-Hash

* Single-Salt

Watchdog: Hardware monitoring interface not found on your system.

Watchdog: Temperature abort trigger disabled.

Host memory required for this attack: 204 MB

Starting attack in stdin mode...

Session..........: hashcat

Status...........: Running

Hash.Name........: MS Office <= 2003 $0/$1, MD5 + RC4

Hash.Target......: $oldoffice$0*47dddd306ed3c1e272c9e3cd6013906e*5cf05...d7066a

Time.Started.....: Sat Jan 02 10:10:26 2021 (10 secs)

Time.Estimated...: Sat Jan 02 10:10:36 2021 (0 secs)

Guess.Base.......: Pipe

Speed.#2.........:        0 H/s (0.00ms) @ Accel:64 Loops:1 Thr:64 Vec:16

Recovered........: 0/1 (0.00%) Digests

Progress.........: 0

Rejected.........: 0

Restore.Point....: 0

Restore.Sub.#2...: Salt:0 Amplifier:0-0 Iteration:0-1

Candidates.#2....: [Copying]

It keeps going but gives this message:

ATTENTION! Read timeout in stdin mode. The password candidates input is too slow:

* Are you sure that you are using the correct attack mode (--attack-mode or -a)?

* Are you sure that you want to use input from standard input (stdin)?

* If so, are you sure that the input from stdin (the pipe) is working correctly and is fast enough?

I think the issue is that we are trying a dictionary attack (a0) but not sure what list was using. So, I changed to mask_attack (a3) but I had changed to m9710 which was limiting the length to exactly 5 characters (not sure why) and obviously my experimental 1234 password was not getting cracked. Finally I tried: hashcat -a3 -m9700 -D1 -o outfile.txt hashtest.txt ?d?d?d?d

and that cracked it!!

Other notes... I am using now (to crack the real file) the command:

hashcat -a3 -m9800 -D1 -o outfile.txt hashprostatitis.txt --increment ?l?l?l?l?l?l?l?l

and we get:

[...]

Host memory required for this attack: 204 MB

The wordlist or mask that you are using is too small.

This means that hashcat cannot use the full parallel power of your device(s).

Unless you supply more work, your cracking speed will drop.

For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat

Status...........: Exhausted

Hash.Name........: MS Office <= 2003 $3/$4, SHA1 + RC4

Hash.Target......: $oldoffice$4*778b3815ae4fe0c33b38500455d85742*0d3bf...b08f61

Time.Started.....: Sat Jan 02 11:06:06 2021 (0 secs)

Time.Estimated...: Sat Jan 02 11:06:06 2021 (0 secs)

Guess.Mask.......: ?l [1]

Guess.Queue......: 1/8 (12.50%)

Speed.#2.........:   108.0 kH/s (0.04ms) @ Accel:4 Loops:26 Thr:64 Vec:16

Recovered........: 0/1 (0.00%) Digests

Progress.........: 26/26 (100.00%)

Rejected.........: 0/26 (0.00%)

Restore.Point....: 1/1 (100.00%)

Restore.Sub.#2...: Salt:0 Amplifier:0-26 Iteration:0-26

Candidates.#2....: s -> x

The wordlist or mask that you are using is too small.

This means that hashcat cannot use the full parallel power of your device(s).

Unless you supply more work, your cracking speed will drop.

For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat

Status...........: Exhausted

Hash.Name........: MS Office <= 2003 $3/$4, SHA1 + RC4

Hash.Target......: $oldoffice$4*778b3815ae4fe0c33b38500455d85742*0d3bf...b08f61

Time.Started.....: Sat Jan 02 11:06:06 2021 (0 secs)

Time.Estimated...: Sat Jan 02 11:06:06 2021 (0 secs)

Guess.Mask.......: ?l?l [2]

Guess.Queue......: 2/8 (25.00%)

Speed.#2.........:   719.5 kH/s (0.75ms) @ Accel:4 Loops:26 Thr:64 Vec:16

Recovered........: 0/1 (0.00%) Digests

Progress.........: 676/676 (100.00%)

Rejected.........: 0/676 (0.00%)

Restore.Point....: 26/26 (100.00%)

Restore.Sub.#2...: Salt:0 Amplifier:0-26 Iteration:0-26

Candidates.#2....: sa -> xz

The wordlist or mask that you are using is too small.

This means that hashcat cannot use the full parallel power of your device(s).

Unless you supply more work, your cracking speed will drop.

For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.

Session..........: hashcat

Status...........: Exhausted

Hash.Name........: MS Office <= 2003 $3/$4, SHA1 + RC4

Hash.Target......: $oldoffice$4*778b3815ae4fe0c33b38500455d85742*0d3bf...b08f61

Time.Started.....: Sat Jan 02 11:06:06 2021 (0 secs)

Time.Estimated...: Sat Jan 02 11:06:06 2021 (0 secs)

Guess.Mask.......: ?l?l?l [3]

Guess.Queue......: 3/8 (37.50%)

Speed.#2.........:  3935.9 kH/s (4.20ms) @ Accel:4 Loops:26 Thr:64 Vec:16

Recovered........: 0/1 (0.00%) Digests

Progress.........: 17576/17576 (100.00%)

Rejected.........: 0/17576 (0.00%)

Restore.Point....: 676/676 (100.00%)

Restore.Sub.#2...: Salt:0 Amplifier:0-26 Iteration:0-26

Candidates.#2....: sna -> xqz

Approaching final keyspace - workload adjusted.

Session..........: hashcat

Status...........: Exhausted

Hash.Name........: MS Office <= 2003 $3/$4, SHA1 + RC4

Hash.Target......: $oldoffice$4*778b3815ae4fe0c33b38500455d85742*0d3bf...b08f61

Time.Started.....: Sat Jan 02 11:06:06 2021 (0 secs)

Time.Estimated...: Sat Jan 02 11:06:06 2021 (0 secs)

Guess.Mask.......: ?l?l?l?l [4]

Guess.Queue......: 4/8 (50.00%)

Speed.#2.........:  5325.5 kH/s (5.44ms) @ Accel:16 Loops:6 Thr:64 Vec:16

Recovered........: 0/1 (0.00%) Digests

Progress.........: 456976/456976 (100.00%)

Rejected.........: 0/456976 (0.00%)

Restore.Point....: 17576/17576 (100.00%)

Restore.Sub.#2...: Salt:0 Amplifier:24-26 Iteration:0-6

Candidates.#2....: uegy -> xqzz

I.e., one can see how the --increment flag is working and it is testing initially just one character, then combinations of 2, then 3.. Each taking longer time, obviously. It tells you how many it tried. For instance, for 4 characters it does 456976 combinations. Pressing "S" gives us the current status. Of course, this may take hours... (The 6 char long took 1 min, the 7 char long took 37 min) so I canceled.

In that sense, notice that it also shows the speed of how many trials per second: 5325.5 kH/s All 8 cores were at 100% at this time :)

Then I tried hashcat -a3 -m9800 -D1 -o outfile.txt hashprostatitis.txt -1 abcdefghijklmnopqrstuvwxyz0123456789 ?1?1?1?1?1?1 but no luck. I think I am going to have to give up on this. Probably too hard to crack...

Other links:

• A link that I found (unfortunately late) relatively close to this.
• Youtube
• Hashcat wiki
• On the old Office vulnerability when saving multiple versions of a document with the same password. I was thinking to do this as I got two documents using the same password, but I don't think it works for that.