Room: Crack the Hash
Difficulty: Beginner
“This task increases the difficulty. All of the answers will be in the classic rock you password list.
You might have to start using Hashcat and not online tools. It might also be handy to look at some example hashes on Hashcat’s page.”
Task #1:
Question #1
Hash: 48bb6e862e54f2a795ffc4e541caed4d
The first few questions you can quite easily find the answers using an online cracking tool such as CrackStation:
Question #2
Hash: CBFDAC6008F9CAB4083784CBD1874F76618D2A97
Question #3
Hash: 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032
Question #4
Hash: $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom
This is where we need to start using Hashcat like the instructions imply (make sure you have the rockyou.txt wordlist provided).
Before we let Hashcat start cracking, we need to find out exactly what type of hash this is so that we can set the mode. This link HERE has a list of all the different types of hash modes that Hashcat can handle.
Notice that the hash starts with $2. If we look through that list we can see that it looks like a bcrypt password, or mode 3200.
Create a text file on your Linux machine and title it something like “hash.txt”. This is where Hashcat will go to grab your hash. Copy and paste the entire hash in there and save it.
Then run this command:
hashcat -m 3200 <hash file location> <wordlist file location>
You will notice that it says it may take many days to crack (bcrypt is designed to be like this):
Do not be discouraged though, the password we are looking for is actually close to the top of the wordlist. Go do something else for a bit (ahem, your dishes) and eventually you will see this:
You’ll notice it took 4 hours and 14 minutes for me to crack…This will vary based on your computer’s hardware.
Task #2:
Question#1
Hash: F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85
Question #2
Hash: 1DFECA0C002AE40B8619ECF94819CC1B
Question #3
Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.
Salt: aReallyHardSalt
For this question we will need to utilize Hashcat again.
Notice that the hash we collected starts with $6. Let’s look through Hashcat’s LIST again.
A short ways down we see that the hash appears to be sha512crypt, which is mode 1800.
Copy and paste the entire hash into your hash.txt file again (replace the other hash), then save it.
Run this command:
hashcat -m 1800 <hash file location> <wordlist file location>
Eventually you will get the password:
Thankfully, this one was much quicker than the last.
Question #4
Hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6
Salt: tryhackme
Sometimes, if you can’t easily identify what type of hash it is, you can try to use the Hash Identification tool that comes with Kali. However, this is not always perfect:
Another option is an online hash analyzer, like THIS one:
Both of these options let us know that we are dealing with a form of SHA-1. We are also provided with a “salt”.
e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme
Let’s use mode 160 here, because the hint with the question specifies HMAC-SHA1. This means that it is not actually a “salt” but a key.
If we weren’t provided with this information via the hint, we might have needed to just find it through trial and error, using a few different SHA-1 modes for Hashcat.
Add the key on to the end like the example above and then copy/paste that into your hash.txt file.
hashcat -m 160 <hash file location> <wordlist file location>
And that’s our last password!
Happy Hacking! ❤
