Crack The Hash
Last updated
Was this helpful?
Last updated
Was this helpful?
In the field of security, hashes are values across which we come a lot. From the hashed passwords stored locally in the /etc/shadow
to passwords stored by biggest corporations like Google and Facebook also incorporate one of the other forms of hashing.
This room on TryHackMe helps to build a basic understanding of different types of hashes and how we can decrypt these hashes. Before we start, make sure that you have HashCat and Hash Identifier installed on the system along with the rockyou.txt dictionary.
So, let's begin!
Ffrom hash-identifier
, it can be seen that the passed value is MD5 hashed.
Now, we can use hashcat along with rockyou.txt to break the hash using the command:
Here, -m
defines the mode of the hashing algorithm that is to be cracked. The entire list of various modes that hashcat supports are present at . Also, with hashcat, we can break the password easily.
Again we can use hash-identifier
to find the hashing algorithm, which turns out to be SHA-1. This hash can also be cracked by hashcat
with mode -m 100
.
Again from hash-identifier
, we can find out that this is a SHA-256 hashed value and crack the value using hashcat in mode -m 1400
.
Now, this hash is a bit different from the previous ones as hash-identifier
won't be able to determine the hashing algorithm used but we can use Google to find the hash. At the beginning of the hashed value, we can see the $2y$
, this is a hash signature and we can Google what hashing algorithm has this signature. We can find out that this is hashed using the bcrypt
hashing algorithm. Again that password can be cracked using mode -m 3200
in hashcat but it might take a lot of time. So, we can look up some online bcrypt cracking tools
like the one . We simply need to provide the hash value, select the hashing algorithm and perform a search. And we'll get the desired cracked value.
With hashcat, we can figure out that this hash appears to be MD5 but when we try to crack this hash with hashcat using the mode -m 0
, the hash does not get cracked.
This hash got identified as MD5 and MD4 but when tried with hashcat none of these worked. On checking the hint for this question it was mentioned as NTLM. And NTLM hashes can be cracked with hashcat using mode -m 1000
.
For this question, we must know that what hashing algorithm uses a $6$ signature. After some googling, we can find out that this is a SHA-512 hash signature. Another important thing with this hash is that salting is used here. And the value between $6$
and the first $
after that is the salt that is used, which in our case is aReallyHardSalt
.
Hashcast has various supported formats of salted SHA-512 hash but we need the one in which the hashed value consists of $6$
like sha512crypt $6$ hash
. Hence, we can crack this hash using mode -m 1800
in hashcat.
P.S. Crack this hash will take a lot of time, so be patient.
Using hash-identifier
, it can be found out that this is an SHA-1 hashed value. Now, we know that we are provided both the hash and salt but unlike SHA-512, the salt is not present in the hash value. So, it must be by some way passed to the cracker in order to crack it in a proper way. So to do that there are two methods:
The issue here from hash-identifier
it was found out that it is a SHA-1 hash value but on trying various modes related to SHA-1 in hashcat like 100, 110, 120, 130, 140 and 150 we were not able to get the cracked value. Finally, the value got cracked with mode -m 160
which is used for HMAC-SHA1 (key=$salt)
.
hash-identifier
can be used to identify a huge variety of hashes.
Sometimes, we can use hash signatures to determine the hashing algorithm like:
$2a$
, $2b$
, $2y$
signatures are used by the bcrypt
hashing algorithm.
$6$
signature is used by the SHA512crypt
hashing algorithm.
Sometimes, our local hash cracker tools won't work because of the limitations of the variety of values in the passed dictionary. Hence, if not locally then we can search for online hash crackers.
In SHA512crypt hash, the salt is present between $6$xxxxxxxxx$
.
In case of salted SHA1, password and salt must be arranged across colon(:).
We can see that the hash-identifier
had also suspected this has to be an MD4 hash. So, we can try to crack this hash with mode -m 900
in hashcat but this time also it won't work. So, we can use another online hash cracker over and get the cracked hash value.
For this hash, hash-identifier
detects it as SHA-256 but when tried to break with hashcat using mode -m 1400
, it fails. So, we can look out for some other online hash decryptor like the one and get the cracked value of the hash.