Crack The Hash
My walkthrough for Crack The Hash challenge hosted by Tryhackme.com created by Ben.
Introduction This room starts with some nice little hashes which can be found online at Crackstation but I opted to use hashid in Kali. If you want to use it also simply open up a terminal and type hashid <INSERT HASH> I'm not saying this is 100% however it got me through the first batch and even some on Task 2.
Task 1 1.1 48bb6e862e54f2a795ffc4e541caed4d easy MD5 > hashcat -m 0 hash.txt rockyou.txt 1.2 CBFDAC6008F9CAB4083784CBD1874F76618D2A97 password123 SHA1 > hashcat -m 100 hash.txt rockyou.txt 1.3 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032 letmein SHA2-256 > hashcat -m 1400 hash.txt rockyou.txt 1.4 $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom bleh Bcrypt, blowfish (unix) > hashcat -m 3200 hash.txt rockyou.txt 1.5 279412f945939ba78ce0758d3fd83daa Eternity22 hashid 279412f945939ba78ce0758d3fd83daa > MD4 -m 900 Didn't find anything, So I made use of the Best64.rule in the event of any changes in the password and so there was, this is available on hashcat and does the following
There are more available just visit Best64 Rule Details to get more info. This rule can also be found in your Kali under usr>share>hashcat>rules Command > hashcat -m 900 hash.txt rockyou.txt -r Best64.rule This password was cracked in about 3 seconds.
Task 2 2.1 Hash: F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85 paule SHA2-256 > hashcat -m 1400 hash.txt rockyou.txt 2.2 Hash: 1DFECA0C002AE40B8619ECF94819CC1B n63umy8lkf4i NTLM > hashcat -m 1000 hash.txt rockyou.txt (Mixed alpha:numeric took 14 seconds) 2.3 Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.
Salt: aReallyHardSalt Rounds: 5 waka99 Thankfully using the Hash Type Identifier made this task easier and helped identify this hash as SHA512crypt so cross referencing this with Hashcat.net helped me get the code -m 1800 to crack this but it took a while.
2.4 Hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6 Salt: tryhackme 481616481616 This was similar to above however I couldn't just use SHA i had to check the hint which annoyed me because i had gone down the list on HashCat and stopped at 140, I was 2 away from getting it on my own. Just so you know, create a txt file save to desktop and add the hash:salt and save the file then crack it in hashcat -m 1600 hash.txt rockyou.txt