Crack the Hash Challenge
In this tutorial i am going to be doing something a bit different then my normal tutorials and create a walk-through for the crack the hash challenge from tryhackme.com
I recently purchased a new NVIDIA Graphics card for my Lab PC, nothing to special just a 1050 TI to try and crack hashes a little faster then my poor laptop could handle.
So i thought i would take the opportunity to level up on tryhackme.com, test out my new Graphics card and write a quick walkthrough tutorial about it. win win win.
To Follow Along
If you want to follow along you need to start by getting yourself a try hack me account, this is a fantastic resource to help you learn hacking and security. The site has plenty of Free Rooms to keep you busy for a while.
You also will need to have a copy of hashcat installed; however, This is installed by default in Kali linux but you can download the latest version from there GitHub repo.
Now in this walkthrough, I am not going to going into the ins and outs of hashcat; but, if this is something you would like to see more of on Security Tutorials, leave me a comments below and I will add it to the list of future tutorials .
Be aware though if you are running hashcat on a virtual machine or do not have a fairly decent Graphics card some of these passwords might take a while to crack and you will need to add –force to the end of the hashcat command.
I used only the mighty rockyou wordlist to crack all of these Hashes in this challenge, which by default you can find already in Kali Linux or you can download a copy from here.
Computerphile
Before we start, Check out these Videos from the Computerphile YouTube channel which is created by the university of Nottingham, This first video form Tom Scott explains Hashing algorithms and why they are important.
Computerphile also have got a video presented by Mike Pound which covers Password Cracking.
This video is great for this walkthrough as he covers the basics of cracking passwords with hashcat , rules in hashcat and the rockyou wordlist.
Identifying hashes
In the tryhackme crack the hash challange they make identifying the hashes easy with there Hint buttons used on the platform.
These either tell you what the hash is exactly or point you in the right direction on what to look for.
In real life there is no hint system to get this information, now you might be an absolute ninja and can look at a hash and go that SHA256 but for the rest of us there s a few tools to our disposal.
- Hash Analyzer Tunnelsup.com Hash Analyser allows you to stick a hash into there site and will give you there best guess at what the hash is. This was all i used for the Crack the hash challenge and was pretty much spot on until some of the later tasks.
- Hash-Identifier can be found pre-installed in Kali Linux and will tell you the possible hashing algorithm for the hash you enter. The Nice thing about this other then it already being installed in kali is that it gives you a few alternatives which can help finding finding the right mode in hashcat.
- HashID This is a python based hash identifying tool which needs to be downloaded from there GitHub Repo. The cool thing about this tool is not only does it identify the hashes but also can give you the corresponding hashcat mode as part of the output.
Finding the right HashCat Mode
One last thing before we start the challenge, you can easily find the Hashcat mode needed to crack the hash once its been identified by using grep on the Hashcat help file.
This can also be done in windows by replacing grep with the findstr command.
Lets Get Cracking!
For each of these Tasks in this challange I echo the hash into a text file called tryhackme.txt remembering not to stick a space after the hash and before the > as shown below as the extra space causes an issue cracking the password.
echo 48bb6e862e54f2a795ffc4e541caed4d> tryhackme.txtTask 1.1
Hash: 48bb6e862e54f2a795ffc4e541caed4d
Identified: MD5
Hashcat mode: 0
Command: hashcat -m 0 tryhackme.txt rockyou.txt
Password: easy
Task 1.2
Hash: CBFDAC6008F9CAB4083784CBD1874F76618D2A97
Identified: SHA1
Hashcat Mode: 100
Command: hashcat -m 100 tryhackme.txt rockyou.txt
Password: password123
Task 1.3
Hash: 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032
Identified: SHA2-256
Hashcat Mode: 1400
Command: hashcat -m 1400 tryhackme.txt rockyou.txt
Password: letmein
Task 1.4
Hash: $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom
Identified: Bcrypt
Hashcat Mode: 3200
Command: hashcat -m 3200 tryhackme.txt rockyou.txt
Note: This Bcrypt Hash took me over a hour to crack which is by design because its based on the blowfish cipher, so you might want to go make some coffee or alternatively just try sticking this hash into Google.
Password: bleh
Task 1.5
Hash: 279412f945939ba78ce0758d3fd83daa
Identified: MD4
Hashcat Mode: 900
Rule: Best64.rule
Command: hashcat -m 3200 -r /rules/Best64.rule tryhackme.txt rockyou.txt
Note: Due this Password having a Capital letter at the start and some numbers on the end, this password cant be found with just the default rockyou.txt file. You have to add some rules to the Hashcat command to crack the hash. Check out the rules folder In your default Hashcat directory.
Password: Eternity22
Task 2.1
Hash: F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85
Identified: SHA2-256
Hashcat Mode: 1400
Command: hashcat -m 1400 tryhackme.txt rockyou.txt
Password: paule
Task2.2
Hash: 1DFECA0C002AE40B8619ECF94819CC1B
Identified: NTLM
Hashcat Mode: 1000
Command: hashcat -m 1000 tryhackme.txt rockyou.txt
Password: n63umy8lkf4i
Task 2.3
Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.
Salt: aReallyHardSalt
Identified:SHA512crypt
Hashcat Mode: 1800
Note: This one actually took me a while to work out what this hash was as there was no hint on tryhackme.com and neither the hash analyser website or Hash-identifier program recognised it. After some investigating it turns out that the hash comes from a Linux shadow file.
Command: hashcat -m 1800 tryhackme.txt rockyou.txt
Password: waka99
Task 2. 4
Hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6
Salt: tryhackme
Identified: HMAC-SHA1
Hashcat Mode: 160
Command: hashcat -m 160 tryhackme.txt rockyou.txt
Note: This took me a while to figure out that the trick here is that you need to add the salt to the password file, separated by a colon (as below) to get the hash to crack.
echo e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme> tryhackme.txt
Password: 481616481616
Conclusion
I was actually quite surprised how quickly even my modest 1050 Ti graphics card can power through most of these hashes in a few minutes the only one that took any substantial amount of time was Task 1.4 the bcrypt hash.
Some of the take away’s from this challenge is that even strong hashing techniques can be circumvented with weak passwords, The length of the password is more important than its complexity and some hashing techniques are better than others at resisting cracking attempts.
I would also like to quickly thank TryHackMe.com for there fantastic platform which hopefully i will cover more of there rooms in the future.
As always if you have any questions about anything here or want me to write a tutorial on something specific leave me a comment below.
