tryhackme - crack the hash

https://tryhackme.com/room/crackthehash

This challenge is all about cracking password hashes. The two most popular tools for doing this kind of work are Hashcat and John the Ripper.

The first thing to do before you try and crack a hash is to attempt to identify what type it is - and I say “attempt” because sometimes it can be a bit of a challenge, as we’ll see in a bit. In the same way that there are several different cracking tools there are also a few different hash identifier tools.

Should I use tools to try and identify the hash?

For the sake of completeness I am including a few popular tools but also know that if you just click on the “hint” button for each task they will tell you what the hash type is. As mentioned in the article above, in the real world you should first try to identify the source of the hash and then fall back to identifier tools as a last resort.

Hash-identifier - A solid, no frills tool for identifying different hash types.

Hashid - Works exactly the same as hash-identifier but includes the additional functionality of telling you the format number for hashcat/JtR.

What is file hashing?

Before we get too deep into the weeds lets take a quick look at what file hashing is:

What is password cracking?

Now that we know what file hashing is lets take a look specifically at how it relates to passwords (and cracking them):

Dictionaries

The mode that we are going to use for our cracking is called a “dictionary” attack. We take a plaintext list of common dictionary words (and/or actual passwords that have been leaked online), hash them on the fly and compare the results to the hash we are trying to crack.

There is a similar technique called a “rainbow table” attack; you can read about the differences here.

The standard wordlist file used for a lot of hacking challenges is the “rockyou” file that should be located in /usr/share/wordlists on both Kali Linux and ParrotOS.

* The rockyou file will most likely be compressed so you will have to unzip it before it can be used

For this first task I will show screenshots for everything including using the identifier tools and both cracker tools but for all following tasks I will just focus on hashcat.

Task 1.1

hash: 48bb6e862e54f2a795ffc4e541caed4d

hash type: MD5

hashcat -m 0 hash1_1.txt /usr/share/wordlists/rockyou.txt

john -format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash1_1.txt

The first thing I do is copy the target hash into a text file (in this case called “hash1_1.txt”) to give my tools a file to work with.

Next lets check it to see if we can identify what it is

We can also run it through hashid to get the format number (or just look it up in the hashcat man page)

Now we run hashcat to crack the hash. Apart from the plaintext word that gets revealed also notice the speed - despite my single, entry-level GTX 1060 I am still able to iterate through over 53 million md5 hashes per second and chew through the 14 million words in the rockyou dictionary in a fraction of a second.

John the Ripper has a similar configuration but by default it’s not nearly as verbose and it automatically drops cracked hashes into a separate file in the hidden john directory in your home folder “~/.john/john.pot”.

Task 1.2

hash: CBFDAC6008F9CAB4083784CBD1874F76618D2A97

hash type: SHA1

hashcat -m 100 hash1_2.txt /usr/share/wordlists/rockyou.txt

john -format=raw-sha1 --wordlist=/usr/share/wordlists/rockyou.txt hash1_2.txt

SHA1 is similar to MD5 but generates a larger hash value - 160 bits instead of just 128. Also, see how my cracking speed dropped just slightly on the larger hash?

Task 1.3

hash: 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032

hash type: SHA256

hashcat -m 1400 hash1_3.txt /usr/share/wordlists/rockyou.txt

john -format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt hash1_3.txt

The jump to SHA256 (sometimes known as SHA2) means a completely different type of hashing algorithm that was developed by the NSA. In terms of protecting against collision attacks it is much better than MD5 or SHA1 but for the purposes of a GPU accelerated dictionary attack it barely slowed me down at all.

Task 1.4

hash: $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom

hash type: Bcrypt

hashcat -m 3200 hash1_4.txt /usr/share/wordlists/rockyou.txt

john -format=bcrypt --wordlist=/usr/share/wordlists/rockyou.txt hash1_4.txt

Unlike the other hash algorithms we’ve encountered so far bcrypt is specifically designed to be slow to crack, especially for GPUs, and you can see that reflected very poignantly in the screenshot below.

If you remember a few years ago there was a breach of the Ashley Madison website and 36 million password hashes were leaked. The problem for crackers was that they were hashed using bcrypt and all but a fraction of them were too strong to break in any kind of reasonable time frame.

A few notes on the hash format itself:

$2y$ - This indicates that the hash was generated with a version of bcrypt released after 2011

12$ - This is the “cost”, as in the plaintext is run through 2^12 iterations of the blowfish cipher

Dwt1BZj6pcyc3Dy1FWZ5ie - This is the 128-bit random salt (encoded)

eUznr71EeNkJkUlypTsgbX1H68wsRom - The remainder is the 184 bits of the resulting hash value (also encoded)

Task 1.5

hash: 279412f945939ba78ce0758d3fd83daa

hash type: MD4

hashcat -m 900 hash1_5.txt /usr/share/wordlists/rockyou.txt

This password is actually not in the default rockyou file so you need to use an online cracking site such as hashkiller or crackstation.

Task 2.1

hash: F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85

hash type: SHA256

hashcat -m 1400 hash2_1.txt /usr/share/wordlists/rockyou.txt

john -format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt hash2_1.txt

Not much to say here, similar technique and results.

Task 2.2

hash: 1DFECA0C002AE40B8619ECF94819CC1B

hash type: NTLM

hashcat -m 1000 hash2_2.txt /usr/share/wordlists/rockyou.txt

john -format=nt --wordlist=/usr/share/wordlists/rockyou.txt hash2_2.txt

NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos but is still used for local password storage. Not only is it easy to crack but in some cases you don’t even have to bother. Also notable is that unlike some other protocols we’ve looked at NTLM is somewhat easy to brute force as well.

Task 2.3

hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

hash type: SHA512

hashcat -m 1800 hash2_3.txt /usr/share/wordlists/rockyou.txt

john --wordlist=/usr/share/wordlists/rockyou.txt hash2_3.txt

This hash comes from a Linux shadow file. SHA512 is highly resistant to collision attacks but as you can see is relatively vulnerable to dictionary attacks (but still way better than MD5 or SHA1). Also note that JtR doesn’t require you to specify any kind of format when cracking shadow hashes.

A breakdown of the hash fields:

$6$ - This indicates the hash type, in this case SHA512

aReallyHardSalt$ - Normally this is a random value

The rest - everything after the salt is a hash of the salt and the user’s password

Task 2.4

hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6

hash type: HMAC-SHA1

hashcat -m 160 hash2_4.txt /usr/share/wordlists/rockyou.txt

The hard part about this task is finding the right SHA1 format since there are several different ones and you may just have to iterate through them.

The good news is that it literally only takes a second to test each one :)

Takeaways

Obligatory xkcd reference.

• We saw that even strong hashing techniques can be circumvented by short (hence weak) passwords.

• The length of a password is more important than it’s complexity

• Some hashing techniques are better than others at resisting cracking attempts and some are completely broken and should never be used for any reason whatsoever (ahem MD5)

• The easiest way to use good password practices is to set up a password vault with a long, easily memorable passphrase and then rely on the tool generate even longer, random giberish passwords that you don’t have to remember. Lastpass, Bitwarden, and Keepass are good places to start.