challengesCrypto
Crack the hash
Cracking hashes challenges
Tools
hashcat opsi
- -m : hash type
- -a : attack mode
- 0 : straight
- -w : workload profile (1-4)
Answer Questions
Level 1
Can you complete the level 1 tasks by cracking the hashes?
48bb6e862e54f2a795ffc4e541caed4d md5 easy
CBFDAC6008F9CAB4083784CBD1874F76618D2A97 sha1 password123
1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032 sha256 letmein- 48bb6e862e54f2a795ffc4e541caed4d
- md5
easy
- CBFDAC6008F9CAB4083784CBD1874F76618D2A97
password123
- 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032
letmein
gunakan tools hash identifier untuk mengenali tipe hash nya
$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom - Possible algorithms: bcrypt $2*$, Blowfish (Unix)echo '$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom' > hash.txt
# john --format=bcrypt hash.txt --wordlist=/usr/share/wordlists/rockyou.txt
hashcat -h | grep bcrypt
# 3200 | bcrypt $2*$, Blowfish (Unix) | Operating Systemhashcat -m 3200 -a 0 '$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom' /usr/share/wordlists/rockyou.txt
hashcat -m 3200 -a 3 '$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom' ?l?l?l?l
# lama karena jutaan kemungkinan
grep -x '.\{4\}' /usr/share/wordlists/rockyou.txt > rockyou-4chars.txt
hashcat -m 3200 -a 0 '$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom' rockyou-4chars.txt
# $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom:bleh- $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom
- Search the hashcat examples page (https://hashcat.net/wiki/doku.php?id=example_hashes) for $2y$. This type of hash can take a very long time to crack, so either filter rockyou for four character words, or use a mask for four lower case alphabetical characters.
bleh
279412f945939ba78ce0758d3fd83daa md4 Eternity22- 279412f945939ba78ce0758d3fd83daa
- md4
Eternity22
Level 2
This task increases the difficulty. All of the answers will be in the classic rock you password list.
You might have to start using hashcat here and not online tools. It might also be handy to look at some example hashes on hashcats page.
pertama kita identifikasi tipe hash nya hash identifier
F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85 - Possible algorithms: SHA256, GOST R 34.11-94, SHA384, SHA3-256, Keccak-256, sha256(md5($plaintext))
1DFECA0C002AE40B8619ECF94819CC1B - Possible algorithms: NTLM
$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02. - Possible algorithms: sha512crypt $6$, SHA512 (Unix)
e5d8870e5bdd26602cab8dbe07a942c8669e56d6 - Possible algorithms: SHA1hashcat -h | grep SHA
# 100 | SHA1 | Raw Hash
# 1300 | SHA2-224 | Raw Hash
# 1400 | SHA2-256 | Raw Hash
# 10800 | SHA2-384 | Raw Hash
# 1700 | SHA2-512 | Raw Hash
# 17300 | SHA3-224 | Raw Hash
# 17400 | SHA3-256 | Raw Hash
# 17500 | SHA3-384 | Raw Hash
# 17600 | SHA3-512 | Raw Hash
# 150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated
# 160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated
# 1450 | HMAC-SHA256 (key = $pass) | Raw Hash, Authenticated
# 1460 | HMAC-SHA256 (key = $salt) | Raw Hash, Authenticated
hashcat -m 1400 -a 0 F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85 /usr/share/wordlists/rockyou.txt
# f09edcb1fcefc6dfb23dc3505a882655ff77375ed8aa2d1c13f640fccc2d0c85:paule- Hash: F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85
- SHA256
paule
hashcat -h | grep NTLM
# 5500 | NetNTLMv1 / NetNTLMv1+ESS | Network Protocols
# 5600 | NetNTLMv2 | Network Protocols
# 1000 | NTLM | Operating System
hashcat -m 1000 -a 0 1DFECA0C002AE40B8619ECF94819CC1B /usr/share/wordlists/rockyou.txt
# 1dfeca0c002ae40b8619ecf94819cc1b:n63umy8lkf4i- Hash: 1DFECA0C002AE40B8619ECF94819CC1B
- NTLM
n63umy8lkf4i
hashcat -h | grep sha
# 1710 | sha512($pass.$salt) | Raw Hash, Salted and/or Iterated
# 1720 | sha512($salt.$pass) | Raw Hash, Salted and/or Iterated
# 1740 | sha512($salt.utf16le($pass)) | Raw Hash, Salted and/or Iterated
# 1730 | sha512(utf16le($pass).$salt) | Raw Hash, Salted and/or Iterated
# 1800 | sha512crypt $6$, SHA512 (Unix) | Operating System
hashcat -m 1800 -a 0 '$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.' /usr/share/wordlists/rockyou.txt
# tidak berhasilkarena lama jadi kita cek bahwa passwordnya itu berupa 6 huruf. jadi kita coba filter rockyou.txt
grep -x '.\{6\}' /usr/share/wordlists/rockyou.txt > rockyou-6chars.txt
hashcat -m 1800 -a 0 '$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.' rockyou-6chars.txt
cat rockyou-6chars.txt | grep waka > waka.txt
hashcat -m 1800 -a 0 '$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.' waka.txt
# $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.:waka99salt berfungsi untuk menambah kompleksitas hash sehingga lebih sulit untuk di crack
$6$<SALT>$```` ->$6$aReallyHardSalt$```
- Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.
- Salt: aReallyHardSalt
waka99
hashcat -h | grep -i sha1
# 150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated
# 160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated
hashcat -m 160 -a 0 'e5d8870e5bdd26602cab8dbe07a942c8669e56d6' /usr/share/wordlists/rockyou.txt
# gak bisa karena belum di tambahkan salt
hashcat -m 160 -a 0 'e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme' /usr/share/wordlists/rockyou.txt
# e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme:481616481616- Hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6
- Salt: tryhackme
- HMAC-SHA1
481616481616