IT-Security.top

Cyber Security Blog

Hashes Tutorial

Hash cracking – quick guide

By Marceli #hash, #hashcat, #john, #lm, #nt, #ntlm

Hash functions are quite different from encryption. There is no key, and it’s meant to be impossible (or very difficult) to go from the output back to the input. More technical description you can find here.

In this post I want describe how to crack hashes effectively, but first of all you have to learn how to recognize hashes. You can check the list of generic hash types here:

https://hashcat.net/wiki/doku.php?id=example_hashes

After some time of practise probably you will be able to recognize the most popular type of hashes without usage of any tools, but I recommend you using tools every time before you try to crack a hash. Most of hashes are built in the same way, but NTLM hash (the one used in Windows) is quite diffrent. I will give you an example below:

Jason:502:aad3c435b514a4eeaad3b935b51304fe:c46b9e588fa0d112de6f59fd6d58eae3:::

  • Jason is the user name
  • 502 is the relative identifier (500 is an administrator, 502 here is a kerberos account.) (adsecurity.org/?p=483)
  • aad3c435b514a4eeaad3b935b51304f is the LM hash
  • c46b9e588fa0d112de6f59fd6d58eae3 is the NT hash –> This one is meant to be cracked

Tools for checking type of hash:

https://pypi.org/project/hashID/
https://gchq.github.io/CyberChef/
https://www.tunnelsup.com/hash-analyzer/
https://crackstation.net/

If it is known what type of hash we have obtained, it is the time to start cracking pasword hashes with another great tools:

https://www.openwall.com/john/ – John The Ripper
https://hashcat.net/hashcat/ – Hashcat

Below I will show you an example of usage of this tools

John The Ripper

I use John and Hashcat binaries for Windows, because I’ve got Nvidia GPU with the latest drivers which are provided mostly only for Windows (Cracking with GPU is much faster than cracking on CPU).

I will crack this file with hashes:

Command used:

john.exe –format=NT –wordlist=C:\Sec\Hash_Pass_Cracking\rockyou.txt hash.txt

–format=NT -> selects the type of hash
–wordlist=C:\Sec\Hash_Pass_Cracking\rockyou.txt -> selects the wordlist with the most popular passwords
hash.txt -> file with hashes

Hashcat

I recommend you reading the whole output of –help.

Before cracking hash.txt, the file needs to be adjusted:

One of the hases (2nd one) was cracked before I run this command and it was saved in hashcat pot file. To check pot file for specific type of hash you have to run:

Homework:

  1. Try to crack:
    $2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG
    b6b0d451bbf6fed658659a9e7e5598fe
  2. Write down a meaning (using own words):
    • Hash
    • Crack



That’s it for now πŸ˜‰

Post Views: 423

By Marceli

Related Post

Data encryption Enumeration Hashes Red Team

HackTheBox – Brainfuck

Marceli
Buffer Overflow Enumeration Hashes Injection Privilege Escalation Red Team Reverse engineering

HackTheBox – Node CTF walkthrough (BoF)

Marceli
Hashes Injection Insecure Design Privilege Escalation Red Team Weak configuration

HackTheBox – Vaccine CTF walkthrough

Marceli

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

Injection Privilege Escalation Red Team

HackTheBox – CozyHosting

Resilient Organization

Next-Gen Firewall (NGFW) – selection & initial deployment

Active Directory Red Team

HackTheBox – Active

Active Directory Red Team

TryHackMe – Enumerating Active Directory