Crack the hash

LEVEL 1

48bb6e862e54f2a795ffc4e541caed4d

Since this 32 characters long and only uses hexadecimal characters, it's a good sign that this is an older hash. I'm guessing MD5
I run the following to crack the hash:

hashcat -m 0 48bb6e862e54f2a795ffc4e541caed4d rockyou.txt

hashcat -m 0 48bb6e862e54f2a795ffc4e541caed4d rockyou.txt --show

48bb6e862e54f2a795ffc4e541caed4d:easy

CBFDAC6008F9CAB4083784CBD1874F76618D2A97

This hash is 40 characters utilizing hexadecimal characters.
A quick Google search shows it is most likely a hex-encoded hash value.
These tend to be older SHA hashing methods.
Fun fact, if you type the following, hashcat will attempt to determine the possible hashing algorithm use.

hashcat [hash]

hashcat -m 100 CBFDAC6008F9CAB4083784CBD1874F76618D2A97 [Path to Wordlist]

If successful, hashcat should be able to crack it. Next, run the following to see the solution:

hashcat -m 100 CBFDAC6008F9CAB4083784CBD1874F76618D2A97 [Path to Wordlist] --show

1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032

This hash appears to be a 64 character hexadecimal. Let's run it through hashcat to see what type it thinks it is.

hashcat 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032

Looks like it's most likely SHA2-256, which has -m flag = 1400. We'll start with this one and work our way down if we have to.

hashcat -m 1400 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032 [Path to Wordlist]

hashcat -m 1400 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032 [Path to Wordlist] --show

$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom

This one is interesting in that it is 60 characters which also looks to include Base-64 Encoded. Let's plug it into hashcat and see what it kicks back.

hashcat $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom

Let's do some googling to see what pops up.
Some quick google searching leads me to the possibility that this hash is most likely a product of the bcrypt algorithm.
- After being hashed it was base64 encoded. So let's go ahead and start by decrypting the hash first from base64.
- Let's start by updating the host machine:

sudo apt update

sudo apt upgrade

Next is to install base64 encoder/decoder if it is not already installed on your host machine.

sudo apt install base64

echo '$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom' | base64 -d

Unfortunately, that kicked back nothing.
Let's head back to hashcat and see if we can dig up bcrypt in its list.
Let's give the first one a try with a -m flag of 3200. I had to first create a txt file that I put the hash into called hash.txt.

hashcat -m 3200 hash.txt [Path to Wordlist]

I waited for about 15min and wasn't getting anywhere. When reviewing the material, it appears that this hash is extremely resource intensive and running it through the rockyou list would take a long time. I will instead try to set it up a rule to only use 4 characters since I can see on tryhackme that that is how long the cracked hash is.
Two ways to do this. The first is by setting a rule with hashcat and running a bruteforce attack.

hashcat -a 3 -m 3200 hash.txt ?l?l?l?l

However, this will still take a really long time to crack. Therefore, the second option is to filter the rockyou wordlist for only passwords that are 4 characters long.

grep -E '^.{4}$' rockyou.txt > rockyou_4.txt

This will filter out all passwords with 4 characters and create a new password list with just those characters. Then try cracking the hash with your new password list.
Save the hash to its own txt file and use that when cracking. This still took a few minutes but kicked back the following:

279412f945939ba78ce0758d3fd83daa

hashcat 279412f945939ba78ce0758d3fd83daa

To speed things up I know from the question prompt that the answer is 10 characters long. Therefore, let's filter the rockyou.txt file to only the 10 character passwords.

grep -E '^.{10}$' rockyou.txt > rockyou_10.txt

hashcat -m 900 hash.txt rockyou_10.txt

Doesn't look like it is MD4 so I'll try the other ones out.
I tried the others but it doesn't look like anything is popping up. I decided to check out an online Hash Identifier which stated that it is an MD4 hash which should line up.
I'm going to try to a brute force attack since I'm assuming it is MD4. I'm adding a rule to only use passwords with 10 characters.

hashcat -a 3 -m 900 hash.txt ?l?l?l?l?l?l?l?l?l?l

Okay that was dumb. If we assume the password is base64 and the password is 10 characters that would mean 64^10 which will take forever for my computer to crack.
Time to take a look at a hint, which was not helpful in the slightest because all it tells me is MD4 which I'm already using.
I'm going to back up and just run hashcat with the entire rockyou list and see what happens

hashcat -m 900 hash.txt rockyou.txt

I feel dumb. When I went to go search online to see what the hash was, it also game me the cracked hash.

F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85

hashcat -m 1400 F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85 rockyou.txt

1DFECA0C002AE40B8619ECF94819CC1B

This hash is 32 characters and uses hexadecimal. I'm going to assume it is MD4 but will run it through hashcat to see.
Looks like it isn't MD4 or MD5. I ran it through an online engine to see what the algorithm is and it is kicking back that it is NTLM which has -m flag value of 1000

$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

Salt:

aReallyHardSalt

e5d8870e5bdd26602cab8dbe07a942c8669e56d6

Salt:

tryhackme

I started by running it through hashcat to identify it.
Since they have given me a salt I'm going to assume it is one of the hashes that includes a salt.
This one took me a little while. I was bouncing around trying to find the correct algorithm.
Eventually I looked at the hint for the question that pointed me towards HMAC-SHA1
I did a quick search of the help menu for this:

hashcat --help | grep SHA1

hashcat -m 160 -a 0 e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme [Path to wordlist]

Last updated 2 years ago