Cracking the Hash|TryHackMe
Sm1l3x
I tried cracking the password, but it was too salty ๐
There are two methods of Hash Cracking
Method 1: Online hash cracker
You can visit any hash cracker site to crack the hash instantly. For example, the crack station. Just paste the hash and crack it.
Method 2: Hashcat
This method is more flexible when compared to the online hash cracker. It provides a tons of hash mode. You can download hashcat (Window/Linux/MacOS) from this https://hashcat.net/hashcat/ . However, you need to know some command line for terminal/CMD as the prerequisite of using this tool. On the other hand, I highly recommend launching this tool in your host computer (not on your virtual machine). This is due to cracking the hash requires a large amount of processing resource and GPU is the ideal choice when compared to CPU. I am going to use dictionary attack for this hash crack walk-through, you can download the famous rockyou word list.
Use this command to crack the hashes hashcat -m 0 hash.txt rockyou.txt (-m:mode)
Task1:Can you complete the level 1 tasks by cracking the hashes?
[Task 1-1 MD5 Hash] [Mode 0] [Hash 48bb6e862e54f2a795ffc4e541caed4d]
flag:easy
[Task 1-2 SHA1 Hash] [Mode 100] [Hash CBFDAC6008F9CAB4083784CBD1874F76618D2A97]
flag: password123
[Task1-3 SHA256] [Mode 1400 ] [Hash 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032]
flag:letmein
[Task1-4 Bcrypt-Blowish Hash] [Mode 3200] Flag:bleh
[Task1-5 MD4 Hash] Flag:Eternity22
[Task2]This task increases the difficulty. All of the answers will be in the classic rock you password list.
[Task2-1 SHA256 ] [Mode 1400 Hash] Flag:paule
[Task2-2 NTLM Hash] [Mode 1000] Flag:n63umy8lkf4i
[Task2-3 SHA512CRYPT $6$ Hash] [Mode 1800] Flag:waka99
Reference and link
Crack this hash โ> https://tryhackme.com/room/crackthehash
hashcat โ> https://hashcat.net
hashcat (hash list) โ> https://hashcat.net/wiki/doku.php?id=example_hashes
Hash identifier โ> https://md5hashing.net/hash_type_checker
Online hash cracker โ> https://crackstation.net/
If this write-up is riddled with typos, blame the sleep deprivation from all-night hacking.
Subscribe to my newsletter
Read articles from Sm1l3x directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Sm1l3x
Sm1l3x
Passionate about Cybersecurity,I hunt bugs(),test Web Defenses(),and compete in CTFs(). Join me in making the digital world more secure! My goal is to make the digital world a safer place for everyone. I believe that Ethical Hacking can be powerful force for positive change.