hashcrack
Furkan Sayyed
Step 1: Connecting to the Server using nc
nc verbal-sleep.picoctf.net 57356
connecting to server, gives us a hash and we have to decode it:
Now copy the hash and paste into crackstation a online hash cracker and we get the plain text
Now enter password123 and proceed for flag
Cracking the previous hash gives us one hash: b7a875fc1ea228b9061041b7cec4bd3c52ab3ce3 which is letmein
After this we get one more hash 916e8c4f79b25028c9e467f1eb8eee6d6bbdff965f9928310ad30a8d88697745
which is qwerty098
๐๐Yupp ! we got our flag
๐ Key Learning: Weakly Hashed Passwords in CTF Challenges
Understanding Weak Hashes
Learn how using outdated or insecure hashing algorithms (like unsalted MD5, SHA1) can leave passwords vulnerable to brute force and dictionary attacks.Hash Identification
Develop the ability to recognize different hash formats (e.g., MD5: 32 hex chars, SHA1: 40 hex chars, etc.).Security Best Practices
Use strong, salted hashes (e.g., bcrypt, scrypt, Argon2)
Enforce strong password policies
Protect against common attacks like hash dumping and password reuse
Subscribe to my newsletter
Read articles from Furkan Sayyed directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by