Challenges: Crack the hash (TryHackMe)

In this challenge, we explore the practical aspects of hash cracking by completing Levels 1 and 2 of the Crack the Hash room. These tasks involve identifying various hash types and using common tools like Hashcat and John the Ripper to uncover the original plaintext passwords. The hash algorithms range from MD5 and SHA1 to bcrypt and HMAC-SHA1, offering a great opportunity to practice recognizing hash formats and selecting appropriate cracking techniques. Throughout the room, the well-known rockyou.txt Wordlist is used as the main resource for dictionary attacks, together with the Rainbow table, CrackStation.

Level 1

Can you complete the level 1 tasks by cracking the hashes?

Answer the questions below

1. 48bb6e862e54f2a795ffc4e541caed4d easy

   

2. CBFDAC6008F9CAB4083784CBD1874F76618D2A97 password123

   

3. 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032 letmein

   

4. $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom bleh

   hashcat -m 3200 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

   grep -E '^[a-z]{4}$' /usr/share/wordlists/rockyou.txt > four_letter_words.txt

   hashcat -m 3200 -a 0 hash.txt four_letter_words.txt

   

5. 279412f945939ba78ce0758d3fd83daa Eternity22

   

Level 2

This task increases the difficulty. All of the answers will be in the classic rock you password list.

You might have to start using hashcat here and not online tools. It might also be handy to look at some example hashes on hashcats page.

Answer the questions below

1. Hash: F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85 paule

   

2. Hash: 1DFECA0C002AE40B8619ECF94819CC1B n63umy8lkf4i

   

3. Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

   Salt: aReallyHardSalt

   waka99

   grep -E '^[a-z]{6}$' /usr/share/wordlists/rockyou.txt > six_letter_words.txt hashcat -m 1800 -a 0 hash6.txt six_letter_words.txt

   john --format=sha512crypt --wordlist=six_letter_words.txt hash6.txt

4. Hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6

   Salt: tryhackme

   481616481616

    // hash.txt
   
    e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme
   

   hashcat -a 0 -m 160 hash.txt /usr/share/wordlists/rockyou.txt

   

By completing both levels, we successfully cracked multiple hashes using a variety of methods and tools. This exercise reinforced key skills in hash identification, rule-based cracking, and wordlist filtering. Tools like Hashcat, John the Ripper, and Linux utilities, e.g, grepproved essential in tackling increasingly complex hash formats. Overall, this room provided hands-on experience with real-world hash cracking scenarios, deepening our understanding of how attackers might exploit weak password storage and how defenders can better protect systems.