Prompt

Our analysts have obtained password dumps storing hacker passwords. After obtaining a few plaintext passwords, it appears that they overlap with the passwords from the Rockyou breach.

Walk-Through

These passwords can be cracked using hashcat with the Rockyou wordlist (this comes included by default in Kali Linux in the /usr/share/wordlists directory).

🚧

If this is your first time using Kali Linux to crack passwords, the rockyou.txt file will be compressed as a tar.gz file. The file cannot be read (or used by hashcat) until it is decompressed.

Run the following command to decompress the rockyou.txt.gz file:

tar -xvzf /usr/share/wordlists/rockyou.txt.gz

-x : extracts all files

-v: enables verbose output to see the files be extracted

-z: decompress using gzip

-f: specify the filename of the archive

Guide

First, add all of the hashes for this challenge to a text document and save it as hash.txt.

✍🏼

Place each hash on its own line with no leading or trailing spaces.

Next, let’s use hashcat , hashid , and an online hash analyzer to identify the types of hashes we were given. Repeat this process for each hash.

The number given at the left indicates the “hash mode” you can use to crack the password with hashcat. A reference page for these modes is linked below in resources.

https://hashes.com/en/tools/hash_identifier

https://www.tunnelsup.com/hash-analyzer/

A variety of tools can be useful to identify hash types. All four of the tools used indicated this first hash is possibly an MD5 hash. Lets try using hashcat with the MD5 hash-mode. Use the output of the hashcat command above, or the hashcat example hashes website, to find the hash-mode.

Solution

Use this command to crack the hashes:

hashcat hash.txt -m 0 -a 0 /usr/share/wordlists/rockyou.txt

hash.txt : the file location + file name that has the hashes hashcat will try to crack

-m 0 : uses hash-mode 0 — indicates the hashes are MD5 hashes

-a 0 : use a dictionary attack (this requires a wordlist to be specified)

/usr/share/wordlists/rockyou.txt : the file location +name of the wordlist

Partial output of successful recovery shown. The cracked hashes have been redacted. Notice that the first hash cracked by hashcat is for the third question given.

🚧

hashcat does not preserve the original hash order. Always verify each cracked hash matches the correct question before submitting!

Useful resources for this challenge:

hashcat example hashes: https://hashcat.net/wiki/doku.php?id=example_hashes
https://www.tunnelsup.com/hash-analyzer/
https://hashes.com/en/tools/hash_identifier
Use the Tutorial Video below

Tutorial Video

Watch our full Tutorial Video to learn more about hashed passwords, salted hashes and password cracking AND to see a walkthrough of how to solve this challenge:

NCL Summer Live - Cracking Password Hashes - Aug 19 2021

Learn tips and tools of the trade with the National Cyber League's NCL Summer Live video tutorial series. This episode covers how to approach cracking password hashes; Password Cracking is one of the 9 NCL competition categories. Franz Payer, CEO of Cyber Skyline explains the basics of what is a hash; how password hashes work; the types of hashes, including salted hashes, and various tools available to crack password hashes. He finishes up with a live demo in the NCL Practice Gym for you to follow along. The National Cyber League, powered by Cyber Skyline, is a bi-annual, all-virtual cybersecurity student competition, advancing hands-on skills and knowledge. Check the website at nationalcyberleague.org for details.

www.youtube.com

NCL Summer Live - Cracking Password Hashes - Aug 19 2021

Questions

68a96446a5afb4ab69a2d15091771e39

ec5f0b1826389df8622133014e88afde

32e5f63b189b78dccf0b97ac41f0d228

2233287f476ba63323e60addca1f6b64

6539bbb84fe2de2628fc5e4f2a31f23a