Crack the hash Level 2 Write-up (Free Room on TryHackMe) Cracking Salted Hashes

Crack the hash Level 2 Write-up (Free Room on TryHackMe) Cracking Salted Hashes

If you haven’t taken a look at my level 1 write-up, I would recommend going back and reading it over because it explains our processes and the tools we are using. Level 2 of the Crack the hash room contains more hashes to crack, this time with salts and different hashing algorithms.
If you don’t know what a salt is yet, don’t worry, it’s just an extra bit of data that is added to what we are hashing to make it harder to crack.

“In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.”
 — from Wikipedia page, Salt (cryptography).

Let’s take a look at the tasks for level 2…

[2–1]

Hash: F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85
Type: sha256

CrackStation:

hashcat:

hashcat -m 1400 hash.txt rockyou.txt

Output:

Nice, we got the flag ‘paule’.

[2–2]

Hash: 1DFECA0C002AE40B8619ECF94819CC1B
Type: NTLM

CrackStation:

hashcat:

hashcat -m 1000 hash.txt rockyou.txt

Output:

Nice, we got the flag ‘n63umy8lkf4i’.

[2–3]

Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02. Type: sha512crypt $6$
Salt: aReallyHardSalt

CrackStation:

CrackStation isn’t capable of decoding salted hashes, luckily since we know the salt we can do this with hashcat. To do this I jumped over to my Windows machine that has a more efficient GPU for this kind of job.

hashcat command in PowerShell on Windows:
(Linux users, just remove the “./” at the beginning of the statement)

PS C:\\Users\\dave\\Downloads\\hashcat-6.2.5> ./hashcat -m 1800 hash.txt rockyou.txt -O

Note the “-O” flag is a capital O and not a zero, this enables optimized kernels and enables use of my NVIDIA GPU.

Output:

Nice, we got the flag ‘waka99’.

[2–4]

Hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6
Type: sha1
Salt: tryhackme

CrackStation:

I spent some time trying to use hash-type=110 “sha1($pass.$salt)” & =120 “sha1($salt.$pass)” based on what I could see from the example hash table, little did I know the hint held where I should have been looking.

HMAC-SHA1 is NUM 160, so our command for hashcat is:

./hashcat -m 160 sha1saltedhash.txt rockyou.txt -O

But before we run it we need to format our hashfile by appending our salt to the end, separated with a colon. “hash:salt” As seen in this example screenshot:

Screenshot from hashcat.net / example_hashes

Once we add our salt to the end of the file we are ready to run our command.
Since I am on my Windows machine I am gonna open it in notepad, add the :SALT, save, and start cracking.

(HASH:SALT) Don’t forget to save.

Output:

Voila, the flag is ‘481616481616’.

Level 2 Conclusion

TryHackMe Hash Cracker Badge

Congrats, you made it to the end of this room with me! Today we learned how to crack some new hashing algorithms with hashcat, and also about salted hashes. I had fun with these write-ups, this was a good TryHackMe room overall to gain a base knowledge of hashing and cracking.

If you missed level 1 of this room yesterday, you can find the write-up here.

Until next time,

DAVE.