Ashraful Alim's Blog

TryHackMe: Crack the Hash | Writeup

TryHackMe: Crack the Hash | Writeup

Ashraful Alim's photo
Ashraful Alim
·

3 min read

Table of contents

This room from TryHackMe contains some easy hash cracking challenges. In this write-up, I have included all the solutions and explanations. There is 2 level for those challenges. I have written them separately.

Tools used to analyze those samples:

  1. Offline: hash-identifier, hashcat
  2. Online: hash-analyzer, crackstation

Level 1 :

There is 5 hash values in this level. All I need to do is —

  1. Check what type of Hashing Algorithm is being used there
  2. Crack the Hash with a local word list / online cracker

To identify the hash, I have used “hash-identifier” tools. It is preinstalled in Kali Linux. To use hash-identifier, simply type the tool's name as shown in the picture below.

Tools taking input and showing Hash Algorithm

This tool will prompt the user to enter the hash values. After giving the input it will analyze and show the “possible hash” algorithm.

To analyze online, you can use a hash-analyzer website. This site will only check for hashing algorithm but do not attempt to crack it. To crack it online, you can use the crack-station website. As shown in the picture below, it will detect the hash type as well as the cracked info.

crack-station showing output for the Hash

If you want to crack the hash offline, there is an efficient tool for this — hashcat. To run this, we need to follow some steps:

  1. Save the hash in a text file. I am using nano editor: nano hash.txt
  2. Need to find the hash mode from this website. Because Hash cat will use a specific method for the separate algorithm.
  3. Now run the command: hashcat -m [mode number] hash.txt [wordlist]

For this TryHackMe room, rockyou.txt is enough. This is also mentioned on the Level 2 website.

So the solution for all the hashes are:

Level 1 Solution

Level 2 :

The previous level was easy and we can crack them fast. But level 2 is quite tricky and time-consuming. As mentioned in the previous Level, I need to use a hash-identifier and hash-analyzer to detect hash. There is also an example Hash wiki: Link here.

For the first 2 tasks here, an online analyzer is enough and the process is the same. But for task 3:

  • This is salted. So previous online analyzer failed to detect it.
  • The hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.
  • Here it starts with $6$. Manually checking from the example gives the solution. Its sha512. (picture below)
  • This online analyzer was able to detect the hash.

Hash sample from the wiki

Cracking this will take some time.

Command: hashcat -m 1800 hash.txt rockyou.txt

Task 4 : to detect the Hash, I needed to include the salt at the end of the hash. That’s why online analyzer was able to detect it. Picture below:

Hash for Task 4

Now using the hashcat with mode (-m 110) I can crack the main info. Command is same as previous.

Solution for level 2:

Level 2 solution

If you find the write up useful, please share — Sharing is Caring ❤