Crack The Hash

Crack the Hash Room is THM room containing nine different hashes of varying difficulty. Due to THM policy, the cracked hashes won't be displayed however, the commands used in the cracking process are pasted in this write-up.

Hash 1

The very first hash is a MD5 hash that took exactly one second to crack with Hashcat.

hashid was used to first identify the hash type and as seen below, first hash type was wrong however, the correct hash type is definitely on this list. hashid is neither buggy nor broken, this is just an indicator that different hash types sometimes have similar properties and you have to try different modes to successfully crack them.


code breakdown:

hashcat: crack tool to use

-m 0: indicates the crack mode, with "0" being MD5

-a 0: indicates the attack mode, with "0" being dictionary attack

hash1: hash to crack

/usr/share/wordlists/rockyou.txt: wordlist

hash-id hash-identifer hash cracking tryhack me box

Hash 2

No boring story of my life. Same hashid used to identify hash type. -m 100 indicates SHA-1, -a 0 indicates dictionary attack mode, hash2 is hash to crack, --quiet tells hashcrack not to display status to screen and just display the cracked hash when done.

Hash 3

Same drill, -m 1400 indicates SHA-256

Hash 4

Bcrypt is a hash type intentionally built to be slow to crack, that would take days to get the right password hence THM gave a hint suggesting you extract and use 4 character passwords from the traditional rockyou.txt or create a hashcat guess mask which tries to bruteforce password characters of specific length.

I went for option A since pw-inspector exists (since my sed and awk sucks), this tool allows you to take a wordlist as input, manipulate it and create a new output file from it.

cat /usr/share/wordlists/rockyou.txt | pw-inspector -m 4 -M 4 > wordlist

code breakdown:

cat: read the content of rockyou.txt

| pw-inspector: pipes the content of rockyou.txt to pw-inspector to extract specific items

-m 4: extract word of minimum of 4 characters

-M 4: extracts words of maximum of 4 characters

> wordlist: sends the extracted words to a new file called wordlist


you may notice I didn't use hashid but rather Hashcat example page which contains examples of hashes Hashcat can crack and their equivalent mode, 3200 for bcrypt as seen below.

Hash 5

Here I used hash-identifier which works similarly to hashid, the hash was identified as MD5 and MD4, it is actually MD4 however, the password is not in rockyou.txt so I had to use an online hash cracker called Hashes.com

Hash 6

Same old...

Hash 7

NTLM hash, as you can see, it way at the bottom of the list, don't rule out a hash at the bottom of the Hashid result.

Hash 8

A SHA512 hash cracked with the command below:

hashcat -m 1800 -a 0 hash8 /usr/share/wordlists/rockyou.txt

yes...it took 1hour, 4mins to crack this 6 character password🥲

Hash 9

Not really an achievement but worth a reference 🤓