TryHackMe - Hashing - Crypto 101 - Walkthrough
Introduction
Today we're going to be doing a walkthrough for the Hashing - Crypto 101 room hosted at https://tryhackme.com/room/hashingcrypto101 . For this walkthrough, we'll be using one virtual machine (VMs), the TryHackMe AttackBox, as our attacking machine.
Task 1 - Key Terms
Questions:
Is base64 encryption or encoding?
Answer can be found in this article:
https://en.wikipedia.org/wiki/Base64
Task 2 - What is a hash function?
Questions
What is the output size in bytes of the MD5 hash function?
Refer to this article for the answer (keep in mind that 1 byte = 8 bits):
https://en.wikipedia.org/wiki/MD5
Can you avoid hash collisions? (Yea/Nay)
Answer contained in Task description
If you have an 8 bit hash output, how many possible hashes are there?
The formula for determining the possible number of hashes for a hashing algorithm is 2 ^ (bit output). Therefore, the answer is 2 ^ 8.
Task 3 - Uses for hashing
Questions
Crack the hash "d0199f51d2728db6011945145a1b607a" using the rainbow table manually.
Answer contained within Task description.
Crack the hash "5b31f93c09ad1d065c0491b764d04933" using online tools
Use the following website to crack the hash:
https://hashes.com/en/tools/hash_identifier
Should you encrypt passwords? Yea/Nay
Answer contained within Task description.
Task 4 - Recognising password hashes
Questions
How many rounds does sha512crypt ($6$) use by default?
The following article contains the answer:
https://blog.michael.franzl.name/2016/09/09/hashing-passwords-sha512-stronger-than-bcrypt-rounds/
What's the hashcat example hash (from the website) for Citrix Netscaler hashes?
Find the answer in the webpage below (search for the term “Citrix”)
https://hashcat.net/wiki/doku.php?id=example_hashes
How long is a Windows NTLM hash, in characters?
Go the the following URL and count out the number of characters in the example hash:
https://asecuritysite.com/encryption/lmhash
Task 5 - Password Cracking
Questions
Crack this hash: $2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG
Copy the hash to a file called bcrypt.hash
hashcat -O -m 3200 -a 0 bcrypt.hash /usr/share/wordlists/rockyou.txt
Crack this hash: 9eb7ee7f551d2f0ac684981bd1f1e2fa4a37590199636753efe614d4db30e8e1
Use the following website to crack the hash:
https://hashes.com/en/tools/hash_identifier
Crack this hash: $6$GQXVvW4EuM$ehD6jWiMsfNorxy5SINsgdlxmAEl3.yif0/c3NqzGLa0P.S7KRDYjycw5bnYkF5ZtB8wQy8KnskuWQS3Yr1wQ0
Copy the hash to a file called sha512crypt.hash
hashcat -O -m 1800 -a 0 sha512crypt.hash /usr/share/wordlists/rockyou.txt
Bored of this yet? Crack this hash: b6b0d451bbf6fed658659a9e7e5598fe
Use the following website to get the answer:
https://hashes.com/en/tools/hash_identifier
Task 6 - Hashing for integrity checking
Questions
What's the SHA1 sum for the amd64 Kali 2019.4 ISO? http://old.kali.org/kali-images/kali-2019.4/
The answer can be found at the following URL:
http://old.kali.org/kali-images/kali-2019.4/SHA1SUMS
What's the hashcat mode number for HMAC-SHA512 (key = $pass)?
Go to the following URL and search for the term “hmac-sha512”
https://hashcat.net/wiki/doku.php?id=example_hashes
Today we're going to be doing a walkthrough for the Hashing - Crypto 101 room hosted at https://tryhackme.com/room/hashingcrypto101 . For this walkthrough, we'll be using one virtual machine (VMs), the TryHackMe AttackBox, as our attacking machine.
Task 1 - Key Terms
Questions:
Is base64 encryption or encoding?
Answer can be found in this article:
https://en.wikipedia.org/wiki/Base64
Task 2 - What is a hash function?
Questions
What is the output size in bytes of the MD5 hash function?
Refer to this article for the answer (keep in mind that 1 byte = 8 bits):
https://en.wikipedia.org/wiki/MD5
Can you avoid hash collisions? (Yea/Nay)
Answer contained in Task description
If you have an 8 bit hash output, how many possible hashes are there?
The formula for determining the possible number of hashes for a hashing algorithm is 2 ^ (bit output). Therefore, the answer is 2 ^ 8.
Task 3 - Uses for hashing
Questions
Crack the hash "d0199f51d2728db6011945145a1b607a" using the rainbow table manually.
Answer contained within Task description.
Crack the hash "5b31f93c09ad1d065c0491b764d04933" using online tools
Use the following website to crack the hash:
https://hashes.com/en/tools/hash_identifier
Should you encrypt passwords? Yea/Nay
Answer contained within Task description.
Task 4 - Recognising password hashes
Questions
How many rounds does sha512crypt ($6$) use by default?
The following article contains the answer:
https://blog.michael.franzl.name/2016/09/09/hashing-passwords-sha512-stronger-than-bcrypt-rounds/
What's the hashcat example hash (from the website) for Citrix Netscaler hashes?
Find the answer in the webpage below (search for the term “Citrix”)
https://hashcat.net/wiki/doku.php?id=example_hashes
How long is a Windows NTLM hash, in characters?
Go the the following URL and count out the number of characters in the example hash:
https://asecuritysite.com/encryption/lmhash
Task 5 - Password Cracking
Questions
Crack this hash: $2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG
Copy the hash to a file called bcrypt.hash
hashcat -O -m 3200 -a 0 bcrypt.hash /usr/share/wordlists/rockyou.txt
Crack this hash: 9eb7ee7f551d2f0ac684981bd1f1e2fa4a37590199636753efe614d4db30e8e1
Use the following website to crack the hash:
https://hashes.com/en/tools/hash_identifier
Crack this hash: $6$GQXVvW4EuM$ehD6jWiMsfNorxy5SINsgdlxmAEl3.yif0/c3NqzGLa0P.S7KRDYjycw5bnYkF5ZtB8wQy8KnskuWQS3Yr1wQ0
Copy the hash to a file called sha512crypt.hash
hashcat -O -m 1800 -a 0 sha512crypt.hash /usr/share/wordlists/rockyou.txt
Bored of this yet? Crack this hash: b6b0d451bbf6fed658659a9e7e5598fe
Use the following website to get the answer:
https://hashes.com/en/tools/hash_identifier
Task 6 - Hashing for integrity checking
Questions
What's the SHA1 sum for the amd64 Kali 2019.4 ISO? http://old.kali.org/kali-images/kali-2019.4/
The answer can be found at the following URL:
http://old.kali.org/kali-images/kali-2019.4/SHA1SUMS
What's the hashcat mode number for HMAC-SHA512 (key = $pass)?
Go to the following URL and search for the term “hmac-sha512”
https://hashcat.net/wiki/doku.php?id=example_hashes
Comments
Post a Comment