Open in app

Sign in

Write

Sign in

Hashing — Crypto 101

David Kennedy
3 min readOct 4, 2021

--

An introduction to Hashing, as part of a series on crypto via TryHackMe.

via — tokens24.com

Kali on VMware’s Workstation was used for this room.

Task 1: Key Terms.

#1 Is base64 encryption or encoding?

Encoding

Task 2: What’s a hash function?

#1 What is the output size in bytes of the MD5 hash function?

16

“The ComputeHash methods of the MD5 class return the hash as an array of 16 bytes.” — docs.microsoft.com

#2 Can you avoid hash collisions? (Yea/Nay)

Nay

#3 If you have an 8 bit hash output, how many possible hashes are there?

256

The number of possibilities would be 2^(X) where X is the number of bits in the hash. There are ²⁸ possible hashes.

Task 3: Uses for hashing.

#1 Crack the hash “d0199f51d2728db6011945145a1b607a” using the rainbow table manually.

basketball

#2 Crack the hash “5b31f93c09ad1d065c0491b764d04933” using online tools

tryhackme

— via md5.gromweb.com

#3 Should you encrypt passwords? Yea/Nay

Nay

“You can’t encrypt the passwords, as the key has to be stored somewhere. If someone gets the key, they can just decrypt the passwords.” — THM

Task 4: Recognising password hashes.

#1 How many rounds does sha512crypt ($6$) use by default?

5000

via php.net

#2 What’s the hashcat example hash (from the website) for Citrix Netscaler hashes?

1765058016a22f1b4e076dccd1c3df4e8e5c0839ccded98ea

— via hashcat.net

#3 How long is a Windows NTLM hash, in characters?

32

Task 5: Password Cracking.

For this task, I used john (john the ripper) with the wordlist rockyou.txt. I noted the hash type using the hashid tool. I then stored the hash to h4sh.txt

#1 Crack this hash: $2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG

hashid ‘$2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG’

Now that the hashid is revealed, “bcrypt”, the following command can be used.

john --format=bcrypt --wordlist=/home/kali/Desktop/rockyou.txt h4sh.txt

If successful, the password is now revealed. I had previously cracked this hash, so I used the command below to reveal the password.

john --show h4sh.txt

85208520

#2 Crack this hash: 9eb7ee7f551d2f0ac684981bd1f1e2fa4a37590199636753efe614d4db30e8e1

halloween

#3 Crack this hash: $6$GQXVvW4EuM$ehD6jWiMsfNorxy5SINsgdlxmAEl3.yif0/c3NqzGLa0P.S7KRDYjycw5bnYkF5ZtB8wQy8KnskuWQS3Yr1wQ0

spaceman

#4 Bored of this yet? Crack this hash: b6b0d451bbf6fed658659a9e7e5598fe

funforyou

— via crackstation.net

CrackStation was used in this instance as rockyou.txt was unsuccessful.

Task 6: Hashing for integrity checking.

#1 What's the SHA1 sum for the amd64 Kali 2019.4 ISO? http://old.kali.org/kali-images/kali-2019.4/

sha1sum kali-linux-2019.4-amd64.iso

186c5227e24ceb60deb711f1bdc34ad9f4718ff9

#2 What’s the hashcat mode number for HMAC-SHA512 (key = $pass)?

1750

— via hashcat.net

Tryhackme
Hashing
Crypto 101

--

--

David Kennedy
David Kennedy

Written by David Kennedy

1 Follower
37 Following

Responses (2)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams