This page looks best with JavaScript enabled

TryHackMe - Password Cracking

 ·  ☕ 12 min read  ·  ✍️ sckull

Password Cracking es una serie de retos de TryHackMe aqui encontrarás la solucion para obtener las flags.

Informacion de la Maquina

Titulo password cracking
Info crack the password by using different techniques
Puntos 1985
Dificultad Media
Maker F4_U57

Hashcat - Tutorial the basics of cracking password

Bruteforce MD5

En esta serie de retos se utilizará hashcat para poder obtener la flag de cada uno de los retos. La lista de caracteres que se utilizarán para obtener las flags:

1
2
3
4
5
6
7
8
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 – 0xff

MD5 #1

Reto:

eedb694a362f8ab2effbad5e4c8fa095
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 3 -m 0 hash.txt TRY-HACK-ME-?d?d?d
hashcat (v5.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

eedb694a362f8ab2effbad5e4c8fa095:TRY-HACK-ME-[... snip ...]
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: eedb694a362f8ab2effbad5e4c8fa095
Time.Started.....: Tue Feb 18 20:32:56 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:32:56 2020 (0 secs)
Guess.Mask.......: TRY-HACK-ME-?d?d?d [15]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  4765.5 kH/s (0.01ms) @ Accel:1024 Loops:1 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 1000/1000 (100.00%)
Rejected.........: 0/1000 (0.00%)
Restore.Point....: 0/1000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: TRY-HACK-ME-123 -> TRY-HACK-ME-573
Hardware.Mon.#1..: Temp: 53c Util: 16% Core:1189MHz Mem:2505MHz Bus:4

Started: Tue Feb 18 20:32:51 2020
Stopped: Tue Feb 18 20:32:57 2020
sckull@uplifted:~/tools/hashcat$

MD5 #2

Reto:

eedb694a362f8ab2effbad5e4c8fa095
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 3 -m 0 hash.txt TRY-HACK-ME-?d?d?d?d
hashcat (v5.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

19b489d1c4220946b38d65a7fce24372:TRY-HACK-ME-[... snip ...]
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 19b489d1c4220946b38d65a7fce24372
Time.Started.....: Tue Feb 18 20:35:18 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:35:18 2020 (0 secs)
Guess.Mask.......: TRY-HACK-ME-?d?d?d?d [16]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 13550.0 kH/s (0.12ms) @ Accel:1024 Loops:1 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 10000/10000 (100.00%)
Rejected.........: 0/10000 (0.00%)
Restore.Point....: 0/10000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: TRY-HACK-ME-1234 -> TRY-HACK-ME-5739
Hardware.Mon.#1..: Temp: 55c Util: 15% Core:1189MHz Mem:2505MHz Bus:4

Started: Tue Feb 18 20:35:15 2020
Stopped: Tue Feb 18 20:35:19 2020
sckull@uplifted:~/tools/hashcat$

MD5 #3

Reto:

7353d3b528592ecd12139fba62c43287
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 3 -m 0 hash.txt TRY-HACK-ME-?d?d?d?d?d
hashcat (v5.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

7353d3b528592ecd12139fba62c43287:TRY-HACK-ME-[... snip ...]
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 7353d3b528592ecd12139fba62c43287
Time.Started.....: Tue Feb 18 20:37:10 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:37:10 2020 (0 secs)
Guess.Mask.......: TRY-HACK-ME-?d?d?d?d?d [17]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 17768.1 kH/s (1.00ms) @ Accel:1024 Loops:1 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 100000/100000 (100.00%)
Rejected.........: 0/100000 (0.00%)
Restore.Point....: 0/100000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: TRY-HACK-ME-12345 -> TRY-HACK-ME-57397
Hardware.Mon.#1..: Temp: 56c Util: 63% Core:1189MHz Mem:2505MHz Bus:4

Started: Tue Feb 18 20:37:07 2020
Stopped: Tue Feb 18 20:37:11 2020
sckull@uplifted:~/tools/hashcat$

Combination (MD5)

En esta seccion nos proporcionan tres diccionarios los cuales debemos de combinar segun el reto que se presente, utilizamos combinator de hashcat, el cual utiliza dos diccionarios y los combina (diccionario1diccionario2) para poder crackear un hash.

MD5 #1

Reto:

a united states city followed by 2 digits (all lowercase)
0f8e6ad80411e27fc85ba1f79153dd8f
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 6 -m 0 hash.txt us-city.txt ?d?d
hashcat (v5.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

Dictionary cache built:
* Filename..: us-city.txt
* Passwords.: 2011
* Bytes.....: 19099
* Keyspace..: 201100
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

0f8e6ad80411e27fc85ba1f79153dd8f:penn[... snip ...]ia46  
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 0f8e6ad80411e27fc85ba1f79153dd8f
Time.Started.....: Tue Feb 18 20:46:41 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:46:41 2020 (0 secs)
Guess.Base.......: File (us-city.txt), Left Side
Guess.Mod........: Mask (?d?d) [2], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 70748.6 kH/s (0.28ms) @ Accel:128 Loops:50 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 201100/201100 (100.00%)
Rejected.........: 0/201100 (0.00%)
Restore.Point....: 0/2011 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:50-100 Iteration:0-50
Candidates.#1....: alabama13 -> worland68
Hardware.Mon.#1..: Temp: 53c Util: 62% Core:1176MHz Mem:2505MHz Bus:4

Started: Tue Feb 18 20:46:36 2020
Stopped: Tue Feb 18 20:46:42 2020
sckull@uplifted:~/tools/hashcat$

MD5 #2

Reto:

a united states city followed by a simple color, followed by 3 digits (all lowercase).
fbd527693aceda78b30a978d7d3b9abb

Combinator:

./combinator.bin ../../us-city.txt ../../color.txt > ../../us-city-color.txt
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 6 -m 0 hash.txt us-city-color.txt ?d?d?d
hashcat (v5.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

Dictionary cache built:
* Filename..: us-city-color.txt
* Passwords.: 50275
* Bytes.....: 740916
* Keyspace..: 50275000
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

fbd527693aceda78b30a978d7d3b9abb:phoe[... snip ...]rple585
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: fbd527693aceda78b30a978d7d3b9abb
Time.Started.....: Tue Feb 18 20:58:05 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:58:05 2020 (0 secs)
Guess.Base.......: File (us-city-color.txt), Left Side
Guess.Mod........: Mask (?d?d?d) [3], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........:   473.0 MH/s (5.50ms) @ Accel:128 Loops:62 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 24936400/50275000 (49.60%)
Rejected.........: 0/24936400 (0.00%)
Restore.Point....: 0/50275 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:434-496 Iteration:0-62
Candidates.#1....: alabamared925 -> worlandgrey405
Hardware.Mon.#1..: Temp: 49c Util: 56% Core:1189MHz Mem:2505MHz Bus:4

Started: Tue Feb 18 20:58:02 2020
Stopped: Tue Feb 18 20:58:06 2020
sckull@uplifted:~/tools/hashcat$

MD5 #3

Reto:

a simple color followed by a country, followed by 4 digits (all lowercase).
a4131ef4610be60c0c6a3656b00dd763

Combinator:

./combinator.bin ../../color.txt ../../country.txt > ../../color-country.txt
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 6 -m 0 hash.txt color-country.txt ?d?d?d?d
hashcat (v5.1.0) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
             This may cause "CL_OUT_OF_RESOURCES" or related errors.
             To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.

Watchdog: Temperature abort trigger set to 90c

Dictionary cache built:
* Filename..: color-country.txt
* Passwords.: 4775
* Bytes.....: 66846
* Keyspace..: 47750000
* Runtime...: 0 secs

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

a4131ef4610be60c0c6a3656b00dd763:blue[... snip ...]7926 
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: a4131ef4610be60c0c6a3656b00dd763
Time.Started.....: Tue Feb 18 21:00:36 2020 (0 secs)
Time.Estimated...: Tue Feb 18 21:00:36 2020 (0 secs)
Guess.Base.......: File (color-country.txt), Left Side
Guess.Mod........: Mask (?d?d?d?d) [4], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........:   355.7 MH/s (0.63ms) @ Accel:128 Loops:64 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 35755200/47750000 (74.88%)
Rejected.........: 0/35755200 (0.00%)
Restore.Point....: 0/4775 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:7424-7488 Iteration:0-64
Candidates.#1....: redafghanistan9147 -> greyzimbabwe8479
Hardware.Mon.#1..: Temp: 55c Util: 87% Core:1189MHz Mem:2505MHz Bus:4

Started: Tue Feb 18 21:00:33 2020
Stopped: Tue Feb 18 21:00:37 2020
sckull@uplifted:~/tools/hashcat$

Rainbow Table (NTLM)

En esta seccion utilizaremos ophcrack para poder cracker los hashes utilizando un rainbow table. Ophcrack viene incluido en el sistema de Kali Linux, por lo que debemos de descargar unicamente el rainbow table XP special (8GB).

Retos:

1
2
3
FF6EDF5C42F0FE57AAD5360A07991BD6:A2F77301E3162DB9213E3DA35D5EA931
1CDEE68485E23D0E1DD9CED345A47D0C:D4F3A9ACC8448BC9EF7C53B3BBBEC9C3
8C7972A6362411C1B0D3662B97EBED58:DAE91036E4B2E7F0B5061956BCE39A3E

Importamos los hashes a ophrack y esperamos el resultado:

image

Share on

sckull
WRITTEN BY
sckull
Pentester wannabe

THM: Password Cracking