Basics of Hash Analysis and Security Testing | TryHackMe CrackTheHash

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
what's going on today let's talk about hash cracking so most of you know what's hashtracking it's the process of finding out what is the password starting from the hash so if you're giving a hash your final objective is to between double quotes crack the hash and then find the corresponding password that's the general sense of this concept but now let's talk about the process how what's the concept behind it and what are the methods of hash cracking so at the very first we have to understand that all of the passwords are not stored as plain text they are stored as hash function so basically when you log into a site such as twitter right you enter your password right and then your password is then hashed okay and it is compared to the hash that exists in the database so there is a database where you have your username and you have the hash of your password so if the two hashes match you will be authenticated and you will get access to your account but if the password you entered whose hash doesn't match the hash stored on the system it means you will not be authenticated and it will throw you out so that is the very first thing we have to talk we have to understand first is how passwords are stored in computer systems so they are stored as hashes and hashes are say one way function so the hash here you have the password okay and then once you convert the password to hash the hash cannot be converted back to password yeah there are some times where you have collusions and other cryptographic attacks but in general the hash cannot be converted to a password right that's why we have a concept on it or let's say on its own called hash cracking so let's talk about hash cracking methods so now we understand why we crack hashes we crack hashes to find the passwords so the verb the first method is actually the rainbow tables and the next method is the brute force attacks these are the two most popular methods in cracking hashes so what about rainbow tables now rainbow tables are actually so say you have a rainbow table and the table has see here list of hashes and passwords so you have the hash and you have the password corresponding password the hash and the corresponding browser and you have the third hash and the corresponding password so say you have an md5 hash okay now how you crack this md5 hash you will compare the md5 hash to the list of the existing hashes here once you find a match it will give you the corresponding password so that is rainbow tables and rainbow tables are actually unlike with forensic performing the hash function isn't a problem here so as you can see with all the values already computed it is just simplified to um a simple search and compare operation on the table that's how it works actually the rainbow tables and if you are actually trying this as an online attack you will be directly authenticated to the service such as ssh or could be http any service that you are trying to crack online if it is using rainbow tables or if you're using label tables it will authenticate you directly without the need to know the password that's also one of the other advantages of framework tables now building rainbow tables is time consuming also large amount of storage is required for storing the tables now let's talk about the brute force attacks which is more popular than rainbow tables now in boot force attacks you have a word list normally the word lists are stored in text files so here we have a word list right so wordlist.txt text file of many popular passwords so it's a file that contains passwords here you have around it could be like 1000 passwords an example would be raku the txt so roku actually is a very popular word list now brute force attack what do we do here we have a hash such let's let's get back to the md5 hash example so the nd5 hash here we have an nd5 hash you want to crack the hash and find the corresponding password using brute force attacks so what do we do here we have a word list such as roku what do we do here there are certain tools that can help you in the process for example you have hashcat it's very popular and you have john the ripper and also you have some online tools such as crack station as you will see now in the practical example we use crack station a lot so crack station so basically these tools what they do actually they take the word list you have which is in this case rocky.txt and calculate the hash of every single password so every password here is actually the hash of this feature is calculated and then compared to the md to the to the hash that you have supplied right if it if they match then you will be given the password that's how it works in a very brief and simple way now we're going to take practical example from our popular site tryhackme there is a room called crack the hashes and you're given many many hashes to crack so we're gonna take some of these right i'm gonna leave the rest for you guys to practice so let's get started now so level one can you complete can you complete the level one task by cracking the hashes so you're giving certain types of hashes so how the process actually works so first we have to identify the type of the hash given most of the time you're not given the type of the hash so you have to find out what it is so let's take this as an example and identify the tab of the hash so we have online tools and we have offline tools an offline tool could be hash let's make this bigger so you guys don't complain about the font all right and we paste this i think i have copied the hash in the wrong way so paste and as you can see one the possible hashes are sha256 and heyval256 now if you want to cross compare the results you can also use an online tool called hash analyzer so hash analyzer sometimes the output of offline tools or online online tools might not be reliable so it's always good practice to compare the results or output of many different tools analyze so hashtag nd5 for md4 while list here we got sha-256 and we didn't get actual md5 so nevertheless now we can open hashcat and then crack the hash so when using tools to crack the hash it's very important to give the tool the type of the hash right so for example we start hashcat by having hashcat and then dash m here we define the type of the hash so basically hash cat with those numbers to denote the type of the hashes for md5 it is zero now how do you know so what you will do here you will go to the site actually and here is the table of all the example hashes so if you search you see md5 is actually zero so that's how you find out the mode of the uh or the type of the hash using hashcat so basically then what do we do we have to give it the file that contains the hash so what we're going to do now we're going to step back copy the hash and create a file let's create a directory first hashes see the hashes and then create a file called one nano hash one store in the hash save it and back to hashcat dash m0 and then we give it the file that contains the hash it is hash one all right and then we give it the word list if you remember the word it's very important to actually find the password without the word list there is no password there is no you can't we can't do anything so user share word lists rock you all right now we start now an alternative method to hashcat is using john the river so basically john the ripper it's only it's actually important to always define the format sometimes if you don't define the format it's not going to work so basically we say dash dash format equal md five right and then dash dash oops wait let's take this one and define the file containing the hash and this is the word list ready for you so i'm going to just replace this with md5 sometimes you don't need to define the type of the hash right just give it john terper and sometimes it will be auto detected so unknown ciphertext format requested all right so let's remove this one okay so as you can see it's not complaining that we need to define the type of the hash so when it when you see the output many mentions of dash dash format it means the program needs to know what is the type of the hash as you can see it's dash row md5 so let's use this one okay so as you can see the password is actually easy that's the password let's take a look at hashcat also the password actually here is found to be easy easy as an adjective and easy as an answer so this is the password submit okay right now let's take the next hash so i'm going now to copy the hash from the other monitor all right so let's now go to the online tool and paste in the hash so this time it is sha1 so we go to the table here and type sha1 so the mode is 100 for hashcat so nanohash one let's remove this one and replace it with this so the same command just change the mode and start okay right now let's use john derper now so john let's try not mentioning or not giving the type of the hash using the format see if it can crack the hash as you can see now it's telling you to define the format so it is now we have to define the format so dash dash format equal row sha1 dash dot show uh-huh this is the password so no idea why it didn't go through the process of cracking the hash like it did in the previous uh hash so this is the password all right so why am i using two tools it's always best to compare as i told you guys the results of two of the output of two tools of many tools to corroborate and make sure the outputs you got is actually correct okay then so so we have also another hash this one is actually identical the process is the same you can use let's use a crack station for this one so crack station track station okay there you go verify so this is the password let me in and this is the type so tools like crack station you don't need to supply the type of the house it detects the type of the house automatically okay now the next one now this one is different actually you can see take a look at the hint search the hash cut examples for dollar two why dollar this type of hash can take a very long time to crack so either filter rock you for four character words or use a mask for four lower alphabetical characters so this one actually is different this is bcrypt hash and sometimes big cryptic takes long time to crack so we prefer using online tools for this one so we go back to crackstation and we supply this let's see if we can find the answer unrecognized hash format all right so this means we have to use analyzer to find out the type so as i told you to speak crypt now in hashcat bcrypt is 3200 as you can see every hash that starts with dollar two and then character followed by dollar it means this one is decrypt and it is used as you can see in unix systems [Music] so guys i'm gonna show you the command but i'm not going to go through the process it's going to take time so i'm going to show you the command and then give you the answer directly so hash just the same command this one and here replace 100 with 2 of course don't forget to put the new hash in the file okay now the password for this one is take a look at this okay next one let's take this one go back identify the type of the hash np5 use crackstation if is eternity 22 so now guys you know the drill right analyze the hash and find out the type of the hash and then you're free you can use online tools or you can use john or hashcats so task 2 increases the difficulty all of the answer will be in the classic roku password list ok and then we might have to start using hashcat here and online tools it might also be handy to look at some examples example hashes on hashcat page okay so answer the questions below this is the house this one is kinda long hash seems to be to be um sha-256 or yeah let's let's find out so we go to analyzer it's sha256 and now in hashgate sha2 5 let me search for 256 so we have cisco ios type this is ssha nope we don't want this sha256 script let's take a look at the format uh where is the hash so there is no dollar signs here so which means if we go up again and search so ssj256 1410 and this is the format but as you can see it does this salt the given hash doesn't use salt so it is not 1401. see this one sha256 and it matches the formats of the given hash so it is 1400 so again guys show you the process just do like that and then you will find the password the password for this one is paul next one this is the hash so as you can see we have the hint here so let's take a look at the hint ntlm it's ntlm hashtag you just used by windows so let's copy that and go to the online tool we have i know i forget one and we have the house so it's telling me it is md5 or md4 at the end ntlm interesting let me use hash identifier in this case identifier md5 domain cached credentials okay let's follow the hints and search for ntlm here so net ntlm not quite the way the the thing i want let's see here so nclm is actually 1000. so again we go to hashcat and here put in one additional zero enter and you will find the password so let's see the password here password is n63 um 1 k and then lastly for f 4 i wrong n 6 3 u m y 8 this one is l okay all right next one so this hash uses salt and the salt is given a really hard salt as you can see whenever you see dollar six it means you have sha 512 crypt hash which cannot be cracked using online tools you have to use offline tools and it's gonna take time so dollar six means you have sha 512 crypt dollar six dollar that is the salt and most of the time it use it's used actually by unix systems to store the hashes so what do we do here we're going to go back and search for sha 512 [Music] crypt so it is 1 800. again back guys use hashcat define the mode and you will find that the password is w1 wa guaca 99. this one may take some time so be patient if you want to um find that about the password yourself okay oh no we have one so hash and assault okay this one is interesting the salt is try hack me uh can we find out the type of the hash first let's see so it is sha1 now going back to hashcat search for ssh1 let's see here so nd561 no let's go up scroll up and search for sha1 so ssj1 is 100 very simple go back to the tool define the mode as one and you will find out that the password is eight one six one six four eight one six one six and it is finished now the purpose of this video guys is not to crack every single hash you encounter right to understand the process analyze the hash find out the type of the hash right does it contain salt or not and then you use online tools or offline tools that's it so thank you guys for watching the video and i will see you in the next one
Info
Channel: Motasem Hamdan
Views: 4,441
Rating: undefined out of 5
Keywords: hashes
Id: dUMzQF8oTO8
Channel Id: undefined
Length: 23min 39sec (1419 seconds)
Published: Sat Mar 05 2022
Related Videos
Steganography and SUDO exploitation | Agent Sudo TryHackMe
Motasem Hamdan
1.6K
Hashing Algorithms and Security - Computerphile
Computerphile
1.5M
How To Use Hashcat
The Builder
68K
Is your PC hacked? RAM Forensics with Volatility
The PC Security Channel
899K
TryHackMe Walkthrough // Wireshark Basics Room - SOC Analyst 1
Chris Greer
18K
Hurricane Beryl Landfall Carriacou raw power 4k - Eye wall of category 4
WXChasing
738K
TryHackMe! Basic Penetration Testing
John Hammond
2.4M
tcpdump - Traffic Capture & Analysis
HackerSploit
235K
Hurricane Beryl Drone video from Carriacou, Grenada after category 4 slams island
WXChasing
452K
How To Crack ZIP & RAR Files With Hashcat
HackerSploit
220K
Free Hacking API courses (And how to use AI to help you hack)
David Bombal
97K
Threat Emulation Explained | Understanding Hacker's Mentality | TryHackMe Intro to Threat Emulation
Motasem Hamdan
168
18 Commands That Will Change The Way You Use Linux Forever
Akamai Developer
1.2M
Cybersecurity IDR: Incident Detection & Response | Google Cybersecurity Certificate
Google Career Certificates
69K
Threat Hunting Case Study | The Strange Invoice | TryHackMe Hunt Me 1: Payment Collectors
Motasem Hamdan
241
How To Become Invisible Online
Hallden
2.8M
you need to learn tmux RIGHT NOW!!
NetworkChuck
494K
Live Linux Forensics | Processes & Cronjobs | TryHackMe Linux Process Analysis
Motasem Hamdan
719
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.