Password Cracking de TryHackMe, presenta una serie de hashes las cuales crackeamos utilizando Hashcat y combinaciones de wordlist para obtener las credenciales.
Room
Titulo |
Password Cracking |
Descripción |
Crack the password by using different techniques |
Puntos |
* |
Dificultad |
Media |
Maker |
F4_U57 |
Hashcat - Tutorial the basics of cracking password
Bruteforce MD5
En esta serie de retos se utilizará hashcat para poder obtener la flag de cada uno de los retos. La lista de caracteres que se utilizarán para obtener las flags:
1
2
3
4
5
6
7
8
|
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 – 0xff
|
MD5 #1
Reto:
eedb694a362f8ab2effbad5e4c8fa095
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 3 -m 0 hash.txt TRY-HACK-ME-?d?d?d
hashcat (v5.1.0) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
eedb694a362f8ab2effbad5e4c8fa095:TRY-HACK-ME-[... snip ...]
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: eedb694a362f8ab2effbad5e4c8fa095
Time.Started.....: Tue Feb 18 20:32:56 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:32:56 2020 (0 secs)
Guess.Mask.......: TRY-HACK-ME-?d?d?d [15]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 4765.5 kH/s (0.01ms) @ Accel:1024 Loops:1 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 1000/1000 (100.00%)
Rejected.........: 0/1000 (0.00%)
Restore.Point....: 0/1000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: TRY-HACK-ME-123 -> TRY-HACK-ME-573
Hardware.Mon.#1..: Temp: 53c Util: 16% Core:1189MHz Mem:2505MHz Bus:4
Started: Tue Feb 18 20:32:51 2020
Stopped: Tue Feb 18 20:32:57 2020
sckull@uplifted:~/tools/hashcat$
|
MD5 #2
Reto:
eedb694a362f8ab2effbad5e4c8fa095
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 3 -m 0 hash.txt TRY-HACK-ME-?d?d?d?d
hashcat (v5.1.0) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
19b489d1c4220946b38d65a7fce24372:TRY-HACK-ME-[... snip ...]
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 19b489d1c4220946b38d65a7fce24372
Time.Started.....: Tue Feb 18 20:35:18 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:35:18 2020 (0 secs)
Guess.Mask.......: TRY-HACK-ME-?d?d?d?d [16]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 13550.0 kH/s (0.12ms) @ Accel:1024 Loops:1 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 10000/10000 (100.00%)
Rejected.........: 0/10000 (0.00%)
Restore.Point....: 0/10000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: TRY-HACK-ME-1234 -> TRY-HACK-ME-5739
Hardware.Mon.#1..: Temp: 55c Util: 15% Core:1189MHz Mem:2505MHz Bus:4
Started: Tue Feb 18 20:35:15 2020
Stopped: Tue Feb 18 20:35:19 2020
sckull@uplifted:~/tools/hashcat$
|
MD5 #3
Reto:
7353d3b528592ecd12139fba62c43287
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 3 -m 0 hash.txt TRY-HACK-ME-?d?d?d?d?d
hashcat (v5.1.0) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force
* Raw-Hash
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
7353d3b528592ecd12139fba62c43287:TRY-HACK-ME-[... snip ...]
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 7353d3b528592ecd12139fba62c43287
Time.Started.....: Tue Feb 18 20:37:10 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:37:10 2020 (0 secs)
Guess.Mask.......: TRY-HACK-ME-?d?d?d?d?d [17]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 17768.1 kH/s (1.00ms) @ Accel:1024 Loops:1 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 100000/100000 (100.00%)
Rejected.........: 0/100000 (0.00%)
Restore.Point....: 0/100000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: TRY-HACK-ME-12345 -> TRY-HACK-ME-57397
Hardware.Mon.#1..: Temp: 56c Util: 63% Core:1189MHz Mem:2505MHz Bus:4
Started: Tue Feb 18 20:37:07 2020
Stopped: Tue Feb 18 20:37:11 2020
sckull@uplifted:~/tools/hashcat$
|
Combination (MD5)
En esta seccion nos proporcionan tres diccionarios los cuales debemos de combinar segun el reto que se presente, utilizamos combinator de hashcat, el cual utiliza dos diccionarios y los combina (diccionario1diccionario2) para poder crackear un hash.
MD5 #1
Reto:
a united states city followed by 2 digits (all lowercase)
0f8e6ad80411e27fc85ba1f79153dd8f
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 6 -m 0 hash.txt us-city.txt ?d?d
hashcat (v5.1.0) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
Dictionary cache built:
* Filename..: us-city.txt
* Passwords.: 2011
* Bytes.....: 19099
* Keyspace..: 201100
* Runtime...: 0 secs
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
0f8e6ad80411e27fc85ba1f79153dd8f:penn[... snip ...]ia46
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: 0f8e6ad80411e27fc85ba1f79153dd8f
Time.Started.....: Tue Feb 18 20:46:41 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:46:41 2020 (0 secs)
Guess.Base.......: File (us-city.txt), Left Side
Guess.Mod........: Mask (?d?d) [2], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 70748.6 kH/s (0.28ms) @ Accel:128 Loops:50 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 201100/201100 (100.00%)
Rejected.........: 0/201100 (0.00%)
Restore.Point....: 0/2011 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:50-100 Iteration:0-50
Candidates.#1....: alabama13 -> worland68
Hardware.Mon.#1..: Temp: 53c Util: 62% Core:1176MHz Mem:2505MHz Bus:4
Started: Tue Feb 18 20:46:36 2020
Stopped: Tue Feb 18 20:46:42 2020
sckull@uplifted:~/tools/hashcat$
|
MD5 #2
Reto:
a united states city followed by a simple color, followed by 3 digits (all lowercase).
fbd527693aceda78b30a978d7d3b9abb
Combinator:
./combinator.bin ../../us-city.txt ../../color.txt > ../../us-city-color.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 6 -m 0 hash.txt us-city-color.txt ?d?d?d
hashcat (v5.1.0) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
Dictionary cache built:
* Filename..: us-city-color.txt
* Passwords.: 50275
* Bytes.....: 740916
* Keyspace..: 50275000
* Runtime...: 0 secs
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
fbd527693aceda78b30a978d7d3b9abb:phoe[... snip ...]rple585
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: fbd527693aceda78b30a978d7d3b9abb
Time.Started.....: Tue Feb 18 20:58:05 2020 (0 secs)
Time.Estimated...: Tue Feb 18 20:58:05 2020 (0 secs)
Guess.Base.......: File (us-city-color.txt), Left Side
Guess.Mod........: Mask (?d?d?d) [3], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 473.0 MH/s (5.50ms) @ Accel:128 Loops:62 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 24936400/50275000 (49.60%)
Rejected.........: 0/24936400 (0.00%)
Restore.Point....: 0/50275 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:434-496 Iteration:0-62
Candidates.#1....: alabamared925 -> worlandgrey405
Hardware.Mon.#1..: Temp: 49c Util: 56% Core:1189MHz Mem:2505MHz Bus:4
Started: Tue Feb 18 20:58:02 2020
Stopped: Tue Feb 18 20:58:06 2020
sckull@uplifted:~/tools/hashcat$
|
MD5 #3
Reto:
a simple color followed by a country, followed by 4 digits (all lowercase).
a4131ef4610be60c0c6a3656b00dd763
Combinator:
./combinator.bin ../../color.txt ../../country.txt > ../../color-country.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
sckull@uplifted:~/tools/hashcat$ ./hashcat64.bin -a 6 -m 0 hash.txt color-country.txt ?d?d?d?d
hashcat (v5.1.0) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce MX130, 501/2004 MB allocatable, 3MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Applicable optimizers:
* Zero-Byte
* Early-Skip
* Not-Salted
* Not-Iterated
* Single-Hash
* Single-Salt
* Raw-Hash
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
ATTENTION! Pure (unoptimized) OpenCL kernels selected.
This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
If you want to switch to optimized OpenCL kernels, append -O to your commandline.
Watchdog: Temperature abort trigger set to 90c
Dictionary cache built:
* Filename..: color-country.txt
* Passwords.: 4775
* Bytes.....: 66846
* Keyspace..: 47750000
* Runtime...: 0 secs
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
a4131ef4610be60c0c6a3656b00dd763:blue[... snip ...]7926
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MD5
Hash.Target......: a4131ef4610be60c0c6a3656b00dd763
Time.Started.....: Tue Feb 18 21:00:36 2020 (0 secs)
Time.Estimated...: Tue Feb 18 21:00:36 2020 (0 secs)
Guess.Base.......: File (color-country.txt), Left Side
Guess.Mod........: Mask (?d?d?d?d) [4], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 355.7 MH/s (0.63ms) @ Accel:128 Loops:64 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 35755200/47750000 (74.88%)
Rejected.........: 0/35755200 (0.00%)
Restore.Point....: 0/4775 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:7424-7488 Iteration:0-64
Candidates.#1....: redafghanistan9147 -> greyzimbabwe8479
Hardware.Mon.#1..: Temp: 55c Util: 87% Core:1189MHz Mem:2505MHz Bus:4
Started: Tue Feb 18 21:00:33 2020
Stopped: Tue Feb 18 21:00:37 2020
sckull@uplifted:~/tools/hashcat$
|
Rainbow Table (NTLM)
En esta seccion utilizaremos ophcrack para poder cracker los hashes utilizando un rainbow table. Ophcrack viene incluido en el sistema de Kali Linux, por lo que debemos de descargar unicamente el rainbow table XP special
(8GB).
Retos:
1
2
3
|
FF6EDF5C42F0FE57AAD5360A07991BD6:A2F77301E3162DB9213E3DA35D5EA931
1CDEE68485E23D0E1DD9CED345A47D0C:D4F3A9ACC8448BC9EF7C53B3BBBEC9C3
8C7972A6362411C1B0D3662B97EBED58:DAE91036E4B2E7F0B5061956BCE39A3E
|
Importamos los hashes a ophrack y esperamos el resultado: