Hashing algorithms

encryptioncrypto101 hashingcrypto101 hash_cracking crackthehash c4ptur3th3fl4g corridor agentsudoctf basicpentestingjt netsecchallenge mustacchio chillhack cowboyhacker devvortex cozyhosting file_pkzip hash_dcc hash_dcc2 hash_lm hash_md5 hash_nt

A hashing algorithm is a one-way function taking data and generating a hash/digest. They are mainly used to:

  • 🔒 Store passwords
  • ✒️ Ensure authenticity (digital signatures)
  • 🥷 Ensure integrity (checksum)
  • 🫧 In algorithms such as in hashing tables

Since a hash function is one-way, it's impossible to know the original data. However, we can use a hash function to verify if some data matches a corresponding hash.

Problems in hashing algorithms

  • Hash collision 👎: two different data generate the same hash. Some well-known vulnerable algorithms are SHA1, MD5...

  • Determinism 🛣️: a hash function always generates the same hash given the same data. It allows attackers to precompute hashes for well-known passwords, and perform a rainbow table attack. A salt is a parameter (usually, a random string) added to generate different hashes given the same data. Only calling the hash function with the same salt results in the same output.

➡️ They may use brute force with a dictionary of passwords too.

Generate a hash 🔑

👉 There are many language-specific functions, but you can use these commands for testing.

$ echo -n 'password' | <command> | cut -f1 -d' ' > myhash
  • ➡️ Using openssl 
# list formats
$ openssl list --digest-commands
md4 md5 sha1 [...]
# generate
$ echo -n "toto" | openssl dgst -md4
  • ➡️compute and check XXX message digest (gnu)
# if you don't use -n, it won't work
$ echo -n 'toto' | sha1sum
$ echo -n 'toto' | md5sum
$ echo -n 'toto' | sha256sum
$ echo -n 'toto' | sha512sum
  • ➡️ Using mkpasswd 
# list formats
$ mkpasswd -m help
bcrypt          bcrypt
sha512crypt     SHA-512
sha256crypt     SHA-256
md5crypt        MD5
nt              NT-Hash
[...]
# generate
$ mkpasswd -m sha512crypt toto
# or you can use htpasswd
$ htpasswd -bnBC 10 "" toto | tr -d ':\n' # bcrypt
  • ➡️ Online tools

For instance, decrypt.tools (not many algos), hashes.com (many algos), or tunnelsup.

Find the hash algorithm

linuxstrengthtraining

Let's say we got some hash, and we want to find which algorithm generated this hash, such as MD5, SHA1...

$ echo -n "some hash here" > myhash

$ cat myhash | hash-identifier
  • ➡️ hashID (1.2k ⭐). Not updated since 2015.
$ cat myhash | hashid

# sudo apt install name-that-hash
$ nth -t "some hash here"
$ nth -f myhash
  • ➡️ haiti (0.4k ⭐). Similar to Name-that-hash, different results.
# sudo gem install haiti-hash
$ haiti "some hash here"
  • ➡️ Online tools

For instance, hashes.com or md5hashing.net.

  • ➡️ Manually

Some tools may suggest an incorrect format or not support the format you are looking for. You can still try to do it manually.

Some hashes are starting with well-known formats: $id$salt$hash or hash:salt. Some known values for id are: 1 (crypt, cisco, old Linux), 2/2a/2b/2x/2y (bcrypt, web), 5 (sha256crypt), 6 (sha512crypt, modern Linux).

Apache uses $apr1$hash while WordPress uses $P$hash.

Some hashes can be identified by their length.

👉 You can find a lot of examples on hashcat website.

Hash cracking

Hash cracking usually involves a dictionary with a list of potential passwords a.k.a. wordlist (Rainbow tables may be used for older systems).

⚠️ Hash cracking tools may be able to use your GPU to compute results faster. On a virtual machine, they may be less efficient, as the VM itself takes a lot of resources. Consider using your host.

  • ➡️ Online tools

For instance, crackstation (you can download their wordlist!), MD5Hashing, decrypt.tools, hashkiller.io, or hashes.com.

👉 CTFs usually use the wordlist /usr/share/wordlists/rockyou.txt.

Special cracking cases

Some special cases of using john/hashcat along other tools.

Linux shadow hash cracking

password_attacks linprivesc

To crack the whole shadow file, you may use unshadow:

$ # hash format is $id$salt$hashed
$ unshadow /path/to/passwd /path/to/shadow > hashes
$ john hashes --format=sha512crypt --wordlist=wordlist
$ hashcat -m 1800 -a 0 hashes wordlist

Windows password hash cracking

password_attacks hash_dcc hash_dcc2 hash_lm hash_nt

Modern Windows are using the hash format "NT", also referred to as "NTLM", because "LM" was the previous hash format.

$ john myhash --format=nt --wordlist=wordlist
$ john myhash --format=netntlmv2 --wordlist=wordlist
$ hashcat -a 0 -m 1000 myhash # NTLM
$ hashcat -a 0 -m 3000 myhash # LM

There are also Domain Cached Credentials.

$ hashcat -a 0 -m 1100 hash wordlist # password:username
$ hashcat -a 0 -m 2100 hash wordlist # $DCC2$salt#username#hash

GPG passphrase cracking

networksecurityprotocols linuxstrengthtraining encryptioncrypto101

To crack the passphrase of GPG encrypted files, you must convert the file to a crackable file for john:

$ sudo gpg2john file.pgp > myhash
$ john --format=gpg myhash --wordlist=wordlist

SSH private key - passphrase cracking

password_attacks encryptioncrypto101 basicpentestingjt mustacchio

SSH may have been configured to use a passphrase-protected ssh keys. You must convert the file to a crackable file for john:

$ ssh2john key > myhash
$ john --format=ssh myhash --wordlist=wordlist

Documents - password cracking

password_attacks

You can crack Office documents and PDF documents using:

$ office2john xxx.docx > myhash
$ john myhash --wordlist=wordlist
$ john myhash --show

$ pdf2john xxx.pdf > myhash
$ john myhash --wordlist=wordlist

RAR password cracking

You must convert the RAR file to a crackable file for john:

$ rar2john hello.rar > myhash
$ john myhash --wordlist=wordlist
$ unrar x hello.rar # enter password

7ZIP password cracking

crackingpasswordswithhashcat

You must convert the RAR file to a crackable file for john/hashcat:

$ 7z2john test.7z > myhash
$ hashcat -m 11600 [...]

ZIP password cracking

password_attacks crackingpasswordswithhashcat agentsudoctf chillhack file_pkzip

You must convert the ZIP file to a crackable file for john:

$ zip2john hello.zip > myhash
$ john myhash --wordlist=wordlist
$ unzip hello.zip # enter password

➡️ There is also fcrackzip (0.4k ⭐)

👉 The same tool can be used with hashcat, but ensure you only keep the hash. See the references, modes 17200-17230.

Wireless password cracking

crackingpasswordswithhashcat wifihacking101

For Wi-Fi password cracking, use hcxtools to create a crackable file:

$ sudo apt-get install hcxtools
$ hcxpcapngtool xxx.cap -o hash
$ hcxpcapngtool xxx.hccapx -o hash
$ hashcat -m 22000 [...]
$ john --format=wpapsk [...]
$ hcxpcaptool -j hash xxx.cap        # alternative?
$ /usr/lib/hashcat-utils/cap2hccapx.bin in.cap out.hccapx
$ hccapx2john out.hccapx > hash      # only for john

OpenSSL Key Cracking (GZIP example)

password_attacks

GZIP (GNU Zip) is a file compression and decompression utility. The result can then be encrypted using tools such as openssl or gpg.

$ gzip id_rsa # => id_rsa.gz
$ openssl enc -aes-256-cbc -salt -in id_rsa.gz -out xxx.gzip -k SomeKey
$ openssl enc -d -aes-256-cbc -in xxx.gzip -out id_rsa.gz -k SomeKey
$ gzip -d id_rsa.gz # If the key is correct, terminate with code 0

I am not aware of any tool to automate this when openssl was used.

Others converters

  • bitlocker2john: bitlocker protected drive, refer to Bitlocker notes
  • keepass2john: keepass files, refer to KeePass notes

Random Notes

File Checksum

The same functions we use to generate hashes may also be used to generate a checksum for a file. Two identical files have the same checksum. MD5 is not reliable, but often used:

$ md5sum /etc/passwd
$ cat /etc/passwd | md5sum
$ Get-FileHash .\file.txt -Algorithm MD5

👻 To-do 👻

Stuff that I found, but never read/used yet.