Commit e155691f authored by bobloblaw's avatar bobloblaw
Browse files

Updates identify_hash_and_crack_it.md 

Auto commit by GitBook Editor
parent a9f8251c

identify_hash_and_crack_it.md

+15 −14
Original line number Diff line number Diff line 
# Offline password cracking 





We might find passwords or other credentials in databases or where-ever. Many times these are hashed, so we need to first identify which hash it is and then try to crack it. The first step is to identify the hash-algortithm that was used to hash the password.

We might find passwords or other credentials in databases. These are often hashed, so we need to first identify which hash it is and then try to crack it. The first step is to identify the hash-algorithm that was used to hash the password.



## Identify hash



There are generally speaking three pieaces of data we can use to identify a hash.

There are generally speaking three pieces of data we can use to identify a hash.

- The length of the hash

- The character set

- Any special characters



In order to identify a hash we can either use specialized tools that analyze the hash and then return a guess on which algorithm it is. An easier way is of course to just look in the documentation of the software where you found the hashes. It usually says in the documentation or the source code which type of hash is being used.





In kali we can use **hash-identifier** or **hashid**

In kali we can use `hash-identifier` or `hashid`:



```

hash-identifier 

hashid

```



Or try these online services

Or try these online services:



http://www.onlinehashcrack.com/hash-identification.php



https://md5hashing.net/hash_type_checker
@@ -41,8 +43,12 @@ hashcat --help 
My hash was a Apache md5, so I will use the corresponding code for it, `1600`



`-a 0` - straight





`-o found.txt` - where the cracked hash outputs



`admin.hash" - the hash you want to crack.



`/usr/share/hashcat/rules/rockyou-30000.rule` - the wordlist we use



```
@@ -78,9 +84,7 @@ john --rules --wordlist=wordlist.txt unshadowed.txt 
So basically a rainbow table is a precalculated list of passwords. So instead of having to hash the word you want to try you create a list of hashes. So you do not have to hash them before comparing. This might take a long time to do, hashing a whole wordlist, but when you do the comparison between the password and the test-word it will go a lot faster.









## Online

## Using Online Tools



### findmyhash
@@ -93,22 +97,19 @@ findmyhash LM -h 6c3d4c343f999422aad3b435b51404ee:bcd477bfdb45435a34c6a38403ca43 
```



### Cracking



Crackstation

https://crackstation.net/



Hashkiller

https://hashkiller.co.uk/



Crackpot

http://cracker.offensive-security.com/index.php



Google hashes

Search pastebin.





## Windows



If you find a local file inclusion vulnerability you might be able to retrieve two fundamental files from it. the **system** tregistry and the **SAM** registry. There two files/registrys are all we need to get the machines hashes.

If you find a local file inclusion vulnerability you might be able to retrieve two fundamental files from it. the `system` registry and the `SAM` registry. There two files/registries are all we need to get the machines hashes.

These files can be found in several different locations in windows. Here they are:



```