Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Advanced Cracking

Here you will be given a series of hashes, with the goal of cracking the corresponding passwords. This time you won't be guided, however with each hash you will be given some hints about how to crack it.

⚠️ Each of the passwords you aim to find here is supposed to be cracked swiftly by hashcat. Please monitor hashcat's output regularly (press Enter while it runs): if the estimated completion time (Time.Estimated) is higher than one minute, you should conclude that you are not using the right strategy and stop the search process to find a better one. If you fail to do so you would simply hog resources on the host for nothing, and we may need to kill your VM.

Make sure to check the correctness of each cracked password here.

Advanced Hash #1

advancedhash01.txt

Hints:

  • This is a long password (10+ characters with various symbols) so bruteforce won't work
  • The hashing method used is MD5
  • The password has been salted before hashing: what was hashed was the concatenation of the password + the salt. For example, with a password "password" and a salt "salt", the string "passwordsalt" was hashed.
  • The salt used is "salt", and the string given above has the format <hash>:<salt>. This is the format accepted by hashcat for salted MD5 hashes. Search for the relevant hash mode here.

Advanced Hash #2

advancedhash02.txt

Hints:

  • The hashing method used is MD5
  • The password is not in a dictionary
  • This password is made of 8 characters: bruteforcing them as any possible character (?a with hashcat) in the VM would take years. However, an additional precision is that the password is made only of digits. See the built-in character sets supported by hashcat here.

Advanced Hash #3

advancedhash03.txt

Hints:

  • Hashing method used is SHA-1.
  • Salted with salt by concatenation of the salt and password. Search for the relevant hash mode here.
  • Long password, but its value is in the dictionary.

Advanced Hash #4

advancedhash04.txt

Hints:

  • Hashing method used is SHA2-256

Advanced Hash #5

advancedhash05.txt

Hints:

  • Good luck!

Submission

Input the cracked passwords in the corresponding lines of the CSV file in the git repository, i.e.:

advancedhash01,password-for-advancedhash01-here
advancedhash02,password-for-advancedhash02-here
advancedhash03,password-for-advancedhash03-here
advancedhash04,password-for-advancedhash04-here
advancedhash05,password-for-advancedhash05-here