Summer Camp 2020 – Password Cracking


Whew, it was a hot one out today y’all! My coffee ended up being iced coffee because I had to have that caffeine fix, ya know?

Oh, you’re here to see how to crack the passwords for the summer challenge. I didn’t forget about you, I promise, I just got a little sidetracked with a camper. I had never towed anything before, but I assure you no mailboxes lost their lives (one was close though). I’ll post before and after pictures of this little project camper on Twitter as it progresses for those interested. Now, let’s get those passwords:

I was going to go off on a long glowing review of CyberChef…let’s face it, that is a pretty amazing little tool. Instead, as I sit here and write this I feel even more strongly that there is entirely too much fun to be had outside too. What does this mean for me, Hush1e? I’m so glad you asked! Once upon a time (two years ago), in a land far far away (Mississippi), I sat on a beach and learned how to use a little tool called hashcat. Now, the first thing I had to do was analyze the hash because let’s face it, I had no clue what it was….

df4bf4361dea0be9e2e1787afe461e55f66e9c01 

using hashid in Kali, I found this one was most likely SHA-1. I already knew it had NCL-HUSH, but what the ever loving heck were the last four? I figure, hey it’s late, everyone’s asleep let’s try a mask attack. I saved those hashes in a file called coffeehashes.txt and ran it through hashcat with a mask…all kitty’s like masks right?

kali@kali:~/Downloads$ hashcat -m 100 -a 3 coffeehashes.txt NCL-HUSH-?d?d?d?d –force

876eac296f9686cd2860cb7715b5f9b6fc484a42

I want to go play on the boats…this one got found too!

d54708ce4f8139853a9bad13f36cec14b3141b22572d5ce071bffe38a1b0901c

Aw no, this hash doesn’t seem to be SHA-1, so hashid it again! Don’t forget to change your -m to the correct one! Helpful hint: hashid indicates it’s probably another SHA!

Documentation is great so I referenced it to find out the different parameters here: hashcat

Ok everyone, I hope that you had fun solving these ones! I look forward to seeing all of you for Fall Season! Have a great rest of your summer, and check out my team-mate Paul’s (smart cookie) hashcat post here!

Hush1e

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.