Hush1e takes a break from drinking coffee and imperiling mailboxes to walk us through how she would solve the Summer Camp 2020 – Password Cracking challenge: Cracking for Coffee.
Whew, it was a hot one out today y’all! My coffee ended up being iced coffee because I had to have that caffeine fix, ya know?
Oh, you’re here to see how to crack the passwords for the summer challenge. I didn’t forget about you, I promise, I just got a little sidetracked with a camper. I had never towed anything before, but I assure you no mailboxes lost their lives (one was close though). I’ll post before and after pictures of this little project camper on Twitter as it progresses for those interested. Now, let’s get those passwords:
I was going to go off on a long glowing review of CyberChef…let’s face it, that is a pretty amazing little tool. Instead, as I sit here and write this I feel even more strongly that there is entirely too much fun to be had outside too. What does this mean for me, Hush1e? I’m so glad you asked! Once upon a time (two years ago), in a land far far away (Mississippi), I sat on a beach and learned how to use a little tool called hashcat. Now, the first thing I had to do was analyze the hash because let’s face it, I had no clue what it was….
using hashid in Kali, I found this one was most likely SHA-1. I already knew it had NCL-HUSH, but what the ever loving heck were the last four? I figure, hey it’s late, everyone’s asleep let’s try a mask attack. I saved those hashes in a file called coffeehashes.txt and ran it through hashcat with a mask…all kitty’s like masks right?
kali@kali:~/Downloads$ hashcat -m 100 -a 3 coffeehashes.txt NCL-HUSH-?d?d?d?d –force
I want to go play on the boats…this one got found too!
Aw no, this hash doesn’t seem to be SHA-1, so hashid it again! Don’t forget to change your -m to the correct one! Helpful hint: hashid indicates it’s probably another SHA!
Documentation is great so I referenced it to find out the different parameters here: hashcat
Ok everyone, I hope that you had fun solving these ones! I look forward to seeing all of you for Fall Season! Have a great rest of your summer, and check out my team-mate Paul’s (smart cookie) hashcat post here!