Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

8 August 2020

THM write-up: Crack The Hash

4 minutes to read



Today I was stumbled across a hacking challenge website called tryhackme. Multiple challenges can be found and each of the challenges is written by the community or individual. Feel free to sign up yourself and take part the challenges.

Long story short, I will guide you on the challenge named crackthehash. This challenge is extremely easy if you are an experienced hacker/code cracker. The challenge consists of 9 tasks and I will explain it one by one.

Task 1-1: MD5 hash

This one is easy, there are two ways to crack this MD5 hash

Method 1: Online hash cracker

You can visit any hash cracker site to crack the hash instantly. For example, the crack station. Just paste the hash and crack it.

Method 2: Hashcat

This method is more flexible when compared to the online hash cracker. It provides a tons of hash mode. You can download hashcat (Window/Linux/MacOS) from this website. However, you need to know some command line for terminal/CMD as the prerequisite of using this tool. On the other hand, I highly recommend launching this tool in your host computer (not on your virtual machine). This is due to cracking the hash require a large amount of processing resource and GPU is the ideal choice when compared to CPU. Also, the virtual machine cannot access GPU resource.

For this walk-through, I’m going to use Window OS. After you have downloaded the hashcat, be sure to redirect to the path where you extract the hashcat (using the command: cd). Also, I going to use dictionary attack for this hash crack walk-through, you can download the famous wordlist (rockyou.txt). After that, I store the rockyou.txt into the ‘Dict’ directory (the directory is inside the hashcat folder).

Please create a ‘Hash’ directory to store all the hashes that going to be cracked soon. For this case, i saved my hash in ‘hash.txt’.

hash folder

After that launch the hashcat using following command

hashcat64.exe -D 2 -m 0 Hash/hash.txt Dict/rockyou.txt

After a few second/minute, the result shows in the terminal.


Task 1-2: SHA1 hash

Similar to Task 1-1, but the mode is (-m 100) for hashcat

Task 1-3: SHA256 hash

Similar to Task 1-1, but the mode is (-m 1400) for hashcat

Task 1-4: bcrypt-blowfish hash

This one is little bit tricky which is this hash cannot be cracked using online tool. That is why hashcat came in, set the mode to -m 3200

Task 1-5: MD4 hash

Similar to Task 1-1, but the mode is (-m 900) for hashcat

Task 2-1: SHA256 hash

Similar to Task 1-1, but the mode is (-m 1400) for hashcat

Task 2-2: NTLM hash

Similar to Task 1-1, but the mode is (-m 1000) for hashcat

Task 2-3: SHA512crypt, $6$ hash

This hash cannot be cracked using online tool but can be cracked using hashcat by setting the mode -m 1800. (It take some time).

Task 2-4: SHA1 with salt hash

This hash also cannot be cracked using online tool due to the present of salt ( tryhackme ). This only can be done by using hashcat with mode -m 110.

Identify hash

If you were not sure what kind of hash is presented on your monitor, you can try to detect the hash. It listed out all possible hashes.


Cracking hashes are fun and challenge. Be sure the share this post. and have a nice day :)

tags: tryhackme - hash - crack

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)


© 2020 DesKel