Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

8 August 2020

THM write-up: Password Cracking

3 minutes to read



On the last post, I talked about using the hashcat to crack various type of hashes. This walkthrough will heavily depend on the hashcat and ophcrack tool. ophcrack is basically a window password cracker based on the rainbow table. Without further ado, let’s begin the walkthrough.

Task 1: Brute force attack (MD5)

This time we are not going to use any dictionary to crack the hashed and brute force attack is used instead.

Part 1: 3 digits brute force

Simply punch in the following command (for window 64-bit):

hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 3 TRY-HACK-ME-?d?d?d

All the brute forced mask can be explained as below:

Part 2: 4 digits brute force

Similar to the part 1, you need to add extra one mask in the command:

hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 3 TRY-HACK-ME-?d?d?d?d

Part 3: 5 digits brute force

Similar to part 1 and 2, 5 digits mask is needed:

hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 3 TRY-HACK-ME-?d?d?d?d?d

Task 2: Combination attack (MD5)

The combination attack in this context is using both dictionary and brute forcing attack. The dictionary is given for this challenge and how we perform a combination attack?

Part 1: US city dictionary+ 2 digits brute force

To perform a combination attack, simply change the mode (-a) to 6. The command for the attack is shown on below:

hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 6 Dict/us-city.txt ?d?d

Part 2: US city dictionary + color dictionary + 3 digits brute force

This part is a bit tricky, you need to combine/join both dictionary into 1 because the attack mode (-a 6) only can take 2 arguments. To combine the dictionaries, you are required to download the hashcat-util for the combinator executable file. After that, combine two dictionaries by simply punch in this command:

combinator.exe us-city.txt color.txt > cityColor.txt

Now, you get a new dictionary called cityColor.txt (I’m copied it to Dict directory). After that, crack the hash using the following command:

hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 6 Dict/cityColor.txt ?d?d?d

Part 3: Color dictionary + country dictionary + 4 digits brute force

Similar to part 2, combine the dictionaries using the combinator.exe and then crack the hash using the following command:

hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 6 Dict/colorCountry.txt ?d?d?d?d

Task 3: NTLM rainbow table

This task is straight forward. Download the ophcrack and the table (XP special, 8.0GB). Yes, is 8.0GB, download it if you have any spare data or your data plan is absolutely unlimited.



That’s all for the walkthrough. Hope you learned something new. Have a nice day :)

tags: tryhackme - hash - ophcrack

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)


© 2020 DesKel