Hashing & Cracking

What is hashing

Hashing is simply passing some data through a formula that produces a result, called a hash. That hash is usually a string of characters and the hashes generated by a formula are always the same length, regardless of how much data you feed into it. (SHA,MD5,MD4,GOST)

Cracking hashes

Using Hashcat

You can use the list here which is a complete list of Hashcat supported hash types.

hashcat -m <hash-type> -a 0 <hash> <wordlist>

Using John

Sometimes you might have difficulties with Hashcat, try John

john <hash> --wordlist=/usr/share/wordlists/rockyou.txt

HTTP Basic Authorization Header Brute Force

Basic authorization is..basic. A username and a password separated by a colon is then encoded in Base64. The screenshot below demonstrate the credentials admin:admin being sent through the Authorization header of an HTTP request.

hydra -l admin -P passwordlist -s <port> -f example.com http-get /api/v1/users -vV -t 64

ProTip: You can/should always test first by using a set of valid credentials and check if it returns it valid.

hydra -l known_user -p known_password -s <port> -f example.com http-get /api/v1/users -vV

HTTP Post form Brute Force

Most of the time, authentication is made via a form posted to the web server. You can try to brute force it but watch out for CSRF. Try sending the same request twice using burp.

hydra -l admin -P /usr/share/wordlists/rockyou.txt -s 31111 -f example.com http-post-form '/user/login:user_name=^USER^&password=^PASS^:Credz are incorrect.' -vV -t 64

PreviousPrivilege Escalation NextPersistence

Last updated 2 years ago