Hashing - Crypto 101 Room

 
header.jpg
 

The link for this lab is located here: https://tryhackme.com/room/hashingcrypto101


This room serves as an introduction to Hashing, as part of the cryptography series of rooms in the Complete Beginner Learning Path


1.jpg

Task 1 - Key Terms

  • Plaintext - Data before encryption or hashing, often text but not always as it could be a photograph or other file instead.

  • Encoding - This is NOT a form of encryption, just a form of data representation like base64 or hexadecimal. Immediately reversible.

  • Hash - A hash is the output of a hash function. Hashing can also be used as a verb, "to hash", meaning to produce the hash value of some data.

  • Brute force - Attacking cryptography by trying every different password or every different key

  • Cryptanalysis - Attacking cryptography by finding a weakness in the underlying maths

Questions

Q1: Is Base64 encryption or encoding? A: Encoding

2.jpg

Task 2 - What is a Hash Function?

Hash functions are quite different from encryption. There is no key, and it is meant to be impossible to go from the output back to the input.

A hash function takes some input data of any size, and creates a summary or "digest" of that data. The output is a fixed size. It is hard to predict what the output will be for any input and vice versa.

Good hashing algorithms will be relatively fast to compute and slow to reverse. Any small change in the input data should cause a large change in the output.

The output of a hash function is normally raw bytes, which are then encoded. Common encodings for this are base64 or hexadecimal. Decoding these won't give you anything useful.

Hashing is used very often in cyber security. When you login to TryHackMe, that used hashing to verify your password. When you logged into your computer, it also used hashing to verify your password. You interact directly with hashing more than you would think mostly in the context of passwords.

A hash collision is when 2 different inputs give the same output. Hash functions are designed to avoid this as best as they can, especially being able to engineer a collision.

Due to the pigeonhole effect, collisions are NOT avoidable. The pigeonhole effect is basically there is a set number of different output values for the hash function, but you can give it any size input.

As there are more inputs than outputs, some of the inputs must give the same output. If you have 128 pigeons and 96 pigeonholes, some of the pigeons are going to have to share.

MD5 and SHA1 have been attacked and made technically insecure due to engineering hash collisions. However, no attack has yet given a collision in both algorithms as the same time so if you use the MD5 hash AND the SHA1 hash to compare you will see that they are different.

The MD5 collision example is available from here and details of the SHA1 collision are available from here

Questions

Q1: What is the output size in bytes of the MD5 hash function? A: 16

Q2: Can you avoid hash collisions? A: Nay

Q3: If you have an 8-bit hash output, how many possible hashes are there? A: 256 (2^8)

3.jpg

Task 3 - Uses for Hashing

Hashing is used for 2 main purposes in cyber security:

  • To verify integrity of data

  • Verifying passwords

Most webapps need to verify a user's password at some point. Storing these passwords in plain text would be bad. Quite a few data breaches have leaked plaintext passwords. The famous "rockyou.txt" wordlist on Kali came from a company that made widgets for MySpace. They stored their passwords in plaintext and the company had a data breach. The txt file contains over 14 million passwords.

Adobe had a notable data breach that was slightly different. The passwords were encrypted rather than hashed and the encryption that was used was not secure. This meant that the plaintext could be relatively quickly retrieved.

LinkedIn also had a data breach. LinkedIn used SHA1 for password verification, which is quite quick to compute using GPUs.

You can't encrypt the passwords as the key has to be stored somewhere. If someone gets the key, they can just decrypt the passwords.

This is where hashing comes in. Instead of storing the password, you store the hash of the password. This means that you never have to store the user's password, and if your database was leaked then an attacker would have to crack each password to find out what the password was.

There is one problem however - what if two users have the same password? As a hash function will always turn the same input into the same output, you will store the same password hash for each user. That means that if someone cracks that hash, they get into more than one account. It also means that someone can create a "Rainbow table" to break the hashes.

A rainbow table is a lookup table of hashes to plaintexts, so you can quickly find out what password a user had just from the hash. A rainbow table trades time taken to crack a hash for hard disk space, but they do take time to create.

Websites like Crackstation internally use HUGE rainbow tables to provide fast password cracking for hashes without salts. Doing a lookup in a sorted list of hashes is quite fast, much much faster than trying to crack the hash.

To protect against rainbow tables we add a salt to the passwords. The salt is randomly generated and stored in the database, unique to each user. In theory, you could use the same salt for all users but that means that duplicate passwords would still have the same hash and a rainbow table could still be created.

The salt is added to either the start or the end of the password before it is hashed and this means that every user will have a different password hash even if they have the same password. Hash functions like bcrypt and sha512crypt handle this automatically. Salts don't need to be kept private.

Questions

Q1: Crack the hash "d0199f51d2728db6011945145a1b607a" using the rainbow table manually A: Using any online tool should reveal the answer - basketball (I used https://hashes.com/en/decrypt/hash)

Q2: Crack the hash "5b31f93c09ad1d065c0491b764d04933" using online tools A: Using the same online tool reveals the answer - tryhackme

Q3: Should you encrypt passwords? A: Nay - you should hash the password NOT encrypt

4.jpg

Task 4 - Recognizing Password Hashes

Automated hash recognition tools such as hashID exist but they are unreliable for many formats. For hashes that have a prefix, the tools are reliable. Use a healthy combination of context and tools. If you found the hash in a web app database, it is more likely to be MD5 than NTLM. Automated hash recognition tools often get these hash types mixed up, which highlights the importance of learning yourself.

Unix style password hashes are very easy to recognize as they have a prefix. The prefix tells you the hashing algorithm used to generate the hash. The standard format is $format$rounds$salt$hash.

Windows passwords are hashed using NTLM, which is a variant of MD4. They are visually identical to MD4 and MD5 hashes so it is important to use context to work out the hash type.

On Linux, password hashes are stored in /etc/shadow. This file is normally only readable by root. They used to be stored in /etc/passwd, and were readable by everyone.

On Windows, password hashes are stored in the SAM. Windows tries to prevent normal users from dumping them but tools like Mimikatz exist for this. Importantly, the hashes found there are split into NT hashes and LM hashes.

Here is a quick table of the most Unix style password prefixes that you will see:

table2.png

A great plce to find more hash formats and password prefixes is the hashcat example page, available here. For other hash types, you will normally need to go by length, encoding or some research into the application that generated them.

Questions

Q1: How many rounds does sha512crypt ($6$) use by default? A: Simple googling "how many rounds does sha512crypt use by default" reveals the answer - 5000

5000 rounds

Q2: What is the hashcat example hash (from the website) for Citrix Netscaler hashes? A: Using the page linked above (hashcat page) reveals that the example hash is 1765058016a22f1b4e076dccd1c3df4e8e5c0839ccded98ea

Citrix example hash

Q3: How long is a Windows NTLM hash, in characters? A: Again, a simple Google search reveals it is 32 characters long

5.jpg

Task 5 - Password Cracking

You can't decrypt password hashes. They are not encrypted. You have to crack the hashes by hashing a large number of different inputs (often rockyou.txt) potentially adding the salt if there is one and comparing it to the target hash. Once it matches, you know what the password was. Tools like Hashcat and John the Ripper are normally used for this.

Graphics card have thousands of cores. Although they can't do the same sort of work that a CPU can, they are very good at some of the maths involved in hash functions. This means you can buy a graphics card to crack most hash types much more quickly. Some hashing algorithms (notably bcrypt) are designed so that hashing on a GPU is about the same speed as hashing on a CPU whihc helps them resist cracking.

It is worth mentioning that virtual machines normally do not have access to the host's GPU. If you want to run hashcat, it is best to run it on your host. You can get Hashcat working with OpenCL in a VM, but the speeds will likely be much worse than cracking on your host. John the Ripper uses CPU by default and as such, works in a VM out of the box although you may get better speeds running it on the host OS as it will have more threads and no overhead from running in a VM.

Questions

Q1: Crack this hash: $2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG A: First, I put this hash into a hash analyzer online and it told me it is using bcrypt

bcrypt hash
Next, I used hashcat to crack it via the rockyou.txt wordlist with the command "hashcat -m 3200 hash1.txt rockyou.txt" to reveal the answer

cracked bcrypt hash

Q2: Crack this hash: 9eb7ee7f551d2f0ac684981bd1f1e2fa4a37590199636753efe614d4db30e8e1 A: For this, I simply put it into an online hash decryptor and got the answer

halloween password

Q3: Crack this hash: $6$GQXVvW4EuM$ehD6jWiMsfNorxy5SINsgdlxmAEl3.yif0/c3NqzGLa0P.S7KRDYjycw5bnYkF5ZtB8wQy8KnskuWQS3Yr1wQ0 A: For this, I first used a hash identifier which told me it is sha512crypt

sha512crypt
Next, I used hashcat again via the command "hashcat -m 1800 hash3 rockyou.txt" to get the answer

sha512 cracked

Q4: Crack this hash: b6b0d451bbf6fed658659a9e7e5598fe A: For this one, I once again used the online hash decryptor to get the answer

funforyou

7.jpg

Task 6 - Hashing for Integrity Checking

Hashing can be used to check that files have not been changed. If you put the same data in, you always get the same data out. If even a single bit changes, the hash changes a lot. This means you can use it to check that files haven't been modified or to make sure that they have downloaded correctly.

You can also use hashing to find duplicate files, if two pictures have the same hash then they are the same picture.

HMAC is a method of using a cryptographic hashing function to verify the authenticity and integrity of data. The TryHackMe VPN uses HMAC-SHA512 for message authentication, which you can see in the terminal output.

An HMAC can be used to ensure that the person who created the HMAC is who they say they are and that the message hasn't been modified or corrupted. They use a secret key and a hashing algorithm in order to produce a hash.

Questions

Q1: What is the SHA1 sum for the amd64 Kali 2019.4 ISO located at http://old.kali.org/kali-images/kali-2019.4 A: Navigating to that page and clicking the SHA1SUMS file reveals the SHA1 sum for the amd64 ISO as 186c5227e24ceb60deb711f1bdc34ad9f4718ff9

Kali hash


Q2: What is the hashcat mode number for HMAC-SHA512 (key = $pass)? A: Using the same Hashcat page as earlier reveals the mode number is 1750

1750 identifier in hashcat
Previous
Previous

John the Ripper - TryHackMe Room

Next
Next

Pickle Rick