Disclaimer: This post is for research and educational purposes only. I do not take any responsibility, in regards to the actions taken by readers of this article. Never attempt to hack a device for which you do not have the required permissions to do so.
What is a Hash?
A hash is an alphanumeric string that uniquely identifies a piece of data. For example, the MD5 hash for the string “hello” is 5d41402abc4b2a76b9719d911017c592. This hash will remain the same for this string as it is unique. If we try to modify the string, the hash changes. Example, the hash for “hello world” would be 5eb63bbbe01eeed093cb22bb8f5acdc32. As you can see, the above two hashes do not mach.
Hashes are used mostly for digital signatures, password storage, file verification systems, message authentication codes and other types of authentication.
What is a Hash function?
A hash function is a mathematical function, where you input any kind of digital data, such as strings, files, compressed folders and so on. The function then processes that data and outputs a hash value.
The process of converting data into a hash is known as hashing.
An issue with hashing algorithms is the certainty of collisions. That is because hashes represent a fixed length string, meaning that for every input imaginable, there are other possible inputs that will generate the same hash.
An ideal hash function should contain the following properties:
- For any form of data it should be able to calculate the hash value quickly.
- Its hash value should be computed in such a way that, it would prevent reconstruction of a message from it.
- It should not allow collisions with other hashes, each message must have its own hash.
- Any change made to a message should change its hash value. Eve-ry kind of alteration should lead to a whole different hash.
A checksum is a sequence of numbers and letters used to check data for errors.
Few commonly used hashing algorithms:
Bitcoin uses SHA-256
Try them here https://www.pelock.com/products/hash-calculator
How to crack hashes using Hashcat?
Hashcat is a password cracker tool. It was created to be able to brute force the most complex of passwords. Additionally, it is regarded as being highly flexible, robust and fast in comparison to other password hacking tools. This tool has lot of options and attack methods, but for this post we are going to keep it basic.
Hashes are never deciphered or decrypted, they are cracked.
Now imagine a scenario where you have discovered a file called user_info.txt which contains passwords of users from a website. Unfortunately for you they are hashed using the MD5 algorithm. It looks something like this:
And you also have a dictionary of passwords which a user might use. It is called dic.txt and looks like this:
Now its time to fire up Hashcat to try to any retrieve passwords. What Hashcat will do now is, it will covert every password in the dictionary to MD5 and then compare it with the hashes in user_info.txt. As soon as we get a match it will let us know.
hashcat -a 0 -m 0 user_info.txt dic.txt
The -a indicates the attack mode which is set to 0 (dictionary attack) and the -m indicates the type of hash which is also set to 0 (MD5). The next two files are the hashed passwords and the dictionary file respectively.
As you can see we cracked a hash and the password is “hashiscracked55”. In a real life scenario it won’t be that easy. In a later post i will be covering Hashcat in more detail, but i hope that everyone understood the basics for now. Please don’t even try this on live targets, if you want to practice you should try CTFs.