On the last post, I talked about using the hashcat to crack various type of hashes. This walkthrough will heavily depend on the hashcat and ophcrack tool. ophcrack is basically a window password cracker based on the rainbow table. Without further ado, let’s begin the walkthrough.

The walkthrough is based on this challenge.

Task 1: Brute force attack (MD5)

This time we are not going to use any dictionary to crack the hashed and brute force attack is used instead.

Part 1: 3 digits brute force

Hash: eedb694a362f8ab2effbad5e4c8fa095

Solution: Simply punch in the following command (for window 64-bit):

$ hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 3 TRY-HACK-ME-?d?d?d

• -D 2 : Choose GPU as the main resource to crack the hash
• -m 0: Loaded with MD5 hash
• -a 3: Brute force mode
• ?d?d?d: mask that indicate 3 digits to be brute force with (000-999)

All the brute forced mask can be explained as below:

• ?l = abcdefghijklmnopqrstuvwxyz
• ?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
• ?d = 0123456789
• ?s =  !”#$%&'()*+,-./:;<=>?@[\]^_`{|}~
• ?a = ?l?u?d?s
• ?b = 0x00 – 0xff

Answer: TRY-HACK-ME-452

Part 2: 4 digits brute force

Hash: 19b489d1c4220946b38d65a7fce24372

Solution: Similar to the part 1, you need to add extra one mask in the command:

$ hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 3 TRY-HACK-ME-?d?d?d?d

Answer: TRY-HACK-ME-7163

Part 3: 5 digits brute force

Hash: 7353d3b528592ecd12139fba62c43287

Solution: Similar to part 1 and 2, 5 digits mask is needed:

$ hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 3 TRY-HACK-ME-?d?d?d?d?d

Answer: TRY-HACK-ME-54350

Task 2: Combination attack (MD5)

The combination attack in this context is using both dictionary and brute forcing attack. The dictionary is given for this challenge and how we perform a combination attack?

Part 1: US city dictionary+ 2 digits brute force

Hash: 0f8e6ad80411e27fc85ba1f79153dd8f

Solution: To perform a combination attack, simply change the mode (-a) to 6. The command for the attack is shown on below:

$ hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 6 Dict/us-city.txt ?d?d

Answer: pennsylvania46

Part 2: US city dictionary + color dictionary + 3 digits brute force

Hash: bd527693aceda78b30a978d7d3b9abb

Solution: This part is a bit tricky, you need to combine/join both dictionary into 1 because the attack mode (-a 6) only can take 2 arguments. To combine the dictionaries, you are required to download the hashcat-util for the combinator executable file. After that, combine two dictionaries by simply punch in this command:

$ combinator.exe us-city.txt color.txt > cityColor.txt

Now, you get a new dictionary called cityColor.txt (I’m copied it to Dict directory). After that, crack the hash using the following command:

$ hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 6 Dict/cityColor.txt ?d?d?d

Answer: phoenixpurple585

Part 3: Color dictionary + country dictionary + 4 digits brute force

Hash: a4131ef4610be60c0c6a3656b00dd763

Solution: Similar to part 2, combine the dictionaries using the combinator.exe and then crack the hash using the following command:

$ hashcat64.exe -D 2 -m 0 Hash/hash.txt -a 6 Dict/colorCountry.txt ?d?d?d?d

Answer: blueiceland7926

Task 3: NTLM rainbow table

This task is straight forward. Download the ophcrack and the table (XP special, 8.0GB). Yes, is 8.0GB, download it if you have any spare data or your data plan is absolutely unlimited.

Hash (Part 1): FF6EDF5C42F0FE57AAD5360A07991BD6:A2F77301E3162DB9213E3DA35D5EA931

Hash (Part 2):
1CDEE68485E23D0E1DD9CED345A47D0C:D4F3A9ACC8448BC9EF7C53B3BBBEC9C3

Hash (Part 3):
8C7972A6362411C1B0D3662B97EBED58:DAE91036E4B2E7F0B5061956BCE39A3E

Answer (Part 1): NTLMForTheWin

Answer (Part 2): WinP@$$w0rd3Z

Answer (Part 3): ?+$!^W@

Conclusion

That’s all for the walkthrough. Hope you learned something new. Have a nice day 🙂