🕸️
Th4ntis CyberSec
  • 🕷️>whoami_
  • 🖥️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • 💻Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • 🪟Windows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • 🔎OSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • 🛠️Tools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • 📔Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • 📕Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • 📓Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • 📦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • What is a hash?
  • Hash cracking?
Edit on GitHub
  1. Tools

Hash Cracking

Last updated 1 year ago

What is a hash?

A hash function is any function that can be used to map data of arbitrary size to fixed-size values which can be called a hash.

Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. but the hashes can’t be retrieved back to their original form as it happens in decryption.

Both are completely different. Hashing makes it a more secure way for storing passwords. The bad thing about such “cleartext” storage of passwords is that it induces a vulnerability in the case of an attack model where the attacker could get read-only access to the server data. If the website is vulnerable to SQL injection your passwords might be shown as clear text to attackers

Hash cracking?

Hashing algorithms such as Microsoft LM hashes, MD4, MD5, SHA, MySQL, etc. make a set of mathematical operations on the clear text password (by converting it to an integer format) and produce a fixed length of the arbitrary size of data which is known as a hash.

If you input the same value to the hashing algorithm it will produce the same hash but even if you made a small change in your value the hash will be completely different.

For example:

Notice how the file.txt has the word hash in it, and has one hash, but if he change the word to a capital H, the hash changes completely.

So what the hashing algorithms doing is, it's hashing each word with a different combination from its dictionary and comparing these hashes with our given hash until both the hashes are matched and the output is shown to us.

Basically, it's brute-forcing the hash until it finds the original hash which matches our given hash, and hence decrypting it. Keep in mind that to decrypt a hash the wordlist should contain the value you’re trying to decrypt or every possible combination should be made to decrypt the hash.

We can use many tools to crack hashes such as , and , and online services such as .

🛠️
JohnTheRipper
Hashcat
Crackstation