It took me a while to figure this out, but you can also use John the Ripper to crack a salted hash. First, we need to create the file with the hash and salt, in the format $. I'll name it admin.hash: b8fd3f41a541a435857a8f3e751cc3a91c174362$d After that, we need to identify the format to be used: john --list=subformats | grep -i sha1 | grep -i '\$s' The command above shows us that we want to use the dynamic_24 and dynamic_25 formats: Format = dynamic_24 type = dynamic_24: sha1($p.$s) Format = dynamic_25 type = dynamic_25: sha1($s.$p) Since we don't know whether the salt is added before or after the string before calculating the hash, we have to test both formats. Finally, we need to run john with both formats: john admin.hash --wordlist=rockyou.txt --format=dynamic_25 After running john with the dynamic_25 format, we find out the the cleartext password that, prepended with the salt "d", generates the hash above.
It would not be possible for a beginner to discover this part of the hash, I believe that saying that this machine is easy was really a mistake on the part of the staff
Well I mean the whole easy/medium/hard rating system is totally relative. What is hard for a beginner with absolutely no experience might be easy for a beginner with some experience. I would probably still say this is easy because you can get the password hashed very quickly with little to no understanding of how the exploit is working. The hash stuff is just research.
Yeah what @chap_sec said - there’s multiple ways to get how it’s hashed. Opensource, blogs, etc. If this individual piece was a crypto challenge it would be labeled as easy. Easy is not meant for a true beginner, you’re better starting at academy, starting point, or challenges. Also boxes are meant to be done in teams not individual, a small hint goes a long way to making this very solvable. If you have trouble need to expand your social network which will help tenfold down the line
@@ippsec I confess I didn't know about that part. My crypto skills are pretty basic. From your point of view, would it be more productive to focus on the challenges and, after gaining experience, play the machines? And I ask this regardless of the category, since in machines we generally have a mix of them. I'm sure both I and the rest of the community will benefit from your answer. Thank you in advance for your kindness and for all the help your videos provide.
I just recursively cat the entire directory on to my attack machine into one text file and then used strings. Piped that to grep to look for "Password" 24:03
💪🙏👏🏽what a MAGNIFICENT video! Excellent👏👏🏻
It took me a while to figure this out, but you can also use John the Ripper to crack a salted hash.
First, we need to create the file with the hash and salt, in the format $. I'll name it admin.hash:
b8fd3f41a541a435857a8f3e751cc3a91c174362$d
After that, we need to identify the format to be used:
john --list=subformats | grep -i sha1 | grep -i '\$s'
The command above shows us that we want to use the dynamic_24 and dynamic_25 formats:
Format = dynamic_24 type = dynamic_24: sha1($p.$s)
Format = dynamic_25 type = dynamic_25: sha1($s.$p)
Since we don't know whether the salt is added before or after the string before calculating the hash, we have to test both formats.
Finally, we need to run john with both formats:
john admin.hash --wordlist=rockyou.txt --format=dynamic_25
After running john with the dynamic_25 format, we find out the the cleartext password that, prepended with the salt "d", generates the hash above.
Really well done and thanks for the detailed explanation. Keep up the amazing work ❤❤
that was a nice one, thanks for everything set in the dark mode especially if you watching it in the dark....awesome really
It would not be possible for a beginner to discover this part of the hash, I believe that saying that this machine is easy was really a mistake on the part of the staff
Well I mean the whole easy/medium/hard rating system is totally relative.
What is hard for a beginner with absolutely no experience might be easy for a beginner with some experience.
I would probably still say this is easy because you can get the password hashed very quickly with little to no understanding of how the exploit is working. The hash stuff is just research.
Yeah what @chap_sec said - there’s multiple ways to get how it’s hashed. Opensource, blogs, etc. If this individual piece was a crypto challenge it would be labeled as easy.
Easy is not meant for a true beginner, you’re better starting at academy, starting point, or challenges.
Also boxes are meant to be done in teams not individual, a small hint goes a long way to making this very solvable. If you have trouble need to expand your social network which will help tenfold down the line
@@ippsec I confess I didn't know about that part. My crypto skills are pretty basic.
From your point of view, would it be more productive to focus on the challenges and, after gaining experience, play the machines?
And I ask this regardless of the category, since in machines we generally have a mix of them.
I'm sure both I and the rest of the community will benefit from your answer.
Thank you in advance for your kindness and for all the help your videos provide.
@Myk4my if you can get VIP, I think the retired easy/medium machines may be the best with guided mode. If you get stuck there’s videos.
First, luv u ippsec
Nice one bro
You have a beautiful brain good sir 🤓.
Hey mate ! What is that shell you're using ? Thanks and Cheers !
great person
Push!
Could you turn your microphone up a little in future videos please? I have everything on max and its still quiet
Second!
I just recursively cat the entire directory on to my attack machine into one text file and then used strings. Piped that to grep to look for "Password" 24:03
#Let'sSeeGang
#ThereWeGoGang
#Let'sSeeAndThereWeGoGang
Yo!