Looking to Learn
#1
Hey Folks,

I'm pretty new to using Hashcat and cracking passwords, I've played around and tried some tests, I've used some hash lists from korelogic's crack me if you can contest, and I've had some minor successes. I was wondering if you had any suggestions on good places to start learning. Is there any fundamental place to start? Any readings or documentation that you think would be helpful would be greatly appreciated.

I have lots of questions about how it all works for example:
How do encryption engines use salts?
How do you crack hashes when salts are used?
Do you need to know the salt to crack a hash?
How do you tell what type of hash it is by looking at it?

Any pointers on good resources to learn more would be greatly appreciated. If you have any info just let me know.

Thanks in advance
#2
Quote: I've used some hash lists from korelogic's crack me if you can contest, and I've had some minor successes.

cmiyc hashes probably aren't the best starting point, unless you're using the hashes from 2010 or 2011. maybe try your hand at some leaked hashes on pastebin, or one of the larger public leaks like linkedin or stratfor.

Quote:How do encryption engines use salts?

the first thing you have to learn is that hashing is not the same as encryption. the second thing is that it completely depends upon the algorithm. maybe pick one specific algorithm and study how it uses salts. starting simple, md5(pass.salt) appends the salt to the password before hashing it with the md5 algorithm.

Quote:How do you crack hashes when salts are used?

specify the appropriate salted algorithm, and supply your hash string in the appropriate format.

Quote:Do you need to know the salt to crack a hash?

yes. salts are not secret, they are typically part of the hash string itself. if you've lost the salts, never had the salts, or the algorithm uses a shared secret rather than a salt, you'll have to be more clever in your approach.

Quote:How do you tell what type of hash it is by looking at it?

experience. but even then, it can sometimes be impossible to tell just from looking. it helps greatly if you know the origin of the hash.
#3
(03-20-2013, 02:54 AM)aromond Wrote: Is there any fundamental place to start? Any readings or documentation that you think would be helpful would be greatly appreciated.

This article is a good general summary of the current state of the art in password cracking. Start there and read more of the bits that interest you.

(03-20-2013, 02:54 AM)aromond Wrote: How do encryption engines use salts?

The salt is applied into the hashing algorithm, along with the password, when the hash is generated.

(03-20-2013, 02:54 AM)aromond Wrote: How do you crack hashes when salts are used?

You know how hashed passwords are cracked right? Basically, candidate passwords are run through the hashing algorithm and the result is compared with the captured hash. If the values match, then the candidate password is the one used to generate your captured hash.

Extrapolate from this - with salted hashes feed your candidate password AND the appropriate salt (which, as epixoip mentioned above is NOT secret) into the algorithm. If the resulting hash matches...

(03-20-2013, 02:54 AM)aromond Wrote: Do you need to know the salt to crack a hash?

Short answer: Yes. Longer answer: Technically the answer is algorithm dependent - some algorithms may have weaknesses that allow the password to be deduced without the salt. You would need to conduct some cryptanalysis on the algorithm to determine if this was feasible. it generally wont be though.

(03-20-2013, 02:54 AM)aromond Wrote: How do you tell what type of hash it is by looking at it?

Length and format provide clues (they at least narrow down possibilities). The location where you sourced the hash from really provides the definitive answer though. Got the hash from the SAM on a Windows system? Then its in LM and NTLM format. Etc.

(03-20-2013, 02:54 AM)aromond Wrote: Any pointers on good resources to learn more would be greatly appreciated. If you have any info just let me know.

If you're serious about learning this in depth, the very best way to do it would be to implement even just a basic hash generator (e.g. you put in a password and it spits out the hash) for your format of choice in code. It helps you to really grok whats going on.

Also, grab some of the leaked password lists from the 'Net (check out this for example), as well as the various common password lists and do some frequency analysis on them. How long, what characters are most frequently used and in which positions, etc. I vaguely remember a ruby tool out there used to do this, however I wrote my own when I went though this process. Once you understand this Hashcat has some funky mask options which can really increase your cracking efficiency.

Also, have a look at the mangling rules in john the ripper to understand what they do and why they work.