Tryhackme

Advent of Cyber 2024 — Day 23: Hash Cracking

On Day 23 of the Advent of Cyber 2024 challenge, we dive into the world of hash functions and password cracking. In this task, Glitch has uncovered a password-protected document from a discarded tablet belonging to Mayor Malware. The objective is to break the password and access the hidden information, shedding light on Mayor Malware’s illicit activities. We explore hash functions, password storage, and methods to crack password-protected files.

Learning Objectives

By completing today’s task, I gained insights into:

• Understanding hash functions and hash values.
• The process of saving hashed passwords securely.
• Cracking hash values to retrieve the original password.
• Extracting the password from a password-protected document.

Steps Performed

Understanding Hashed Passwords

• Passwords are no longer stored in cleartext. Instead, systems hash passwords to enhance security, reducing the impact of data breaches.
• I learned that a hash function takes an input and produces a fixed-size output (e.g., SHA-256 produces a 256-bit hash). This method ensures that even if someone gains access to a hashed password, it cannot easily be reversed to reveal the original password.
• Additionally, modern security practices involve adding a salt — a random string of characters — before hashing to protect against attacks.

Cracking the Hash

• Glitch discovered a password hash from a breached online forum. The first step was to identify the hash type, which was found to be SHA-256.
• Using John the Ripper, a popular password cracking tool, I attempted to crack the hash by comparing it against known password lists, including the rockyou.txt wordlist.
• In the initial attempt, no matches were found, but I then utilized John the Ripper’s rule-based cracking option to generate more variations of common passwords, which eventually led to a successful crack.
• The password was revealed to be fluffycat12.

Cracking a Password-Protected PDF

• The second part of the task involved cracking a password-protected PDF file, which Glitch found on the discarded tablet.
• Using the pdf2john tool, I generated a hash for the PDF file. The hash was then fed into John the Ripper with the — rules=single option, targeting a personalized wordlist related to Mayor Malware’s interests (e.g., “Fluffy”, “MayorMalware”).
• After a few attempts, the password for the PDF was successfully cracked, revealing the flag: THM{do_not_GET_CAUGHT}.

Analysis of Findings

The task demonstrated the importance of securely storing passwords using hashing algorithms and salts. It also highlighted the effectiveness of modern password-cracking tools like John the Ripper, which can apply various techniques to crack even complex passwords. The challenge also underscored the vulnerabilities associated with using simple or common passwords and the necessity of creating more complex and unique passwords.

Tasks

1. The password for the hash stored in hash1.txt is fluffycat12.
2. The flag at the top of the private.pdf file is THM{do_not_GET_CAUGHT}.

Key Takeaways

• Hashing and salting are essential for securely storing passwords.
• Password-cracking tools like John the Ripper are powerful, especially when using rule-based or custom wordlists.
• Encryption and password protection, while effective, can be bypassed with the right tools and knowledge.

This exercise was a great opportunity to explore password security, hashing techniques, and methods for bypassing encryption in digital forensics.