Skip to content

Challenge 5: Password Cracking

Procedure:

With a password hash in our hands, we need to crack it to discover the actual password.

  • With any means you prefer, crack the MD5 hash you found to reveal the original password.
    • You can crack the hash using existing tools installed in Kali. (Remember the available wordlists in /usr/share/wordlists!)
    • You could write a Python script to crack it using the same wordlists as other tools.
    • You can check third-party hash databases to see if it is a known hash.

Solution:

Using John the Ripper to the crack password.

hash.txt file created containing the password (Administrator:00bfc8c729f5d4d529a412b12c58ddd2)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
┌──(kali㉿kali)-[~]
└─$ sudo john --format=raw-md5 hash.txt

Using default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5 512/512 AVX512BW 16x3])
Warning: no OpenMP support for this hash type, consider --fork=2
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, almost any other key for status
Warning: Only 44 candidates buffered for the current salt, minimum 48 needed for performance.
Almost done: Processing the remaining buffered candidate passwords, if any.
Proceeding with wordlist:/usr/share/john/password.lst
pokemon          (Administrator)     
1g 0:00:00:00 DONE 2/3 (2024-05-08 04:06) 16.66g/s 53966p/s 53966c/s 53966C/s keller..karla
Use the "--show --format=Raw-MD5" options to display all of the cracked passwords reliably
Session completed.

Using CrackStation to crack the password

alt text

Creating a python script to crack the password

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
import hashlib

# The target hash from the password we want to crack
target_hash = "00bfc8c729f5d4d529a412b12c58ddd2"

# Function to read passwords from a file
def read_passwords_from_file(filename):
    with open(filename, 'r') as file:
        return [line.strip() for line in file]

# Function to attempt to crack the hash using passwords from a file
def crack_password(target_hash, password_file):
    # Read the passwords from the file
    password_list = read_passwords_from_file(password_file)

    for password in password_list:
        # Generate the MD5 hash of the current password
        hash_object = hashlib.md5(password.encode())
        hashed_password = hash_object.hexdigest()

        # Check if this hash matches the target hash
        if hashed_password == target_hash:
            return password
    return None

# File with the list of potential passwords
password_file = '10-million-password-list-top-1000000.txt'


cracked_password = crack_password(target_hash, password_file)

if cracked_password:
    print(f"Password cracked: {cracked_password}")
else:
    print("Password not found in the provided list.")

Running the script in kali (Password list)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
┌──(kali㉿kali)-[~]
└─$ cd DCV-Storage

┌──(kali㉿kali)-[~/DCV-Storage]
└─$ ll
total 8332
-rw-r--r-- 1 kali kali 8529108 May  8 20:24 10-million-password-list-top-1000000.txt

┌──(kali㉿kali)-[~/DCV-Storage]
└─$ nano crack_password.py


┌──(kali㉿kali)-[~/DCV-Storage]
└─$ chmod +x crack_password.py

┌──(kali㉿kali)-[~/DCV-Storage]
└─$ python3 crack_password.py
Password cracked: pokemon

The password is pokemon

Previous: Challenge 4 Home 🏠 Next: Challenge 6