Cryptography

Cracking Hashes: How Does It Work?

Easy
15 min

What is cracking cryptographic hashes?

Breaking cryptographic hashes is the process of attempting to recover the original information based on the hash.

For example, an attacker may, after breaking into the web application's database, get cryptographic hashes of users' passwords instead of plain text passwords. This is because a properly built web application does not need to store plain text passwords anywhere.

In this situation, the attacker typically tries to break the hashes and restore them back to clear-text passwords. Simply put, this means that the attacker enters random passwords through the hashing algorithm used by the application and compares the resulting hash to the list of hashes that the attacker wants to crack.

Methods of Breaching

Brute Force Attack

This is the simplest but most time-consuming method. The attacker systematically generates possible candidates for the original data, calculates their hashes, and compares the results to the desired hash. This process continues until the correct input is found. The challenge of a brute force attack is the computational power and time it requires, especially when a strong hash function and a long input are used.

Rainbow tables

Rainbow tables are precomputed tables of hashes that cover a wide range of possible inputs. An attacker can search for the desired hash match in the table, thus finding the original data faster than using brute force method. The weakness of rainbow tables is their high storage requirement and inefficiency against hashes using salt.

Dictionary Attacks

A dictionary attack is a type of brute force attack, but instead of trying every possible combination, the attacker uses a predefined list of words. This list includes commonly used passwords, common words, or previously leaked passwords. The effectiveness of a dictionary attack is based on the assumption that users choose passwords that are meaningful and easily remembered, such as pet names, birthdates, or simple combinations like "password".

An attacker typically uses a dictionary as a foundation and adds numbers, special characters, or other common modifications that people may add to make their password more complex. For example, if the dictionary includes the word "password", the attacker may try variations such as "Password1", "password!", or "p4ssw0rd".

Defense mechanisms against breaking hashes

Breaking cryptographic hashes is constantly targeted by evolving attack techniques. Therefore, it is important to understand and apply effective defense mechanisms. Next, let's go through the three most important defense mechanisms that can be used to protect cryptographic hashes: Salting, iteration, and choosing a strong hash algorithm.

Encryption (Salting)

Encryption is a technique in which a random set of data is added to the original information before the hashing function is performed. This makes breaking hashes significantly more difficult, as each hash is unique even if the original information is the same.

Let's take as an example user passwords in a database. Without salting, the same password will always produce the same hash. If two users use the same password, their hashes are identical, which exposes them to dictionary attacks. By salting the passwords before hashing, a unique hash is created for each password, so even identical passwords will not produce the same hash.

salt = random_string()
hashed_password = hash_password(password + salt)

Iteration (Key Stretching)

Iteration is a method in which a hash function is applied multiple times in succession, possibly combined with salting. This increases the computational power and time required for an attack.

PBKDF2 (Password-Based Key Derivation Function 2) and bcrypt are examples of iteration-based functions used for storing passwords. They perform a hash function thousands or even millions of times, making brute-force attacks impractical.

Strong Hash Functions

By using modern, approved, and tested hashing functions, such as SHA-256 or SHA-3, the risk of vulnerabilities can be reduced. Older hashing functions, such as MD5 and SHA-1, have proven to be quite weak.

This website uses cookies to enhance your browsing experience. By clicking "Accept" you agree to the use of cookies. Learn more

Task

Use the attacker's machine and crack the hash value of the task using a dictionary attack.

You can then use the John (John the Ripper) tool to crack the hash. In the path /usr/share/wordlists/rockyou.txt there is a password list with a bunch of different passwords.

Note. The hash.txt file contains the hash value in question. You can create the hash.txt file as follows:

john --format=raw-md5 --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

What is the plain text of the hash "3fc0a7acf087f549ac2b266baf94b8b1"?

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.