Easy Creds


We were going through password dumps and we found a password hash associated with an email address that crypto_vamp uses. See if you can crack the hash and find his password.

Password: $6$xyz$mNc63Q/k4GOeih/lF4YFzMKrJQc31yjwQ8pBIJ8.Q2Bo/2RgiMXohuVfg/O8xUx3ENTpAEk0N1eEhU5J6VwA/0


Using the hash identifier utility hashID we confirmed the password hash type was SHA-512:

$ hashid -emj '$6$xyz$mNc63Q/k4GOeih/lF4YFzMKrJQc31yjwQ8pBIJ8.Q2Bo/2RgiMXohuVfg/O8xUx3ENTpAEk0N1eEhU5J6VwA/0'

Analyzing '$6$xyz$mNc63Q/k4GOeih/lF4YFzMKrJQc31yjwQ8pBIJ8.Q2Bo/2RgiMXohuVfg/O8xUx3ENTpAEk0N1eEhU5J6VwA/0'
[+] SHA-512 Crypt [Hashcat Mode: 1800][JtR Format: sha512crypt]

Either John the Ripper or Hashcat can be used to crack the challenge:

John the Ripper

$ john easy_creds.txt

Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2 4x])
Cost 1 (iteration count) is 5000 for all loaded hashes
Will run 4 OpenMP threads
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
Almost done: Processing the remaining buffered candidate passwords, if any.
Proceeding with wordlist:/home/pingtrip/Tools/jtr/password.lst
Enabling duplicate candidate password suppressor
123456789q       (?)     
1g 0:00:00:00 DONE 2/3 (2022-10-17 14:05) 1.612g/s 6606p/s 6606c/s 6606C/s 0..bob123
Use the "--show" option to display all of the cracked passwords reliably
Session completed. 


$ hashcat --quiet -m1800 -a0 '$6$xyz$mNc63Q/k4GOeih/lF4YFzMKrJQc31yjwQ8pBIJ8.Q2Bo/2RgiMXohuVfg/O8xUx3ENTpAEk0N1eEhU5J6VwA/0' /CTF-Data/pwds/rockyou.txt

The accepted flag was: flag{123456789q}



Leave a comment