Password Cracking 101
LESSON ACTIVITY
2.1 Identifying Hash Types
The first step of cracking hashes is identifying what type of hash you are working with. In this
section, we will demonstrate how to identify a hash using HashID and hash-identifier. Both HashID
and hash-identifier are available on Kali Linux. If these tools are not available on your system, you
can install them with "apt-get install hashid" and "apt-get install hash-identifier". You can either
install these programs or use our provided environment to practice using these tools. HashID is a tool
created by psypanda as a replacement for hash-identifier. HashID can identify over 210 unique hash
types using regular expressions. Additionally, it can identify a single hash, parse a file or read files in
a directory and id hashes within them. The syntax for using hashid is "hashid options input." For
example if you wanted to identify what the hash type of the hash
"2b4d9aa78976ec807986c1ea298d32418c85581b5625796c49bd6ecc146b1ef9" the syntax would
be "hashid 2b4d9aa78976ec807986c1ea298d32418c85581b5625796c49bd6ecc146b1ef9". As you
can see in image 1.1, this has resulted in a list of possible hash types. The more likely the hash type,
the higher up on the list it is. According to the returned results, hashid has determined the hash is
most likely Snefru-256.
Image 1.1
Another handy function of hashID is the ability to include the corresponding JohnTheRipper format in
the output. For example, if you utilized the John The Ripper format output option on an SHA256
hash, the tool will return a result of "SHA256 JtR Format: raw-sha256". To view the JohnTheRipper
format, users need to use the -j option. An example of this would be "hashid -j
2b4d9aa78976ec807986c1ea298d32418c85581b5625796c49bd6ecc146b1ef9". View image 1.2 for
an example of what the output of this command would be.
Image 1.2
Like hashID, Hash-identifier is used to identify different types of hashes used to encrypt data, such
as passwords. This tool was created by Zion3R and has fewer capabilities than hashID, but it still
gets the job done. To use hash-identifier, it will need to be launched via the cmd line. To launch
hash-identifier, type "hash-identifier" and hit enter. Once you do this, an interactive prompt will be
presented to the user. To see an example of this, see image 1.3.
Image 1.3
Once presented with the interactive prompt, all an individual needs to do is enter the hash they wish
to crack. Hash-identifier will then determine the hash type and return the results to the user. For an
example of this, see image 1.3. The above image demonstrates a user entering the hash
"2b4d9aa78976ec807986c1ea298d32418c85581b5625796c49bd6ecc146b1ef9" to identify its hash
type. After the hash has been entered, hash-identifier goes to work analyzing the hash and returning
its results to the user. Hash-identifier is an older tool and sometimes identifies a hash incorrectly. For
example, image 1.3 demonstrates how hash-identifier predicts the SNEFRU256 hash is most likely
SHA256. This is an excellent example of why you would want to run a hash through multiple tools to
validate the hash type. Even with newer tools hashes can still be misidentified. When identifying
hashes, sometimes the second, third, or even fourth likely hash in the list of likely hashes can be the
correct one. Don’t give up too quickly when identifying hashes because it can sometimes be a
process of trial and error. Trying to crack a hash using the incorrect hash type settings can slow
down your efforts. Now that we know how to identify a hash type let's discuss how to crack a hash.
