Hash identification and rockyou cracking ladder
Foundations crypto engagement: classified MD5/SHA1/SHA256/bcrypt and salted digests, then recovered plaintexts with rockyou via hashcat and john — companion briefing to Crack the Hash Level 2.
- Case files
- Hash identification and rockyou cracking ladder
Identified common hash formats, cracked five level-1 samples and four rockyou-backed level-2 samples including salted sha512crypt and HMAC-SHA1.
hashid/haiti typed MD5/SHA1/SHA256/bcrypt; hashcat recovered easy through Eternity22.
SHA256, NTLM, sha512crypt with known salt, and HMAC-SHA1 recovered from rockyou.
Engagement summary
Identified common hash formats, cracked five level-1 samples and four rockyou-backed level-2 samples including salted sha512crypt and HMAC-SHA1.
CRACK THE HASH LEVEL 1 was an offline credential-recovery drill. Level 1 samples spanned MD5 (48bb6e… → easy), SHA1 (CBFDAC… → password123), SHA256 (1C8BFE… → letmein), bcrypt ($2y$12$… → bleh), and MD5 of a mixed-case secret (279412… → Eternity22). Level 2 required rockyou and proper mode selection: raw SHA256 (paule), NTLM (n63umy8lkf4i), sha512crypt with salt aReallyHardSalt (waka99), and salted HMAC-SHA1 with salt tryhackme (481616481616). Workflow: identify algorithm, select hashcat/john mode, point at rockyou, confirm plaintext.
Business impact
Fast hashes and recycled passwords fall to commodity wordlists in minutes. Prefer argon2id/bcrypt with unique salts, ban known-breached passwords at enrollment, and treat any dumped digest as already compromised.
Level 1 — identify and crack common digests
hashid/haiti typed MD5/SHA1/SHA256/bcrypt; hashcat recovered easy through Eternity22.
OPERATOR · HASHCAT
savvy@lab:~$ hashid 48bb6e862e54f2a795ffc4e541caed4d
MD5
savvy@lab:~$ hashcat -m 0 48bb6e862e54f2a795ffc4e541caed4d rockyou.txt
easy
savvy@lab:~$ hashcat -m 100 CBFDAC6008F9CAB4083784CBD1874F76618D2A97 rockyou.txt
password123
savvy@lab:~$ hashcat -m 1400 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032 rockyou.txt
letmein
savvy@lab:~$ hashcat -m 3200 '$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom' rockyou.txt
bleh
savvy@lab:~$ hashcat -m 0 279412f945939ba78ce0758d3fd83daa rockyou.txt
Eternity22
Level 2 — rockyou and salted modes
SHA256, NTLM, sha512crypt with known salt, and HMAC-SHA1 recovered from rockyou.
OPERATOR · SALTED
savvy@lab:~$ hashcat -m 1400 F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85 rockyou.txt
paule
savvy@lab:~$ hashcat -m 1000 1DFECA0C002AE40B8619ECF94819CC1B rockyou.txt
n63umy8lkf4i
savvy@lab:~$ hashcat -m 1800 '$6$aReallyHardSalt$6WKUTqzq...' rockyou.txt
waka99
savvy@lab:~$ hashcat -m 150 'e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme' rockyou.txt
481616481616
MODE CHEATSHEET
hashcat-modes.txt
0 MD5
100 SHA1
1400 SHA256
3200 bcrypt ($2y$)
1000 NTLM
1800 sha512crypt ($6$)
150 HMAC-SHA1 (hash:salt)Remediation
Store passwords with memory-hard KDFs and per-user salts. Rate-limit online auth separately from offline dump risk. Subscribe to breach corpora and force reset on reused credentials.