Case file

Hash identification and rockyou cracking ladder

Foundations crypto engagement: classified MD5/SHA1/SHA256/bcrypt and salted digests, then recovered plaintexts with rockyou via hashcat and john — companion briefing to Crack the Hash Level 2.

Foundations20 minPassword Cracking · Hashcat · John · Hash Identification
01

Engagement summary

Identified common hash formats, cracked five level-1 samples and four rockyou-backed level-2 samples including salted sha512crypt and HMAC-SHA1.

CRACK THE HASH LEVEL 1 was an offline credential-recovery drill. Level 1 samples spanned MD5 (48bb6e… → easy), SHA1 (CBFDAC… → password123), SHA256 (1C8BFE… → letmein), bcrypt ($2y$12$… → bleh), and MD5 of a mixed-case secret (279412… → Eternity22). Level 2 required rockyou and proper mode selection: raw SHA256 (paule), NTLM (n63umy8lkf4i), sha512crypt with salt aReallyHardSalt (waka99), and salted HMAC-SHA1 with salt tryhackme (481616481616). Workflow: identify algorithm, select hashcat/john mode, point at rockyou, confirm plaintext.

Business impact

Fast hashes and recycled passwords fall to commodity wordlists in minutes. Prefer argon2id/bcrypt with unique salts, ban known-breached passwords at enrollment, and treat any dumped digest as already compromised.

02

Level 1 — identify and crack common digests

hashid/haiti typed MD5/SHA1/SHA256/bcrypt; hashcat recovered easy through Eternity22.

OPERATOR · HASHCAT

savvy@lab:~$ hashid 48bb6e862e54f2a795ffc4e541caed4d

MD5

savvy@lab:~$ hashcat -m 0 48bb6e862e54f2a795ffc4e541caed4d rockyou.txt

easy

savvy@lab:~$ hashcat -m 100 CBFDAC6008F9CAB4083784CBD1874F76618D2A97 rockyou.txt

password123

savvy@lab:~$ hashcat -m 1400 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032 rockyou.txt

letmein

savvy@lab:~$ hashcat -m 3200 '$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom' rockyou.txt

bleh

savvy@lab:~$ hashcat -m 0 279412f945939ba78ce0758d3fd83daa rockyou.txt

Eternity22

03

Level 2 — rockyou and salted modes

SHA256, NTLM, sha512crypt with known salt, and HMAC-SHA1 recovered from rockyou.

OPERATOR · SALTED

savvy@lab:~$ hashcat -m 1400 F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85 rockyou.txt

paule

savvy@lab:~$ hashcat -m 1000 1DFECA0C002AE40B8619ECF94819CC1B rockyou.txt

n63umy8lkf4i

savvy@lab:~$ hashcat -m 1800 '$6$aReallyHardSalt$6WKUTqzq...' rockyou.txt

waka99

savvy@lab:~$ hashcat -m 150 'e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme' rockyou.txt

481616481616

MODE CHEATSHEET

hashcat-modes.txt

0     MD5
100   SHA1
1400  SHA256
3200  bcrypt ($2y$)
1000  NTLM
1800  sha512crypt ($6$)
150   HMAC-SHA1 (hash:salt)

Remediation

Store passwords with memory-hard KDFs and per-user salts. Rate-limit online auth separately from offline dump risk. Subscribe to breach corpora and force reset on reused credentials.