Can you complete the level 1 tasks by cracking the hashes?
Question-01:

Hash: 48bb6e862e54f2a795ffc4e541caed4d

Identifying the hash type (tools used -> "haiti" , "hash-identifier" , "hashid" )

All indicating MD5 (mode 0)

Now, put the hash text in the hash.txt file

Question-02:

Hash: CBFDAC6008F9CAB4083784CBD1874F76618D2A97

Let's solve this with "john the ripper" tool

Question-03:

Hash: 1C8BFE8F801D79745C4631D09FFF36C82AA37FC4CCE4FC946683D7B336B63032

like the 1 ->

Question-04:

Hash: $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom

It will take many time if we want to crack it by hashcat blowfish method normally

confirmed “blowfish”
Now, this will take long time crack

So, let’s do brute force as string (Where I don’t know the length and assuming all lowercase letters)

It will also take very much time :’/
But , from internet i know the result is “bleh”
so, for fast work modify the previous code to show it in short time

It will execute the hash very fast as it know the length and 1st 2 characters of hash crack

Question-05:

Hash: 279412f945939ba78ce0758d3fd83daa

Now, this is mine favorite one among all. From, crack station,

Now, I will use mine own create Linux tool which very efficient in password existence finding from wordlists. you can visit this link for more info

Now, if you notice you will see there is no single wordlist which have this password in it

So, we have to go for a long bruteforce to crack this :) No quick dictionary attack :'(

We can use this payload,

hashcat -m 900 -a 3 hash.txt ?a?l?l?l?l?l?l?l?d?d

This will also take time but will work at the end
To ensure you it will work just running a sample case of that code manually,

Okay now, We will jump to the 2nd level of this ->

Question-1:

Hash: F09EDCB1FCEFC6DFB23DC3505A882655FF77375ED8AA2D1C13F640FCCC2D0C85

Now, lets crack this with SHA-256 mode 1400 by hashcat

Question-2:

Hash: 1DFECA0C002AE40B8619ECF94819CC1B

Now, this hash is tricky though it is showing MD5 or any version of MD but it is "NTLM". So, we should not blindly trust the top guess of this tools rather than sequentially test all the hash until we will get the hash cracked.

Question-3:

Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

Salt: aReallyHardSalt

Now, it is bit tricky. Go to hashcat_wiki and search the $6$ tag and understand which mode is this. ->

okay now lets crack we don't need to add the salt in the hash manually cause it is attached with that in the hash. But, most of we miss to add the (.) full stop at the end. This full stop is a part of this hash. And also it will take some time to crack ->

Question-4:

Hash: e5d8870e5bdd26602cab8dbe07a942c8669e56d6
Salt: tryhackme

now if we look at the hashcat_wiki the Sha-1 with salt is the mode 110 and also see the format sha1($pass.$salt) ->

But, unfortunately it didn't work :) then I sequentially search for other sha1 and salt type hash mode and I found this ->

And with that 160 mode we cracked the hash ->

┌──(kali㉿kali)-[~/password]
└─$ echo 'e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme' > hash.txt

┌──(kali㉿kali)-[~/password]
└─$ hashcat -m 160 -a 0 hash.txt /usr/share/wordlists/rockyou.txt      
hashcat (v7.1.2) starting

OpenCL API (OpenCL 3.0 PoCL 6.0+debian  Linux, None+Asserts, RELOC, SPIR-V, LLVM 18.1.8, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]
====================================================================================================================================================
* Device #01: cpu-sandybridge-12th Gen Intel(R) Core(TM) i5-12450H, 1466/2933 MB (512 MB allocatable), 4MCU