Fusion
Password Cracking | Hard - Fusion
Challenge
A password hash was retrieved that needs to be cracked. We have received intel that the password is a Netflix movie or show with a number at the end. Can you crack the password?
Target Hash: 427e3d9c817de20912d9838f1f2ad7d0
Solution
Solution Guide
As you may be able to tell from the challenge title, we need to fuse or combine 2 different password cracking techniques for this: dictionary attack & mask attack. But notice, we are not provided with a wordlist so we will need to research.
Obtain Wordlist
My #1 source for finding wordlists and datasets is either GitHub or Kaggle. This challenge uses one from Kaggle although I'm sure it can be solved with multiple other wordlists. We know it's a Netflix show/movie so why not look for the most popular one on Kaggle.Reveal Wordlist
Download the wordlist, open with Excel, and copy the Title column to a text document. Name it something like netflix.txt
Crack the password
We're now ready to attack the hash and obtain our password. As usual, we will use hashcat but this time with their Hybrid mode. Hashcat has two hybrid modes. Attack mode -a 6 is wordlist appended with mask (wordlist + mask). Attack mode -a 7 is wordlist prepended with mask (mask + wordlist). We know our hash is our wordlist with a number (the mask) appended at the end so we will use -a 6.
You should know how to find out hash type from RockYou. You should know which mask to use from Masked. I now encourage you to craft the attack command yourself. Attack mode: Hybrid (wordlist + mask) - Command:Reveal Command
-a 6
Hash type: MD5 - -m 0
Mask: Single digit - ?dhashcat -a 6 -m 0 427e3d9c817de20912d9838f1f2ad7d0 netflix.txt ?d
You should now have the password cracked!
Credits
- Author(s): Divesh Gupta (legendile7)