hashcrack

Description: A company stored a secret message on a server which got breached due to the admin using weakly hashed passwords. Can you gain access to the secret stored within the server?
Difficulty: Easy

🔎 Solution

After establishing a connection, you'll be provided with a series of hash strings. Your task is to identify the hashing algorithm used (such as MD5, SHA-1, SHA-256,...) and then attempt to "crack" or reverse the hashes to retrieve the original plaintext values.
To determine the correct hashing algorithm, tools like this can be very helpful. Simply input the hash string, and it will suggest the most likely algorithms based on its format and characteristics.
In my challenge, for example, the three hashing algorithms used were MD5, SHA-1, and SHA-256, in that order.
Once you've identified the algorithms, you can use an online hash cracker like this one. Select the corresponding algorithm, input the hash, and if the plaintext is in their database, you'll get the decoded result.

Welcome!! Looking For the Secret?

We have identified a hash: 482c811da5d5b4bc6d497ffa98491e38
Enter the password for identified hash: password123
Correct! You've cracked the MD5 hash with no secret found!

Flag is yet to be revealed!! Crack this hash: b7a875fc1ea228b9061041b7cec4bd3c52ab3ce3
Enter the password for the identified hash: letmein
Correct! You've cracked the SHA-1 hash with no secret found!

Almost there!! Crack this hash: 916e8c4f79b25028c9e467f1eb8eee6d6bbdff965f9928310ad30a8d88697745
Enter the password for the identified hash: qwerty098

Successfully cracking all three hashes will give you the final flag.

Correct! You've cracked the SHA-256 hash with a secret found. 
The flag is: picoCTF{UseStr0nG_h@shEs_&PaSswDs!_36a1cf73}

🚩Flag

picoCTF{UseStr0nG_h@shEs_&PaSswDs!_36a1cf73}

🔎 Solution​

🚩Flag​

🔎 Solution

🚩Flag