Hashes

windows, linux, crypto

Determining Hash Type #

# using hashid
# -m -- displays equivalent mode for hashcat
hashid -m '$6$7GS5e.yv$HqIH5MthpGWpczr3MnwDHlED8gbVSHt7ma8yxzBM8LuBReDV5e1Pu/VuRskugt1Ckul/SKGX.5PyMpzAYo3Cg/'

# hashi-identifier
hash-identifier

NTLM #

# LM - oldest way of storing password
299BD128C1101FD6

# NThash - newer format of storing password
B4B9B02E6F09A9BD760F388B67351E2B

# NTLMv1
# - aka Net NTLM or NTLM
# - a protocol (not a hash)
# - uses LM and NT hashes (see example below)
# - you can use this in pass the hash attacks
# - you get this from SAM (local) or NTDS (domain controller)
# - aad3b435b51404eeaad3b435b51404ee (1st part, LM)
# - 0e0363213e37b94221497260b0bcb4fc (2nd part, NT)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:0e0363213e37b94221497260b0bcb4fc:::

# NTLMv2
# - similar to NTLMv1
# - but harder to crack
# - cannot be used for pass the hash attack since its
#   time based challenge response
enterprise-security::VULNNET:8b856f99a4f56574:3A6E6B90770F93843A6165D65C6CFECB:0101000000000000805DD83722A8D701732DB60C452305CF0000000002000800330054004E00380001001E00570049004E002D003500570031004B0044003500500030004A003800560004003400570049004E002D003500570031004B0044003500500030004A00380056002E00330054004E0038002E004C004F00430041004C0003001400330054004E0038002E004C004F00430041004C0005001400330054004E0038002E004C004F00430041004C0007000800805DD83722A8D70106000400020000000800300030000000000000000000000000300000ED09696FFCBE70BE87097AB6EC544650C2EDD2CF2ADF7CA7ECAF5424D119C3C40A001000000000000000000000000000000000000900200063006900660073002F00310030002E00310031002E00340030002E00330033000000000000000000

Bcrypt #

$2b$10$83pRYaR/d4ZWJVEex.lxu.Xs1a/TNDBWIUmB4z.R0DT0MSGIGzsgW

Apache MD5 #

$apr1$tbcm2uwv$UP1ylvgp4.zLKxWj8mc6y/

SHA1SUM #

echo test | sha1sum

Other resources #