![[Drawing-5.sketchpad.png]] June 9, 2023 Hashing is used to avoid storing plain-text passwords in databases. Hashing is also used to identify files and for digital signatures, but this blog post is focused on authentication on Windows and Linux. A good hashing algorithm has the following qualities: 1) **Unique**. Any given input provides a unique and consistent output. Even with a tiny change in the input, the resulting hash should look completely different. When two different inputs result in the same hash, those are called `collisions` and mean the death of the hashing algorithm. 2) **Irreversible**. The hash cannot be reverted back the original form. The only way to derived what a hash was is to work through all the possible inputs until you find one that has the same hash. ## Windows ⊞ On Windows systems, password hashes are stored in the `C:\Windows\System32\Config\SAM` encrypted with a key in `C:\Windows\System32\Config\SYSTEM`. The following is demonstrated on Hack The Box's [Flight](https://app.hackthebox.com/machines/510). With Administrator credentials, we can use [crackmapexec](https://github.com/Porchetta-Industries/CrackMapExec) to dump the SAM database. ``` crackmapexec smb <rhost> -u Administrator -H :<nthash> --sam ``` [Impacket's SecretsDump](https://github.com/fortra/impacket) can work as an alternative to crackmapexec to accomplish the same task. ``` impacket-secretsdump Administrator:'<password>'@<rhost> ``` ![[Peek 2023-06-09 08-07.gif]] The output of the SAM is composed of four pieces as shown below. ![[Pasted image 20230609082119.png]] <p align=center>Breakdown of Windows Hash</p> The first value is the UID or "user ID" and the second is the RID or "relative ID". The next is the LAN Manager hash or "LM hash". Notice how all the LM hashes are the same, we'll get back to that later but that's because they're the same value: nothing. LM hashes are incredibly weak and any value reported other than an empty hash is cause for concern. The final value shown is the NT hash. NT hash is simply a UTF-16LE encoded MD4 hash. Note that Windows, unlike Linux, doesn't add salt value to protect against precomputed password attacks. **The most common hash you'll see are empty hashes!** It's critical that you are able to identify an empty hash as it would be a waste of time to attempt to crack these or pass them. - An empty LM hash: `aad3b435b51404eeaad3b435b51404ee` - An empty NT hash: `31d6cfe0d16ae931b73c59d7e0c089c0` ![[Pasted image 20230609050542.png]] <p align=center>CyberChef Calculating the LM & NT Hash of Nothing</p> The following are common hashing types you'll encounter when attacking Windows and Active Directory. It also includes the relevant Hashcat modes and JohnTheRipper formats. ``` Method | Hashcat (-m <#>) | John the Ripper (--format=<name>) ─────────────────────────────────────────────────────────────────────── LM | 3000 | LM NT | 1000 | NT NetNTMLv1 | 5500 | netntlm NetNTLMv2 | 5600 | netntlmv2 Kerberos 5 AS-REQ | 18200 | krb5asrep Kerberos RC4 | 13100 | krb5tgs ``` <p align=center>Windows Hash Cracking Guide</p> ## Linux 🐧 Hashes on Linux are stored the `/etc/shadow` file. In the past, the hashes were stored in the `/etc/passwd` file as the name suggests. However, since the `/etc/passwd` file must be world-readable for the operating system to function, the hashes themselves were moved to `/etc/shadow` that only the root user can read. We can use the `unshadow` command built into Kali Linux to combine the `/etc/passwd` and `/etc/shadow` files for cracking. The following example is from [Mentor](https://app.hackthebox.com/machines/518) on Hack The Box. I copied over the `passwd` and `shadow` files and removed all the unimportant built-in accounts to get cleaner output. ``` unshadow /etc/passwd /etc/shadow > unshadowed.txt ``` ![[Peek 2023-06-09 08-57.gif]] The output of the `unshadow` command is composed of six pieces as shown below. ![[Pasted image 20230609085115.png]] <p align=center>Breakdown of Linux Hash</p> The first piece is the user. The second piece is the hashing algorithm. Unlike Windows, Linux systems use a wide variation of algorithms to store hashes including MD5, Blowfish, SHA512, and yescript. The third piece is the salt which is a random string added to one's password ensures that even if two people had the same password, they would have a unique hash providing protection against rainbow table attacks. The final pieces specify the user's home directory and default shell. The following are common hashing types you'll encounter when attacking Linux targets. It also includes the relevant Hashcat modes and John the Ripper formats. ``` ID | Method | Hashcat (-m <#>) | John the Ripper (--format=<name>) ────────────────────────────────────────────────────────────────────── $1$ | MD5 | 500 | md5crypt $2*$ | Blowfish | 3200 | bcrypt $5$ | SHA-256 | 7400 | sha256crypt $6$ | SHA-512 | 1800 | sha512crypt $y$ | yescript | N/a | crypt ``` <p align=center>Linux Hash Cracking Guide</p> ## References - https://csrc.nist.gov/glossary/term/hashing - https://unix.stackexchange.com/questions/430141/how-to-find-the-hashing-algorithm-used-to-hash-passwords - https://hashcat.net/wiki/doku.php?id=example_hashes - https://www.blackhillsinfosec.com/hashcat-4-10-cheat-sheet-v-1-2018-1/ - https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4 - https://www.cyberciti.biz/faq/understanding-etcshadow-file/