Title: Argon2id Hash Cracker Author: cyclone URL: https://github.com/cyclone-github/argon_cracker Description:
I wrote this tool due to the limited selection of programs that can crack/verify argon2id hashes. Hashcat currently lacks support for any argon algo, and even though John the Ripper does support it in its bleeding-edge version, the high memory requirements of argon2id make it impractical for handling higher-cost memory argon2id hashes that demand more memory than most GPUs have. If your GPU allows it, I suggest running argon2id hashes with JTR first. If not, Argon2id Hash Cracker may be your only choice as it is only limited by your system RAM and CPU.
Example hash: $argon2id$v=19$m=65536,t=4,p=1$d2tycHJEYlBuenNEOUpqNg$pEXhocM661JmS3oRCR6MPQ
######################################################################
# Cyclone's Hashes.com API Escrow Tool v1.0.0 #
# This tool requires an API key from hashes.com #
# 'Search Hashes' requires credits #
# See hashes.com for more info #
######################################################################
API key verified
Select an option:
1. Upload Founds
2. Upload History
3. Download Left Lists
4. Search Hashes
5. Hash Identifier
6. Wallet Balance
7. Show Profit
8. Withdrawal History
n. Enter New API
r. Remove API Key
c. Clear Screen
q. Quit
A fun challenge consisting of 4 main sets of challenges, each with their own set of hints, riddles and quests.
Challenge contains hints of fairy tails, classic movies and American history, all incorporated into hashes, encrypted files, and finishes strong with a simple, but challenging, reverse engineering "capture the flag".
Title: metamask_pwn Author: cyclone URL: metamask_extractor URL: metamask_decryptor Description:
Tools to extract and decrypt metamask vaults. Supports previous versions and the new Metamask wallet vaults which have a dynamic iteration.
Use the template below as a guideline for posting hashes in General and Paid Section.
DO NOT POST ANY PII (PERSONAL IDENTIFIABLE INFOMATION) OR YOUR POST WILL BE REMOVED. REPEATED VIOLATIONS WILL RESULT IN YOUR ACCOUNT BEING BANNED.
General Section
`Info`: {source, hash algo, password complexity, etc}
`Hints`: {use paste.hashpwn.net to post password hints, do not post them directly on forum or your post will be removed!}
`Hash`: {paste up to 30 hashes directly in post, or upload your hash file for 30+ hashes}
`Reward`: {FOR PAID SECTION ONLY, post crypto (BTC, XMR, etc) and price per hash}
`Info`: {source, hash algo, password complexity, etc}
`Hints`: {use paste.hashpwn.net to post password hints, do not post them directly on forum or your post will be removed!}
`Hash`: {paste up to 30 hashes directly in post, or upload your hash file for 30+ hashes}
Use the template below for posting user content such as wordlists, rules, tools, writeups, etc. Do not upload compiled binaries to the forum. Instead, post a GitHub, GitLab, etc, link to the tool's source code.
So you want to crack hashes? Let’s first briefly cover what hashing is, and why it’s used.
Rather than storing sensitive information, such as login credentials in plaintext, most databases use hashing to obscure sensitive database entries. For example, if you used an insecure password such as, password, and the server was using the hashing algorithm MD5, your hashed password would be, 5F4DCC3B5AA765D61D8327DEB882CF99. Databases store passwords in hashed entries, and hash cracking is the process of turning these hashed entries back into plaintext. Concerning modern hash algorithms, the only way to retrieve the plaintext is to crack the hash. Since hashing is a one-way function, the only way to crack the hash is to guess the plaintext. There’s no hack or “dehashing” exploit. Guessing the plaintext is cracking the hash. This is where good hash cracking practices come into play with efficient wordlists, rules, and fast GPU’s all playing an important part in this process. The most important part of this process is you as the hash cracker must know when and where to apply your skills for the process to be both effective and efficient.
Hash Cracking Programs
There are multiple programs that can be used for hash cracking such as John the Ripper or MDXfind, but we’ll focus on Hashcat. If you haven’t already, download the binary files here: https://hashcat.net and unzip the hashcat-x.x.x.7z file we just downloaded into a directory called “hashing” (or whatever you want to call it).
You’ll notice Hashcat includes binaries for both Windows (.exe) and Linux (.bin), but for this tutorial we’ll be demonstrating the commands from a Linux terminal. Keep in mind most of the commands we’ll be using for this tutorial are similar for both OS’s, so once you’ve learned how to run Hashcat on Linux, switching over to Windows is fairly easy and visa-versa.
Wordlists
The wordlist we use is extremely important to the success of our attack. A poor wordlist will give poor results, and just because a wordlist is huge with 10’s of gigabytes doesn’t mean it’s efficient. This is especially true with slow algorithms such as bcrypt where running a targeted wordlist without rules may be necessary due to time. What is all this talk about time and efficiency? Keep in mind that the same wordlist + rules that only takes a few minutes to run on a list of 100 MD5’s could take years to complete on 100 bcrypt.
Since we’ll need a wordlist for our attack, we’ll download one from weakpass.com which contains a short list of 100,000 most common passwords. Unzip this wordlist inside your Hashcat folder. I like to keep my wordlists in their own subfolder called “wordlist”, but you can choose to set up your folder structure however you like. Just keep in mind where you extract the wordlist as we’ll need to know that when we assemble our command line in terminal. https://weakpass.com/wordlist/49
The Attack
We need a sample set of hashes to try our attack on, so copy and paste the following MD5 hashes into a file called hashes.txt and place this file in your Hashcat folder as well.
All of the password hashes listed below were derived from the wordlist we downloaded in the previous step.
Open a terminal in your Hashcat directory and run the following command:
Note: you may need to edit this command to match the folder structure on your system if your wordlists are in a subfolder, etc. If using Windows, use hashcat.exe.
./hashcat.bin -m 0 -a 0 -O -w 3 hashes.txt 10_million_password_list_top_100000.txt
Let’s take a moment to explain the command and options we’re using.
hashcat.bin hashcat binary
-m 0 -m = MODE 0 = MD5
-w 3 Workload profile 3 = High
-a 0 -a = attack 0 = wordlist
-O Optimised kernel - speeds up attack on supported modes
hashes.txt Text file containing hashes we’re trying to crack
10_million_pass... Wordlist we’re using for the attack
If everything went well, we should have cracked 13 / 27 hashes! If you received an error, double check your command syntax and make sure you’ve installed the correct drivers for your GPU. You can always run ./hashcat.bin -h to display a full list of commands and supported algorithms Hashcat supports.
Next, let’s expand our attack by using rules for our wordlist. This is done by adding the -r switch to our Hashcat command and specifying the ruleset to use. Hashcat includes several rulesets so we’ll start off by using a basic set of rules, best64.rule. Using rules will mangle each word contained in our wordlist. For example, the rule l (lower case L) will lower the case of each word, so PassWord becomes password.
Let’s try something else, rule stacking. This is where we’ll run multiple sets of rules to further mangle our wordlist. This is typically only feasible with fast hash algorithms as rule stacking can add considerable time to the attack. To keep things simple, for this attack we’ll stack best64.rule. Make sure to add a second -r switch before the 2nd rule like our example below:
While our last 3 uncracked hashes do not equal 20% of the test set, the last remaining hashes that haven’t cracked are commonly referred to as The Last 20%. Some of these remaining hashes will crack with targeted wordlist and rules, but in the real world of hash cracking some hashes with long, complex plaintext will never crack even with mask / brute force attacks due to the time required to run through their entire keyspace. The good news for you is the 3 remaining hashes in this test set will crack if you find the right wordlist + ruleset, so explore some of your newly learned skills and have fun cracking these.
Conclusion
While we’ve only scratched the surface when it comes to hash cracking, I hope you’ve had fun cracking these hashes and learned a few things along the way.
cyclone
In case you couldn’t figure them out, I’ve included a master list of the hash:plaintext.