Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  • Hash Identification Tools for Linux and Windows Hosts
  • Introduction
  • 1. Using Hash-Identifier
  • 2. Using Online Hash Identifier Tools
  • 3. Using Hashcat for Hash Identification
  • 4. Identifying Common Linux and Windows Hashes
  • 5. Conclusion
  1. Password Attacks
  2. Password Attacks
  3. Identifying Hashes

Hash Identifier Tools

Hash Identification Tools for Linux and Windows Hosts

In penetration testing and cybersecurity, identifying the type of hash used for password storage is essential. Once you know the hash type, you can use the right cracking tool to attempt to break it. This guide will cover various hash identifier tools and techniques to identify common hash types for Linux and Windows hosts.

Introduction

Hashes are one of the primary methods of storing sensitive data like passwords. The ability to identify the type of hash is crucial when attempting to crack password hashes or for performing password auditing. For both Linux and Windows environments, hash identifiers can help determine the algorithm used to generate the hash, enabling security professionals to choose the appropriate cracking tool.

There are several tools and techniques to identify hashes, including:

  • Hash-Identifier

  • Hashcat

  • Online Hash Identification Tools

  • Linux/Windows Specific Hash Patterns

This tutorial will guide you through using these tools to identify common hash types on Linux and Windows systems.


1. Using Hash-Identifier

Hash-Identifier is a Python-based tool designed to identify hash types based on their structure. It is a fast and effective way to classify hash types for both Linux and Windows systems.

Installing Hash-Identifier

To install Hash-Identifier on your system, you can clone it from GitHub or install it via pip.

git clone https://github.com/psypanda/hash-identifier.git
cd hash-identifier
python3 hash_id.py

Alternatively, you can install it via pip:

pip install hash-identifier

Using Hash-Identifier

Once installed, run Hash-Identifier by providing the hash you want to identify.

python3 hash_id.py

Then, input the hash you want to analyze. The tool will analyze the structure of the hash and provide a list of potential hash types.

For example:

Input Hash: 5f4dcc3b5aa765d61d8327deb882cf99

The output will indicate that it matches the MD5 hash type, commonly used in Windows password storage.

Common Hash Types Identified by Hash-Identifier

  • MD5 (e.g., 5f4dcc3b5aa765d61d8327deb882cf99) – Used by various Linux systems and some Windows applications.

  • SHA-1 (e.g., 20ab9fa7a1b2cded6f58d8cd7e7bdbbb925c44b8) – Used in some older applications.

  • NTLM (e.g., aad3b435b51404eeaad3b435b51404ee) – Used in Windows environments for authentication.

  • bcrypt (e.g., $2a$12$E8u9FplRl5qMF4dYBzvZLk9hBByHfNQ8RIwXJtGowSviM9oa9ayEi) – Common in modern Linux systems for hashing user passwords.

  • SHA256 (e.g., e3afed0047b08059d0fada10f400c1e5) – A cryptographic hash function.


2. Using Online Hash Identifier Tools

There are various online tools available to help you identify hash types. These are particularly useful when you need a quick and convenient way to analyze a hash without installing any tools locally. Some popular online tools include:

  • OnlineHashCrack (https://www.onlinehashcrack.com/hash-identification.php)

  • MD5File (https://www.md5file.com/hash-identification)

  • Hash Toolkit (https://hash-toolkit.com/hash-identifier)

How to Use Online Tools

  1. Visit one of the online hash identification tools.

  2. Paste your hash into the provided text box.

  3. Click the "Identify" or "Submit" button.

  4. The tool will display possible hash types based on its analysis.

While online tools can be very convenient, they may not always cover all hash types, especially custom or rare hashes. For more accuracy, it’s recommended to use a local tool like Hash-Identifier or Hashcat.


3. Using Hashcat for Hash Identification

Hashcat is not only a cracking tool but also has some capabilities for hash identification. You can use Hashcat to determine which hash algorithm to use when attempting to crack a hash.

Using Hashcat to Identify Hash Types

To identify the hash type using Hashcat, you can run the following command:

hashcat -h

This command will display a list of all supported hash types, and you can match the hash you have with a known type based on its length and characteristics.

For example, to test whether a hash matches NTLM:

hashcat -m 1000 hashes.txt

If Hashcat starts cracking the hash correctly, it suggests that the hash is likely an NTLM hash.


4. Identifying Common Linux and Windows Hashes

Linux Hashes

Linux systems typically use the following hash algorithms to store user passwords:

  1. MD5 ($1$)

    • Common in older Linux systems.

    • Example: $1$eZLf7m0t$K8KP7fTnyTl5Qs2CrrSsd1

  2. SHA-512 ($6$)

    • A more secure option for modern Linux systems.

    • Example: $6$rounds=5000$72rB2GGwPK3ZwtnW$rhMtzX5kXkryQkcjQ2AFU9EZk/cNnFL8Fx/4tHbBdRGylBcMI5cdHmUy7bB9TcbmHtWTJqVOYPjTgLTx1bk46x1

  3. bcrypt ($2a$)

    • A strong hash algorithm that is widely used in modern Linux distributions.

    • Example: $2a$12$K0fS2sm6kXgtvFQ2zHhT2.Tsm6aIkt05O4S1Kn3FVj0E4ojsXL3RS

  4. DES ($apr1$)

    • Used in some older Linux distributions.

    • Example: $apr1$8ymVuIF9$QbkYw01F5fggn5OK82eNQ/

Windows Hashes

In Windows systems, the following hash types are common:

  1. LM Hash

    • Typically found in older Windows systems.

    • Example: aad3b435b51404eeaad3b435b51404ee

  2. NTLM Hash

    • Common in modern Windows environments for user authentication.

    • Example: aad3b435b51404eeaad3b435b51404ee$fdcba29f1b4d0c7e1052a9b8eec34720

  3. Windows 10 Hashes (NTLMv2)

    • Windows 10 uses NTLMv2 for more secure password storage.

    • Example: 536136204d434f4746303434b6eb54cfd30d0ac6eb418ff201f44511f6f2f3c9

Identifying NTLM vs. NTLMv2

To differentiate between NTLM and NTLMv2 hashes:

  • NTLM Hash: Typically shorter (32 characters), with only the user password hash.

    • Example: aad3b435b51404eeaad3b435b51404ee$e0d8d089fdf4e1c37b98414ab3c7f292

  • NTLMv2 Hash: A longer hash (around 64 characters), often found in more recent systems and has a more complex structure.

    • Example: `537f31373030323130$ac0f4d2a4534627f7c36cc1be1b76be9$


5. Conclusion

Identifying hash types is the first step toward cracking passwords in a secure, controlled environment. By using tools like Hash-Identifier, Hashcat, and online services, you can easily classify the hash algorithm used on both Linux and Windows systems. Once identified, you can proceed with cracking the hashes using the appropriate tools and methods. In this guide, we covered how to identify common hash types, including MD5, NTLM, SHA-1, bcrypt, and others, and how to use these identifiers to guide your cracking efforts.

PreviousIdentifying HashesNextJohn The Ripper

Last updated 2 months ago

CrackStation ()

https://crackstation.net/