We are starting "Password Attacks" label and this is the first tutorial in "Password Attacks" category. Before attacking on passwords we need to learn about Hashes, and how to break hashes and find original password or any other sensitive data. So we learn this topic in some posts.
Hashes are the output of a one-way mathematical algorithms, that means they can't be reversed. We can break them by brute-force only. Hashing is very important for cryptography.
In this post we will learn about the structure of some common hashes and how to identify them.
Following are the types of hashes and how to identify the Hash:
MD5
This is the most widely used hash function. Here, MD stands for message-digest algorithm. These kind of hashes can be easily identified by using following observations:
- They are hexadecimal.
- MD5 is 32 characters in length and of 128 bits, for an example 499bb86f9e766e1bd2786cfd17c3bf7.
MySQL < v4.1
Some time we can get this kind of hashes while extracting data from SQL Injection. We can identify this kind of hash by using following observations:
- They are also hexadecimal.
- MySQL less then v4.1 is 16 characters in length of and 64 bits, for an example 608457496645bcba
This type of hashes is used on website made via WordPress. We can easily identify these type of hashes by following ways:
- The most common thing is they always begin with $P$.
- They have alphanumeric characters.
- They are 34 characters in length and of 64 bits, for example, $P$9QGUsR07ob2rNMbmSCRh9Noi6rjJGR
This is used in modern versions of MySQL to store sensitive information. These hashes can be identified using following observations:
- All are in CAPITAL.
- Always start with an asterisk (*)
- The length of these tyoe of hashes is 41. For example, *4ACEF987S5KK5CD467121KP91IP653917HGKL062
Base64 is very easy to identify. This type of hashes is done by encoding eight octets into four characters. Most easy method to check a Base64 encoding is as following:
- Check that the length of the characters is a multiple by 4.
- Base64 have a padding at the end, which is 0, 1, or 2, = characters, for example, TP66IGNskp9hbCBwbGGhc3UyBS4=