Advanced cracking hashes challenges and wordlist generation
This is the write-up TryHackMe’s room named :- Crack The Hash Level 2
This room can be found here:- https://tryhackme.com/room/crackthehashlevel2
This is the second room in “Crack the Hash” series and it is recommended to finish Level 1 before trying this room which is available here:- https://tryhackme.com/room/crackthehash
Before we get in to cracking hashes, Tasks 1–5 talks about various tools and tricks about cracking and wordlist generation. We should read them first as that is what this room is all about — learning new tools and tricks.Here is the summary:
[ Hash identification ]
- Haiti — https://github.com/noraj/haiti/
A CLI tool to identify the hash type of a given hash.
[ Wordlists ]
- Seclists — https://github.com/danielmiessler/SecLists
SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
- wordlistctl — https://github.com/BlackArch/wordlistctl
Fetch, install and search wordlist archives from websites and torrent peers.
- Rawsec’s CyberSecurity Inventory — https://inventory.raw.pm/tools.html#title-tools-cracking
Tools and resources about CyberSecurity. The Cracking category will be especially useful to find wordlist generator tools.
- Rockyou — https://en.wikipedia.org/wiki/RockYou#Data_breach
Famous wordlist contains a large set of commonly used password sorted by frequency.
[ Cracking tools, modes & rules ]
- Hashcat — https://hashcat.net/hashcat/
Advanced password recovery utility.
- John the Ripper — https://www.openwall.com/john/
Open Source password security auditing and password recovery tool.
[ Custom wordlist generation ]
- Mentalist — https://github.com/sc0tfree/mentalist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human…