Solving Yashira hash challenge 3

By the end of the year, we witnessed a huge increase in the amount of attacks that extracted large quantities of personal information, emails and passwords. Even one of the biggest email services, Yahoo, suffered an attack by cyber-criminals and they robbed more than 500000 accounts, in doing so, accessing to everyone’s passwords. One of the most common methods of storing passwords on rest is hashing, it’s a mathematical function that transforms data into a fixed-length value or key that represents the original data.

You can use hashing algorithms to reinforce integrity and also to store passwords, as long as the data never changes. The resulting hash will always be the same. By comparing hashes created at two different times you can determine if the original data is still the same. Passwords are often stored as hashes, when a user creates a new password, the system calculates the hash and stores it. Later, when a user logs-in, the system calculates the hash of the password entered and compare it with the one stored, if it is the same then the person entered the correct password. The most common hashing algorithms are MD5 (Message Digest 5), SHA (Secure Hash Algorithm) and HMAC (Hash-based Message Authentication Code).

However, hashing has a vulnerability, rainbow tables. Which are huge databases of precomputed hashes, and it helps crackers to discover passwords comparing thehash of a stolen password with the database. Some of these tables are bigger that 160 GB in size, and they include hashes for almost every possible combination of characters.

Challenge Yashira Hash 3

In this challenge, they give us a hash that needs to be cracked, and then answered it with the password on clear text.

Figure 1. Challenge on Yashira

We could use a rainbow table to crack this hash but it will need a huge database or an algorithm that uses every hash and password to compare. On the contrary, we could use crackstation to do this task. It only needs the hash and the site cracks it with its own database.

Figure 2. crackstation hashing solver

It then discovers the clear text password of the hash given, telling us that it is SHA1. It uses colors to indicate if the search was successful, if a partial a partial match was found or if no password was found at all

Figure 3. Solution given by crackstation

Share

Tags:

Recommended blog posts

You might be interested in the following related posts.

Protecting your cloud-based apps from cyber threats

Details on this trend and related data privacy concerns

A lesson of this global IT crash is to shift left

Users put their trust in you; they must be protected

Transparency for fewer supply chain attacks

Develop bank applications that resist DDoS attacks

Ensuring compliance and security in the banking sector