ADVANCED PASSWORD RECOVERY
CYBERSEC LAB — VIRTUAL PENETRATION TESTING
MODULE 9 — HASH CRACKING & PASSWORD AUDITING
Initializing OpenCL runtime...

💀 ASSIGNMENT GOALS

Examine the hash dump file.
Identify all hash types using hashcat --identify.
Crack MD5 and SHA-1 hashes with a dictionary attack.
Crack the NTLM hash using a mask attack.
Use hashcat --show to display all cracked credentials.
Complete the pentest report and submit.
PHASE 1 — EXAMINE HASH DUMP
💻
Terminal
📖
Reference Manual
📝
Notepad
📋
Pentest Report
⬡ KALI
Terminal
Reference
Notepad
Report
00:00:00
📋 BRIEFING
⚠ CLASSIFIED — PENTEST ENGAGEMENT

MISSION BRIEFING

Operation: Hash Horizon  |  Tool: Hashcat
SCENARIO
During a red team engagement against Apex Systems Inc., access was gained to the company's web server database. A dump containing password hashes for multiple user accounts was successfully exfiltrated.

Your objective is to use Hashcat to identify the hash types, select the appropriate attack modes, crack as many passwords as possible, and produce a findings report documenting the password security weaknesses discovered.

Cracked credentials could enable lateral movement or privilege escalation across the network.
OBJECTIVES
1
cat hashes.txt — examine the exfiltrated hash dump.
2
hashcat --identify hashes.txt — identify all hash types and their mode numbers.
3
Run dictionary attacks (-a 0) against MD5, SHA-1, and SHA-256 hashes.
4
Run a mask attack (-a 3) against the NTLM hash to crack the pattern-based password.
5
Use hashcat --show to display all cracked credentials in a clean table.
6
Fill in the Pentest Report with your findings and submit.
TOOLS
💻
Terminal
hashcat, cat, ls, file, clear, help
📖
Reference Manual
Hash mode table, attack modes, mask charset guide
📝
Notepad
Keep track of hashes, mode numbers, and cracked passwords
📋
Pentest Report
Submit your findings here
AVAILABLE FILES
📄
hashes.txt
/root/loot/hashes.txt — the exfiltrated hash dump
📚
wordlist.txt
/usr/share/wordlists/rockyou.txt — pre-loaded
Display Mode
TERMINAL — root@kali : ~/loot
Hashcat Lab Terminal — Kali Linux 2024.1
Working directory: /root/loot
 
Type 'help' for available commands.
 
root@kali:~/loot#
REFERENCE MANUAL — HASHCAT
HASHCAT SYNTAX
hashcat [options] hashfile [wordlist|mask]

hashcat -m <mode> -a <attack> hashes.txt wordlist.txt
hashcat -m <mode> -a 3 hashes.txt <mask>
hashcat --identify hashes.txt
hashcat -m <mode> hashes.txt --show
COMMON HASH MODES (-m)
MODEHASH TYPEEXAMPLE HASHSTRENGTH
0MD55d41402abc4b...Very Weak
100SHA-1aaf4c61ddcc5...Weak
1000NTLMb4b9b02e6f09...Weak
1400SHA-2565e884898da28...Medium
1700SHA-512cf83e1357eef...Strong
3200bcrypt$2a$12$...Very Strong
500MD5crypt ($1$)$1$salt$hashMedium
1800SHA-512crypt ($6$)$6$salt$hashStrong
ATTACK MODES (-a)
MODENAMEDESCRIPTION
0DictionaryTest words from a wordlist file
1CombinatorCombine two wordlists together
3Mask (Brute-force)Generate passwords from a pattern mask
6Hybrid Dict+MaskWordlist words + mask appended
7Hybrid Mask+DictMask prepended + wordlist words
MASK CHARSETS
MASKCHARACTER SETEXAMPLE
?lLowercase a-za,b,c...
?uUppercase A-ZA,B,C...
?dDigits 0-90,1,2...
?sSpecial chars!,@,#,$...
?aAll printable?l+?u+?d+?s
Example mask for "Summer2024!" → ?u?l?l?l?l?d?d?d?d?s
USEFUL FLAGS
FLAGDESCRIPTION
--identifyAuto-detect hash type
--showDisplay cracked passwords
--forceIgnore warnings (use in VMs)
--rules-fileApply mangling rules
-o output.txtSave cracked hashes to file
--statusShow live cracking progress
--potfile-pathCustom pot file location
HOW TO IDENTIFY HASH TYPE
1. Run hashcat --identify hashes.txt
2. Look at the hash length and prefix:
  • 32 chars, hex = likely MD5 (mode 0)
  • 40 chars, hex = likely SHA-1 (mode 100)
  • 32 chars, hex, Windows = likely NTLM (mode 1000)
  • 64 chars, hex = likely SHA-256 (mode 1400)
  • Starts with $2a$ = bcrypt (mode 3200)
NOTEPAD — notes.txt
FileEditFormatView
Ln 1, Col 1UTF-8notes.txt
PENTEST REPORT — HASH CRACKING FINDINGS

HASH CRACKING FINDINGS REPORT

APEX SYSTEMS INC. — RED TEAM ENGAGEMENT — COMPLETE ALL FIELDS

SECTION 1 — CRACKED CREDENTIALS
SECTION 2 — RISK ASSESSMENT
Score: 0 / 9