RingZer0-30 - Is Hashing More Secure?

Javascript

Is hashing more secure?

Like the previous one, if we look at the source code we can see how the page is validating the password.

<script>

			// Look's like weak JavaScript auth script :)
			$(".c_submit").click(function(event) {
				event.preventDefault();
				var p = $("#cpass").val();
				if(Sha1.hash(p) == "b89356ff6151527e89c4f3e3d30c8e6586c63962") {
				    if(document.location.href.indexOf("?p=") == -1) {   
				        document.location = document.location.href + "?p=" + p;
				    }
				} else {
				    $("#cresponse").html("<div class='alert alert-danger'>Wrong password sorry.</div>");
				}
			});
		</script>

We need to find what password in sha1 results into b89356ff6151527e89c4f3e3d30c8e6586c63962. A few website has already an extensive database of decrypted password.

The one that i used was http://hashkiller.co.uk/sha1-decrypter.aspx

The sha1 hash password is adminz

Once we enter the password we get the flag.

Hashcat

I also used hashcat to crack the password just for the fun of it

hashcat -m 100 b89356ff6151527e89c4f3e3d30c8e6586c63962 ~/Git/SecLists/Passwords/
hashcat (v3.30) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080 Ti, 2047/11171 MB allocatable, 28MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

I used the wordlist found in this github https://github.com/danielmiessler/SecLists

I used the whole directory and it took a few seconds but it found it

Generated dictionary stats for /home/p0pp3t/Git/SecLists/Passwords/honeynet.txt: 1996068 bytes, 226082 words, 226082 keyspace

- Device #1: autotuned kernel-accel to 1024               
- Device #1: autotuned kernel-loops to 1
[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => The wordlist or mask you are using is too small.
Therefore, hashcat is unable to utilize the full parallelization power of your device(s).
The cracking speed will drop.
Workaround: https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_to_create_more_work_for_full_speed

INFO: approaching final keyspace, workload adjusted       

b89356ff6151527e89c4f3e3d30c8e6586c63962:adminz           
                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Type........: SHA1
Hash.Target......: b89356ff6151527e89c4f3e3d30c8e6586c63962
Time.Started.....: Sat Oct 14 17:49:11 2017 (0 secs)
Time.Estimated...: Sat Oct 14 17:49:11 2017 (0 secs)
Input.Base.......: File (/home/p0pp3t/Git/SecLists/Passwords/honeynet.txt)
Input.Queue......: 44/94 (46.81%)
Speed.Dev.#1.....:  1009.2 kH/s (0.08ms)
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 226082/226082 (100.00%)
Rejected.........: 4/226082 (0.00%)
Restore.Point....: 0/226082 (0.00%)
Candidates.#1....: nobody -> !#%&
HWMon.Dev.#1.....: Temp: 58c Fan: 15% Util: 22% Core:1949Mhz Mem:5508Mhz Lanes:16

The password was found in the honeynet.txt file.

b89356ff6151527e89c4f3e3d30c8e6586c63962:adminz

The flag is FLAG-bXNsYg9tLCaIX6h1UiQMmMYB