Photo by FLY:D on Unsplash

Walkthrough: Hashing — Crypto 101

Complete walkthrough for the room “Hashing-Crypto 101” in TryHackMe.

Task 1 — Key Terms

  1. Is base64 encryption or encoding?


base64 is an encoding and not encryption as it is used for data integrity and to not keep it a secret from others.

Task 2 — What is a hash function?

1. What is the output size in bytes of the MD5 hash function?


This answer can be simply found by a google search

2. Can you avoid hash collisions? (Yea/Nay)


3. If you have an 8-bit hash output, how many possible hashes are there?


We can find the possible hashes by using 2**n where n is the number of bits. Here 2**8=256

Task 3 — Uses for hashing

  1. Crack the hash “d0199f51d2728db6011945145a1b607a” using the rainbow table manually.


This answer can be found by looking at the sample rainbow table given in this task.

2. Crack the hash “5b31f93c09ad1d065c0491b764d04933” using online tools


We can crack this hash using this site.

3. Should you encrypt passwords? Yea/Nay


As encryption is not so secure, it is better to hash the passwords.

Task 4 — Recognising password hashes

  1. How many rounds does sha512crypt ($6$) use by default?


Hash functions perform a particular process. Each process is a round. So more the rounds, harder or more time-consuming is the hash cracking.

2. What’s the hashcat example hash (from the website) for Citrix Netscaler hashes?


The answer can be found here.

3. How long is a Windows NTLM hash, in characters?


Idk why but I took so long searching for this :sweat: But the answer can be found here

Task 5 — Password Cracking

  1. Crack this hash: $2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG


We can identify this hash using the prefix $2a$ . This is a bycrypt. This can be done using the command

hashcat -m 3200 -a 0 -o cracked.txt bycrypt.txt /usr/share/wordlists/rockyou.txt


-m specifies the hash-type

-a specifies the attack type

-o specifies the filename the cracked hash is to be stored

followed by the file name that contains the hash — here bycrypt.txt

and finally the path to the wordlist.

2 . Crack this hash: 9eb7ee7f551d2f0ac684981bd1f1e2fa4a37590199636753efe614d4db30e8e1


Following the same syntax as above:

hashcat -m 1400 -a 0 -o sha_cracked.txt sha2–256.txt /usr/share/wordlists/rockyou.txt

3. Crack this hash: $6$GQXVvW4EuM$ehD6jWiMsfNorxy5SINsgdlxmAEl3.yif0/c3NqzGLa0P.S7KRDYjycw5bnYkF5ZtB8wQy8KnskuWQS3Yr1wQ0


hashcat -m 1800 -a 0 -o unkown_cracked.txt unkown_hash.txt /usr/share/wordlists/rockyou.txt

4. Bored of this yet? Crack this hash: b6b0d451bbf6fed658659a9e7e5598fe


This can be craked here.

Task 6 — Hashing for integrity checking

  1. What’s the SHA1 sum for the amd64 Kali 2019.4 ISO?


This can be found by simply clicking the link and going to the SHA1SUMS link.

2. What’s the hashcat mode number for HMAC-SHA512 (key = $pass)?


This can be found through the terminal using hashcat -h | grep -i 'hmac-sha512 (key = $pass) or here.

Give this a 👏 if you found it useful!




Hritesh J is a student pursuing undergraduate studies in CS. Loves cybersecurity and playing ctfs and writing about them. “learning one new thing every day.”

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

ForTube IoTeX Version Liquidity Incentive Tutorial

BountyHunter XXE vulnerability w/o Metasploit

Still using Windows 7? Here’s How You Can Stay Safe

Advent of Cyber 2021 — [Day 8] Santa’s Bag of Toys

Biometrics and PIN crime stories: What is the most secure way to lock your smartphone?

EFCC detains former Edo Gov, Lucky Igbinedion, over N1.6bn fraud

Q2.2 return Kth to last

{UPDATE} Escape Room Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hritesh J

Hritesh J

Hritesh J is a student pursuing undergraduate studies in CS. Loves cybersecurity and playing ctfs and writing about them. “learning one new thing every day.”

More from Medium

Diplomacy Using Cyberweapons

The Great Instagram Runaround

Introduction to Source Intelligence (OSINT)

Power of using pseudonyms on the internet