Bella Crypter Was A Fun Challenge

Screenshot_20220515_155553

Tools Used Hashcat/JohnTheRipper, Hashid, modified rockyou.txt wordlist and my secret weapon GOOGLE

Let’s get Into it

First the given hash was identified with hashid

Bcrypt, was the gotten hashid

We can make a quick research bout decoding bcrypt hashes if you will, It’ll enhance your understanding

Using hashcat

Save the hash to a file echo "$2y$12$dwt1bzj6pcyc3dy1fwz5ieeuznr71eenkjkulyptsgbx1h68wsrom" > hash hashcat -m 3200 hash rockyou.txt

So now here’s the catch decrypting bcrypt generally takes time and I for one think it’s not really nice giving them in a ctf unless they have the time or hont on maybe decoded string length yuh zimmi ??

What’s 4 days 😹😹😹 In truth it took around 5 hours or so

Google

Here’s Where Google Comes in Looking up the hash I saw It’s same as the one on THM Now I Recall Solving something similar Screenshot_20220515_164353

We grep letter words from rockyou.txt Screenshot_20220515_165536

Run hash cat again Screenshot_20220515_165725 Seems better now 😹

So now we wait

We got bleh as the decoded string

We done

Back To Home

ghost👻sonofabot-sec:~#

I scan, I map, I exploit .... Ghost is in your shell!!!

Bella Crypter Was A Fun Challenge

Using hashcat

Google