hashcrack

Description

Solution

1. Step 1Crack the MD5 hash
   482c811da5d5b4bc6d497ffa98491e38 → password.
   Learn more

   MD5 (Message Digest 5) was designed in 1991 as a cryptographic hash function producing a 128-bit (32 hex character) digest. It was considered secure for its time, but researchers began finding practical collision attacks in the early 2000s, and by 2008 it was considered completely broken for security purposes.

   The hash 482c811da5d5b4bc6d497ffa98491e38 corresponds to the word "password" - one of the most common passwords ever used. Sites like CrackStation maintain massive precomputed rainbow tables mapping billions of known inputs to their MD5 digests, making lookups instant. This is why MD5 should never be used to store passwords.

   Despite being broken, MD5 is still widely found in legacy systems, file integrity checks (where collision resistance matters less than speed), and CTF challenges. Modern alternatives include bcrypt, scrypt, Argon2, or at minimum SHA-256 with a unique per-user salt to defeat rainbow table attacks.

2. Step 2Crack the SHA-1 hash
   b7a875fc1ea228b9061041b7cec4bd3c52ab3ce3 → letmein.
   Learn more

   SHA-1 (Secure Hash Algorithm 1) produces a 160-bit (40 hex character) digest. It was the government standard for decades and is far more common in the wild than MD5 - SSL certificates, Git commits, and SVN repositories all historically relied on it.

   Google demonstrated a practical SHA-1 collision in 2017 (the SHAttered attack), definitively ending SHA-1's use in security-critical contexts. The hash above maps to "letmein," another entry in every common wordlist. Because SHA-1 lacks a salt, the same password always produces the same hash, making wordlist attacks trivially fast even without rainbow tables.

   Git still uses SHA-1 internally for object addressing (though the collision risk in that context is considered low), and many older X.509 certificate chains include SHA-1 signatures that browsers now reject. NIST deprecated SHA-1 for most uses in 2011 and fully disallowed it in federal systems by 2014.

3. Step 3Crack the SHA-256 hash
   916e8c4f79b25028c9e467f1eb8eee6d6bbdff965f9928310ad30a8d88697745 → qwertyuiop. Submit each response over the nc session to obtain the final flag.
   Learn more

   SHA-256 belongs to the SHA-2 family and produces a 256-bit (64 hex character) digest. No practical collision has ever been found, and it remains the backbone of TLS, Bitcoin, code signing, and many password storage schemes. However, SHA-256 alone is not safe for passwords.

   The issue is speed: modern GPUs can compute billions of SHA-256 hashes per second. The password "qwertyuiop" (a keyboard walk) appears in virtually every wordlist (rockyou.txt, SecLists, etc.), so even a SHA-256 hash of it falls instantly. Secure password hashing requires a slow, memory-hard function like Argon2id, bcrypt, or scrypt, combined with a unique random salt stored alongside the hash.

   This three-step challenge illustrates a key lesson: algorithm strength is irrelevant when users choose weak passwords. A password manager generating random 20-character strings defeats all dictionary attacks regardless of which hash function the server uses. NIST's SP 800-63B now recommends checking passwords against known breach lists rather than enforcing complexity rules.

Alternate Solution

Flag

picoCTF{UseStr0nG_h@shEs_&PaSswDs!_7f29...}

Online hash databases crack these instantly, demonstrating why weak hashes are dangerous.