If you're into offensive security, you're probably familiar with password cracking tools such as john the ripper and hashcat. Did you know that you can openssl to your cracking toolset as well?
Recently I was working on solving a machine on hackthebox.eu, when obtained a salted password hash that I needed to crack. Some googling led me to this post: https://www.petenetlive.com/KB/Article/0000940
The author recommends using openssl to decrypt the password. I thought this was a pretty interesting method rather than just popping the hash into john. Let's break down what's going on here.
Openssl features the passwd command, which is used to compute the hash of a password. By default, it uses the standard unix crypt algorithm to generate a hash. It also gives you the option to use the MD5, apr1 (Apache variant), AIX MD5, SHA256, and SHA512 algorithms.
# crypt openssl passwd P@ssword jjT4Sq45Y8QsY # MD5 openssl passwd -1 P@ssword $1$4E87ltEe$Ss7jSoAMGGz5x8RolDbbA. # SHA256 openssl passwd -5 P@ssword $5$6/vyTYmYCAEi/QSu$W5XwSp9t3uM0dJIzAo9fArspg7SbNBwO9A61USkktA/ # SHA512 openssl passwd -6 P@ssword $6$d9QwuzLthgZ8z3yU$odLLSJCfXHhn8BKezUa215teWRdrVzZlz3.77VwCGSRnskqchnOslb04PpeLE2zNeVdindbCfJl3/KpP.eGVN1
Another thing to keep in mind is that if you don't specify a salt, passwd will use a unique salt each time you call the command (in case you were wondering why running the command on the same password produces different hashes:
openssl passwd P@ssword axjSClcHPZ4EY openssl passwd P@ssword UtTAaqGVUANyI openssl passwd P@ssword gBLn3stAFu40E
So now that we know the primary utility of the passwd command, let's use it to crack some hashes! The general idea here is that we use openssl to generate hashes from a wordlist, and compare the hash we want to crack to this newly generated list.
For this example, we will be cracking an MD5 hash
$1$xx$BJua.upYUAEs5nrUyayjx.. The first thing we want to do is identify the salt, which can be found between the second pair of
Now that we know the salt, all we need to do now is to feed a wordlist of our choosing into openssl, and use a small portion of the hash with grep to find a matching hash:
openssl passwd -1 -salt xx -table -in passwords | grep YUAEs5nrUyay
Let's breakdown the flags above:
-1: this tells passwd to use the MD5 algorithm
-salt: we specify the salt ('xx') here
-table: this prints the output in a nice format, our password in one column and our hash in the other
-in: use this to specify out wordlist
After a few seconds:
openssl passwd -1 -salt xx -table -in passwords | grep YUAEs5nrUyay N3atP@ssw0rd $1$xx$BJua.upYUAEs5nrUyayjx.
Nice! We have our password.
How does using openssl to crack a hash compare to a purpose-built tool like john the ripper? Let's do a quick comparison of a standard dictionary attack. To test this, I'll use a password
N3atP@ssw0rd, with a salt of
xx. The MD5 hash of this combination results in:
$1$xx$BJua.upYUAEs5nrUyayjx.. I'll be using the linux
time utility to time the run of each command.
I created a password file containing 10000 random passwords, including the password that matches our hash. I ran the following command 5 times:
time openssl passwd -1 -salt xx -table -in passwords | grep UAEs5nrUyayjx
The results are as follows:
|Run||Run Time (s)|
In comparison, here are the results from john the ripper:
time john --wordlist=./passwords ./hash
|Run||Run Time (s)|
It's pretty clear who the winner is here!
While not the fastest option for cracking a password hash, openssl is another option that can be added to your toolbelt. This is also useful considering its prevalence on Linux hosts, where you may not have access to dedicated tools like john the ripper.