If you’re into offensive security, you’re probably familiar with password cracking tools such as john the ripper and hashcat. Did you know that you can openssl to your cracking toolset as well?
Recently I was working on solving a machine on hackthebox.eu, when obtained a salted password hash that I needed to crack. Some googling led me to this post: https://www.petenetlive.com/KB/Article/0000940
The author recommends using openssl to decrypt the password. I thought this was a pretty interesting method rather than just popping the hash into john. Let’s break down what’s going on here.
OpenSSL passwd Link to heading
Openssl features the passwd command, which is used to compute the hash of a password. By default, it uses the standard unix crypt algorithm to generate a hash. It also gives you the option to use the MD5, apr1 (Apache variant), AIX MD5, SHA256, and SHA512 algorithms.
# crypt
openssl passwd P@ssword
jjT4Sq45Y8QsY
# MD5
openssl passwd -1 P@ssword
$1$4E87ltEe$Ss7jSoAMGGz5x8RolDbbA.
# SHA256
openssl passwd -5 P@ssword
$5$6/vyTYmYCAEi/QSu$W5XwSp9t3uM0dJIzAo9fArspg7SbNBwO9A61USkktA/
# SHA512
openssl passwd -6 P@ssword
$6$d9QwuzLthgZ8z3yU$odLLSJCfXHhn8BKezUa215teWRdrVzZlz3.77VwCGSRnskqchnOslb04PpeLE2zNeVdindbCfJl3/KpP.eGVN1
Another thing to keep in mind is that if you don’t specify a salt, passwd will use a unique salt each time you call the command (in case you were wondering why running the command on the same password produces different hashes:
openssl passwd P@ssword
axjSClcHPZ4EY
openssl passwd P@ssword
UtTAaqGVUANyI
openssl passwd P@ssword
gBLn3stAFu40E
Cracking Hashes Link to heading
So now that we know the primary utility of the passwd command, let’s use it to crack some hashes! The general idea here is that we use openssl to generate hashes from a wordlist, and compare the hash we want to crack to this newly generated list.
For this example, we will be cracking an MD5 hash $1$xx$BJua.upYUAEs5nrUyayjx.. The first thing we want to do is identify the salt, which can be found between the second pair of $ symbols: $1$xx$BJua.upYUAEs5nrUyayjx.
Now that we know the salt, all we need to do now is to feed a wordlist of our choosing into openssl, and use a small portion of the hash with grep to find a matching hash:
openssl passwd -1 -salt xx -table -in passwords | grep YUAEs5nrUyay
Let’s breakdown the flags above:
-1: this tells passwd to use the MD5 algorithm-salt: we specify the salt (‘xx’) here-table: this prints the output in a nice format, our password in one column and our hash in the other-in: use this to specify out wordlist
After a few seconds:
openssl passwd -1 -salt xx -table -in passwords | grep YUAEs5nrUyay
N3atP@ssw0rd $1$xx$BJua.upYUAEs5nrUyayjx.
Nice! We have our password.
Performance Link to heading
How does using openssl to crack a hash compare to a purpose-built tool like john the ripper? Let’s do a quick comparison of a standard dictionary attack. To test this, I’ll use a password N3atP@ssw0rd, with a salt of xx. The MD5 hash of this combination results in: $1$xx$BJua.upYUAEs5nrUyayjx.. I’ll be using the linux time utility to time the run of each command.
I created a password file containing 10000 random passwords, including the password that matches our hash. I ran the following command 5 times:
time openssl passwd -1 -salt xx -table -in passwords | grep UAEs5nrUyayjx
The results are as follows:
| Run | Run Time (s) |
|---|---|
| 1 | 5.584 |
| 2 | 5.690 |
| 3 | 5.529 |
| 4 | 5.738 |
| 5 | 6.045 |
| AVG 5.717s |
In comparison, here are the results from john the ripper:
time john --wordlist=./passwords ./hash
| Run | Run Time (s) |
|---|---|
| 1 | 0.356 |
| 2 | 0.352 |
| 3 | 0.349 |
| 4 | 0.371 |
| 5 | 0.359 |
| AVG 0.357s |
It’s pretty clear who the winner is here!
Summary Link to heading
While not the fastest option for cracking a password hash, openssl is another option that can be added to your toolbelt. This is also useful considering its prevalence on Linux hosts, where you may not have access to dedicated tools like john the ripper.