Cracking Salted Password Hashes

When it comes to cracking or abusing password hashes, you often have three realistic options:

  1. Reversing the hash due to flaws in the algorithm.
  2. Brute forcing the hashes with a dictionary wordlist or rainbow tables.
  3. With update privileges on a database and knowing the generating algorithm, you can simply replace it with a known password.

On penetration testing engagements or CTF challenges, you might often come across hashed and salted passwords either in a database, packet capture file, or hard-coded in a configuration file or in code.

After escalating privileges or exploiting misconfigurations, a common method for lateral movement inside a network is to crack the salted and hashed passwords inside a GNU/Linux /etc/shadow file.

In this example, we have a SHA-512 salted and hashed password:


We can now use a tool like hashcat and a good password list to attack this salted hash:

kali@kali:~/sandbox$ echo '$6$xyz$sh0AtFyFg6tveXzYKKxVrqLP6JvwKlRmmz7ocaI5wztyoPv/HC9WOP4TNsiAglH5cXOctdR.NwTxiKqORuoaj1' > creds.txt                         
kali@kali:~/sandbox$ hashcat -m 1800 -a 0 -o cracked.txt creds.txt /usr/share/seclists/Passwords/Leaked-Databases/alleged-gmail-passwords.txt                 
hashcat (v6.1.1) starting...           

OpenCL API (OpenCL 2.0 pocl 1.8  Linux, None+Asserts, RELOC, LLVM 9.0.1, SLEEF, DISTRO, POCL_DEBUG) - Platform #1 [The pocl project]                          
* Device #1: pthread-Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz, 5836/5900 MB (2048 MB allocatable), 4MCU                                                       

Minimum password length supported by kernel: 0                                 
Maximum password length supported by kernel: 256                               

Hashes: 1 digests; 1 unique digests, 1 unique salts                            
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates   
Rules: 1                               

Applicable optimizers applied:         
* Zero-Byte                            
* Single-Hash                          
* Single-Salt                          
* Uses-64-Bit                          

ATTENTION! Pure (unoptimized) backend kernels selected.                        
Using pure kernels enables cracking longer passwords but for the price of drastically reduced performance.                                                    
If you want to switch to optimized backend kernels, append -O to your commandline.                                                                            
See the above message to find out about the exact limits.                      

Watchdog: Hardware monitoring interface not found on your system.              
Watchdog: Temperature abort trigger disabled.                                  

Host memory required for this attack: 65 MB                                    

Dictionary cache built:                
* Filename..: /usr/share/seclists/Passwords/Leaked-Databases/alleged-gmail-passwords.txt                                                                      
* Passwords.: 3132006                  
* Bytes.....: 29700652                 
* Keyspace..: 3131999                  
* Runtime...: 0 secs                   

Session..........: hashcat             
Status...........: Cracked             
Hash.Name........: sha512crypt $6$, SHA512 (Unix)                              
Hash.Target......: $6$xyz$sh0AtFyFg6tveXzYKKxVrqLP6JvwKlRmmz7ocaI5wzty...Ruoaj1                                                                               
Time.Started.....: Tue Dec 14 19:57:29 2021 (2 mins, 1 sec)                    
Time.Estimated...: Tue Dec 14 19:59:30 2021 (0 secs)                           
Guess.Base.......: File (/usr/share/seclists/Passwords/Leaked-Databases/alleged-gmail-passwords.txt)                                                          
Guess.Queue......: 1/1 (100.00%)       
Speed.#1.........:     1716 H/s (7.53ms) @ Accel:32 Loops:512 Thr:1 Vec:4      
Recovered........: 1/1 (100.00%) Digests                                       
Progress.........: 207232/3131999 (6.62%)                                      
Rejected.........: 0/207232 (0.00%)    
Restore.Point....: 207104/3131999 (6.61%)                                      
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:4608-5000                    
Candidates.#1....: 1amadeua -> 1anamika                                        

Started: Tue Dec 14 19:56:25 2021      
Stopped: Tue Dec 14 19:59:32 2021      
kali@kali:~/sandbox$ cat cracked.txt   
       │ File: cracked.txt             
   1   │ $6$xyz$sh0AtFyFg6tveXzYKKxVrqLP6JvwKlRmmz7ocaI5wztyoPv/HC9WOP4TNsiAglH5cXOctdR.NwTxiKqORuoaj1:1ambatman                                              

In a few moments, we have the password: 1ambatman.

Depending on the hashing algorithm and where the hash and salt have been dumped from, there may also be instances where you have to use a colon to separate the hash and salt, e.g. $pass:$salt.

This is yet another reminder of how important it is to choose a strong password with a high level of complexity. With password managers providing easy options these days to generate and manage strong passwords, there’s no excuse to use (and re-use) weak passwords. Just make sure to use a strong password combined with multi-factor authentication for your password manager, or you just might find someone easily cracking the hash to your password vault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.