Password Hashing Challenges (NETLAB)

Challenge 1: Windows Hashes

The following Windows passwords are constructed according to this system:
Where "username" is the username in lowercase and PIN is a two-digit number.

For example, a user named "Sam" might have a password like this:

Crack these passwords, which were collected from a Windows 7 machine with Cain.
Note that the NTLM hash is the rightmost part of each line, after the last colon.

Challenge 2: MD5 Hashes with Several Rounds

The company using the Windows passwords in the previous challenge sets up an online system, with passwords formed the same way.

Somewhere in the Terms of Service, it strongly warns users not to re-use the same password as their Windows password.

In addition, it is now much more secure, because it uses MD5 instead of MD4, and not only that, it uses many rounds of MD5.

It doesn't use Unicode encoding.

Crack these hashes.

Ming: 7621eca98fe6a1885d4f5f56a0525915
Mohammed: b2173861e8787a326fb4476aa9585e1c
sam: 42e646b706acfab0cf8079351d176121

Challenge 3: Many Rounds of MD5 and SHA-1

Somehow, evil hackers broke into the previous Web application.

So the new, super-enhanced system uses a much larger number of MD5 rounds, followed by an even larger number of SHA1 hash rounds. Of course, the total number of hashing rounds is less than 500, because management is sure that's enough.

And now each user has to click "I Agree" to a pop-up box requiring them not to re-use passwords, so only a complete idiot would do that.

Crack these hashes if you can! Send in the correct passwords to collect credit.

Ming: ce788ed5f855e51e6fd78f923b43a6407467c5f2
Mohammed: 582d99006950cddeb2df9f40b3f65ebc283dc378
sam: da660655f4d4714fe605e9063d1ded4b749c50a9



Last revised: 8-17-15

Revised for NETLAB 6-13-16