Challenge 41 ☆☆☆

Welcome to challenge Challenge 41. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.

Password Shucking

A website was using MD5 for hashing passwords, and its developers recently found out that someone released a dump of their user data.

In an attempt to improve security, they decided to migrate to a stronger hashing algorithm like bcrypt.

The developers decided that the fastest way to migrate would be to hash the pre-existing hashes using bcrypt. Using two hashing algorithms would be more secure than using one, right? It appears so.

Unfortunately, a data leak occurred again and this time the dump contained the bcrypt hashed passwords. At least, this time they are safe right?

For this challenge, you are provided with two database dumps containing usernames and passwords. The dump file db-dump.txt was generated before the migration and the other dump file db-dump-2.txt was generated after the migration. Both dump files are available inside the db-dumps folder.

Now, assuming that all the users except one have changed their passwords, can you find the unchanged password?

Answer to solution :

This challenge can be solved using the following steps:

  1. Create two txt files old_hashes.txt and new_hashes.txt containing only the hashes copied from the dump files.

  2. Using old_hashes.txt as password list we can use hashcat to check md5 hashes that match with the bcrypt hashes.

    • Install Hashcat

    • Type in hashcat -m 3200 -a 0 new_hashes.txt old_hashes.txt --show. You will find a single bcrypt hash mapped to a md5 hash.

  3. Using rockyou.txt as password list we can crack the obtained md5 hash.

    • Download the rockyou.txt password list

    • Type in hashcat -m 0 -a 0 82080600934821faf0bc59cba79964bc rockyou.txt --show to find the cracked password.

Why pre-hashing passwords is not a good idea?

Though pre-hashing passwords is an easy way to upgrade legacy hashes, it becomes prone to Password shucking.

It is a technique in which the attackers strip off the newer secure layers of an updated hash reducing it into its weak older counterpart. In this case, we were able to reduce bcrypt hashes to insecure md5 hashes and then crack it.

The safest way to avoid this is to reset the passwords of all users and hash the new passwords with the newer algorithm. But, this method is not user-friendly.

The best way to upgrade is by layering the hashes initially and replacing with direct hashes of the users' passwords next time they logs in.