nerdexam
GIAC

GCIH · Question #755

What hash type is being cracked in the command below? hashcat -m 1800 -a 0 customer.ntds wordlist.txt --potfile-path ./hashcat.potfile

The correct answer is C. SHA-512. Hashcat mode 1800 targets sha512crypt, the SHA-512-based Unix password hashing scheme, not raw SHA-512.

Vulnerability Exploitation & Privilege Escalation

Question

What hash type is being cracked in the command below? hashcat -m 1800 -a 0 customer.ntds wordlist.txt --potfile-path ./hashcat.potfile

Options

  • ASHA-1
  • BLANMAN
  • CSHA-512
  • DNT hashes

How the community answered

(53 responses)
  • A
    2% (1)
  • B
    4% (2)
  • C
    94% (50)

Why each option

Hashcat mode 1800 targets sha512crypt, the SHA-512-based Unix password hashing scheme, not raw SHA-512.

ASHA-1

SHA-1 is represented by '-m 100' in hashcat; '-m 1800' does not correspond to SHA-1 in any context.

BLANMAN

LANMAN hashes use '-m 3000' in hashcat, not '-m 1800', and are a legacy Windows authentication scheme.

CSHA-512Correct

The '-m 1800' flag in hashcat corresponds to sha512crypt ($6$), which is the SHA-512-derived password hashing algorithm used by default in modern Linux and Unix systems. The '-a 0' flag specifies a dictionary attack, meaning hashcat hashes each word in wordlist.txt using sha512crypt and compares it against the entries in customer.ntds.

DNT hashes

NT hashes (NTLM) use '-m 1000' in hashcat, not '-m 1800', and are the Windows password hash format stored in NTDS.

Concept tested: Hashcat hash mode identification for SHA-512crypt

Source: https://hashcat.net/wiki/doku.php?id=hashcat

Topics

#hashcat#SHA-512#hash identification#password cracking

Community Discussion

No community discussion yet for this question.

Full GCIH Practice