5.7 Malware Hash Calc EH

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 47 minutes
Video Transcription
Hi. Welcome back to the course. In the last lab, we talked about using the what's running utility. And we looked at different processes imports running on our target machine.
In this video, we're gonna talk about a tool called hash Counts. We're gonna perform some hash calculations with that tool.
So let's go ahead and get started now. You should still be logged into the Windows 10 machine. If you're not, just go ahead and click on P Lab, win 10
and get connected to it.
So our first step here we want to do is we're gonna click on the file Explorer icon on the task for
So this girl down to her taskbar will click on this file Explorer icon here, it's gonna open it up for us and then we want to look for in step number four here is giving step number three. We want to look at the DVD drive, half CH tools, and then we're gonna go ahead and click on that. And then we're gonna look for the CH Tools folder
so we see DVD drive f
ch tools will go and click on that.
And then we see the CH tools folder right there. So let's go ahead. Double click on that one.
We see several options in here, so let's go back to our lab document.
So we want to select the Hash Kelp folder
and then inside of there, we're gonna double click the file to set it up and actually get this installed.
So we see right here the hashtag folder.
Go and double click on that, opened it up and you'll see a setup for the application. And then just double click on that as well.
You're gonna get the user account control feature here popping up for you, and you'll see that's our next step in the lab.
So once we see that word is gonna click Yes.
All right. So that's gonna pull up the installation wizard for hash kill.
And then let's look back on our lab document here. So we see that it launches, and then we're basically just gonna click next all the way through.
We're gonna accept the license agreement, and then we're gonna could click next. And then we're just gonna basically keep all default settings here and next. Next, next, all the way through till we get to the ready to install page, and then we're just gonna choose you install button. So I know I went through those pretty quickly, but we're gonna visually see them in just a second here. So
we're gonna select next. Here,
here. We want to accept the license agreement. And you're welcome to read through that. If you want to.
Here we're just gonna leave the default path here. We're just going to say next.
Same thing here. We're just going to say next
and then we do want a desktop icon, and if you want a quick launch icon, you could selected as well. I'm not going to but definitely want a desktop icon. And then we're just going to say next
and then here we are at the installation screen is just basically summarizing our choices there. We're just going to say, installed. That'll install the tool for us.
All right, so let's move on to the next step of her lab.
So we've completed the installation, but we want to go ahead and insulate or d select the view. Excuse me. The option that says view the read me file.
So let's go and do that now. So let's un select this top one. Here. Willen, check that box.
And then now we're gonna say finish
now, that's gonna launch the tool for us right here.
All right, so the next time you want to do when the tools open as we're gonna look for a file to do a hash on now we're just gonna use the hashtag application file itself to do the hash on.
So we're gonna click on the three little small bots that's gonna open a pop up box for us,
and then we'll select a hashtag application file and we're gonna select open. So let's go ahead and do that. So thes three little dots right here, the top right quarter. Just go ahead and click on that.
You see, it opens the popular box for us.
We're gonna select a hashtag application file. So you click on this one here, and if you screw over, you'll see it says application has a tight.
Now we're just gonna click, hoping
so that brings us right here. So we haven't calculated anything yet, so let's go back to our lab.
So we've selected open right here.
Now we're gonna leave the default hash type selections alone. So there was a couple of them selected there. And then all we're gonna do is click on Calculate just so we could see the hash of that particular file.
So we've had a couple of them. Your checks to MD five shallow one and the right and the 1 60 seriously, 32. Don't worry about any of those right now. These air just know that these air basic hash functions so different types of doing a hash,
and then we're just gonna click on calculate.
You'll see all these have different lengths, and based on the specific type we're doing here, is gonna give us a different character. Like you see, CRC 30 32. Problem wouldn't take that long to crack that hash.
All right, so let's move on to the next step of her lash on a large lab. Excuse me.
So we see the instep 21 here that the hash is they were calculated and displayed.
So our next step here, we're gonna actually use a featured the text string. So in the data format, drop down menu, we're gonna select text string, so let's go ahead and do that So the data format menu This top left one here,
we're gonna select text strings. Who didn't select that.
You'll see that clears out our current hash is simply because we're gonna be doing something else. Essentially.
All right, so in this data field, we're gonna type welcome to device, and then we're gonna give the device name, so welcome to device P lab, wind tens. Let's go ahead and take that. So, in the state of field here,
so welcome
to device
P L A B O W i n 10 all capital. So again,
right here.
Welcome to Device P Lab Winton. And then we're gonna click on calculate.
Let's calculate the hash of s string.
So we see are different. Hash is right here.
All right, let's move on to the next step in her lab.
So now what we're gonna do is we're gonna check all our hash box, our hashtag check boxes. Excuse me? The one thing we're not gonna check is h m A C, which stands for hash message authentication code. Now, if we check that, what you'll see is that will reduce down the number of hatch types we can actually use So for this step of the lab,
we're just gonna check everything but that option. So let's go and do that.
So this is a chem a c right here. We're not gonna check that at all, but we're gonna check all these other ones down here,
So let's go and check all those.
Let's go back to our lab document here.
So we checked all those, except for H m A. C. And then we're just gonna click on calculate to get all our different ashes just so you can see what all of them look like. You'll see things like Shot 56 obviously goes for a long time. They're safer with 5 12 etcetera.
All right, let's move on to the next step now.
So now we do want to select H M A C check box and what you're going to see again, as I mentioned before that it's going to reduce down the number of hash stops we can do, so you'll see Here. You see all these ones here. Let's go ahead and check that box and see what happens.
You see, it's essentially cut him just about in half.
All right, let's move on to the next portion of our lab. So now we're gonna add a key value. Not normally. We would have the key secret, but for our purposes, everybody's gonna know that we're tidy mind or whatever you want to type in there. This is gonna be the thing that I type in there for the key.
So, um,
we're gonna add a key value. Now we're gonna type tiny mind in. And then we also will just want to make sure that our data field still holds. But welcome to Device P Lab. Win 10. Normally, it does. But sometimes you may have to type it back in. So
again, whenever you want to type there, I'm gonna type tidy mind for the key values. Who in this box right here?
Well, this type tidy mind.
so we did confirm that it looks like welcome to device P lab when tennis still showing. So we're just going to say calculate now, So we see that our previous type text is showing up there
so we don't worry about technician. And again, we're just gonna say calculate and see what we get. So we see that the hashes are different from when we had done our hash before.
And you'll see here said 30 to notice the hash results are different than before.
So the next thing we're gonna do here instead, 33 we're gonna change the data format toe a heck string.
So let's go ahead and do that.
So click in this top left box again and do hex string that's going to clear out. Our hash is again Clear it all this data field stuff.
so our next step here in the data field, we're actually gonna type this year, which is the hex for the color blue. So we're tied four zeros and then to lower case efs.
The other thing we're gonna do is own select H M A C check box.
All right, so you're the type
four zeros and two F's Oliver case,
and then we're uncheck h m A C.
And then we could just leave all these checked. It's not a big deal there. And we're just going to say, calculate,
you'll see again, we got some different hash is going on there based on what type of input we're giving this tool.
So question number one here What's the hash? When using
0000 FF in the data field? So
many options. You could choose on that. I do want to stress that. So depending on what you've chosen here,
this is gonna be the hash that you do. So if we did NT five, that's when we wanted. We would make sure to document this hash right here in our lab document.
If we did shot 2 56 for example, we wouldn't want to make sure that we get all of this hash
and make sure we document that in our documents. So you see, here it goes for a little bit there. If we did shot 5 12 same thing here. Just make sure we copy all this information into our documents.
You see, this one goes for quite a bit there.
And then, of course, if we did something very simple like CRC
2032. Excuse me, would you copy that? Short little number in there?
So in this lab, we just went over using the hash calculator and showed you a couple of the different functions inside of it.
In the next module, we're gonna go over sniffing so much of six week over sniffing, and we're gonna use some different tools to practice sniffing and gang getting information when we do those laps.
Up Next
Penetration Testing and Ethical Hacking

If the idea of hacking as a career excites you, you will benefit greatly from completing this training here on Cybrary. You will learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them. Those interested in earning their Certified Ethical Hacker (CEH) will want to start by taking this course

Instructed By