Password Cracking Basics

Difficulty: Medium

Match a hash using a tiny wordlist and learn the defender’s fix.

New to this topic? Read the tutorial

Context

A small snippet from a legacy system leaked. Use the wordlist to identify which password produces the given hash.

Static Example

All answers are visible below—copy directly to capture flags.

Capture the Flags

Copy each answer directly from the example (or wrap as CXA{...}). Case-insensitive.

0/3 flags captured

Flag 1 — Which word matches the hash?

Question: From the wordlist snippet, which candidate is the user’s actual password?

Flag 2 — Copy the exact hash value

Question: Copy the MD5 hash from the record that matches the password you found.

Flag 3 — What algorithm should defenders use?

Question: From the Defender Tip, copy the exact algorithm name that starts with “PB…”.

Back to Challenges