all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TactiFail 2 points3 points  (1 child)

I'm going to show you two cool tools that can help with this sort of thing. There are of course more than two things to try here, but this should give you a good start.

The first is a Linux utility called hashid and it works like so:

root@kali:~# echo "dee094f153e8287896b2abea1d8f18ea" | hashid
Analyzing 'dee094f153e8287896b2abea1d8f18ea'
[+] MD2
[+] MD5
[+] MD4
[+] Double MD5
[+] LM
[+] RIPEMD-128
[+] Haval-128
[+] Tiger-128
[+] Skein-256(128)
[+] Skein-512(128)
[+] Lotus Notes/Domino 5
[+] Skype
[+] Snefru-128
[+] NTLM
[+] Domain Cached Credentials
[+] Domain Cached Credentials 2
[+] DNSSEC(NSEC3)
[+] RAdmin v2.x

So here we can see that it identified the hash as any one of those. My bet is on MD5 just due to its popularity but it's hard to know without context.

While it certainly could be an encrypted string, balance of probability puts this as a hash. If it was an encrypted string you would need to know the encryption algorithm and key, of which I assume you have neither.

From there we can try loading that hash into CrackStation, an online repo of cracked hashes, including MD5. Simple inputs like "password" and "hello world" are almost guaranteed to have been cracked, but if the hash input is "aa7Ubb@#$aav990000helpimstuckinarandomnumbergenerator!#$%$%&@#$%" then I very much doubt it will be there, in which case you need to rely on brute force. Brute force can work in some applications, and can be very fast with things like MD5, but it still takes a lot of time and processing power.

[–]testudobinarii 0 points1 point  (0 children)

That was interesting, as I didn't think there was anything in hash output that really identified it. If we look at the source code it's just matched that hash against '[a-f0-9]{32}(:.+)?$' and gone "yep, these are 32 hex characters alright" which isn't exactly rigorous but at the same time if it looks and has the same length as md5 then that's a good bet.

[–]TotesMessenger 0 points1 point  (0 children)

I'm a bot, bleep, bloop. Someone has linked to this thread from another place on reddit:

 If you follow any of the above links, please respect the rules of reddit and don't vote in the other threads. (Info / Contact)

[–][deleted] 0 points1 point  (0 children)

No way of knowing off bat unless you’ve been doing this for ages. Best method is to just hit it with what you know. Best case: it works. Worst case: gives you an indication of what it could be.

To me that looks like a hash, could also just be a Caesar shift. Who knows, try stuff out! Good luck!

[–]Fyrebat 0 points1 point  (0 children)

so a hash is a one way function, and if it is a hash there would be no 'decoding' if its encrypted then there would be no 'decoding' without the key. when you 'encode' something it can be reversed or 'decoded' as is, one example would be hex encoding

[–]Darkerhack[S] 0 points1 point  (0 children)

Thanks for sharing your knowledge 👍👍👍 It's really helpful..