> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-3/obfuscation/multi-stage-decoding/trick-0624.md).

# Decode Base64 And Crack Hash

***

Start by decoding the Base64 encoded string. If the string is in a file, you can pipe it directly:

```bash
cat root.txt | base64 -d
```

This reveals the Base64-decoded value, which in this case, is a hash (e.g., `BC77AC072EE30E3760806864E234C7CF`).

The next step is to identify the hash type (often MD5 or similar for short strings) and crack it using online services like CrackStation or offline tools such as Hashcat or John the Ripper with appropriate wordlists. For the example hash `BC77AC072EE30E3760806864E234C7CF`, the cracked value is `zxcvbnm123456789`.

To crack hashes offline using tools like Hashcat or John the Ripper, you typically use wordlists.

Hashcat is an advanced password recovery tool. When cracking hashes like MD5, you specify the hash type using the `-m` parameter. For MD5, this is `-m 0`. A common cracking mode is the straight wordlist attack, specified with `-a 0`.

To perform a straight wordlist attack on an MD5 hash stored in `hash.txt` using a wordlist like `rockyou.txt`, the command would be:

```bash
hashcat -a 0 -m 0 hash.txt /usr/share/wordlists/rockyou.txt
```

Alternatively, for a basic wordlist attack on an MD5 hash:

```bash
hashcat -m 0 hash.txt /path/to/wordlist.txt
```

John the Ripper is another powerful password cracker. You can use a wordlist with John by specifying the `--wordlist` parameter. If the hash type is known, you can specify it using `--format`. For a raw MD5 hash, the format is `raw-md5`.

To crack a raw MD5 hash stored in `hash.txt` using a wordlist `rockyou.txt`:

```bash
john --format=raw-md5 hash.txt --wordlist=rockyou.txt
```

A simpler wordlist command without specifying the format (John attempts to detect it):

```bash
john --wordlist=password.lst password.txt
```

You can also use John to show the cracked passwords:

```bash
john --stdout --wordlist=password.lst
```
