Ethical Hacker Community Forums

Resources => Tutorials => Topic started by: tempa on September 20, 2007, 08:26:28 PM


Title: cracking MD5 hash [request tutorial]
Post by: tempa on September 20, 2007, 08:26:28 PM
hi there:

Well.. my english is not so good.. amm let me try to explaind my self

I'm trying to crack a couple of MD5 hashes the thing is I have used alot of md5 crackers methods [brute force, dictionary, etc] and I'm not getting the desired results...

the hash I'm trying so hard to crack is up to 8 characters, please somebody would tell me how, a method, tutorial?

thanks in advance

Title: Re: cracking MD5 hash [request tutorial]
Post by: jimbob on September 21, 2007, 04:04:49 AM
Hi,
There are a few different approaches you can use and you're already mentioned a couple of them.

  • Dictonary attack
This is good for discovering the #low hanging fruit' i.e. the weakest passwords in the stack. A good password cracker will also try variations of the dictionary list e.g. changing case, adding number to the end etc.
  • Brute force/Incremental attack
This method hashes all permutations of a given character set and compares this to the given hash. This can take a long time but will eventually discover the password given enough time. If the password is long and complex it may become infeasible.
  • Rainbow tables
A variation on the brute force attack. A rainbow table is a precomputed set of hashes as opposed to one created at the time of cracking. You simply take your hash can look it up in the table. If it's there you have your password.
[/list]

Recommended tools:
John The Ripper - An excellent password cracker - http://www.openwall.com/john/
RainbowCrack - Rainbow table generator - http://www.antsight.com/zsl/rainbowcrack/
GData - Online MD5 cracker, I've not tested this one - http://gdataonline.com/seekhash.php

You should find plenty of documentation on the web, google is your friend.

Jimbob

Title: Re: cracking MD5 hash [request tutorial]
Post by: BillV on September 21, 2007, 07:11:22 AM
There used to be an online Rainbow Table website, where you could pay for each submission. I can't remember the URL and can't seem to find it atm either. As soon as I come across it I'll post the link (or maybe someone else knows).

Title: Re: cracking MD5 hash [request tutorial]
Post by: don on September 21, 2007, 03:06:10 PM
Take a look at Chris Gates article:

Tutorial: Rainbow Tables and RainbowCrack (http://www.ethicalhacker.net/content/view/94/24/)

And http://www.plain-text.info/

Don

Title: Re: cracking MD5 hash [request tutorial]
Post by: oleDB on September 21, 2007, 03:51:53 PM
The best lightweight, free hash cracker is Ophcrack. The next option for stronger passwords would be either Cain or LC5 with a full RT hash set. You can either generate those tables yourself(6months) or download the torrent. The full set including the <space> is over 60G, so make sure to have a big hard drive. Another great option within Cain that many people ignore is dumping the cached credentials. It requires admin rights, but often the domain accounts used have the same password as the local account.


Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com