Cracking MD5

Cracking MD5

By ghost | 15008 Reads |

0     0

Hello guys and chicks,

Welcome to my first article submission on HTH, I remembered this site when I was a little SKiddie (cant say I'm not fully out of the stage) and just wanted to hack everything in my way.

Well, enough about me, now off the article! In this article, you will learn how to crack a MD5 hash, but the article is limited and does not include cracking salted MD5s. I'm terribly sorry but I haven't actually researched that.

Now, we need a tool and a bunch of documents. Lets hope you have a little diskspace on your HDD.

The first and primary tool we are using is 'Cain & Abel'. But we will be using Cain, it can be downloaded from www.oxid.it (Click on Projects at the top and then download Cain & Abel – one program).

Cain is a MD5 cracker, I dont really know wtf is Abel so lets just forget about that. You might be wondering why I haven't used JTR (John the Ripper) in this article, I have been introduced to JTR a few times and read a few tuts on it but still, I hate all MS-DOS programs, unlike Cain which has a pwnage GUI.

Now, I'm assuming you have your hash. If you just want to test how good Cain can be (although the wordlists are the ones that are helping) and its options, then Google 'MD5 calculator' there are a few that encrypt strings to MD5 but make sure its not something like (5#$FD*&^%HFG@$@$). Now, most crackers cant do that kind of shit. Choose a word, and maybe a number in between 0 and 99 or something else.

Now, on to the cracking! The MD5 I have on my hand is (562bed16598a6d9cbc07d2e9ba6cef97). Now, you can go off to databases and try to crack that just to see how effective the article is.

Now, what good is a cracker with its victim hash without a few decent wordlists, there is a wordlist (3000 KB+) that comes with Cain. Now, lets download a few wordlists.

http://library.2ya.com has a few in 'Webhacks / Bug Scan' section on the left, download them all. And after you have downloaded them, I suggest moving them all to the Wordlist directory of Cain for faster and more reliable cracking.

Now follow the images directions and you should be fine.

(IMG: http://img15.imageshack.us/img15/8807/cracker7fk.jpg)

In the image above we have opened the Cracker and I have circled with red around the 'Cracker' tab which must be clicked to proceed.

(IMG: http://img69.imageshack.us/img69/4692/md56ht.jpg)

In the that image, we have (in the Cracker tab) chosen from the list of encryption-algrothims which Cain supports 'MD5 Hash'.

Now you have to press Insert on your keyboard to get the next image.

(IMG: http://img4.imageshack.us/img4/1449/insert2ig.jpg)

In that image, after clicking 'Insert' on your keyboard or right-click and press 'Add to list..' or pressing the + button at the top of the window, it should bring you up that screen with no hash, now enter your hash which I have did and then press OK.

(IMG: http://img33.imageshack.us/img33/7558/dictionary1xr.jpg)

Now in that image we have right-clicked on the MD5 hash and pressed 'Dictionary Attack' which brought us up with the following screen after pressing 'Add..' on the top right.

(IMG: http://img65.imageshack.us/img65/4223/add7zf.jpg)

You cannot add all wordlists at once, so you have to click on the first (Wordlist) then press OK, and then repeat the process with the following files.

After you have added all wordlists..

(IMG: http://img40.imageshack.us/img40/8320/start8vm.jpg)

Press the 'Start' button, the options are set by default because we know the password aint going to be that hard, if it didn't work on all wordlists then choose the mode 'Case perms (Pass, pAss, paSs, pasS)' if and only if the hash hasn't been cracked with the default settings on all wordlists.

Now, let it proceed with cracking. Uh-huh, after a few moments it has cracked the hash, that's the hash that I was using in the example (562bed16598a6d9cbc07d2e9ba6cef97). The following screen appeared.

(IMG: http://img67.imageshack.us/img67/3673/cracked7gf.jpg)

'starcraft00'; hooray! If you are wondering wtf had the password set is some neopets rich guy which I cracked his cookie with my ex-crew.

Well, that's it for our article, I hope you have enjoyed, and all information in this article is up-2-date on Sunday, January 22, 2006 and will be up-2-date for a few months hopefully.

I hope I get good comments on the article, it was designed for all people to understand, newbies (the word noob is offending) and what is more intermediate.

~ oxeh