Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

a hash and.....


someone_lost's Avatar
Banned
0 0

can anyone tell me how long it will take to bruteforce a md5 hash possible with a password containing letter, number,special chars and maybe 9 char long maybe. or any other method would be appreciated any program code also only in c, c++ or java thnx in advance :D


Huitzilopochtli's Avatar
....
10 9

It take forever.

But……..fear not noob ………..here be Bozocrack.

Alas, the BozoCrack algorithm adds a whole new dimension of vulnerability to MD5, as Salonen commented: "BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load."

How does BozoCrack do its voodoo? The author explains: "Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. It works way better than it ever should."

https://github.com/juuso/BozoCrack


someone_lost's Avatar
Banned
0 0

can i run it on window and its ruy if im reading correctly so any readme would do fine edit] and it dosent work just load the hash but no window appears for ans or txt file that i know so but hey thnx for the effortthumbs up


MrCyph3r's Avatar
npm ERR!
0 0

It is perfectly working for me…


someone_lost's Avatar
Banned
0 0

ok so where are decrypted plain text is ?


MrCyph3r's Avatar
npm ERR!
0 0

When you run the program it spits out the plaintext password just in front of your eyes… in the terminal window… you are using the terminal, aren't you?


Huitzilopochtli's Avatar
....
10 9

Him no have RUby installed.

Him double click on Bozocrack.rb file for a Hour, before give up. tee-hee


someone_lost's Avatar
Banned
0 0

Him no have RUby installed.

Him double click on Bozocrack.rb file for a Hour, before give up. him so fun fun me happy :D:D:D

When you run the program it spits out the plaintext password just in front of your eyes… in the terminal window… you are using the terminal, aren't you? yes terminal in linux when executing command: $ ruby bz.rb hashfile.txt ans : "1 hash file loaded" only that then passes to the cursor no plain text and bz is file name of ruby and hash is txt for my hash

Him no have RUby installed. him have on liux par but no work him tell me or him seetee-hee him send post useless waaahahahah:D not on cmd or terminal or editrocket alsotut im sending hash check it out :" Removed Hash "


MrCyph3r's Avatar
npm ERR!
0 0

im sending hash check it out :" Removed Hash "

^^^^^ seems legit ^^^^^

You are trying to decrypt an MD5 hash…. goooooood luck with this one lol thumbs up


Huitzilopochtli's Avatar
....
10 9

This best part of description. tee-hee

BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results. It works way better than it ever should.

"Removed Hash" that salted FreeBSD md5


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12

We'll keep the mysterious hash limited to whispered conversations, and the PM inboxes of anyone who's interested.

Rather not leave a public record of it on the forum for the world to gaze at.

Cheers. thumbs up


someone_lost's Avatar
Banned
0 0

oh man rex just wtf man ok i send pm to both of you then check and give answer man

This best part of description. Tee-Hee-Hee yep he totally did it man ou are trying to decrypt an MD5 hash…. goooooood luck with this one lol at last you finally understood what this conversation is al about my hard works paystee-hee @Huitzilopochtli your inbox is full man ive send it to cypher ask him yhnx man


Huitzilopochtli's Avatar
....
10 9

No.

He laughing for you try decrypt md5 ……but you no listen, it no ordinary md5

md5 like this 1f03bee69c31b72bffc380b06d786b60

No like this $1$U/l0ve$the/BoABy/YaR0asT3r.

Use jtr.


someone_lost's Avatar
Banned
0 0

nope its md5 hash for**** salted md5 and john tr is not a good choice for it dude just google it if you want to know more its is md5


MrCyph3r's Avatar
npm ERR!
0 0

someone_lost wrote: at last you finally understood what this conversation is al about my hard works paystee-hee

Oh my man, I never laughed so hard… that's freakin' awesome, you rock bro!!


MrCyph3r's Avatar
npm ERR!
0 0

someone_lost wrote: nope its md5 hash for cisco ios and john tr is not a good choice for it dude just google it if you want to know more its is md5

Ok so, I'm not really good at this but I was searching on Wikipedia and I see:

The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number

And if I search on Wikipedia something about this hexadecimal thing I get:

In mathematics and computing, hexadecimal (also base 16, or hex) is a positional numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0–9 to represent values zero to nine, and A, B, C, D, E, F (or alternatively a–f) to represent values ten to fifteen.

So, if only numbers from 0 to 9 and letters from A to F are allowed… how can I use chars like '$' and '/' on an MD5 hash?


someone_lost's Avatar
Banned
0 0

im sorry ive not known it before but its salted md5 @Huitzilopochtli bozo will not work on salted

"Removed Hash" that salted FreeBSD md5

wow thnx dude not way that ive known that @cypher search salted md5 so where were we any suggestion:o and thats why it cant be googled but thnx for the efforts guysthumbs up


MrCyph3r's Avatar
npm ERR!
0 0

… unbelievable …

Anyway, back on topic, I'm serious right now…

For me it looks like a Cisco Type 5 password and so you have:

$1$<a salt which is 4 bytes long>$<the actual hash>

This type of hash is similar to the one you would typically find on unix distros. I say similar because classic salts, in the other version, are of exactly 8 bytes.

But that doesn't change anything from cracking perspective, you can still use the same methods, including JTR.


Huitzilopochtli's Avatar
....
10 9

Cisco uses the same FreeBSD-derived hashing method that John readily supports. You can use the following "sed" one-liner to extract passwords from Cisco IOS config files in a format usable by John:

sed -n 's/[ :]//g; s/^\(.\{1,\}\)5\($1$[$./0-9A-Za-z]\{27,31\}\)*$/\1:\2/p' < cisco-device-config > passwd

(It might work with config files from non-IOS Cisco devices as well, but I have not tried that.)

With these lines (and more) in cisco-device-config:

enable secret level 2 5 $1$WhZT$YYEI3f0wwWJGAXtAayK/Q. enable secret 5 $1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 the sed script's output is:

enable_secret_level_2:$1$WhZT$YYEI3f0wwWJGAXtAayK/Q. enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0

which John cracks like this:

Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])

test (enable_secret_level_2) guesses: 1 time: 0:00:00:18 8% (2) c/s: 2033 trying: tricky1

http://www.openwall.com/lists/john-users/2006/05/14/8


someone_lost's Avatar
Banned
0 0

guys guys hold on the main prospectivr of tjhis toipic is bruteforce against time and you now how much time it wouls take to bypass this hash any idiea well some guy told me :

It take forever.

But……..fear not noob .. so we are back to were we started any sugestions becus i can wait eternity to pass this hash b/ there are oyher things to do so better than jtr guys any other method also appreciated this threadis gong way out of is objective so rather giving some bullsht be more realistic and give advice after some resarch toodlestee-hee

… unbelievable …

@cyper what for lol rofl lol:D:D:D:D

For me it looks like a Cisco Type 5 password and so you have:

$1$<a salt which is 4 bytes long>$<the actual hash>

This type of hash is similar to the one you would typically find on unix distros. I say similar because classic salts, in the other version, are of exactly 8 bytes why are you telling me that i already know its md5crypt used in some unix and linus a one war tranformation of hash by some algo blah blah
just spill the way how to crack it in considerable timelol

Cisco uses the same FreeBSD-derived hashing method that John readily supports. You can use the following "sed" one-liner to extract passwords from Cisco IOS config files in a format usable by John:

sed -n 's/[ :]//g; s/^\(.\{1,\}\)5\($1$[$./0-9A-Za-z]\{27,31\}\)*$/\1:\2/p' < cisco-device-config > passwd

(It might work with config files from non-IOS Cisco devices as well, but I have not tried that.)

With these lines (and more) in cisco-device-config:

enable secret level 2 5 $1$WhZT$YYEI3f0wwWJGAXtAayK/Q. enable secret 5 $1$4C5N$JCdhRhHmlH4kdmLz.vsyq0 the sed script's output is:

enable_secret_level_2:$1$WhZT$YYEI3f0wwWJGAXtAayK/Q. enable_secret:$1$4C5N$JCdhRhHmlH4kdmLz.vsyq0

which John cracks like this:

Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])

test (enable_secret_level_2) guesses: 1 time: 0:00:00:18 8% (2) c/s: 2033 trying: tricky1

ok lets test the jtr then wait ……. wait …… a little more….. alitlle more…… wait……… wait…….. thnaks for waiting but there are still 38398475675 years left so happy waiting lollollololololollolol :D:D:D:D:D hws thatthumbs up i have tried many soft including jtr takig lots time so something better according to your rank matesthumbs up


Huitzilopochtli's Avatar
....
10 9

You tell it md5 and it not.

Me say it look like sallted FreeBSD.

You say im sorry ive not known it before but its salted md5

So all this time you try crack hash, you do it wrong way.

Me tell you use JTR and give you link to site where exact same question get asked, and answered.

It have specific commands and options for crack salted FreeBSD/Cisco hash in fastest time possible.

This crack your hash the correct way.

You not even try this. You say it take too long.

But you no even try.

So just take hash and stick up own crack. thumbs up


someone_lost's Avatar
Banned
0 0

me run jtr me dwnloaded jtr me running jtr 5 hrs me tried single me tried wordlist me tried incremental me still waiting me find way me find way u dont worry me thnx you you have crack u also try u see then tell time me still trying me not saying anything me learning me wants help me trying me thirsty me drink water me say bye mw say thnxthumbs up 1more thing freebsd is alsoa typeof md5 hash isnt it dude correct methumbs up and hash is "spi11_2$out" its the passwd


someone_lost's Avatar
Banned
0 0

still dont know meaning of it rofl rofl rfol hey dude dont get upset mate i really apreciate your help dude if its for nothing then i wont even try thnx man you the man and one more thing ive use cain ive use jtr and etc but this hash contain aome special chars and num and chars so its hard to brute force and i dont know how to get past ok but you give hope me me kept trying me share results with you guys me happy me friend help me friend hultipotti me friend cypher me lol


Huitzilopochtli's Avatar
....
10 9

You beg good.

Like tasty dog for eating.


someone_lost's Avatar
Banned
0 0

You beg good.

Like tasty dog for eating. and just found out youre also broke so brothers alike:D cheers mate thumbs up and 1more thing salted freeBSD is also known as md5crypt so its a type of md5 hash why dont you get it man should now i saddle my donkey and come across to your pond and …. im saddling my donkey u knowthumbs up checkit and get enlightened https://hashcat.net/wiki/doku.php?id=example_hashes


Huitzilopochtli's Avatar
....
10 9

Honestly.

Give keyboard to donkey

It have better chance of cracking hash than you do.


someone_lost's Avatar
Banned
0 0

Honestly.

Give keyboard to donkey

It have better chance of cracking hash than you do. ok i lost you win just tell me on what im wrong and what should i do seriusly dude this my last post and sorry for pissing you off really it went too far and i sincerely apologize for that so from now no hard feeling just a fresh start ok i dont know much about hashes im interested in learning how to break them so will you teach me sensai:)


Huitzilopochtli's Avatar
....
10 9

You can submit to cloudcracker and them crack it in hour for $17

Get free account here and set up own cracker:

http://aws.amazon.com/ec2/instance-types/#clustergpu-instances

That have two NVIDIA Tesla M2050 GPUs attached, if install oclHashcat-plus

It can crunch 2320.9 million normal MD5 hashes per second with cluster. thumbs up ; Not know speed for crypt md5 though but it be much less.

Or use Passwordpro him let you use "distributed attack" this share hash with up to 999 other computers, you need to set different password ranges for each comp, so they all brute hash from different starting points.

It cost about $3 or less for rent 100 computers for hour.

Depend how bad you want crack it.


someone_lost's Avatar
Banned
0 0

thnx dude but i already know all expensive ways im just a freeloader so i stick to free glad you chech hashcat thnx mate