MD5 cracking
MD5 cracking
In this Article I will explain what a MD5 hash is, List ways to crack an MD5 hash and explain the how those ways work.
OK so lets see here. First lets learn what MD5 is. (note: in stars taken from Wikipedia.org)
In cryptography, MD5 (Message-Digest algorithm 5) is a widely-used cryptographic hash function with a 128-bit hash value.
Ok so now we know what MD5 is. I wont go into grave details about the flaws concerning it but I will tell you that by the use of collision we can crack an MD5 hash.
So how do we do this? We use a program called Cain & Abel. Please Note that there are many other programs that you can use to crack an MD5 hash.
Cain & Abel is a program that cracks various hashes and can also dump details about yours and others computer(s). Abel is a program that works in conjunction with Cain to control computer(s) on a network. The program we want right now is Cain.
Lets assume you have gotten a MD5 hash from somewhere. OK so go into Cain then click on the Cracker tab. I know what your thinking right now, your think wow there are really that many ways to protect your password? the answer is yes and there are nmany more also. soooo we are going to cruise on down the list until you see "MD5 Hashes". Click on that and a blank table will come up. Now right click on the table and goto "Add to list". From there you simply input your MD5 hash. Now that you have inputed the MD5 Hash click OK. To crack the hash we have a variety of tools ast our disposal. WE could Brute-force it, use a dictionary attack or use a Rainbow-Table. Now while using a Rainbow Table is the fastest method to use, it also takes a very long time to create the table and sort it. The method I would use to start out with would be a dictionary attack. Now in order to use this method you need to get your hands on a dictionary(not a real one) file. I would suggest getting one from http://packetstormsecurity.nl/Crackers/wordlists/ or on www.antiserver.it there are several dictionary file creators. When you get a file then the rest is pretty self-explanitory. Now if the dictionary attack fails to find a password, the next thing to try would be a brute-force attack. Now a brute force attack will usually take a very long time and in some other scenarios it might take as little as 2 minutes, but that is very uncommon. A brute force attack consists of trying every combination of letters, numbers, or symbols and testing them to match the hash. I would only use this method of attack if you really want the password. Now we are onto Rainbow Tables. Cain comes with a built-in program called Winrtgen. I both generates the table and sorts it. A rainbow table is basicly a brute force attack but only shorter. a rainbow table is actually a premade list of text strings to check against the hash. It usually takes about an 1/18th of the time a brute force attack takes. I hope this article has tought you everything you need to know about MD5 hashes and ways to crack them. I would include salted hashes but not even I understand them completely.
~Nubzzz
ghost 18 years ago
Worthless, shallow article. We don't need more stubs of information here. Howtos mean nothing to hacking. You're simply promoting script kiddies.
ghost 18 years ago
Okay, no lets not start flaming. In my opinion, the article is 'ok'. However, I do think it would be good to go over some of the basic concepts of how MD5 works and go more in depth on the types of attacks used to find a collision so the reader has an idea of what is going on.
Nubzzz 18 years ago
Thank you for stoping that and thatnk you for your input i will be sure to remember that the next time i post an article.
ghost 18 years ago
Didn't mean to come off on flaming, but it is a moderately shallow article. 'I hope this article has taught you everything you need to know about MD5 hashes…' Well, didn't see any content about md5 specifically, or even a hash versus encrypted content.
My personal view is that articles should just be deeper than a howto and basic explanations like this.