hash/encryption cracking.
i have a general question and it might just be because im confused. When you use a cracker to crack and MD5 hash or any kind of hash (w. wordlists) what goes on?????? what does it do with each word to compare it? because u'd think wordlists could include the hash and save time by just searching for the hash. Flame if you must its late and i know i havent thought over some of the aspects such as… milworm already does that i suppose.
Your thinking is right, and I have written the following for you..
You can easily do what you are talking about with say MySQL..
What you can do is create a small script like the following…
set_time_limit(0);
mysql_connect("localhost", "user", "pass") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
$pass = "a";
while (1) {
$hash = md5($pass);
mysql_query("INSERT INTO table VALUES ('{$pass}', '{$hash}')");
$pass++;
}
?>```
This will keep incrementing $pass alphabetically until you stop it...
Lets say we got this...
```markup
+------+----------------------------------+
| PASS | HASH |
+------+----------------------------------+
| tesq | 25fc24b37d03f5f19c3bdebaf44758be |
| tesr | 171741cb32a4a8887a82befac1877d9b |
| tess | 8b8be2799a2796a36a02004608426bdb |
| test | 098f6bcd4621d373cade4e832627b4f6 |
+------+----------------------------------+
Then lets say I have a hash…
Hash: 098f6bcd4621d373cade4e832627b4f6
and we want to figure out what is behind this hash without brute forcing…
This is why we created the table, so we did not have to go threw and md5 all them passwords over again and waste our time…
So now we can simply do a SELECT PASS FROM table WHERE HASH = '098f6bcd4621d373cade4e832627b4f6'
If the hash is in the table it should return the plain text password..
Infact this is really nice, and alot faster then brute forcing / dictionary every single time..
Where what might take me 30 minutes, I can now do multiple times within seconds.
But all I have to do is spend that 30 minutes create that table and use that table instead of brute forcing…
Hope that makes since..
There are alot of MD5 Librarys out there :P One of the famous bots are the MD5 library on AIM…
This bot does something simler to what I have just talked about…
If you want to go even faster look up "Rainbow Tables" on google or something..
Also, here is a small example of using a wordlist.
Say we have a file called wordlist.txt
inside this list we have a few basic passwords…
Lets say we have 5 passwords:
Line 2: admin
Line 3: secret
Line 4: abc123
Line 5: youcantguessme```
Then we can simply create a wordlist script as follows...
```markup<?PHP
set_time_limit(0);
$list = file("wordlist.txt"); // Load the file "wordlist.txt" into an array: $list - Key: Line Num ~ Value: Line Value
$encryptedHash = "098f6bcd4621d373cade4e832627b4f6"; // Test
/**
* Loop threw the $list array whitch holds each line of the wordlist.txt
* Store the key ("line number") as $line and value ("line value") as $word
*/
foreach ($list as $line => $word) {
$hash = md5($word); // md5 the word we are currenly at in the $list array
/**
* if ( "encrypted hash from file" equals "encrypted hash i want the value of" ) display that hash and kill the script
*/
if ($hash == $encryptedHash) {
die("The password is {$word}"); // Terminate the script
}
}
?>```
I hope you have a little better understanding of how it works now, and hope you can throw some ideas of your own together...
Have fun!