MD5 Hash Cracker

I wrote an MD5 Hash cracker. But it needs some explination so I'll just post it in the forums, also because nobody ever checks code bank :P. First of all, it's written in PHP so you'll need an Apache server to run it. I'll up it to my website aswell, i'll post the link later. The script is using the common passwords wordlist from theargon. http://www.theargon.com/achilles/wordlists/common-passwords.txt

Remember: be patient, cracking a hash takes a while

Expliantion:

set_time_limit(0); (line 7) this is the timeout limit for your script, in seconds. If it's not executed within this time, it'll stop. 0 means no timeout.

$test_hash=file("http://www.theargon.com/achilles/wordlists/common-passwords.txt"); (line 32) this is the wordlist that is used to check all the hashes. If you want to use a big one, I suggest that you run the script from your PC and are PATIENT! change http://www.theargon.com/achilles/wordlists/common-passwords.txt to the name of your dictionary, if it's in the same folder it would give something like this: $test_hash=file("wordlist.txt"); The wordlist you're using preferably in .txt format, I don't know about others, they should work.

thats it :) I think the rest is all logic, but if you need more expliantion, let me know.

PLEASE don't come saying it doesnt work, I've tested it like a million times :)

Enjoy!

<title>MD5 Hash Cracker</title>
<font face='georgia' size='3'>
<h1><u>MD5 Hash Cracker</u></h1>
<blockquote>
<?php
//Coded by superpimp, for hellboundhackers.org
set_time_limit(0);
function display_form(){
	echo <<<DISPLAY_FORM
		<p> <p>
		<i>You can check if your hash is in the MD5 database <a href='http://gdataonline.com/seekhash.php' target='new'>here</a></i>
		<body>
		<p> <p><u>Enter your hash below:</u>
		<p>
		<table><form action='index.php' method='post'>
		<tr><td><p>
		  <INPUT class='field' type='text' name='md5' size='40'>
		</p>
		    <p>  </p></td></tr></p>
		<p><tr><td><p>Test password: 
	      <INPUT class='field' type='text' name='test' size='15'>
		</p>
		    <p>  </p></td></tr>
		<input type="hidden" name="hash" value="1">
		<tr><td><INPUT class=button type=submit value='Crack!'></form></td></tr></table>
		</body>
		</html>
DISPLAY_FORM;
}
function crack_hash(){
	echo "Using the <a href='http://www.theargon.com/achilles/wordlists/common-passwords.txt'>common-passwords.txt</a> wordlist from theargon.\r\n";
	$test_hash=file("http://www.theargon.com/achilles/wordlists/common-passwords.txt");
	$md5=$_POST['md5'];
	$test=$_POST['test'];
	if ($test!=NULL){
		echo "<p>Your hash: ".$md5."<p>\r\n";
		echo "Password to test: ".$test."<p>\r\n";
		if ($md5==md5($test)){
			echo "The tested password is <font color='green'>correct!</font>\r\n";
			exit;
		}
		else{
			echo "The tested password is <font color='red'>not correct!</font>\r\n";			
		}
	}else{echo "<p>Your hash: ".$md5."<p>\r\n";}
	if ($md5==NULL){
		echo "Please enter a hash.\r\n";
	}
	else{
		echo "<p> <p>\r\n";
		echo "<u>Checked Hashes:</u>\r\n";
		echo "<p><i>Scroll down to see the cracked hash.</i>\r\n";
		echo "<blockquote>\r\n";
		foreach($test_hash as $test_hash){
			$hash=trim($test_hash);
			if(md5($hash)==$md5){
				echo "<p>hash cracked!\r\n";
				echo "<br><font color='green'>Plaintext: ".$test_hash."</font><br>\r\n";
				echo "<p><p>Coded by Superpimp\r\n";
				exit;
			}
			else{
				echo "<font color='red'>Bad: ".$test_hash."</font><br>\r\n";
			}
		}
		echo "</blockquote>\r\n";
	}
}
$check=$_POST['hash'];
if(isset($check)){
	crack_hash();
}
else{
	display_form();
}

?>
<p><p>Coded by Superpimp
</blockquote>

-Superpimp

PS: I'm working on a website bruteforcer ;) :D

Nicely done, I've almost finished my md5 cracker in C++.

Just remember, you don't need an Apache webserver. You could just take out all the html, and replace everything that is entered through a form with command line arguments.

Anyway, good job.