Tuesday, February 22, 2011

How To Crack Simple MD5


 How To Crack Simple MD5 | Ethical Hacking Tutorials

 In this tutorial, I will teach you how to crack simple MD5. MD5 is hash value which has been employed in a wide variety of security applications nowdays. In global net, we can simplify MD5 decrypter and generate MD5 Hash in online. What is MD5? You can find more information of MD5 in Wikipedia.



MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit (16-byte) hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it has been shown that MD5 is not collision resistant as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. An MD5 hash is typically expressed as a 32-digit hexadecimal number. MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found also to be vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable; specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006, and 2007. In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity. US-CERT of the U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"and most U.S. government applications will be required to move to the SHA-2 family of hash functions after 2010.


Let's start our tutorial. How To Crack Simple MD5,

 #!/usr/bin/perl
$ver = "01";
$dbgtmr = "1"; #Intervall of showing the current speed + lastpassword in seconds.

if ($dbgtmr<=0){ die "Set dbgtmr to a value >=1 !\n";};
use Digest::MD5 qw(md5_hex);
use Time::HiRes qw(gettimeofday);

if ($ARGV[0]=~"a") {
$alpha = "abcdefghijklmnopqrstuvwxyz";}
if ($ARGV[0]=~"A") {
$alpha = $alpha. "ABCDEFGHIJKLMNOPQRSTUVWXYZ";}
if ($ARGV[0]=~"d") {
$alpha = $alpha."1234567890";}
if ($ARGV[0]=~"x") {
$alpha = $alpha. "!\"\$%&/()=?-.:\\*'-_:.;,";}

if ($alpha eq "" or $ARGV[3] eq "") {usage();};
if (length($ARGV[3]) != 32) { die "Sorry but it seems that the MD5 is not valid!\n";};

print "Selected charset for attack: '$alpha\'\n";
print "Going to Crack '$ARGV[3]'...\n";

for (my $t=$ARGV ;$t<=$ARGV[2];$t++){
crack ($t);
}

sub usage{
print "\n\nMD5 Hash Bruteforce Kit v_$ver\n";
print "by unix_chro alias backtrack (311733@yahoo.com)\n";
print "Member in staff leader:elite-members,ubuntu-
hackers\n\n";
print "USAGE\n";
print "./md5crack <charset> <mincount> <maxcount> <yourMD5>\n";
print " Charset can be: [aAdx]\n";
print " a = {'a','b','c',...}\n";
print " A = {'A','B','C',...}\n";
print " d = {'1','2','3',...}\n";
print " x = {'!','\"',' ',...}\n";
print "EXAMPLE FOR CRACKING A MD5 HASH\n";
print "./md5crack.pl ad 1 3 900150983cd24fb0d6963f7d28e17f72\n";
print " This example tries to crack the given MD5 with all lowercase Alphas and all digits.\n";
print " MD5 Kit only tries combinations with a length from 1 and 3 characters.\n-------\n";
print "./md5crack.pl aA 3 3 900150983cd24fb0d6963f7d28e17f72\n";
print " This example tries to crack the given MD5 with all lowercase Alphas and all uppercase Alphas.\n";
print " MD5 Kit only tries passwords which length is exactly 3 characters.\n-------\n";
print "./md5crack.pl aAdx 1 10 900150983cd24fb0d6963f7d28e17f72\n";
print " This example tries to crack the given MD5 with nearly every character.\n";
print " MD5 Kit only tries combinations with a length from 1 to 10 characters.\n";
die "Quitting...\n";
}

sub crack{
$CharSet = shift;
@RawString = ();
for (my $i =0;$i<$CharSet;$i++){ $RawString = 0;}
$Start = gettimeofday();
do{
 for (my $i =0;$i<$CharSet;$i++){
  if ($RawString[$i] > length($alpha)-1){
   if ($i==$CharSet-1){
   print "Bruteforcing done with $CharSet Chars. No Results.\n";
   $cnt=0;
   return false;
  }
  $RawString[$i+1]++;
  $RawString[$i]=0;
  }
 }
##################################################  #
  $ret = "";
  for (my $i =0;$i<$CharSet;$i++){ $ret = $ret . substr($alpha,$RawString[$i],1);}
  $hash = md5_hex($ret);
  $cnt++;
  $Stop = gettimeofday();
  if ($Stop-$Start>$dbgtmr){
   $cnt = int($cnt/$dbgtmr);
   print "$cnt hashes\\second.\tLast Pass '$ret\'\n";
   $cnt=0;
   $Start = gettimeofday();
  }
           print "$ARGV[3] != $hash ($ret)\n";
  if ($ARGV[3] eq $hash){
   die "\n**** Password Cracked! => $ret\n";
  }
##################################################  #
 #checkhash($CharSet)."\n";

 $RawString[0]++;
}while($RawString[$CharSet-1]<length($alpha));
}

sub checkhash{
$CharSet = shift;
$ret = "";
for (my $i =0;$i<$CharSet;$i++){ $ret = $ret . substr($alpha,$RawString[$i],1);}
$hash = md5_hex($ret);
$cnt++;
$Stop = gettimeofday();
if ($Stop-$Start>$dbgtmr){
 $cnt = int($cnt/$dbgtmr);
 print "$cnt hashes\\second.\tLast Pass '$ret\'\n";
 $cnt=0;
 $Start = gettimeofday();
}

if ($ARGV[3] eq $hash){
 die "\n**** Password Cracked! => $ret\n";
}

}



save it as *.pl
How to use ? Easy.
-Install perl language console, then run.
- c:\> perl -script.pl


I would like to say thank you and highly appreciate your support. Please subscribe from the link bottom to appreciate my work and get the daily updates. Thank You. Happy Ethical Hacking Subscribe to Free Ultimate Download by Email

No comments:

Post a Comment