Ive seen a few requests for people to crack hashes, and some people aren't doing it right, just leaving a hash is not enough to help us help you.
This tutorial will walk threw the basics and try and help you out in your future of hashing.
It is common practice for most web programmers to secure passwords by storing the encrypted value of the password in a database, because if they don't they risk a major security flaw which can harm their customers and themselves.
Hashes are also known as Cryptography, in a way.
Some hashes can decode on purpose, while others you need to brute force.
An example of encryption that allows decoding is Base64.
2.1 Need-To-Know's about Hashes
Widely used Hash Types include:
MD5 | SHA-1 | SHA-2
This means these 3 are the ones you need to be looking into when you grab a hash.
2.1.1 Hash Collisions
Type | Word Size| Collision |
MD5 | 32 | | Yes |
SHA-1 | 32 | Yes |
SHA-2 | 64 | No |
From the graph I made above you can see MD5 and SHA-1 have Hash Collisions. This means that more then 1 value can equal the same hash value.
This is common sense seeing as MD5 and SHA-1 are both 32 Characters long, and there is a limit of how many 32 random characters you can make, I mean it isnt infinite. So their aught to be a Collision at some point.
3 Hash Decrypt Sites
H(a) = H(b)
H representing the hash function.
many sites host services where you can md5 encode whatever you want, but at the same time this service saves both values for later.
So be aware when you use these services your md5 input and output will be saved in their database for their "md5 decode" service.
A list of Hash Decrypt Sites you can use.
- http://www.cmd5.com/english.aspx (457,354,352,282)
- http://md5cracker.tk/ (MD5 Search engine by searches a total of 14 on-line crackers.)
- http://www.md5decrypter.com (5,889,729)
- http://md5-db.com (The database is approximately 70gb)
- http://md5.rednoize.com (56,502,235)
- http://gdataonline.com/seekhash.php (3,251,106)
- http://www.tmto.org/?category=main&page=search_md5 (306.000.000.000)
- http://www.milw0rm.com/cracker/insert.php (Milw0rm Cracker db)
- http://blacklight.gotdns.org/cracker/crack.php (2,456,288)
- http://www.shell-storm.org/md5 ( The data base currently contains 169582 passwords )
- http://md5.xpzone.de (Need Account)
- http://passcracking.com/ (Register to increase your priority)
4 Brute Forcing
Most secure CMS's (Content Management Systems) use Salts and different algorithms.
an example is
Knowing the Hash + Hash Algorithm is needed when requesting help on cracking a hash.
Recommended Brute Forcing Programs
HashCat = Linux
HashCat GUI = Windows.
To brute force passwords its common sense you need a list of words.
Depending on the site of your CPU it all depends on how much space you want to use.
You can look at all the different word lists here
OR Download the wordlists I used in the HashCat video above.
NamesNumbers - 4MB - 4000800 Words
Really useful list, it provides top 200 popular male and female names followed by numbers.
28GB Wordlist - 28GB - 4103549326 Words
wordlist1 - 107MB - 9657365 Words
I Opened this up and it looked pretty useless as well as a waist of time to look threw. Around 28GB of just 6-7 characters long with special characters, letters, and numbers. Like ()[email protected]
This file contains alot of number combination's as well as common passwords. This has gotten me afew cracks in the past.
UrbanDictionarySlangA-Z - 26KB - 3087 Words
I took the time and copying and pasting the top popular A-Z Urban Dictionary words, because some people use slang terms like friend and cumdumpster as a password.
If this tutorial doesn't help you or teach you how to crack hashes, then you can post a thread, but before you post a thread look at this layout:
Hash Algorithm(if known):
Salt (if any):