Results 1 to 4 of 4

Thread: Cracking Hashes - How-to's and What-Nots [Pics|Vids|Downloads]

  1. #1

    Cracking Hashes - How-to's and What-Nots [Pics|Vids|Downloads]

    1. Intro
    Ive seen a few requests for people to crack hashes, and some people aren't doing it right, just leaving a hash is not enough to help us help you.
    This tutorial will walk threw the basics and try and help you out in your future of hashing.

    2. Hashes
    It is common practice for most web programmers to secure passwords by storing the encrypted value of the password in a database, because if they don't they risk a major security flaw which can harm their customers and themselves.

    Hashes are also known as Cryptography, in a way.
    Some hashes can decode on purpose, while others you need to brute force.
    An example of encryption that allows decoding is Base64.

    2.1 Need-To-Know's about Hashes

    Widely used Hash Types include:
    MD5 | SHA-1 | SHA-2
    This means these 3 are the ones you need to be looking into when you grab a hash.
    Type | Word Size| Collision |
    MD5 | 32 | | Yes |
    SHA-1 | 32 | Yes |
    SHA-2 | 64 | No |
    2.1.1 Hash Collisions
    From the graph I made above you can see MD5 and SHA-1 have Hash Collisions. This means that more then 1 value can equal the same hash value.
    This is common sense seeing as MD5 and SHA-1 are both 32 Characters long, and there is a limit of how many 32 random characters you can make, I mean it isnt infinite. So their aught to be a Collision at some point.

    H(a) = H(b)
    H representing the hash function.
    3 Hash Decrypt Sites
    many sites host services where you can md5 encode whatever you want, but at the same time this service saves both values for later.
    So be aware when you use these services your md5 input and output will be saved in their database for their "md5 decode" service.

    A list of Hash Decrypt Sites you can use.

    - (457,354,352,282)
    - (MD5 Search engine by searches a total of 14 on-line crackers.)
    - (5,889,729)
    - (The database is approximately 70gb)
    - (56,502,235)
    - (3,251,106)
    - (306.000.000.000)
    - (Milw0rm Cracker db)
    - (2,456,288)
    - ( The data base currently contains 169582 passwords )
    - (Need Account)
    - (Register to increase your priority)

    4 Brute Forcing
    Most secure CMS's (Content Management Systems) use Salts and different algorithms.
    an example is

    Common: md5($password);
    PHP-Fusion: md5(md5($password));
    VBulliten: md5(md5($password).$salt);
    MyBB: md5(md5($salt).$password);
    Knowing the Hash + Hash Algorithm is needed when requesting help on cracking a hash.

    Recommended Brute Forcing Programs

    HashCat = Linux
    HashCat GUI = Windows.

    4.1 WordLists
    To brute force passwords its common sense you need a list of words.
    Depending on the site of your CPU it all depends on how much space you want to use.
    You can look at all the different word lists here

    OR Download the wordlists I used in the HashCat video above.
    NamesNumbers - 4MB - 4000800 Words

    Really useful list, it provides top 200 popular male and female names followed by numbers.

    28GB Wordlist - 28GB - 4103549326 Words

    I Opened this up and it looked pretty useless as well as a waist of time to look threw. Around 28GB of just 6-7 characters long with special characters, letters, and numbers. Like ()[email protected]
    wordlist1 - 107MB - 9657365 Words

    This file contains alot of number combination's as well as common passwords. This has gotten me afew cracks in the past.

    UrbanDictionarySlangA-Z - 26KB - 3087 Words

    I took the time and copying and pasting the top popular A-Z Urban Dictionary words, because some people use slang terms like friend and cumdumpster as a password.
    Last Resort
    If this tutorial doesn't help you or teach you how to crack hashes, then you can post a thread, but before you post a thread look at this layout:

    Hash Algorithm(if known):
    Salt (if any):
    CMS(if known):

  2. #2
    Awesome Thanks Iv Been Looking For a Free One Of These
    Grate Share.

  3. #3
    SSH-Admin/Leader Afitz200's Avatar
    Join Date
    Apr 2013
    Rep Power
    Oh god, To much to read.
    This is the reason why moderator sucks sometimes.
    Who knows, you could of secretly put a link
    So i haz to read

    All and all, Thanks for the release XD
    Cheap, Secure, Reliable Web Hosting

  4. #4
    Thanks for share, found it in google

    You can also try my new Minecraft Force OP


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts