Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 15
Guests Online: 13
Members Online: 2

Registered Members: 82808
Newest Member: Krish
Latest Articles

Cracking MD5

Arrow Image Fine article on using a tool and wordlists to crack MD5 (unsalted).



Hello guys and chicks,

Welcome to my first article submission on HTH, I remembered this site when I was a little SKiddie (cant say I\'m not fully out of the stage) and just wanted to hack everything in my way.

Well, enough about me, now off the article! In this article, you will learn how to crack a MD5 hash, but the article is limited and does not include cracking salted MD5s. I\'m terribly sorry but I haven\'t actually researched that.

Now, we need a tool and a bunch of docu<i></i>ments. Lets hope you have a little diskspace on your HDD.

The first and primary tool we are using is \'Cain & Abel\'. But we will be using Cain, it can be downloaded from www.oxid.it (Click on Projects at the top and then download Cain & Abel -- one program).

Cain is a MD5 cracker, I dont really know wtf is Abel so lets just forget about that. You might be wondering why I haven\'t used JTR (John the Ripper) in this article, I have been introduced to JTR a few times and read a few tuts on it but still, I hate all MS-DOS programs, unlike Cain which has a pwnage GUI.

Now, I\'m assuming you have your hash. If you just want to test how good Cain can be (although the wordlists are the ones that are helping) and its options, then Google \'MD5 calculator\' there are a few that encrypt strings to MD5 but make sure its not something like (5#$FD*&^%HFG@$@$). Now, most crackers cant do that kind of shit.
Choose a word, and maybe a number in between 0 and 99 or something else.

Now, on to the cracking! The MD5 I have on my hand is (562bed16598a6d9cbc07d2e9ba6cef97). Now, you can go off to databases and try to crack that just to see how effective the article is.

Now, what good is a cracker with its victim hash without a few decent wordlists, there is a wordlist (3000 KB+) that comes with Cain. Now, lets download a few wordlists.

http://library.2ya.com has a few in \'Webhacks / Bug Scan\' section on the left, download them all. And after you have downloaded them, I suggest moving them all to the Wordlist directory of Cain for faster and more reliable cracking.

Now follow the images directions and you should be fine.

(IMG: http://img15.imageshack.us/img15/8807/cracker7fk.jpg)

In the image above we have opened the Cracker and I have circled with red around the \'Cracker\' tab which must be clicked to proceed.

(IMG: http://img69.imageshack.us/img69/4692/md56ht.jpg)

In the that image, we have (in the Cracker tab) chosen from the list of encryption-algrothims which Cain supports \'MD5 Hash\'.

Now you have to press Insert on your keyboard to get the next image.

(IMG: http://img4.imageshack.us/img4/1449/insert2ig.jpg)

In that image, after clicking \'Insert\' on your keyboard or right-click and press \'Add to list..\' or pressing the + button at the top of the window, it should bring you up that screen with no hash, now enter your hash which I have did and then press OK.

(IMG: http://img33.imageshack.us/img33/7558/dictionary1xr.jpg)

Now in that image we have right-clicked on the MD5 hash and pressed \'Dictionary Attack\' which brought us up with the following screen after pressing \'Add..\' on the top right.

(IMG: http://img65.imageshack.us/img65/4223/add7zf.jpg)

You cannot add all wordlists at once, so you have to click on the first (Wordlist) then press OK, and then repeat the process with the following files.

After you have added all wordlists..

(IMG: http://img40.imageshack.us/img40/8320/start8vm.jpg)

Press the \'Start\' button, the options are set by default because we know the password aint going to be that hard, if it didn\'t work on all wordlists then choose the mode \'Case perms (Pass, pAss, paSs, pasS)\' if and only if the hash hasn\'t been cracked with the default settings on all wordlists.

Now, let it proceed with cracking. Uh-huh, after a few moments it has cracked the hash, that\'s the hash that I was using in the example (562bed16598a6d9cbc07d2e9ba6cef97). The following screen appeared.

(IMG: http://img67.imageshack.us/img67/3673/cracked7gf.jpg)

\'starcraft00\'; hooray! If you are wondering wtf had the password set is some neopets rich guy which I cracked his cookie with my ex-crew.

Well, that\'s it for our article, I hope you have enjoyed, and all information in this article is up-2-date on Sunday, January 22, 2006 and will be up-2-date for a few months hopefully.

I hope I get good comments on the article, it was designed for all people to understand, newbies (the word noob is offending) and what is more intermediate.

~ oxeh

Comments

oxehon January 22 2006 - 08:45:07
Thanks! Smile
godon January 22 2006 - 15:40:16
mmm i dont find the word noob offending lol Pfft anyone knows that fighter "NOOB saibot" from mortal Kombat triology ? GrinPfft
Nubzzzon January 23 2006 - 23:18:53
good article
Tikketimon February 08 2006 - 21:01:16
nice , it works fine Smile
Trojanman15on March 05 2006 - 02:01:06
nice article Grin
GODDon May 02 2006 - 03:24:56
nice...i suggest trying the argon wordlist, if u can afford the 2.* gigs of memory it takes up....just change it to .txt and turn off all the special features (ie case perms, single digits, and what not, cuz otherwise it wont get thru the first few words w/o a hour or so of wait....)
sittingbullon July 06 2006 - 19:50:45
awesome article man! would prefer c & a anyway. good job!
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.