Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: MD5 Password Cracking

  1. #1
    Just burned his ISO
    Join Date
    May 2006
    Posts
    10

    Default MD5 Password Cracking

    Hi,

    I've got a MD5 32 char password hash which I looking to crack (NO funny business, working towards a certification in Network Security).

    I have no idea of the length or combination of characters used so initially I used a dictionary attack which did not work. I then started to use a brute force from characters 1 to 6, on my dual core this will take 1.7days. On another computer I'm running 7 and 8 characters of upper, lower and numbers which will again take a while.

    To test, I created a simple raw-MD5 password of 'admin' which is 21232f297a57a5a743894a0e4a801fc3. I put this in a txt file and ran John on BT3, after a few hours I cancelled it and saw that it was processing 6 characters and did not pick up the password, any idea how come?

    I've started looking into rainbow tables and was wondering if someone could explain the process of using them to crack MD5 and point me in some direction of some to start testing.

    Also, any pointers on why John the Ripper did not work?

    Thanks in advance

  2. #2
    Member
    Join Date
    Mar 2008
    Posts
    111

    Default

    im no expert, but i did a few experiments on these a few years ago.

    hashes are a one way algorithm, ie you can encypt something to a hash, but you can not decrypt a hash into plain text. An example

    plaintext - aaaz
    hash - 21232f297a57a5a743894a0e4a801fc3

    when your bruteforcer eventually gets to aaaz it will compute the hash and see if it matches 21232f297a57a5a743894a0e4a801fc3. This is fairly long process

    Rainbow tables bascially compute all the possible hashes for your given charset. For example I have a few rainbow tables which consist of all lowers and upper case letters and i think they takes up roughly 20GB, so chuck numbers in there and your looking at a fair bit of hd space.

    I use cain and able with my rainbow tables, im sure you must be able to use JTR too.
    There are lots of tutorials of how to create rainbow tables, i think my old computer took like 4 days to create mine!

    as for why JTR didnt work im afraid ive never used it

  3. #3
    Just burned his ISO
    Join Date
    May 2006
    Posts
    10

    Default

    Thanks for the info...


    I've been looking over the net for the most common password lengths:

    1-4 0.82 percent
    5 1.1 percent
    6 15 percent
    7 23 percent
    8 25 percent
    9 17 percent
    10 13 percent
    11 2.7 percent
    12 0.93 percent
    13-32 0.93 percent

    Am I safe in saying that rainbow tables will crack MD5 much faster than brute forcing?

  4. #4
    Member
    Join Date
    Mar 2008
    Posts
    111

    Default

    Am I safe in saying that rainbow tables will crack MD5 much faster than brute forcing?
    This is how i see it

    rainbow tables = [ bruteforcing with JTR ] - [ time to calculate hash ]

    but as i said rainbow tables will still bruteforce your key, they just dont have to calculate the hash for every combination of characters

  5. #5
    Just burned his ISO
    Join Date
    May 2006
    Posts
    10

    Default

    Just a quick update...

    I carried on a lot of research and used C&A to try and crack the password. No luck with the simple guesses so ran it through some online rainbow tables which have also had no luck

    The tutor said this would not be easy. I also got a small piece of software that analyses websites and extracts key words into a word list which I ran on the tutors website, still nothing!

    Dont wanna admit defeat however dont have 3.7yrs for a brute force

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by sophos9 View Post
    Just a quick update...

    I carried on a lot of research and used C&A to try and crack the password. No luck with the simple guesses so ran it through some online rainbow tables which have also had no luck

    The tutor said this would not be easy. I also got a small piece of software that analyses websites and extracts key words into a word list which I ran on the tutors website, still nothing!

    Dont wanna admit defeat however dont have 3.7yrs for a brute force
    As a bruteforce approach pretty much is the last resort when everything else fails you I do not believe that this is what your tutor wants you to do. Quite possibly he has also made this approach more or less infeasible by choosing a password that will take too long to bruteforce. Most likely the approach of using a dictionary consisting of words collected from his website is a step in the right direction and should be looked into further. Consider the possibility of simple combinations of these words and possibly also some logical variations of them.

    As we naturally do not have access to the actual website in question, or know what methods you are allowed to use in the task, this is the best advice I can give you at the moment. Just remember that since the tutor wants you to be able to crack the hash there should be at least a hint out there, either on the webpage, in the lectures he has held, in the course material or simply some kind of personal information on him as a person.
    -Monkeys are like nature's humans.

  7. #7
    Just burned his ISO
    Join Date
    May 2006
    Posts
    10

    Default

    Thanks for your help. Will continue down that road!

    Am I correct in saying that a general guide for cracking the message digest would be:

    1: Online rainbow tables
    2: Dictionary
    3: Brute force

    On the dictionary attack, I got about 20k unique words from the site and ran them through cain and abel. C&A was set to reverse, all upper, all lower, mixed case and addition of 0-99 digits on the end. Will see if I can concatenate some of the words...

  8. #8
    Member
    Join Date
    Mar 2008
    Posts
    111

    Default

    please can you post the hash, i quite fancy taking this challenge up as have a fair bit of time next week.I just wrote a little bruteforcer with MD5 hasinhg so it would be nice to try it out.

    Did your tutor give you any details about the hash - length, charset used??

    about your method

    I would personally start of by doing research about that person whos pw it was, birthday, intrests footbal??, name. Then collate all this info and make a big workdlist using a prgram to mix and match the words ie Beckham1980 comes from his birthday and his favorite football player

    failing that
    2. try a dictory attack should be fairly quick
    3. rainbow tables lowercase letters/uppercase letters
    4. bruteforce

  9. #9
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by calypso View Post
    please can you post the hash, i quite fancy taking this challenge up as have a fair bit of time next week.I just wrote a little bruteforcer with MD5 hasinhg so it would be nice to try it out.
    Please do not post the actual MD5 hash up here for others to try their hands on, as cracking each others' hashes or asking help with cracking one on this public forum will not be tolerated by the mods/admins.
    -Monkeys are like nature's humans.

  10. #10
    Member
    Join Date
    Mar 2008
    Posts
    111

    Default

    Please do not post the actual MD5 hash up here for others to try their hands on, as cracking each others' hashes or asking help with cracking one on this public forum will not be tolerated by the mods/admins.
    sorry didnt realise that wasnt allowed

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •