64 replies to this topic

[setthesun]

I'm looking for online rainbow crack projects similiar to http://sarcaprj.wayr...u.org/index.php but for Md5 hashes.

Do you know any ?

[l0wkey]

If i'm not mistaken MD5 is at this moment "uncrackable" you have to brute force it and hope you get lucky. As far as an online cracker, you got me. If anyone knows of one I would love to see it as well.

[l0wkey]

I could be wrong. If I remeber correctly the weakness in MD5 is not the hash itself, but the password that is hashed via MD5. So when your really cracking MD5 you are brute forcing the password in a hash state not actualy cracking the MD5 encryption itself. I'm no crpyto guru but I am pretty sure that is how it is. If not hook me with some links and lets learn something.

[DevilishCheese]

This may just be a opinion on my part, but woulndt it be unwise to use an online password cracker. Wouldnt that just give the password to the website? Just a question, maybe im wrong.


-DevilishCheese

[setthesun]

This may just be a opinion on my part, but woulndt it be unwise to use an online password cracker. Wouldnt that just give the password to the website? Just a question, maybe im wrong.


-DevilishCheese

If you cracked it
If it's nothing but fun for you
You can give it to online crackers

Also securirty.co.il is seems good. Cureently website is down I think but I know them. I think best solution is buy security.co.il DVDs and crack them offline.

For I'm going to use mdcrack

[hottzo]

argh don't u do some googling b4 u post?? md5 many times is used along with salt characters(servu), also mdcrack is a choice, also jtr is a very good proggy for md5 brute forcing. for mdcrack if ur pass is >8 characters u can commit suicide, it takes too long and many times doesn't crack anything. Use the latest "John the ripper" brute forcer.

p.s. i hope i've helped
cheers

[setthesun]

argh don't u do some googling b4 u post?? md5 many times is used along with salt characters(servu), also mdcrack is a choice, also jtr is a very good proggy for md5 brute forcing. for mdcrack if ur pass is >8 characters u can commit suicide, it takes too long and many times doesn't crack anything. Use the latest "John the ripper" brute forcer.

p.s. i hope i've helped
cheers

argh don't u do some googling b4 u post??

Don't you read before you reply ?

I'm not looking for a brute force tool or any other md5 cracking utility. I'm looking for online projects which are crack MD5 passes for free !

Thanks anyway..

[AgentOrange]

Free you say? Be a man and bust out rainbow crack and make your own tables. After a few days of leaving four comtuers on in your room you'll get use to it.

[clip]

Meh.. hash tables are useless. It takes too long to search thorugh them.

[Gotisch]

l0wkey dont get to upset if people who obviously dont understand a thing of what you or they are writing are telling you that you are some sort of a stupid. You are not. In fact its more likely them the stupid guys:

I could be wrong. If I remeber correctly the weakness in MD5 is not the hash itself, but the password that is hashed via MD5. So when your really cracking MD5 you are brute forcing the password in a hash state not actualy cracking the MD5 encryption itself. I'm no crpyto guru but I am pretty sure that is how it is. If not hook me with some links and lets learn something.

Yes, you are not decrypting the "encoded" string. MD5 is a one way "encryption", a hash (A hash function H is a transformation that takes a variable-size input m and returns a fixed-size string, which is called the hash value h (that is, h = H(m))).

Now what setthesun is looking for is some place where you can search through rainbow tables via web, so you dont have to generate them. You can read about rainbow tables/crack here ( http://www.antsight....acktutorial.htm )

There are two typical attacks in cryptanalysis of block ciphers: brute force and table precomputation. In brute force, an attacker tries all possible keys to encrypt a known plaintext for which he has the corresponding ciphertext. The idea of table precomputation is to precompute and store encryptions of a chosen plaintext and corresponding keys for all possible keys.

RainbowCrack use the second method. It precompute and store all possible plaintext - hash pairs in  files so called "rainbow table". Any time the plaintext of a hash is required, you just look up the precomputed tables and find the plaintext in seconds.

basically you can make a table sort of like this
A = 7fc56270e7a70fa81a5935b72eacbe29
AA = 3b98e2dffc6cb06a89dcb0d5c60a0206

etc. up to ZZZZZZZ = 92b44ba0e1b986249327e67fa505b56e if you have generated that table you can just look up your md5 hash and it will find a match in seconds if the password only consisted of capitals from the alphabet. But if you have a passwort like $m3pw0Nz!jÖp . it wont.

So yes i would say you are right, its not the hash itself but more like people using easy passwords.

though in my eyes a place where you could look up rainbowtables online would be highly illegal. And even if not by law then on a moral plan. Cause obviuosly that webpages only purpose would be to help people access plaintextpasswords they should not be able to access. I dont see any other way of using those tables.

sry for my bad english its latenight

[whiskah]

http://www.rootsecure.net/crypttmt/

but it is too limited

[Logan]

for the above one...

This public beta version is currently limited to cracking passwords of 4 characters and below of a-z, 0-9 (not A-Z).
Source code / non limted public version may be made available at a later date, email for info.

humm... not the best i ever saw