Government Security
Network Security Resources

Jump to content

Photo

Md5 Brute Force Find

- - - - - security php tools md5
  • Please log in to reply
28 replies to this topic

#1 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 21 June 2004 - 10:40 PM

UPDATED VERSION NEAR BOTTOM!!!

CLOSE TO SECOND VERSION OF: http://www.governmen...wtopic=9623&hl=

[edit]
original code removed because it was taking up room. there's an updated one below. if you want to see this one, download it.
[/edit]

Details: this tries every possible combination (shows the ones tried on the screen) and compares them to the one entered. If it is equal, it will tell you what it is and the program will stop. If not, it'll just keep going until it matches...

Compared to the last one:
I realized after making it and calculating it out, the harddrive space needed was way way way too huge. I just modded it up (enough to be considered a different program) just to not write to the file and just screen. You'll have to run it over each time you want one cracked < only downfall. This is still a very usefull tool

please comment!!!

Attached Files




#2 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 21 June 2004 - 10:55 PM

to prove it works, here's the first 5 MD5s that come up with MD5.pl (other prog)
47bce5c74f589f4867dbd57e9ca9f808 = aaa
e62595ee98b585153dac87ce1ab69c3c = aab
a9ced3dad556814ed46042de696e1849 = aac
c2f7ab46df3db842040a86a0897a5377 = aad
cf34362ab126ce8338d8991cc1404980 = aae
put some of them in as the MD5 and the result should be whatever's after the equal sign.

btw- COPY AND PASTE works wonders.


#3 Killaloop

Killaloop

    Sergeant First Class

  • Members
  • 677 posts

Posted 21 June 2004 - 11:28 PM

looks very good
I love perl keep them going :)
too bad I got no md5s to crack ^^

#4 SeNe

SeNe

    Private First Class

  • Members
  • 66 posts

Posted 22 June 2004 - 04:23 PM

seems very useful, many thanks for your contribution

#5 r3L4x

r3L4x

    Corporal

  • Members
  • 168 posts

Posted 22 June 2004 - 05:58 PM

uh, its been done? hundreds of times?
get PasswordsPro, its TONS better imo - nice gui, can crack a whole list, dictionary, ect
insidepro.com

#6 gman24

gman24

    Specialist

  • Sergeant Major
  • 643 posts

Posted 22 June 2004 - 08:13 PM

uh, its been done? hundreds of times?

Not by him though. :).

He did it as a learning experience and is just sharing the product.

You never know, it may be the start of a nice perl cracker. Depends on what he adds to it, if he adds to it.

#7 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 22 June 2004 - 08:44 PM

lol.. thanks gman.. yeah- i don't even care about this stuff, but it was fun to write anyway...

is there any special thing you want me to add to it? i was considering having it be able to check a file full of MD5s at one time... and then edit the file (or make a new one) to have the MD5 = pass format... any input?


#8 h4x0re

h4x0re

    Private First Class

  • Members
  • 76 posts

Posted 22 June 2004 - 09:56 PM

thanks alot tweakz for the script

#9 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 22 June 2004 - 10:08 PM

Ok, I made an update... here's the updated script

# Cracks any MD5 in enough time....
# Lines should be fine on default.
#
#
# By Tweakz20
# Made for everyone (especially @ www.governmentsecurity.org)
#
#

use Digest::MD5 'md5_hex'; # use Digest::Perl::MD5 'md5_hex'; should also work
#
# Be advised about above- all possible 'md5' (binary) 'md5_hex' 'md5_base64' 
# ALSO... Digest::Perl::MD5 is slower, so don't change that unless nessisary
# "You can only encrypt up to 2^32 bits = 512 MB. You should use Digest::MD5"
	
@char = ('a','b','c','d','e','f','g','h','i','j',
'k','l','m','n','o','p','q','r','s','t',
'u','v','w','x','y','z','A','B','C','D','E',
'F','G','H','I','J','K','L','M','N','O',
'P','Q','R','S','T','U','V','W','X','Y','Z',
' ','1','2','3','4','5','6','7','8','9',
'0','`','-','=','~','!','@','#','$','%',
'^','&','*','(',')','_','+','{','}','|',
':','"','<','>',);
$CharToUse = 62; # alpha (lower/upper) and number (and space)... no symbols
# EDIT: had to take out: [ ] / ' ,; ? ~ \

print "************************************\n";
print "        Only for education.         \n";
print "MD5- Tries all possible combinations\n";
print "         Coded by Tweakz20          \n";
print " Version 1.1 - Handles list in file \n";
print "************************************\n\n";
getmd5();

sub getmd5 {
	print "\nPlease enter the MD5 file below that contains the list...\n";
	chomp($list = <STDIN>); print "\n\n";
	testarg();
}


sub testarg {
	open(F, $list) || die ("\nCan't open list!!\n");
	@md5 = <F>;
	$length11 = @md5;
	if (!<A>){
	open(A, ">>MD5.txt") || die ("\nCan't open file to write to!!\n");
	}
	makelist()
}




sub makelist {	
for ($br = 1; $br <= 12; $br++) { 
for ($len1 = 0; $len1 <= $CharToUse; $len1++) {
 $word[1] = $char[$len1]; 
 if ($br <= 1) {
   AddToList(@word);
  }
 else {    
 for ($len2 = 0; $len2 <= $CharToUse; $len2++) {
  $word[2] = $char[$len2];
  if ($br <= 2) {
   AddToList(@word);
  }
 else {
 for ($len3 = 0; $len3 <= $CharToUse; $len3++) {
 $word[3] = $char[$len3];
 if ($br <= 3) {
 AddToList(@word);
 }
 else {
 for ($len4 = 0; $len4 <= $CharToUse; $len4++) {
 $word[4] = $char[$len4];
 if ($br <= 4) {
 AddToList(@word);
 }
 else {
 for ($len5 = 0; $len5 <= $CharToUse; $len5++) {
 $word[5] = $char[$len5];
 if ($br <= 5) {
 AddToList(@word);
 }
 else {
 for ($len6 = 0; $len6 <= $CharToUse; $len6++) {
 $word[6] = $char[$len6];
 if ($br <= 6) {
 AddToList(@word);
 }
 else {
 for ($len7 = 0; $len7 <= $CharToUse; $len7++) {
 $word[7] = $char[$len7];
 if ($br <= 7) {
 AddToList(@word);
 }
 else {
 for ($len8 = 0; $len8 <= $CharToUse; $len8++) {
 $word[8] = $char[$len8];
 if ($br <= 8) {
 AddToList(@word);
 }
 else {
 for ($len9 = 0; $len9 <= $CharToUse; $len9++) {
 $word[9] = $char[$len9];
 if ($br <= 9) {
 AddToList(@word);
 }
 else {
 for ($len10 = 0; $len10 <= $CharToUse; $len10++) {
 $word[10] = $char[$len10];
 if ($br <= 10) {
 AddToList(@word);
 }
 else {
 for ($len11 = 0; $len11 <= $CharToUse; $len11++) {
 $word[11] = $char[$len11];
 if ($br <= 11) {
 AddToList(@word);
 }
 else {
 for ($len12 = 0; $len12 <= $CharToUse; $len12++) {
 $word[12] = $char[$len12];
 if ($br <= 12) {
 AddToList(@word);
 }
 else {
 for ($len13 = 0; $len13 <= $CharToUse; $len13++) {
 $word[13] = $char[$len13];
 if ($br <= 13) {
 AddToList(@word);
 }
 else {
 for ($len14 = 0; $len14 <= $CharToUse; $len14++) {
 $word[14] = $char[$len14];
 if ($br <= 14) {
 AddToList(@word);
}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}

  	

sub AddToList {

	my (@entry) = @_;
	my ($test) = join "", @entry;
	my ($m) = md5_hex "$test";
	print ("$m = $test\n");
	for ($a = 0; $a <= $length11; $a++)
	{
      chomp($md5[$a]);
  if ($m eq $md5[$a]){
  	
  	print "\n\n\n**FOUND**\n$test\n\n";
  	print A "$m = $test\n";
  	splice(@md5, $a, 1);
  	if (!$md5[0]) { exit(); }
  }
	}
}

sub exit {
close(F);
}

UPDATES:
  • Opens a file instead of just one MD5
  • Has CharToUse variable to set how many characters you want to use
  • Default charaters no longer include the symbols (to speed up the process)
  • Dumps [md5] = [pass] to MD5.txt (same DIR)
  • Exits after ALL the MD5s are cracked...
  • Starts at 1 char length now, just in case!
MD5 list format...
47bce5c74f589f4867dbd57e9ca9f808
e62595ee98b585153dac87ce1ab69c3c
a9ced3dad556814ed46042de696e1849
c2f7ab46df3db842040a86a0897a5377
cf34362ab126ce8338d8991cc1404980
(those MD5s are the example - AAA AAB AAC AAD AAE ones)

Still looking for more input...

/edit:
just realized i forgot to add W!!! lol (both lower and upper case).. <douche


#10 JDog45

JDog45

    Staff Sergeant

  • Members
  • 257 posts

Posted 22 June 2004 - 10:28 PM

thanks tweakz20 for taking the time to make it. Some people don't understand how much time it takes to program and so on. I appreciate your efforts... B)

#11 Kenny

Kenny

    Former Commander In Chief

  • Retired Admin
  • 6,747 posts

Posted 23 June 2004 - 10:42 AM

tweaks.... sending you a PM i tested your program and yes it worked fine...but am interested in something here i noticed in the process ;)

thanks for sharing and nice work... ;)
Kenny aka ComSec

Please read the Forum Rules !!!

______________________

#12 bjoernfun

bjoernfun

    Private First Class

  • Members
  • 44 posts

Posted 23 June 2004 - 11:13 PM

@tweakz20

thanks for sharing your great work, i know you spend a lot of work into the script. respect.

current i am trying the script...

#13 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 23 June 2004 - 11:22 PM

****VERSION 1.3****
Hey again. I made another version (Yeah, 4th version i guess...) but This time- it is pretty good!!
Updates:
  • Everything from last update
  • Builds a "hash" so you could look up an MD5 after the list was made without taking up space on your harddrive (after program stops, hash is then dead)
  • Allows you to search either a file OR single MD5
  • 3 easily accessible variables
  • And best of all:: You can tell it what word to start at!!! (so now you don't have to leave it running and cry if you have to restart. you can pick up from where you last left off... if you remember of course!)
Please, if you downloaded an old version, update.
Not posting the code, since i already did that twice... just download.
PLEASE POST ANY/ALL BUGS AND FEEDBACK!
264 lines total.

Attached Files




#14 Logan

Logan

    Specialist

  • Sergeant Major
  • 1,596 posts

Posted 24 June 2004 - 06:26 PM

Bug:
if the MD5 isn't in all lower case, it'll get skipped (oops, kinda forgot about that)
fix:
Open in notepad
Edit>goto line> 221!

     chomp($md5[$a]);
  $md5[$a] =~ tr/A-Z/a-z/;
  if ($m eq $md5[$a]){


ANOTHER BUG::
if you start at a word, MAKE THE LETTERS "a"!!! if you put in a certain letter, the ones before WILL BE SKIPPED THE NEXT TIME AROUND!!!... having about 30 embedded loops is extremely confusing and i can't think of a fix at the moment....


#15 Serhat

Serhat

    Second Lieutenant

  • Members
  • 803 posts

Posted 25 June 2004 - 02:17 AM

Really nice man... Hope to see it more features .. works great :D ...
I don't think I will crack MD5 hashes etc.. but if I want to try I will definately try this :D ..
THNX :)

Serhat





Also tagged with one or more of these keywords: security, php, tools, md5