Dec 23, 2012 Today, I'm gonna show you how to crack MD4, MD5, SHA1, and other hash types by using John The Ripper and Hashcat. John The Ripper: 'John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords.
Active2 years, 1 month ago
I'm doing some hacking exercices and I have to gain access to a site's database so I can delete all records.
The way of getting into the administrator panel is through a password (no username). I've tried some ways of getting in (SQLi, SSI, cookies) but didn't succeed. But, reading through some of the site's pages, I found something on the 'news' talking about Google crawling some links it shouldn't and that they fixed it, so checking the robots.txt file gives me a /secret directory in which there is a php file called admin.php (the one that checks for correct password) and admin.bak.php. When opened the backup one, it returned:
error matching hash dc2240d8ee745db929a6944ae7a8d016
That hash is MD4 as I found a file on one of the server's hidden directories where they were trying to generate a MD4 hash.
I've tried: Gt bmx serial number.
and
but none of them were able to crack it. How could I do this?
sysfiend
sysfiendsysfiend
1,27433 gold badges1111 silver badges2121 bronze badges
2 Answers
How can I crack this hash?
John and Hashcat will both do this, but try not to be dependent on one password-cracking program.
With hashcat, you will either need a wordlist and/or rule that contains/generates the password, or you'll need to start from nothing with no wordlist (brute force). This may take a while depending on many factors (hardware, algorithms, etc).
The computer-controlled cars simply don't let up unless you're able to catch them and use a power-up such as a cannonball to slow them down. In every racing game I've ever played it's usually not very hard to catch up to the pack if you fall behind, but this game is unforgiving in that department. Lego racers download.
![]()
Your hashcat format is almost correct. You'll want to brute-force it with the '
-a 3 ' switch:
hashcat32.exe -m 900 dc2240d8ee745db929a6944ae7a8d016 -a 3 -o cracked.txt
dc2240d8ee745db929a6944ae7a8d016:3b452
Try the
--help switch or, if you want to view more attack modes:
hashcat32.exe --help | findstr '-a' :
Wordlist:
hashcat -a 0 -m 400 example400.hash example.dict
Wordlist + Rules:
hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
Brute-Force:
hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
Combinator
hashcat -a 1 -m 0 example0.hash example.dict example.dict
John's requirements are the same as above, but with different command switches. John also finds this quickly without need for a wordlist:
echo dc2240d8ee745db929a6944ae7a8d016 > test.md4 && john test.md4 --format=Raw-MD4 --show
Md4 Hash Converter
?:3b452
1 password hash cracked, 0 left
Password is 3b452.
Mark BuffaloMark Buffalo
21.5k88 gold badges7070 silver badges8888 bronze badges
Md4 Hash Cracker Casserole
Found something with john the ripper within 1 min,
Md4 Hash Cracker Mix
try
john --show --format=Raw-MD4 File-Containing-The-Hash
Md4 Algorithm
BaptisteBaptiste
Md4 Hash OnlineNot the answer you're looking for? Browse other questions tagged hashpassword-cracking or ask your own question.Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |