slpctrl Posted December 2, 2007 Share Posted December 2, 2007 Hello, I've tried to code an MD5 cracker, here's what I got: function hashcrack() { $words = file("file.txt"); foreach ($words as $word) { $word = rtrim($word); if (md5($word) == $hash) { $word = $postvalue; exit; } } print "No matches found!\n"; } Should this be right? I've got a MD5 hash that was hashed using PHP, and I know that the hashes should always be the same, so if I take a wordlist with a word which I know has the word for the hash, it should give me a match right? Well it's not working and I'm not sure why :[ Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/ Share on other sites More sharing options...
slpctrl Posted December 2, 2007 Author Share Posted December 2, 2007 Oh and if theres any confusion, the function attempts, after finding the correct word, to make the word the variable $postvalue, I need it for something later. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404445 Share on other sites More sharing options...
Wes1890 Posted December 2, 2007 Share Posted December 2, 2007 i dont mean to burst your bubble... actually, im meaning to do just that, but md5 virtually cant be cracked homie Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404452 Share on other sites More sharing options...
slpctrl Posted December 2, 2007 Author Share Posted December 2, 2007 i dont mean to burst your bubble... actually, im meaning to do just that, but md5 virtually cant be cracked homie Actually that's not true. If I were to use the MD5() function in PHP to hash a text value, it will always return the same hash for the same value. If you can then take a wordlist, split up each word into an array and hash each word to check them against the hash value you have, then you can determine what the value of the hash is. I know it can be done, I'm 100% sure of it. I also know that you can script something long and drawn out that will brute force it, but that's not what I'm after. Milw0rm has a good PHP MD5 cracker that checks against a wordlist here: http://www.milw0rm.com/cracker/insert.php Sorry to burst your bubble Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404454 Share on other sites More sharing options...
Wes1890 Posted December 2, 2007 Share Posted December 2, 2007 ^ checking a wordlist isn't cracking if you think you can get it though, then here is my md5 password for these phpfreaks forums cd07ddb17471e8ff66014578c8e93280 enjoy Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404457 Share on other sites More sharing options...
revraz Posted December 2, 2007 Share Posted December 2, 2007 Thats called brute force and isn't the same as cracking. i dont mean to burst your bubble... actually, im meaning to do just that, but md5 virtually cant be cracked homie Actually that's not true. If I were to use the MD5() function in PHP to hash a text value, it will always return the same hash for the same value. If you can then take a wordlist, split up each word into an array and hash each word to check them against the hash value you have, then you can determine what the value of the hash is. I know it can be done, I'm 100% sure of it. I also know that you can script something long and drawn out that will brute force it, but that's not what I'm after. Milw0rm has a good PHP MD5 cracker that checks against a wordlist here: http://www.milw0rm.com/cracker/insert.php Sorry to burst your bubble Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404459 Share on other sites More sharing options...
cooldude832 Posted December 2, 2007 Share Posted December 2, 2007 MD5 by definition is an uncrackable encryption method. Why, because the encrypted key is of length greater than the original key. This meaning that you can generated the original string unencrypted before the encrypted. Secondly just from the little i know of its algorithm it follows a rotating pattern encrypted in the key, and then the words use mean nothing as string length, character order, ascii numbers etc are all parts of it If you can crack md5 you wouldn't be looking for help here http://en.wikipedia.org/wiki/Md5 Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404460 Share on other sites More sharing options...
slpctrl Posted December 2, 2007 Author Share Posted December 2, 2007 Thats called brute force and isn't the same as cracking. i dont mean to burst your bubble... actually, im meaning to do just that, but md5 virtually cant be cracked homie Actually that's not true. If I were to use the MD5() function in PHP to hash a text value, it will always return the same hash for the same value. If you can then take a wordlist, split up each word into an array and hash each word to check them against the hash value you have, then you can determine what the value of the hash is. I know it can be done, I'm 100% sure of it. I also know that you can script something long and drawn out that will brute force it, but that's not what I'm after. Milw0rm has a good PHP MD5 cracker that checks against a wordlist here: http://www.milw0rm.com/cracker/insert.php Sorry to burst your bubble So checking a wordlist nor brute forcing is cracking? Those are really only 2 of 3 options my password cracker has (jtr...besides rainbow tables) and I would consider JTR a password cracker... ??? Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404461 Share on other sites More sharing options...
slpctrl Posted December 2, 2007 Author Share Posted December 2, 2007 MD5 by definition is an uncrackable encryption method? Why, because the encrypted key is of length greater than the original key. This meaning that you can generated the original string unencrypted before the encrypted. Secondly just from the little i know of its algorithm it follows a rotating pattern encrypted in the key, and then the words use mean nothing as string length, character order, ascii numbers etc are all parts of it If you can crack md5 you wouldn't be looking for help here http://en.wikipedia.org/wiki/Md5 That's not why it can't be cracked, the same can be said for almost any form of encryption. It's because it's mathematically irreversible. Can someone just help me out with checking hashes against a wordlist please? Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404463 Share on other sites More sharing options...
alecks Posted December 2, 2007 Share Posted December 2, 2007 Hashing algorithms such as md5, sha1, are one way operations. They are used in password databases because if a hacker were to gain access to a database of hashed passwords, be couldn't do anything with it because theoretically there is no way he could get the base strings (un-hashed passwords) for those hashes. However, programs such as Ophcrack use precompiled tables of hash values, called 'rainbow tables,' to try and get the base string. These rainbow tables can become insanely huge, 15gb+ in most cases. There are some online databases, but they are often incomplete :/, ex. http://md5.rednoize.com/ Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404465 Share on other sites More sharing options...
cooldude832 Posted December 2, 2007 Share Posted December 2, 2007 did you read the wiki on it, either way you don't get it a space is an ascii charcter just like a,b,c,d,e,f,g,h splitting at words isn't going to get you anyhting, its the 32 byte subsets generated from the string that are used in the random collisions of this encryption method. Yes it has been cracked, but a method is classified as "uncrackable" when the generated string is greater than the original, this is because when a crack is needed for a single application you won't try and reproduce a checksum, you reproduce the original string assuming it follows a uncrackable state. Some cracks will compress a string, in this case md5 doesn't Working with words isn't going to get you anywhere, working on 32-bit strings might. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404469 Share on other sites More sharing options...
cooldude832 Posted December 2, 2007 Share Posted December 2, 2007 yeah rainbow tables are just like that german book of all solved differential equations, huge and incomplete. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404470 Share on other sites More sharing options...
sKunKbad Posted December 2, 2007 Share Posted December 2, 2007 I've seen and used md5 crackers that were actually pretty good (for most people's lame passwords), but all it was doing was looking through an existing database of passwords. The only good reason I could find to crack passwords was to be able to send it back to a user in case they forgot their password. There are of course alternatives. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404473 Share on other sites More sharing options...
trq Posted December 2, 2007 Share Posted December 2, 2007 Can someone just help me out with checking hashes against a wordlist please? Your function doesn't actually return anything when it finds a match. It also uses a variable that isn't defined. You might try something like.... <?php function hashcrack($hash) { $words = file("file.txt"); foreach ($words as $word) { $word = trim($word); if (md5($word) == $hash) { return $word; } } return false; } if ($result = hashtocrack('cd07ddb17471e8ff66014578c8e93280')) { echo "hash matches $result"; } else { echo "No match found"; } Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404475 Share on other sites More sharing options...
slpctrl Posted December 2, 2007 Author Share Posted December 2, 2007 Can someone just help me out with checking hashes against a wordlist please? Your function doesn't actually return anything when it finds a match. It also uses a variable that isn't defined. You might try something like.... <?php function hashcrack($hash) { $words = file("file.txt"); foreach ($words as $word) { $word = trim($word); if (md5($word) == $hash) { return $word; } } return false; } if ($result = hashtocrack('cd07ddb17471e8ff66014578c8e93280')) { echo "hash matches $result"; } else { echo "No match found"; } What if I have it defined outside of the function? And a few questions, where did $result come from? I have a variable assigned to that name already. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404480 Share on other sites More sharing options...
cooldude832 Posted December 2, 2007 Share Posted December 2, 2007 What you should do is not crack, but write an algorthim to start testing through every ascii string from length 1 to length 32 and then from there you have a very nice rainbow table to work with only issue there is 127 ascii characters so the number of choices you would have is 127^32 choices which is 2.09758259 × 10^67 if you move up to 64 charcter strings, it is well over a google of check sums so you be search 10^67 records of 32 bytes each which is about 10^43 yottabyes so have fun with that Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404481 Share on other sites More sharing options...
trq Posted December 2, 2007 Share Posted December 2, 2007 What if I have it defined outside of the function? It does not exist within the function. You need to read up on scope And a few questions, where did $result come from? It is defined in the.... if ($result = hashtocrack('cd07ddb17471e8ff66014578c8e93280')) { line and recieves the result from your function. It could be called whatever you like. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404489 Share on other sites More sharing options...
GingerRobot Posted December 2, 2007 Share Posted December 2, 2007 there is 127 ascii characters so the number of choices you would have is 127^32 choices which is 2.09758259 × 10^67 if you move up to 64 charcter strings, it is well over a google of check sums Except that there are only rougly 2.3*10^57 different MD5 hashes that is. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404490 Share on other sites More sharing options...
cooldude832 Posted December 2, 2007 Share Posted December 2, 2007 Mis read it, but still even at 57 we are grossly over what is a reasonable amount of data to be stored. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404500 Share on other sites More sharing options...
GingerRobot Posted December 2, 2007 Share Posted December 2, 2007 How does if you move up to 64 charcter strings, it is well over a google of check sums consititute a mis-reading of something? Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404506 Share on other sites More sharing options...
rab Posted December 2, 2007 Share Posted December 2, 2007 It appears as if Wes's account was hacked after he posted his hash. Anyways, MD5 is "uncrackable" but there have been advancements in generating the same MD5 sum with a different file. I don't think this applies to raw MD5 on strings though, correct me if I'm wrong. Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404543 Share on other sites More sharing options...
rarebit Posted December 2, 2007 Share Posted December 2, 2007 and to think that no-one mentioned salts! http://www.md5decrypter.com/ http://www.md5encryption.com/ Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404551 Share on other sites More sharing options...
Wes1890 Posted December 3, 2007 Share Posted December 3, 2007 It appears as if Wes's account was hacked after he posted his hash. Anyways, MD5 is "uncrackable" but there have been advancements in generating the same MD5 sum with a different file. I don't think this applies to raw MD5 on strings though, correct me if I'm wrong. haha.. nope, im still me a mod has changed my sig tho.. that kinda pisses me off Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404579 Share on other sites More sharing options...
cooldude832 Posted December 3, 2007 Share Posted December 3, 2007 or some mod hacked you oh oh! Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404583 Share on other sites More sharing options...
mr_mind Posted December 3, 2007 Share Posted December 3, 2007 Why not create a script to insert every possible combination of letters and numbers into a database then do mysql_fetch_array in your php script this would do the work for you so that you dont have to type in all those pesky combinations and it would be basically no work at all Quote Link to comment https://forums.phpfreaks.com/topic/79874-md5-cracker/#findComment-404590 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.