PDA

View Full Version : Heres one for the noobs.



~~smart~fool~~
02-27-2008, 06:40 PM
Not really noobish but may save you some time. Don't go rainbowing an md5 until you try these sites. They match md5 hashes with their dictionary, doesnt work on most things but could be useful on noob passwords and such. Enjoy

http://gdataonline.com/seekhash.php

http://md5decrypter.com/

Moonbat
02-27-2008, 07:07 PM
Those are nice sites, but you also forgot milw0rm, they have a nice MD5 cracker.

coz
02-28-2008, 06:55 PM
Note: Few of them sites might get down due to load and/or various other reasons.

MD5 + LM + SHA-* Hash Online Cracking Sites from (http://digitalmafia.in/root/node/20)


http://www.md5lookup.com/

http://md5.rednoize.com

http://nz.md5.crysm.net

http://us.md5.crysm.net

http://www.xmd5.org

http://gdataonline.com

http://www.hashchecker.com

http://passcracking.ru

http://www.milw0rm.com/md5

http://plain-text.info

http://www.securitystats.com/tools/hashcrack.php

http://www.schwett.com/md5/

http://passcrack.spb.ru/

http://shm.pl/md5/

http://www.und0it.com/

http://www.neeao.com/md5/

http://md5.benramsey.com/

http://www.md5decrypt.com/

http://md5.khrone.pl/

http://www.csthis.com/md5/index.php

http://www.md5decrypter.com/

http://www.md5database.net/

http://md5.xpzone.de/

http://www.milw0rm.com/md5/info.php

http://md5.geeks.li/

http://www.cmd5.com/english.aspx

http://www.md5.altervista.org/

http://md5.overclock.ch/biz/index.php?p=md5crack&l=en

http://alimamed.pp.ru/md5/

http://md5crack.it-helpnet.de/index.php?op=add

http://cijfer.hua.fi/

http://shm.hard-core.pl/md5/

http://www.mmkey.com/md5/HOME.ASP

http://www.thepanicroom.org/index.php?view=cracker

http://www.securitydb.org/cracker/

http://www.md5encryption.com/

http://www.hashreverse.com/

http://rainbowtables.net/services/results.php

http://0ptix.co.nr/md5

https://www.astalavista.net/?cmd=rainbowtables

http://ice.breaker.free.fr/

http://www.md5this.com

LM-HASH Only:

http://sys*five.ath.cx:8080/hak5rtables/

http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
SHA*:

http://www.md5encryption.com/

http://rainbowcrack.com/

http://www.hashreverse.com/

http://rainbowtables.net/services/results.php

http://www.shalookup.com/

http://passcrack.spb.ru/

http://www.securitystats.com/tools/hashcrack.php

You can also build your own lists and setup own cracker @ your computer, following sites may helpful in regarding that...
http://www.hashchecker.com/

http://www.tmto.org/

http://darkdevelopments.com/

http://www.rainbowcrack-online.com/

Rifts
03-02-2008, 01:59 PM
where do you find the hash files

coz
03-02-2008, 03:57 PM
Most of the time when any password is needed for anything it will be encrypted (usually into a hash) and stored somewhere. If you can find where that place is that's where people get these hashes and since they can't be reversed into a password they must be bruteforced.

Moonbat
03-03-2008, 05:27 PM
where do you find the hash files
Usually in the site's database.

Ezekiel
03-04-2008, 02:15 PM
Simplified explanation of hashing; geeks can ignore:

Register for a forum, email account or anything that asks for a password, and [usually] your password is run through an algorithm and the result stored in a database. The algorithm produces a "hash" -- something that can be used in future to check if a given password matches the original, among other things. A hash doesn't have to be a string of characters; it can be anything (relatively) unique obtained from analysing the original that can't be reversed (in theory).

The idea is to keep the ability to password-protect accounts, while never storing a plaintext copy of the password that can be read by the administrators, read by unauthorised users (i.e. hackers), etc.

If you were to get hold of a hash, you'd first have to figure out what algorithm produced it. Not hard when you know how many characters come out of SHA-*, MD5 and other hashing functions.

You then look at the parameters for user passwords. If they have to be between *-*2 characters long, you produce a list of all the combinations of characters possible in the *-*2 range (quite a long list...). Then you'd hash each potential password with the algorithm, and if one of the produced hashes matches your stolen hash, the potential password used is the actual password. That's pure brute-force.

It's exponential, so depending on password length and so on, you could be waiting days, weeks, centuries, millennia or until past the end of the universe.

A slightly smarter way (with the same *-*2 character length) would be to find a list of words [of suspected language] in that range, then hash them as before to see if you can get a match.

The quickest way is to use rainbow tables, which are precomputed lists/databases of every string-to-hash combo from a certain function (e.g. MD5) within whatever range the author chose. You enter the password hash, and its match is found pretty quickly if it exists in the table (then obviously the rainbow table spits out the original string). Bigger rainbow tables (as in hundreds of gigs) mean more likelihood of matching the hash.