MD5 decoders or hash attack
Goal:
Tell about the ways of decoding.
Teach young hackers to recognize passwords (or other data) encrypted by the MD5 algorithm (and not only MD5) themselves, based on real examples.
Show users that they should be more careful about choosing a password.
Sequence:
The methods of finding a password from the lung (in my opinion) to a complex one (in terms of speed, etc.) will be discussed in detail.
About MD5:
MD5 Message Digest 5 is a 128-bit hash algorithm developed by Professor Ronald L. Rivest of the Massachusetts Institute of Technology (MIT) in 1991.
It is intended for creation of "prints" or "digests" of messages of any length.
About decoding:
In fact, it will be incorrect to call this decryption, since we use this so-called decryption to select the same hash, the initial value of which we know.
Example: we have a hash 0575c8d592fb7b088226750aceec2b4e, we need to know its initial value, also we have the word tutorial hash of which is 0575c8d592fb7b088226750aceec2b4e, so we take our hash 0575c8d592fb7b088226750aceec2b4e and try to find the same, whose initial value is known, coincidentally we get the answer that There is such a hash and that this hash corresponds to the tutorial value.
Keep in mind that the longer the symbols for the initial value, the longer (except for the dictionary search), you (or rather the program) will have to spend on finding it.
Methods of "decoding":
Selection of the dictionary.
Selection of rainbow tables
(Http://en.wikipedia.org/wiki/%D0%A0%D0%B0%D0%B4%D1%83%D0%B6%D0%BD%D0%B0%D1%8F_% D1% 82% D0% B0% D0% B1% D0% BB% D0% B8% D1% 86% D0% B0).
Brutus
(Http://en.wikipedia.org/wiki/%D0%9C%D0%B5%D1%82%D0%BE%D0%B4_%D0%B3%D1%80%D1%83% D0% B1% D0% BE% D0% B9_% D1% 81% D0% B8% D0% BB% D1% 8B).
What we need to "decrypt":
Site to check for a possible match.
Program for checking matches, dictionary, rainbow tables, brutus. Not necessarily one program, you will understand why.
Dictionary, rainbow table.
Sites:
Http://crackfor.me/ However, there are no simple passwords on other services, but simple passwords can be found out very quickly, this will be discussed later.
So, for example, we go to this service and enter our hash 0575c8d592fb7b088226750aceec2b4e in the hash field, click the search and get the answer: the password tutorial is found in our database!
A match was found in the database and the initial value of the hash was deduced. 0575c8d592fb7b088226750aceec2b4e = tutorial.
Programs:
It is with the help of programs that you can get the initial hash value in 3 ways.
Method one, a selection of iridescent tables
Iridescent tables and a program that wakes up checking and comparing them to get the initial value that we need.
So, as for the tables, we either download them or generate them.
Find where you can go to google.
I use the program in the package which also includes the generator. It's called Cain & Abel and you can download it from here http://www.oxid.it/cain.html
They downloaded, installed (when installing, asks whether to install winpcap, select yes).
In the main program folder there is a subfolder with the name Winrtgen, there is a table generator, run it. Click Add Table, here it is necessary to configure which tables we will have.
At the time of this writing, I generated 4-7 character tables, here are my settings, play around, there are all the data (I described in the picture) about your future table, they change with different settings.
So click OK, and again, ok, the generation has gone. By the way, you can stop and continue it whenever you want. Look like that's it.
We proceed to finding, launch the program, go to the Cracker tab and select MD5 Hashes on the left. We see an empty list, click on it with the right mouse button and select Add to list. In the opened window we enter our hash, click OK, the hash appeared in the list. Press the right button on our appeared hash and select Cryptanalysis Attack via Rainbow Tables. In the opened window click Add Table and add our tables. Click start, wait, if the table wakes up the desired value, we get the answer.
The second way, a dictionary compilation
Will come the same program, only you need dictionaries, they can be taken from here http://www.passwords.ru/dic.php http://www.passwords.ru/dic.php
Some dictionaries with the extension .dic, change to .txt
Just like in 1 method, only instead of Cryptanalysis Attack via Rainbow Tables we select Dictionary Attack, in the opened window we see an empty list, we press the right button on it and Add to list.
We choose our dictionaries. We press start, also before the start we can play with ticks, they are described in the examples. If a match is found, we get the answer that interests us.
The last method, BROUT
For brut you can also use Cain & Abel, but it's slow. I'm using barswf, so far the fastest MD5 brute I've ever seen is screaming millions of hashes per second.
Download can be here http://3.14.by/en/md5
We use it through CMD.
Example: C: \> barswf.exe -h 0575c8d592fb7b088226750aceec2b4e -ca
The program will start to brute for the hash 0575c8d592fb7b088226750aceec2b4e only small letters to see what parameters can be specified with a description, type C: \> barswf.exe
I advise you to immediately check for numbers, and then for numbers and letters.
For practical lessons, try to encrypt something here and http://www.md5encryption.com/ and then try to find out by all means.
Comments
When commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.