Friday, 25 July 2008

cracking md5 or sha1 or sha256 or sha384 or sha512

OK so someone challenged me today to crack a single word encrypted with sha256 in under 80 years.....After I stopped lol'ing i decided to give it a go..

first you need a word encrypted in sha256 - here is a nice one to test with
4e388ab32b10dc8dbc7e28144f552830adc74787c1e2c0824032078a79f227fb

now you need a box installed with python...lucky for me i have that already set up.

so now you need two more things, first a dictionary of words - easy to find online so i wont bother with that...and secondly and most importantly you need a cracker. thankfully for me someone already wrote one :)

http://packetstormsecurity.org/Crackers/aiocracker.py.txt
now incase that gets taken down for some reason im including it here

#Attempts to crack hash ( md5, sha1, sha256, sha384, sha512) against any givin wordlist.


import os, sys ,hashlib

if len(sys.argv) != 4:
print " \n beenudel1986@gmail.com"
print "\n\nUsage: ./hash.py "
print "\n Example: /hash.py "
sys.exit(1)

algo=sys.argv[1]
pw = sys.argv[2]
wordlist = sys.argv[3]
try:
words = open(wordlist, "r")
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
words = words.readlines()
print "\n",len(words),"words loaded..."
file=open('cracked.txt','a')
if algo == 'md5':
for word in words:
hash = hashlib.md5(word[:-1])
value = hash.hexdigest()
if pw == value:
print "Password is:",word,"\n"
file.write("\n Cracked Hashes\n\n")
file.write(pw+"\t\t")
file.write(word+"\n")
if algo == 'sha1':
for word in words:
hash = hashlib.sha1(word[:-1])
value = hash.hexdigest()
if pw == value:
print "Password is:",word,"\n"
file.write("\n Cracked Hashes\n\n")
file.write(pw+"\t\t")
file.write(word+"\n")
if algo == 'sha256':
for word in words:
hash = hashlib.sha256(word[:-1])
value = hash.hexdigest()
if pw == value:
print "Password is:",word,"\n"
file.write("\n Cracked Hashes\n\n")
file.write(pw+"\t\t")
file.write(word+"\n")

if algo == 'sha384':
for word in words:
hash = hashlib.sha384(word[:-1])
value = hash.hexdigest()
if pw == value:
print "Password is:",word,"\n"
file.write("\n Cracked Hashes\n\n")
file.write(pw+"\t\t")
file.write(word+"\n")


if algo == 'sha512':
for word in words:
hash = hashlib.sha512(word[:-1])
value = hash.hexdigest()
if pw == value:
print "Password is:",word,"\n"
file.write("\n Cracked Hashes\n\n")
file.write(pw+"\t\t")
file.write(word+"\n")




just copy that into a file called cracker.py, right now you have that you need to install hashlib into python...this is the tricky bit :)

http://code.krypto.org/python/hashlib/
go and download that and then do the following

sudo tar -zxvf hashlib-20060408a.tar.gz
cd hashlib-20060408a/
python setup.py build
sudo python setup.py install

now cd to where you put cracker.py and type the following

python cracker.py sha256 4e388ab32b10dc8dbc7e28144f552830adc74787c1e2c0824032078a79f227fb dictionary.txt

and you should see somthing similar to below


python cracker.py sha256 4e388ab32b10dc8dbc7e28144f552830adc74787c1e2c0824032078a79f227fb dictionary.txt

15 words loaded...
Password is: spam


Obviously I used a tiny dictionary for this example :)