[Python]md5 random cracker

[cyborgs.txt]

Hi !
I already posted this on other forum but I thought it would be good to share it here to.

So think about this scenario:
    You really need to crack one hash but it's not in online databases.
    Dictionary attack was unsuccessful.
    You tried bruteforce attack but after you bruteforce range 1-8 it could take years to crack it so you gave up from bruteforcing.

So I made this random bruteforcer in python:http://pastebin.com/0KQtFLVu
It tries random passwords in given range.
At this moment it supports only md5 but I may add supports for other algorithams.

If you find any bug or you have advice about making it faster/better please post.

[ande]

Statistically you are better of keep on trying all possible combinations (Brute force the right way) than trying random sequences. Especially since this script will try many combinations multiple times over time.

Nonetheless, could be worth something to someone. But fix your BBcode mess. Oh and.. You dont need to virustotal source code..

[Psycho_Coder]

TBH you just copy pasted it from somewhere and maybe it is your own post or you might have just leeched it

Whatever it is you should definitely format your thread properly. It looks like trash. Now lets come to code :-

1. Why do you think that just checking to the length = 32 is enough to check if a stream of characters of len 32 is an md5 hash ?

Code: [Select]

if hashLen !=32:
        print "error your hash is invalid please submit valid MD5 hash"
        hashCracker()
    else:
        pass

also what is the need for that dangling else ? its useless.

Here See this :-



You could use this regex to confirm is a character stream could be MD5 hash or not "^[a-fA-F0-9]{32}$"

2. You could have made it Python 3 compatible too

3. A multi threaded Cracking would be nice.

[cyborgs.txt]

It's my post.Look at the username.
Thanks for the suggestions,I'll try to make some changes today.
Sorry for bad formating I am new to forums.


EDIT:
I updated the script.
@Psycho_Coder I solved first problem by converting input to integer and exception handling.

[d4rkcat]

Hey, this might be a good way to start off learning python.
But make no mistake, this is 100% useless in the real world, no-one in their right mind would ever use this to crack passwords.
Again, good way to learn coding, so i applaud you for the idea, entirely useless though.

[Deque]

    You tried bruteforce attack but after you bruteforce range 1-8 it could take years to crack it so you gave up from bruteforcing.

So I made this random bruteforcer in python:http://pastebin.com/0KQtFLVu
It tries random passwords in given range.

My suggestion is that you get basic skills in mathematics (stochastic to be more specific), because then you would realize instantly that this approach is worse than bruteforcing.

Let's just assume the hash was made off of an 8 char password.
And let's assume you are randomly creating 8 char strings for cracking (which is an optimal case for you, because you usually don't know the length) using a range of 94 different characters (what is the default of your script if I am not mistaken).

The probability to get the password right for one try is:
(1 / 94)^8 = 1.6405.. × 10^-16

The expected number of trials until you solve the hash is:
1 / ((1 / 94)^8) = 94^8
= 6095689385410816

Doing the same by bruteforcing will take a maximum of 94^8 trials until you have it for sure.
Whereas the same value is just the number of expected trials for random passwords and it is not sure that you ever get the password this way.

[proxx]

My suggestion is that you get basic skills in mathematics (stochastic to be more specific), because then you would realize instantly that this approach is worse than bruteforcing.

Let's just assume the hash was made off of an 8 char password.
And let's assume you are randomly creating 8 char strings for cracking (which is an optimal case for you, because you usually don't know the length) using a range of 94 different characters (what is the default of your script if I am not mistaken).

The probability to get the password right for one try is:
(1 / 94)^8 = 1.6405.. × 10^-16

The expected number of trials until you solve the hash is:
1 / ((1 / 94)^8) = 94^8
= 6095689385410816

Doing the same by bruteforcing will take a maximum of 94^8 trials until you have it for sure.
Whereas the same value is just the number of expected trials for random passwords and it is not sure that you ever get the password this way.

*And she wipes the table clean.

[cyborgs.txt]

My suggestion is that you get basic skills in mathematics (stochastic to be more specific), because then you would realize instantly that this approach is worse than bruteforcing.

Let's just assume the hash was made off of an 8 char password.
And let's assume you are randomly creating 8 char strings for cracking (which is an optimal case for you, because you usually don't know the length) using a range of 94 different characters (what is the default of your script if I am not mistaken).

The probability to get the password right for one try is:
(1 / 94)^8 = 1.6405.. × 10^-16

The expected number of trials until you solve the hash is:
1 / ((1 / 94)^8) = 94^8
= 6095689385410816

Doing the same by bruteforcing will take a maximum of 94^8 trials until you have it for sure.
Whereas the same value is just the number of expected trials for random passwords and it is not sure that you ever get the password this way.

well as d4rkcat sais it's really more usefull for learning than everything else
.I was frustrated that I can't crack one hash(I tried bruteforcing and online databases).
So I was thinking like this:


it's not in online databases so why bothering downloading  15 gb wordlist that contain same words as the database(correct me if i'm wrong).
with bruteforce attack i am going to get password but it will take a lot of time I tried that aniway.
Then I started bruteforce attack with Cain.After few days hash still wasn't cracked.


If password was like 20 characters everything will be useless as it will take thousands of years to crack it.


My original idea was not totally random bruteforce like this but to bruteforce different ranges instead of going in order(like if you choose minimum 10 and maximum 15 one part of the time it will bruteforce one range and other part of time different range).


Main problem of this script is that same password will be tried multiple time


Will checking if password is tried(let's say check from the list) save some time in cracking or it will do the opposite?


So is :
     time to check if password is tried<time to hash the string and compare it to the inputed hash
     or
     time to check if password is tried>time to hash the string and compare it to the inputed hash
     ?


I know this is pretty useless script(except for learning) that's why I said in comments that you should use it as your last option.

[Deque]

Will checking if password is tried(let's say check from the list) save some time in cracking or it will do the opposite?

It would save the time to create a hash, but the more passwords you created the more often your algorithm will end up creating useless passwords over and over until it finds one that isn't already used. Also: the memory that you need to hold the already generated passwords will increase a lot.

If password was like 20 characters everything will be useless as it will take thousands of years to crack it.

My original idea was not totally random bruteforce like this but to bruteforce different ranges instead of going in order

There is no benefit of having randomly generated passwords compared to generate in order.
The amount of steps or time that it takes will be the same. In both cases you need luck to get the answer early.

[immortalghost]

I've thought of doing something like this. One improvement is social engineering options for searching.

for example most people are idiots so searching for words is the way to go

however someone intelligent would have numbers in it, probably at the end.

security experts would most likely have special characters, numbers, capital letters etc.

If it isn't required they will probably still follow these rules, if it is the website has one upped you already.

Whether this will improve speed over brute forcing every combination in order is something to test

[proxx]

You can also scramble the wordlist if that makes you feel any better, does not statistically make it more efficient.

[cyborgs.txt]

I've thought of doing something like this. One improvement is social engineering options for searching.

for example most people are idiots so searching for words is the way to go

however someone intelligent would have numbers in it, probably at the end.

security experts would most likely have special characters, numbers, capital letters etc.

If it isn't required they will probably still follow these rules, if it is the website has one upped you already.

Whether this will improve speed over brute forcing every combination in order is something to test

I think hashcat has option where you can put rules about how will password will be generated(like put numbers at the end,capital letters at beginning,try 0 instead of o,...)

[cyborgs.txt]

It would save the time to create a hash, but the more passwords you created the more often your algorithm will end up creating useless passwords over and over until it finds one that isn't already used. Also: the memory that you need to hold the already generated passwords will increase a lot.

There is no benefit of having randomly generated passwords compared to generate in order.
The amount of steps or time that it takes will be the same. In both cases you need luck to get the answer early.

I think the idea has been born...so I will generate a lot of passwords during this process.


Passwords that I will store in list are useless trash but why not make wordlist from that passwords!


Most wordlists I saw are well ...made of words but the wordlist I would made from this would be made totally random characters!
Maybe I could make more advanced cracker that would have different modes:
1.regular bruteforce
2.dictionary attack
3.random bruteforce with extra options(checking if passwords are already tried&wordlist generator)


Of course I wouldn't store passwords during process but on exit.


Am I overcomplicating?Is this good idea?


   

[HTH]

Just thought I'd throw out that this algorithm is actually awful
because the chance of advancing your solution set gets lower as time goes on. I know its like beating a dead horse. But I want to show

Since it prints attempts but from what I see doesnt store then the chance of increasing your solution set is equal to:

P = 1-((T-1)/94^8)
where P is between 0 and 1 and T is a number that represents how many unique guesses youve generated so far

As the passwords you have tried increases the chances you repeat a password does as well, it starts out at 1, a sure thing, but halfway in, you're generating 2 for every new password you get, 90% done, you're creating 10 to get one new one, and for the last one you can be expected to create 94^8 passwords, yes JUST to get the last possible attempt youre program would run through the same amount as a bruteforce would to get the answer for sure.

In fact, to generate the full wordlist  at least once, your program would run about
sum(T=1->94^8) 1/P

Which wolfram alpha kindly informed me had zero chance of ever getting completed, at least for me. So I used  10000,100000, and 1000000 possibilities just for an efficiency calculation. It would run roughly 48000 times, 722000 times and 25 MILLION times respectively. I would assume that efficiency would degrade in a similar fashion all the way through, so I'd say its very fair to assume random guesses would take 500 times as long as straight bruteforcing for an 8 char string.

And thats if you know the string size.

No hate, good programming exercise, just making sure nobody who ever reads this thinks its a good idea

[frog]

In regard to making MD5 hash brute forcing practical, I would suggest using hashcat and buying a decent GPU. Hashcat will work with AMD and Nvidia cards, and this makes cracking hashes of all types practical to some degree.

If you look at the attached screenshot of my hashcat session brute forcing a set of 9 MD5 hashes, you can see that it will take just under 3 hours to brute force the entire 8 character set. 4 out of 9 hashes have already been cracked and it took < 3 minutes to do so. Character sets 1-6 took less than 10 seconds. The rate of progress is measured in MH/s(Megahashes a second). Right now my GPU is guessing 821 Million times a second. This rate will change depending on the hash type.

As you work through the key-space of each character set the time will increase exponentially. That's why having a decent GPU is so important. Let me explain.

Initially it's important to understand the units of measurement describing the potential of a GPU to perform math and comparisons in a parallel processing fashion(hash cracking). The mathematical potential of an AMD GPU is measured in "Stream processing units". The mathematical potential of an Nvidia GPU is rated in 'CUDA' cores. I have an Nvidia card atm so I will use 'CUDA' core count in my example.

My GTX550ti(cost ~150) has 192 'CUDA' cores and you see the current results with hashcat. If I bought a GTX760(costs ~250), it would have 1152 'CUDA' cores. This means that I should get a theoretical increase in performance to a factor of 6. That would make brute-forcing with the GPU even more practical.

A GPU is a terrible thing to waste. Especially when you can (effectively) crack hashes on a $150 card.