MD5 Brute-Forcer
I just build a short md5 brute force script in python and want to share it, maybe there is someone else out there who might find this one interesting. It is based upon john, more precisely the incremental mode. This is because the stdout flag of john does not work in the default mode, for whatever reason. If someone knows, please tell me.
I wrote it because, today I had a lecture, wherein the lecturer challenged us to reverse a given md5. The usual databases did not lead to a hit, neither did some dictionary based attacks. So I decided to have john try it, but somehow I did not get him to recognize it as an md5. Weirdly md5sum calculated md5s wrong for me, therefore I decided to create a short python script.
import os
import sys
import md5
if len(sys.argv) == 2:
d = sys.argv[1]
o = os.popen('john -stdout -incremental')
for l in o:
if md5.new(l.strip()).hexdigest() == d:
print l.strip()
else:
print 'usage is: ' + sys.argv[0] + ' <md5 hash>'
P.S.: If someone knows why md5sum created wrong output, please enlighten me. The shell command looked like echo "word" | md5sum .
Update (April 23rd 2008):
Today I have been told why the md5sum shell command did not work. It is, because echo ends every output with a new line. You have to use echo -n to stop this behaviour.
Update (May 6th 2008):
Yesterday I enhanced the script a little, so now it takes the hashes from a file and is also capable to brute force several hashes at the same time, which is the main cause for this enhancement. The hashes in the file can be separeted by all kind of whitespace characters recognized by split().
import os
import sys
import md5
import re
if len(sys.argv) == 2:
f = open(sys.argv[1]).read().split()
d = {}
for h in f:
if not (len(h)==32 and re.search('^[0-9a-f]{32}$', h)):
print 'Invalid hash has been removed:', h
f.remove(h)
else:
d.update( { h : None } )
o = os.popen('john -stdout -incremental')
for l in o:
for h in d:
if md5.new(l.strip()).hexdigest() == h:
d[h] = l.strip()
print 'Hash:', h, 'Clear:', l.strip()
c = False
for h in d:
if not d[h]:
c = True
break
if not c:
for h in d:
print h, '= "' + d[h] + '"'
sys.exit(0)
else:
print 'usage is: ' + sys.argv[0] + ' '
Popularity: unranked [?]
Bakkalaureatsarbeit
On monday I finished my Bakkalaureatsarbeit. Its somewhat like a bachelor. So I only have to take some more exams, that I even though need for my diploma and then I am allowed to put a BSc in front of my name \begin{proudness} · · · \end{proudness}.
It deals with the subject of making web application vulnerability scanners more effective. We started developing a web application scanner nearly a year ago as a project from the university, on which this elaboration bases. There are some pretty new approaches build in the scanner that are, as far as I know, completely new in web application scanning software developed so far. I am working on this project with Daniel Kreischer, with whom I also wrote the Bakkalaureatsarbeit, and Martin Johns, who supervised the project and paper and gave us many hints, ideas and inspirations.
The scanner itself is not yet ready for release, since it is still under heavy construction to implement all the described features and ideas, but it is supposed to be in the near future. We already tried to hold a talk at the 24C3 last year about this project in an earlier state, but were rejected (at least in the last round as we heard).
If you are interested in this topic or just curious, here is the link to the paper “Bakkalaureatsarbeit: Similarity Examinations of Webpages and Complexity Reduction in Web Application Scanners”. Well it spans over 60 pages so its a little bit more than a usual paper, but if you are already familiar with the web itself and web application security you can certainly skip the first part.
If you are having ideas, concerns or any kind of suggestion, please share it with us.
Popularity: unranked [?]