hack0r.net

MD5 Brute-Forcer

Posted in Computer Related,Developement,Security by n00k on the April 22nd, 2008

I just build a short md5 brute force script in python and want to share it, maybe there is someone else out there who might find this one interesting. It is based upon john, more precisely the incremental mode. This is because the stdout flag of john does not work in the default mode, for whatever reason. If someone knows, please tell me.
I wrote it because, today I had a lecture, wherein the lecturer challenged us to reverse a given md5. The usual databases did not lead to a hit, neither did some dictionary based attacks. So I decided to have john try it, but somehow I did not get him to recognize it as an md5. Weirdly md5sum calculated md5s wrong for me, therefore I decided to create a short python script.

import os
import sys
import md5
if len(sys.argv) == 2:
    d = sys.argv[1]
    o = os.popen('john -stdout -incremental')
    for l in o:
        if md5.new(l.strip()).hexdigest() == d:
            print l.strip()
else:
    print 'usage is: ' + sys.argv[0] + ' <md5 hash>'

P.S.: If someone knows why md5sum created wrong output, please enlighten me. The shell command looked like echo "word" | md5sum .

Update (April 23rd 2008):
Today I have been told why the md5sum shell command did not work. It is, because echo ends every output with a new line. You have to use echo -n to stop this behaviour.

Update (May 6th 2008):
Yesterday I enhanced the script a little, so now it takes the hashes from a file and is also capable to brute force several hashes at the same time, which is the main cause for this enhancement. The hashes in the file can be separeted by all kind of whitespace characters recognized by split().

import os
import sys
import md5
import re
if len(sys.argv) == 2:
    f = open(sys.argv[1]).read().split()
    d = {}
    for h in f:
        if not (len(h)==32 and re.search('^[0-9a-f]{32}$', h)):
            print 'Invalid hash has been removed:', h
            f.remove(h)
        else:
            d.update( { h : None } )
    o = os.popen('john -stdout -incremental')
    for l in o:
        for h in d:
            if md5.new(l.strip()).hexdigest() == h:
                d[h] = l.strip()
                print 'Hash:', h, 'Clear:', l.strip()
                c = False
                for h in d:
                    if not d[h]:
                        c = True
                        break
                if not c:
                    for h in d:
                        print h, '= "' + d[h] + '"'
                    sys.exit(0)
else:
    print 'usage is: ' + sys.argv[0] + ' '

Popularity: unranked [?]

0 Comments

Leave a Reply