crack.pl – SHA1 & MD5 Hash Cracking Tool

Use Netsparker


crack.pl is a tool for cracking SHA1 & MD5 hashes, including a new BETA tool which can crack MD5 that have been salted. You can use a dictionary file or bruteforce and it can be used to generate tables itself.

NOTE – Salt function is currently only available for md5, you need to append ‘\’ infront of every $ while lookingup or cracking salted hash

General Usage and examples :

After generating a table you will need to remove any duplicates(if any). But there will be very little or none so this step is unnecessary and this step wll take a long time to run. Running the following will do that

If you don’t mind some few errors in trade for space, open the source file and change $savespace=0 to $savespace=1. This will cause only the first 5 bytes of the hash to be stored and as such some two or more passwords may have the same beginning. To look up a hash,use the lookup feature.

This will find all possible passwords and compute the correct one, please note that fat32 system will store up to 4GB only. While generating a table the software will start from ‘aaaaaa’ onwards (six letters and up).
Less than six letter password is cracked within minutes (four minutes on mine;) ).


crack_salted.pl

This will crack md5 hashes of salted hash. The results are displayed within ‘singe ticks’.

TIP : most applications set the salt as the username :)
: I made a program to generate random strings (genrandom.pl) the list there should definitely pass through sorting and there is absolutly no guarantee that the salt/pass will be included

This is still in development

Installing Crypt::PasswdMD5

(a windows copy of make may be downloaded from http://gnuwin32.sourceforge.net/packages/make.htm)
$ cd Crypt-PasswdMD5
$ perl Makefile.PL
$ make
$ make test

You can download crack BETA 6 here:

crack.zip

Or preferably use the SVN.

Posted in: Hacking Tools, Password Cracking

, , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


3 Responses to crack.pl – SHA1 & MD5 Hash Cracking Tool

  1. GZero July 29, 2009 at 1:47 pm #

    Didn’t expect to see this sort of thing on Darknet…

    If you’re looking to crack MD5/SHA1, salted or not, this is NOT the way to approach it.

    Crypt::PasswdMD5 is a pure perl implementation of the MD5 algorithm. It is an order of magnitude slower than, say, the OpenSSL implementation, and just will not cut it where speed is an issue.

    If you’re in any doubt, hashing algorithms should be implemented using efficient, low level languages. Scripting languages are just not built to do fast floating point operations.

    I’m not even going to mention the total lack of cracking specific optimization. Byte swapping techniques are public domain and make such a big difference that they’re a must have.

    “You can use a dictionary file or bruteforce and it can be used to generate tables itself.”

    What tables are these? Do you mean dictionary files? I see no collision finding code in the 270 line crack_beta.pl, so I’m guessing it’s a dictionary file.

    My 2p…

  2. Alan July 29, 2009 at 2:21 pm #

    I’m pretty sure that they are referring to rainbow tables and not dictionaries.

  3. Darknet July 30, 2009 at 7:52 am #

    GZero: Well I’m not endorsing it or saying it’s the best way, but I appreciate when someone tries their hand at writing something and is willing to share the code with the rest of the world. There are better methods to programmatically crack hashes, but then with the masses of CPU power available now (quad core 2Ghz+ in a home PC?) they aren’t so relevant. I just thought this was worth sharing that’s all.