crack.pl is a tool for cracking SHA1 & MD5 hashes, including a new BETA tool which can crack MD5 that have been salted. You can use a dictionary file or bruteforce and it can be used to generate tables itself.
NOTE – Salt function is currently only available for md5, you need to append ‘\’ infront of every $ while lookingup or cracking salted hash
General Usage and examples :
./crack.pl <hash to crack | table> <dictionary file |bruteforce> [sha1|md5|lookup|salt] [salt]
./crack.pl \$1\$killme\$TVUPnlxfX62j2D/fUVRqp1 bruteforce
./crack.pl 15191b869d2918ebeb0409dbee90f201 /pentest/wireless/cowpatty/dict
./crack.pl 15191b869d2918ebeb0409dbee90f201 bruteforce
./crack.pl 087e086132b9fb3b9c938ab646a4891b365c2f08 /pentest/wireless/cowpatty/dict
./carck.pl 087e086132b9fb3b9c938ab646a4891b365c2f08 bruteforce
./crack.pl table /pentest/wireless/cowpatty/dict md5 > table.md5
./crack.pl table /pentest/wireless/cowpatty/dict sha1 > table.sha1
./crack.pl table bruteforce md5 > bigtable.md5
./crack.pl table bruteforce sha1 > bigtable.sha1
./crack.pl table bruteforce md5 mysalt > table.mysalt
After generating a table you will need to remove any duplicates(if any). But there will be very little or none so this step is unnecessary and this step wll take a long time to run. Running the following will do that
sort -u <table name> -o <sorted table>
If you don’t mind some few errors in trade for space, open the source file and change $savespace=0 to $savespace=1. This will cause only the first 5 bytes of the hash to be stored and as such some two or more passwords may have the same beginning. To look up a hash,use the lookup feature.
./crack.pl <hash> <table> lookup
This will find all possible passwords and compute the correct one, please note that fat32 system will store up to 4GB only. While generating a table the software will start from ‘aaaaaa’ onwards (six letters and up).
Less than six letter password is cracked within minutes (four minutes on mine;) ).
This will crack md5 hashes of salted hash. The results are displayed within ‘singe ticks’.
TIP : most applications set the salt as the username :)
: I made a program to generate random strings (genrandom.pl) the list there should definitely pass through sorting and there is absolutly no guarantee that the salt/pass will be included
./crack_salted.pl <hash> <salt|-f salt_file> <method>
This is still in development
(a windows copy of make may be downloaded from http://gnuwin32.sourceforge.net/packages/make.htm)
$ cd Crypt-PasswdMD5
$ perl Makefile.PL
$ make test
You can download crack BETA 6 here:
Or preferably use the SVN.