Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

MD5 Cracker

by Alien (Monk)
on Nov 15, 2006 at 18:59 UTC ( #584254=sourcecode: print w/ replies, xml ) Need Help??

Category: Utility Scripts
Author/Contact Info Alien
Description: Simple script if you have a md5 hash and want to crack it !
#!/usr/bin/perl 
#attempts to crack a md5 hash using a dictionary file
#you run the program this way
# perl md5 hash_to_crack dictionary_file


use warnings; 
use strict;
use Digest::MD5 qw(md5_hex); 
my $hash=shift || die "Give me a hash to crack\n";
my $file=shift || die "Give me a dictionary file\n";
open(F,$file) || die "can't open the file\n";
while(<F>)
{
print "Processing $_";
chomp($_);
my $t=md5_hex($_);
print " $t\n";
die "Found it -> $_\n" if($t eq $hash);
}

Comment on MD5 Cracker
Download Code
Re: MD5 Cracker
by parv (Priest) on Nov 16, 2006 at 05:48 UTC
    I like the fact that success is printed on (default) standard err, while the progress goes to (default) standard out so that both output may be redirected elsewhere independently.
      Howver, the error codes are a bit screwy, and this seems like just the thing you'd want to automate.
      . . . if ($t eq $hash) { print STDERR "Found it -> $_\n" exit(0); } } exit(1);
Re: MD5 Cracker
by fenLisesi (Priest) on Nov 16, 2006 at 10:53 UTC
    Could someone call this with a filename such as '> $INTERESTING_FILE'? Cheers.

    Update: I see that I did not explain my point well at all ($INTERESTING_FILE is meant to be a shell var, for one). Let me put forth a worst case scenario: A crazed admin installs this utility setuid root and a user calls it with a string that will cause this utility to open the system password file in write mode. Typically, it would just be able to mess up the files on which the user already has write access, which is not a big problem. It is probably best, though, to always keep in mind the concentric-circles approach to security and use Taint, avoid the shell, etc. Also, Corion mentioned in the CB that a self-respecting developer would salt the data passed by the user, so even if the data were a dictionary word, this utility would not work.

Re: MD5 Cracker
by Limbic~Region (Chancellor) on Nov 16, 2006 at 15:02 UTC
    Alien,
    You have several issues with your post. First, you aren't following some best practices:
    • 3 arg open (fenLisesi points out the danger above)
    • lexical filehandle
    • indentation

    Additionally, you fail to mention Salt (cryptography). Your title is also misleading. It seems to imply you can crack any MD5 hash when in fact it could only find entries in the user provided dictionary.

    Cheers - L~R

Re: MD5 Cracker
by geekphilosopher (Friar) on Dec 10, 2006 at 18:39 UTC
    If you're interested in breaking cryptography, you may want to check out Rainbow Tables, which can also be used to break (unsalted) hashes such as MD5.
b022f705c2f8fbb151a0751c946bc419
by Anonymous Monk on May 05, 2007 at 09:07 UTC
    Reaped: Re: MD5 Cracker
    by NodeReaper (Curate) on May 24, 2007 at 09:51 UTC
    Re: MD5 Cracker
    by Anonymous Monk on Sep 12, 2011 at 17:44 UTC
      789cd90a0da2de01d8484f8205f6aabe

    Back to Code Catacombs

    Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Node Status?
    node history
    Node Type: sourcecode [id://584254]
    help
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others cooling their heels in the Monastery: (13)
    As of 2014-12-17 22:23 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      Is guessing a good strategy for surviving in the IT business?





      Results (37 votes), past polls