Cracking...

[polo]

(Without too much details ) I came across a table with some hash entries of the form:
$1$xxxxxxxx$xxxxxxxxxxxxxxxxxxxxxx and their respective usernames!

After some research i think i found that this is the output of the Unix function crypt() using the md5 hashing algorithm with a 'salt'

The salt is the 8-character string between the two $ signs. It's used to make dictionary type attacks *ridiculous* since a whole new "dictionary" needs to be built for every single possible salt...

All the above fhemne . But now I can't figure out the next step.

I guess the only *solution* would be to have a brute force routine calculating the output of the crypt() unix function for 1-character, 2-character, 3-character worlds, ... la haddit ma Allah yefreja... (Since I DO HAVE the salt, and I could be patient for few days i imagine...-)

Anyone can think of anything else?

If not anyone knows such an efficiently programmed routine?

Thx!

[Google]

lol. Man don't even try the thing you are thinking of. You might get married and have babies before being able to crack this via the brute force method you mentioned.
Always when dealing with such things, get a good big dictionary and then you use a routine to pass each word in the dictionary to the crypt function and then check the resulted hash against the one you have here.
If you want, you can pass me the user:password so I take a look at it.

[polo]

Quote:

Originally Posted by Edgard Chammas

lol. Man don't even try the thing you are thinking of. You might get married and have babies before being able to crack this via the brute force method you mentioned.
Always when dealing with such things, get a good big dictionary and then you use a routine to pass each word in the dictionary to the crypt function and then check the resulted hash against the one you have here.
If you want, you can pass me the userassword so I take a look at it.

hehe i knew this could take "a while"...
But I don't see though the difference between the desperate method I suggested and the method you proposed. Unless if by "dictionary" you mean only a subset of all possible strings? In all cases we will have to recompute the output of this slow crypt() function over an endless list of strings until we find the hash we're looking for. Because no way they have already been compiled somewhere due to the probable uniqueness of the 8-byte 'salt'?
Or am I missing smthg?

[Google]

Quote:

Originally Posted by polo

hehe i knew this could take "a while"...
But I don't see though the difference between the desperate method I suggested and the method you proposed. Unless if by "dictionary" you mean only a subset of all possible strings? In all cases we will have to recompute the output of this slow crypt() function over an endless list of strings until we find the hash we're looking for. Because no way they have already been compiled somewhere due to the probable uniqueness of the 8-byte 'salt'?
Or am I missing smthg?

There is a difference between my method and yours.
You are suggesting to pass aaaa....aaaa, aaaa....aaab, aaaa....aaaac, aaaa....aaad, ...., aaaa....aaba, aaaa....aabb, ..., zzzz....zzzz, aaaa....aaa0, aaaa....aaaa1, .... etc .... to the function. This approach will surely get you the right password, but after what time?!
Instead of using this, I suggested a dictionary where you pass some structured words to the function. You can also take some assumptions about the form of the password in order to let the process be faster.

[polo]

Quote:

Originally Posted by Edgard Chammas

There is a difference between my method and yours.
You are suggesting to pass aaaa....aaaa, aaaa....aaab, aaaa....aaaac, aaaa....aaad, ...., aaaa....aaba, aaaa....aabb, ..., zzzz....zzzz, aaaa....aaa0, aaaa....aaaa1, .... etc .... to the function. This approach will surely get you the right password, but after what time?!
Instead of using this, I suggested a dictionary where you pass some structured words to the function. You can also take some assumptions about the form of the password in order to let the process be faster.

yeah...i see what u mean
& still it could take ages and not be guaranteed...

So i'll have to get (or generate) a reduced list of potential combinations...

Do u know btw if there are some windows implementation of crypt, because i'm not running linux... (although i now feel this task pretty much desperate...)

[Google]

Quote:

Originally Posted by polo

yeah...i see what u mean
& still it could take ages and not be guaranteed...

So i'll have to get (or generate) a reduced list of potential combinations...

Do u know btw if there are some windows implementation of crypt, because i'm not running linux... (although i now feel this task pretty much desperate...)

The time it takes can't be compared to the one you said. In this one the time is related to the size of your dictionary and the implementation of your C program (whether it's a clean code or not).
Get the source code of this function from the internet (it's in C), let it compile on windows.

[polo]

decided to go back to this, after miserably failing the first attempt

first, is there a place where all the source files can be downloaded for crypt_md5? i found the function itself, but it uses other .h libraries, that are themselves linked to other .h etc... . surely we must be able to download all needed libraries from one place at once?

2. do you have some good suggestion to a "dictionary builder" application, where i can specify say the length, and the use of certain special characters etc... and get a huge list of strings ?

thx