It often happens that you need to find out the password, having only a hash in your hands. You can use your computer to enumerate options, but it is much faster to use an existing database. Even public databases contain tens of millions of hash-password pairs, and searching through them through the cloud service takes a matter of seconds.
There are several zettabytes of digital data in the world, but not all of this information is unique: replays are scattered across billions of media and servers. Regardless of the type of data, working with them requires solving the same fundamental problems. These are redundancy reduction through partial replay elimination (deduplication), integrity checking, incremental backups, and user authorization. Of course, the last aspect interests us most, but all these techniques are based on common data processing methods using hashing. There are cloud services that allow you to use this procedure faster - for well-known purposes.
At first glance, it seems strange that different tasks use a common procedure for calculating and comparing checksums or hashes - bit sequences of fixed length. However, this method is really versatile. Checksums serve as a kind of digital fingerprints of files, keys, passwords and other data, called messages in cryptography. Hashes (or digests, from the English digest) allow you to compare them with each other, quickly detect any changes and secure access checks. For example, using hashes, you can check whether the entered passwords match without passing them in clear text.
Mathematically, this process is performed by one of the hashing algorithms - an iterative transformation of data blocks into which the original message is split. The login can be anything from a short password to a huge database. All blocks are cyclically appended with zeros or truncated to a given length until a fixed-size digest is received.
Hashes are usually written in hexadecimal form. So it is much more convenient to compare them in appearance, and the record is four times shorter than the binary one. The shortest hashes are obtained using Adler-32, CRC32 and other algorithms with a digest length of 32 bits. The longest ones are for SHA-512. In addition to them, there are a dozen other popular hash functions, and most of them are capable of calculating digests of intermediate length: 160, 224, 256 and 384 bits. Attempts to create a function with an increased hash length continue, because the longer the digest, the more different variants the hash function can generate.
UNIQUE IS THE KEY TO RELIABILITY
The uniqueness of the hash is one of its key properties, which determines the cryptographic strength of the encryption system. The fact is that the number of possible password options is theoretically infinite, but the number of hashes is always finite, albeit very large. Digests of any hash function will be unique only to a certain extent. Powers of two, to be precise. For example, the CRC32 algorithm gives many of 232 options, and it is difficult to avoid repetition. Most of the other functions use digests with a length of 128 or 160 bits, which dramatically increases the number of unique hashes - up to 2128 and 2160, respectively.
The coincidence of hashes from different source data (including passwords) is called a collision. It can be random (occurs on large amounts of data) or pseudo-random - used for attack purposes. The collision effect is used to break various cryptographic systems - in particular, authorization protocols. All of them first calculate the hash from the entered password or key, and then transmit this digest for comparison, often adding a portion of pseudo-random data to it at some stage, or use additional encryption algorithms to enhance protection. The passwords themselves are not saved anywhere: only their digests are transmitted and compared. What matters here is
PSEUDOREVERS
It is impossible in principle to perform the reverse transformation and get the password directly from the hash, even if you clear it of the salt, since hashing is a one-way function. Looking at the received digest, it is impossible to understand either the volume of the initial data or their type. However, you can solve a similar problem: generate a password with the same hash. Due to the collision effect, the task is simplified: you may never know the real password, but you will find a completely different one, which gives the required digest after hashing using the same algorithm.
To do this, you have to do nothing at all - calculate 2128 pairs of the form password - hash or an order of magnitude more - depending on the length of the digest of the selected function. However, all these deuces are pretty damn scary only if you think about the modest capabilities of your own car. It is good that the speed of finding a password by its hash today does not necessarily depend on the computing power of the attacker's computer, since in many cases this does not require a long search. Much has already been done before us.
Calculation optimization methods appear literally every year. They are being handled by the teams of HashClash, Distributed Rainbow Table Generator and other international cryptographic computing projects. As a result, hashes have already been calculated for each short combination of printable characters or a variant from the list of typical passwords. They can be quickly compared to the intercepted one until a complete match is found.
This used to take weeks or months of CPU time, which in recent years has been reduced to a few hours thanks to multicore processors and brute-force cuts in CUDA and OpenCL-enabled programs. Admins load the servers with table calculations during downtime, while others lease a virtual cluster in Amazon EC2.
SEARCH XOR CALCULATE
Popular hashing algorithms work so fast that by now it has been possible to create hash-password pairs for almost all possible variants of functions with a short digest. In parallel, functions with a hash length of 128 bits or more find flaws in the algorithm itself or in its specific implementations, which greatly simplifies hacking.
In the nineties, the MD5 algorithm, written by Ronald Rivest, became extremely popular. It has become widely used when authorizing users on websites and when connecting to client application servers. However, further study of it showed that the algorithm is not reliable enough. In particular, it is vulnerable to pseudo-random collision attacks. In other words, it is possible to deliberately create another sequence of data, the hash of which will exactly match the known one.
Since message digests are widely used in cryptography, in practice, the use of the MD5 algorithm today leads to serious problems. For example, such an attack could spoof an x.509 digital certificate. Among other things, SSL certificate forgery is possible, allowing an attacker to pass off his fake as a trusted root certificate (CA). Moreover, in most sets of trusted certificates it is easy to find those that still use the MD5 algorithm for signing. Therefore, the entire public key infrastructure (PKI) is vulnerable to such attacks.
A grueling brute-force attack will have to be done only in the case of really complex passwords (consisting of a large set of random characters) and for hash functions with long digests (from 160 bits), which have not yet found serious flaws. A huge mass of short and dictionary passwords today are broken in a couple of seconds using online services.
CLOUD FRONT FIGHTERS
1. The
You do not have permission to view link
Log in or register now.
has been around for almost eight years. It helps to crack MD5, SHA-160 and NTLM digests. The current number of known couples is 43.7 million. Several hashes can be uploaded to the site at once for parallel analysis. Passwords containing Cyrillic and non-English alphabets are sometimes found, but displayed in the wrong encoding. There is also a constant competition for cracking passwords by their hashes, and utilities are available to facilitate this task - for example, programs for combining lists of passwords, reformatting them and eliminating duplicates.
HashKiller is not friendly with Cyrillic, but knows Cyrillic passwords.
Hash killer found three passwords out of five in half a second.
2. "Crack-station" supports working with hashes of almost all types actually used. LM, NTLM, MySQL 4.1+, MD2 / 4/5 + MD5-half, SHA-160/224/256/384/512, ripeMD160 and Whirlpool. Up to ten hashes can be loaded at a time for analysis. The search is carried out on an indexed base. For MD5, it is 15 million pairs (about 190 GB) and about 1.5 million for every other hash function.
Crack Station finds many dictionary passwords even by NTLM hashes.
According to the assurances of the creators, the database includes all words from the English-language version of Wikipedia and most of the popular passwords collected from public lists. Among them there are also tricky options with case change, litspik, character repeat, mirroring and other tricks. However, random passwords even with five characters become a problem - in my test, half of them were not found even by LM hashes.
Crack Station can hardly crack random passwords of five characters or more, even using LM hashes.
3. CloudCracker.net is a free service for instant password search using MD5 and SHA-1 hashes. The type of digest is determined automatically by its length. So far, CloudCracker only matches hashes of some English words and common passwords, like admin123. It does not recover even short passwords from random character sets such as D358 from the MD5 digest.
Cloud Cracker instantly finds dictionary passwords by their hashes.
4. Service MD5Decode.com contains a database of passwords for which MD5 values are known. It also shows all other hashes that match the found password: MD2, MD4, SHA (160-512), RIPEMD (128-320), Whirlpool-128, Tiger (128-192 in 3-4 passes), Snefru-256, GOST, Adler-32, CRC32, CRC32b, FNV (132/164), JOAAT 8, HAVAL (128–256 in 3–5 passes). If the number of passes is not specified, then the function calculates the hash in one pass.
There is no proper search on the site yet, but the password or its hash can be written directly in the address bar of the browser by adding it after the site address and the / encrypt / prefix.
MD5Decode service knows all types of hashes from dictionary passwords
5. The project with the self-explanatory name MD5Decrypt.org also allows you to find a match only between the password and its MD5 hash. But it has its own database of 10 million pairs and an automatic search across 23 databases of friendly sites. The site also has a hash calculator for calculating digests from the entered message using the MD4, MD5 and SHA-1 algorithms.
MD5Decrypt finds compound dictionary passwords, but accepts hashes for analysis only one at a time.
Another site, MD5Lab.com, is hosted by CloudFare in San Francisco. It is inconvenient to search for it yet, although the base is growing rather quickly. Just take a note.
Looking for hashes by Google
Not all services are ready to provide the service of searching passwords by hashes for free. Somewhere registration is required and a ton of advertising is spinning, and on many sites you can also find advertisements for a paid hacking service. Some of them really use powerful clusters and load them, putting the sent hashes in the task queue, but there are also common rogues. They perform free searches for money, taking advantage of the ignorance of potential customers.
Instead of promoting honest services here, I suggest using a different approach - finding hash / password pairs in popular search engines. Their spider robots scour the web every day to collect new data, including recent entries from rainbow tables.
So to get started, just write the hash in the google search bar. If some dictionary password matches it, then it (as a rule) will be displayed among the search results already on the first page. Single hashes can be manually googled, while large lists can be handled more conveniently using the BozoCrack script.
UNIVERSAL APPROACH
Among the ten hash functions, MD5 and SHA-1 are the most popular, but the same approach applies to other algorithms. For example, the SAM registry file in Windows by default stores two digests for each password: LM hash (a legacy type based on the DES algorithm) and NT hash (created by converting a Unicode password entry using the MD4 algorithm). The length of both hashes is the same (128 bits), but the LM security is significantly lower due to many simplifications of the algorithm.
Gradually, both types of hashes are being replaced by more reliable authorization options, but many people still use this old scheme in its original form. Having copied the SAM file and decrypted it with the system key from the SYSTEM file, the attacker obtains a list of local accounts and the control values stored for them - hashes.
Next, the cracker can find a sequence of characters that matches the administrator's hash. So he will get full access to the OS and leave fewer traces in it than with a crude hack using a banal password reset. Let me remind you that due to the collision effect, the correct password will not necessarily be the same as that of the real owner of the computer, but for Windows there will be no difference between the two. As Bad Religion sang, "Cause to you I'm just a number and a clever screen name."
A similar problem exists in other authorization systems. For example, in the WPA / WPA2 protocols, which are widely used when creating a secure connection over Wi-Fi. During the connection between the wireless device and the access point, a standard exchange of initial data, including handshake, occurs. During the handshake, the cleartext password is not transmitted, but the key based on the hash function is sent over the air. The necessary packets can be intercepted by switching the Wi-Fi adapter receiver to the monitoring mode using the modified driver. Moreover, in some cases it is possible not to wait for the moment of the next connection, but to initiate this procedure forcibly by sending a broadcast deauth request to all connected clients.
Having saved the file or files with a handshake, you can extract the password hash from them and either find out the password itself, or find some other that the access point will accept in the same way. Many online services offer to analyze not only the pure hash, but also the file with the recorded handshake. Typically, you need to specify the pcap file and the SSID of the selected access point, as its identifier is used to generate the PSK.
The proven resource CloudCracker.com, which has been written about in recent years by all and sundry, still wants money for it. GPUHASH.me accepts bitcoins. However, there are also free sites with a similar function. For example, DarkIRCop.
So far, not all hash-password pairs are found with the help of online services and rainbow tables. However, functions with a short digest have already been defeated, and short and dictionary passwords are easy to detect even by SHA-160 hashes. Especially impressive is the instant search for passwords by their digests using Google. This is the easiest, fastest and completely free option.