Announcement

Collapse
No announcement yet.

MD5 Decryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MD5 Decryption

    I have developed a program that will attempt to decrypt a MD5 encrypted password.

    I used my forum as a testbed and I successfully cracked almost 40% of all passwords in less than a second.

    Look at this thread for more info:

    http://almostsmart.com/forums/showth...s=&postid=3739

    Executable and source is available.
    http://www.almostsmart.com/misc/sig/sig.php

  • #2
    Word of the wise... Lose the AP classes. Those were developed as educational utilities for use by the AP Board for AP tests, they are not optimized or bulletproof. I've found numerous exploits in them over the years.

    Not to mention the fact that it imediately tags and bags you as a high school student writing programs for his AP C.Sci class.
    Ryan "leadZERO" Sommers
    Gamer's Impact President
    [email protected]
    ICQ: 1019590
    AIM/MSN: leadZERO

    -= http://www.gamersimpact.com =-

    Comment


    • #3
      I'm a college student and I find the AP classes quite useful. I'm doing this on my own time.

      I had to modify the apvector class to use long ints because of the large database size when holding millions of passwords...what kind of exploits are your referring to?
      http://www.almostsmart.com/misc/sig/sig.php

      Comment


      • #4
        Buffer overflows what else.

        Overflow the buffer and you have the potential of running arbitrary code.
        Ryan "leadZERO" Sommers
        Gamer's Impact President
        [email protected]
        ICQ: 1019590
        AIM/MSN: leadZERO

        -= http://www.gamersimpact.com =-

        Comment


        • #5
          So I should have a message: Don't let people run this remotely in a server or critical environment? It's just a tool, and it works..
          http://www.almostsmart.com/misc/sig/sig.php

          Comment


          • #6
            *shrug* Whatever floats your boat.

            You're probably running it in a singleuser windows environment anyway so granted the risk is minimal. However, it only takes one vulnerability in one program to possibly lead to further exploits.

            Look at the latest CERT Advisory. Multiple vulnerabilities in MS SQL Server could lead an attacker to being granted SYSTEM privileges.
            Ryan "leadZERO" Sommers
            Gamer's Impact President
            [email protected]
            ICQ: 1019590
            AIM/MSN: leadZERO

            -= http://www.gamersimpact.com =-

            Comment


            • #7
              Point taken.

              I'll look into phasing those out if I decide to make any improvements.

              Thanks for the input.
              http://www.almostsmart.com/misc/sig/sig.php

              Comment


              • #8
                Just a note...

                MD5 is not an encryption algorithm. It is a hashing algorithm. There is computationally no way to derive the original content from a MD5 sum.

                But since you're building a brute-forcer, it's all depending on the length of the user's password. Smart admins don't usually have 4-character passwords.
                :)

                Comment


                • #9
                  MD5 is still encryption, even if it is one way encryption.

                  BTW as mentioned in the other encryption thread an 8 chracter password can be cracked in 7 days if it uses lower case letter and numbers
                  http://www.almostsmart.com/misc/sig/sig.php

                  Comment


                  • #10
                    Encryption is assuming that it's 2-way.

                    Go read 'Applied Cryptography" by Bruce Schneier please.


                    As to your comment about 8-character passwords being cracked in 7 days, why not look at the math behind it first...


                    8 chracters = 26 alphabet lower-case letters + 10 numbers

                    8 characters = nPr(36)


                    That's more than what you can do in 7 days.
                    Last edited by DirectPixel; Tue 30th Jul '02, 10:25am.
                    :)

                    Comment


                    • #11
                      Re: MD5 Decryption

                      Originally posted by Weasel526
                      ...and I successfully cracked almost 40% of all passwords in less than a second.
                      Yeah, sure...
                      http://www.mcseboard.de/images/buttons/lastpost.gif www.MCSEboard.de
                      German Windows Server & IT Pro Community dedicated to Windows Client & Server Systems. MVPs inside

                      Comment


                      • #12
                        His definition of "cracking" their passwords is matching them against a dictionary of known hashes. He basically hashes a ton of words and saves that to a dictionary file. He then compared all his users passwords against that dictionary finding a lot of matches. I didn't look into the code too much but I'm assuming he also hashed his members usernames as well.

                        IMO it's hardly "decrypting" by the normal sense of the word. Cracking, maybe. I'd call it cracking the passwords but it's not like it's that much of an accomplishment. He wasn't the first one to come up with a brute-forcing alforithum or even a MD5 one by a long shot.

                        I do applaud him on being enginuitive and attempting his own programming projects, but I don't think he should spout his numbers off as statistics when they applied to one single case. Or the fact he keeps calling it "less than a second" when it took more then a second to hash the dictionary file.
                        Ryan "leadZERO" Sommers
                        Gamer's Impact President
                        [email protected]
                        ICQ: 1019590
                        AIM/MSN: leadZERO

                        -= http://www.gamersimpact.com =-

                        Comment


                        • #13
                          Oh no not you too!

                          Next I'll have 50,000,000 spam messages to filter out saying "IF YOU DON'T BUY MY PRODUCT NOW THE GOVERNMENT WILL INVADE YOUR COMPUTER -- from eSecure."
                          Ryan "leadZERO" Sommers
                          Gamer's Impact President
                          [email protected]
                          ICQ: 1019590
                          AIM/MSN: leadZERO

                          -= http://www.gamersimpact.com =-

                          Comment


                          • #14
                            So to get into a site, you'd have to send a request each time you try a password and see if it's accepted or denied? Yahoo! freeze's your account after 3 unsucessful attempts--I think to combat this.

                            Comment


                            • #15
                              eiSecure: 8 characters is nothing.

                              As I mentioned in the other encryption (errr, hashing) thread, mdcrack can do 4,000,000 hashes per second.

                              so (32^8 / 4,000,000) / 60 / 60 / 24 is only 3.18 days

                              leadZERO: I said cracking, didn't I say cracking?

                              After you load the dictionary file (which takes all of 10 seconds after the initial (one time) sorting), it will crack as many passwords as you fancy in less than a second. Well I shouldnt say that. Cracking all of vBulletin.com's passwords would probably take more than a second, but atleast it's faster than trying to brute force each one.

                              The whole point is that this program gives you all or nothing. It doesnt try to spend days brute forcing hashes, it just does a simple binary search. If it can't find the password immediatly it can't find it at all. I admit my forum isn't the greatest test environment but when you have close to 100 users you can get a fairly good average percentage.
                              Last edited by Weasel; Tue 30th Jul '02, 1:17pm.
                              http://www.almostsmart.com/misc/sig/sig.php

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X