hashcat Forum
How to crack md5 hash where long cleartext is *almost* known? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: Old hashcat Support (https://hashcat.net/forum/forum-20.html)
+--- Thread: How to crack md5 hash where long cleartext is *almost* known? (/thread-3173.html)



How to crack md5 hash where long cleartext is *almost* known? - questme - 02-23-2014

Hi,

I have unsalted md5 hashes of longer-than-usual-passwords strings -- think of SMS or Twitter messages -- where I know more or less the cleartext, but not exactly.

For example I have the md5 hash <removed by philsmd> and know that the cleartext string is similar to "this is a example String?". How can I get hashcat to find the true cleartext, which is "this is an Example string!"? In this example one char changed from lower case to upper case, one char was added and one special char changed.

I'd like to have a way to automatically modify the string in 1, 2 or even 3 positions with changing upper/lower cases and adding/deleting a character. Is that possible with hashcat?


RE: How to crack md5 hash where long cleartext is *almost* known? - rurapenthe - 02-23-2014

Yes this is possible, using rules.

See this link to learn about rules: https://hashcat.net/wiki/doku.php?id=rule_based_attack

keep in mind though that;
1. Rules are applied to a wordlist. So your cleartexts will all go in a wordlist where hashcat will read them and apply rules.
2. Your plain text is long, hence this can become a slow process depending on how many rules you apply, and how big your wordlist is as well as how big the plain text candidates are in length.



(02-23-2014, 08:01 PM)questme Wrote: Hi,

I have unsalted md5 hashes of longer-than-usual-passwords strings -- think of SMS or Twitter messages -- where I know more or less the cleartext, but not exactly.

For example I have the md5 hash ******************* and know that the cleartext string is similar to "this is a example String?". How can I get hashcat to find the true cleartext, which is "this is an Example string!"? In this example one char changed from lower case to upper case, one char was added and one special char changed.

I'd like to have a way to automatically modify the string in 1, 2 or even 3 positions with changing upper/lower cases and adding/deleting a character. Is that possible with hashcat?



RE: How to crack md5 hash where long cleartext is *almost* known? - questme - 02-25-2014

Thanks for your reply!
However I don't understand it quite right I guess. Could you give me an example how I would get to find the string "this is an Example string!" if I have something like "this is a example String?" as the only entry in my wordlist?

Which rules should I apply? I would be able to add a rule to remove the last character, insert a ? as the last character, toggle the case of the 12th and 20th character and add a "n" at the 10th position. But that wouldn't be the kind of brute force permutation I'd like to see, I don't know which kind of modifications I need!


RE: How to crack md5 hash where long cleartext is *almost* known? - mastercracker - 02-26-2014

Look at http://hashcat.net/wiki/doku.php?id=rule_based_attack
The rule would be:
Code:
s!? TB TJ i9n
That's very specific but the goal here would to create the most common variant as a wordlist and then use rules on them:
Code:
this is a example string?
This is a example string?
This Is A Example String?
THIS IS A EXAMPLE STRING?
...



RE: How to crack md5 hash where long cleartext is *almost* known? - atom - 02-26-2014

Don't forget the "E" rule, it's exactly doing that: Lower case the whole line, then upper case the first letter and every letter after a space