MD5 hash , basic question
#1
Hello guys , I have a simple homework , to decode an MD5 hash using bruteforce: d04988522ddfed3133cc24fb6924eae9 knowing that the length of the code is 6 ( I do not know what characters) and knowing that it is md5(md5(md5 ... md5)) =10.000 times. So basically, it should take each value of 6 elements and compute md5 of md5 of dm5.... 10.000 times. I have to use just digits :0123456789
I am using windows and this is the first time when I am trying to do this but I am not sure about how to translate what I want into the code. I have created 2 txt files: cracked.txt ( I want to save here the found code) and hash.txt( here I have put my md5 that I want to decode: d04988522ddfed3133cc24fb6924eae9) in the hashcat-6.1.1 folder and I want to use brute force.
Could you guys please help me to do this?  What code do I have to run?
in the cmd , in the hashcat-6.1.1 folder I have run this: hashcat.exe -m2600 -a3 --increment --increment-min 6 --increment-max 6 -o cracked.txt hash.txt
Reply
#2
This algorithm is not implemented in hashcat.
Reply
#3
Aside from the fact that hashcat hasn't implemented this. You haven't stated what the "code" is. Is it just digits I.e. 0123456789? Lower case letters? Upper case letters? Special characters? Any valid 8bit byte value? A dictionary word. Some combination of what was just stated? Something else?

Let's assume you meant alphanumeric: 26 lower + 26 upper + 10 digits = 62. And there are 6 characters you can choose for each spot with replacement I.e. 62 to the power of 6 = 56,800,235,584 possibilities. A gtx 1080 can guess at a rate of 25 billion passwords per second for plain md5. 10,000 iterations means it'll be 10,000 times slower I.e. pps 2.5 million. 62**6/2.5e6 = ~6.3 hours.

I wouldn't expect all students to have a $600+ video card available to them, so this doesn't sound like a homework problem based on the difficulty, or there's some critical information in your assignment that you're leaving out.
Reply
#4
it has just digits 0-9


(11-22-2020, 01:20 AM)qaksmmnvkpjv Wrote: Aside from the fact that hashcat hasn't implemented this. You haven't stated what the "code" is. Is it just digits I.e. 0123456789? Lower case letters? Upper case letters? Special characters? Any valid 8bit byte value? A dictionary word. Some combination of what was just stated? Something else?

Let's assume you meant alphanumeric: 26 lower + 26 upper + 10 digits = 62. And there are 6 characters you can choose for each spot with replacement I.e. 62 to the power of 6 = 56,800,235,584 possibilities. A gtx 1080 can guess at a rate of 25 billion passwords per second for plain md5. 10,000 iterations means it'll be 10,000 times slower I.e. pps 2.5 million. 62**6/2.5e6 = ~6.3 hours.

I wouldn't expect all students to have a $600+ video card available to them, so this doesn't sound like a homework problem based on the difficulty, or there's some critical information in your assignment that you're leaving out.
Reply
#5
In that case you could write a bash or a python script to iterate over the 1,000,000 possibilities.

Something like:
password = None
for i in range(1000000):
    guess = str(i).zfill(6).encode("utf-8")
    for j in range(10000):
        guess = md5(guess)
    if guess == hash:
        password = guess
        break
print(password)
Reply
#6
yeah, in the end, this is what I have ended up doing, still waiting for the result, I guess that it should take like 20h. 

Thanks for the reply, I appreciate it.

(11-22-2020, 05:45 PM)qaksmmnvkpjv Wrote: In that case you could write a bash or a python script to iterate over the 1,000,000 possibilities.

Something like:
password = None
for i in range(1000000):
    guess = str(i).zfill(6).encode("utf-8")
    for j in range(10000):
        guess = md5(guess)
    if guess == hash:
        password = guess
        break
print(password)
Reply