Heres one for the noobs.

Printable View

02-27-2008, 07:40 PM
~~smart~fool~~

Heres one for the noobs.

Not really noobish but may save you some time. Don't go rainbowing an md5 until you try these sites. They match md5 hashes with their dictionary, doesnt work on most things but could be useful on noob passwords and such. Enjoy

[url]http://gdataonline.com/seekhash.php[/url]

[url]http://md5decrypter.com/[/url]
02-27-2008, 08:07 PM
Moonbat

Those are nice sites, but you also forgot milw0rm, they have a nice MD5 cracker.
02-28-2008, 07:55 PM
coz

Note: Few of them sites might get down due to load and/or various other reasons.

[B]MD5 + LM + SHA-* Hash Online Cracking Sites[/B] from ([url]http://digitalmafia.in/root/node/20[/url])

[url]http://www.md5lookup.com/[/url]

[url]http://md5.rednoize.com[/url]

[url]http://nz.md5.crysm.net[/url]

[url]http://us.md5.crysm.net[/url]

[url]http://www.xmd5.org[/url]

[url]http://gdataonline.com[/url]

[url]http://www.hashchecker.com[/url]

[url]http://passcracking.ru[/url]

[url]http://www.milw0rm.com/md5[/url]

[url]http://plain-text.info[/url]

[url]http://www.securitystats.com/tools/hashcrack.php[/url]

[url]http://www.schwett.com/md5/[/url]

[url]http://passcrack.spb.ru/[/url]

[url]http://shm.pl/md5/[/url]

[url]http://www.und0it.com/[/url]

[url]http://www.neeao.com/md5/[/url]

[url]http://md5.benramsey.com/[/url]

[url]http://www.md5decrypt.com/[/url]

[url]http://md5.khrone.pl/[/url]

[url]http://www.csthis.com/md5/index.php[/url]

[url]http://www.md5decrypter.com/[/url]

[url]http://www.md5database.net/[/url]

[url]http://md5.xpzone.de/[/url]

[url]http://www.milw0rm.com/md5/info.php[/url]

[url]http://md5.geeks.li/[/url]

[url]http://www.cmd5.com/english.aspx[/url]

[url]http://www.md5.altervista.org/[/url]

[url]http://md5.overclock.ch/biz/index.php?p=md5crack&l=en[/url]

[url]http://alimamed.pp.ru/md5/[/url]

[url]http://md5crack.it-helpnet.de/index.php?op=add[/url]

[url]http://cijfer.hua.fi/[/url]

[url]http://shm.hard-core.pl/md5/[/url]

[url]http://www.mmkey.com/md5/HOME.ASP[/url]

[url]http://www.thepanicroom.org/index.php?view=cracker[/url]

[url]http://www.securitydb.org/cracker/[/url]

[url]http://www.md5encryption.com/[/url]

[url]http://www.hashreverse.com/[/url]

[url]http://rainbowtables.net/services/results.php[/url]

[url]http://0ptix.co.nr/md5[/url]

[url]https://www.astalavista.net/?cmd=rainbowtables[/url]

[url]http://ice.breaker.free.fr/[/url]

[url]http://www.md5this.com[/url]

LM-HASH Only:

[url]http://sys*five.ath.cx:8080/hak5rtables/[/url]

[url]http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/[/url]
SHA*:

[url]http://www.md5encryption.com/[/url]

[url]http://rainbowcrack.com/[/url]

[url]http://www.hashreverse.com/[/url]

[url]http://rainbowtables.net/services/results.php[/url]

[url]http://www.shalookup.com/[/url]

[url]http://passcrack.spb.ru/[/url]

[url]http://www.securitystats.com/tools/hashcrack.php[/url]

You can also build your own lists and setup own cracker @ your computer, following sites may helpful in regarding that...
[url]http://www.hashchecker.com/[/url]

[url]http://www.tmto.org/[/url]

[url]http://darkdevelopments.com/[/url]

[url]http://www.rainbowcrack-online.com/[/url]
03-02-2008, 02:59 PM
Rifts

where

where do you find the hash files
03-02-2008, 04:57 PM
coz

Most of the time when any password is needed for anything it will be encrypted (usually into a hash) and stored somewhere. If you can find where that place is that's where people get these hashes and since they can't be reversed into a password they must be bruteforced.
03-03-2008, 06:27 PM
Moonbat

[QUOTE=Rifts;26564]where do you find the hash files[/QUOTE]
Usually in the site's database.
03-04-2008, 03:15 PM
Ezekiel

Simplified explanation of hashing; geeks can ignore:

Register for a forum, email account or anything that asks for a password, and [usually] your password is run through an algorithm and the result stored in a database. The algorithm produces a "hash" -- something that can be used in future to check if a given password matches the original, among other things. A hash doesn't have to be a string of characters; it can be anything (relatively) unique obtained from analysing the original that can't be reversed (in theory).

The idea is to keep the ability to password-protect accounts, while never storing a plaintext copy of the password that can be read by the administrators, read by unauthorised users (i.e. hackers), etc.

If you were to get hold of a hash, you'd first have to figure out what algorithm produced it. Not hard when you know how many characters come out of SHA-*, MD5 and other hashing functions.

You then look at the parameters for user passwords. If they have to be between *-*2 characters long, you produce a list of all the combinations of characters possible in the *-*2 range (quite a long list...). Then you'd hash each potential password with the algorithm, and if one of the produced hashes matches your stolen hash, the potential password used is the actual password. That's pure brute-force.

It's exponential, so depending on password length and so on, you could be waiting days, weeks, centuries, millennia or until past the end of the universe.

A slightly smarter way (with the same *-*2 character length) would be to find a list of words [of suspected language] in that range, then hash them as before to see if you can get a match.

The quickest way is to use rainbow tables, which are precomputed lists/databases of every string-to-hash combo from a certain function (e.g. MD5) within whatever range the author chose. You enter the password hash, and its match is found pretty quickly if it exists in the table (then obviously the rainbow table spits out the original string). Bigger rainbow tables (as in hundreds of gigs) mean more likelihood of matching the hash.