Active2 years, 1 month ago
The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms.
- How CrackStation Works. CrackStation uses massive pre-computed lookup tables to crack password hashes. These tables store a mapping between the hash of a password, and the correct password for that hash. The hash values are indexed so that it is possible to quickly search the database for a given hash.
- Md4 (Message Digest 4) is a cryptographic hash function created by Ronald Rivest in 1990. This algorithm takes as input a string and makes a hash from it. This hash is 128 bits, 32 caracters long.
- MD4 Password (MD4 Hash Cracker) MD4 is an industry standard hash algorithm that is used in many applications to store passwords. MD4 Password is a free program. MD4 Password features fast, highly optimized recovery engine. The recovery engine is fully configurable, so you can adjust the recovery options as needed.
- Cracking MD4 hash. That hash is MD4 as I found a file on one of the server's hidden directories where they were trying to generate a MD4 hash.
I'm doing some hacking exercices and I have to gain access to a site's database so I can delete all records.
The way of getting into the administrator panel is through a password (no username). I've tried some ways of getting in (SQLi, SSI, cookies) but didn't succeed. But, reading through some of the site's pages, I found something on the 'news' talking about Google crawling some links it shouldn't and that they fixed it, so checking the robots.txt file gives me a /secret directory in which there is a php file called admin.php (the one that checks for correct password) and admin.bak.php. When opened the backup one, it returned:
error matching hash dc2240d8ee745db929a6944ae7a8d016
That hash is MD4 as I found a file on one of the server's hidden directories where they were trying to generate a MD4 hash.
I've tried:
and
but none of them were able to crack it. How could I do this?
sysfiend
sysfiendsysfiend1,2743 gold badges11 silver badges21 bronze badges
2 Answers
How can I crack this hash?
John and Hashcat will both do this, but try not to be dependent on one password-cracking program.
With hashcat, you will either need a wordlist and/or rule that contains/generates the password, or you'll need to start from nothing with no wordlist (brute force). This may take a while depending on many factors (hardware, algorithms, etc).
Your hashcat format is almost correct. You'll want to brute-force it with the '
-a 3
' switch:hashcat32.exe -m 900 dc2240d8ee745db929a6944ae7a8d016 -a 3 -o cracked.txt
dc2240d8ee745db929a6944ae7a8d016:3b452
Try the
--help
switch or, if you want to view more attack modes:hashcat32.exe --help | findstr '-a'
:Wordlist:
hashcat -a 0 -m 400 example400.hash example.dict
Wordlist + Rules:
hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
Brute-Force:
hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
Combinator
hashcat -a 1 -m 0 example0.hash example.dict example.dict
John's requirements are the same as above, but with different command switches. John also finds this quickly without need for a wordlist:
echo dc2240d8ee745db929a6944ae7a8d016 > test.md4 && john test.md4 --format=Raw-MD4 --show
?:3b452
1 password hash cracked, 0 left
Password is 3b452.
Mark BuffaloMark Buffalo21.5k8 gold badges70 silver badges88 bronze badges
Found something with john the ripper within 1 min,
try
john --show --format=Raw-MD4 File-Containing-The-Hash
BaptisteBaptiste
Not the answer you're looking for? Browse other questions tagged hashpassword-cracking or ask your own question.
We have covered quite a lot of Password Cracking tools and it’s not often a new one comes out, this one is for quite a specialised purpose (not a general all-purpose password cracker like John the Ripper or Cain & Abel), although you do need to use it alongside JTR.
This tool is for instantly cracking the Microsoft Windows NT Hash (MD4) when the LM Password is already known, you might be familiar with LM Cracking tools such as LCP.
The main problem is you’ve got the LM password, but it’s in UPPERCASE because LM hashes are not case sensitive, so you need to find the actual password for the account.
Example : Password cracker output for “Administrator” account
- LM password is ADMINISTRAT0R.
- NT password is ?????????????.
We aren’t lucky because the case-sensitive password isn’t “administrat0r” or “Administrat0r”. So you cannot use this to connect to the audited Windows system.
This password contains 13 characters but launching my password cracker on the NT hash is a waste of time and there is a poor chance of success.
Note :
- Password length : 13 characters.
- Details : 1 number + 12 case-sensitives letters.
- Possibilities : 2^12 = 4096 choices.
In this example, lm2ntcrack will generate the 4096 possibilities for the password ADMINISTRAT0R and, for each one, the associated NT MD4 hash. Then, search for matching with the dumped hash.
Md4 Hash Cracker Casserole
Execution time : < 2 seconds to crack more than 1200 NT Hashes.You can download lm2ntcrack here:lm2ntcrack-current.tgz
Md4 Hash Cracker
Or read more here.