Thursday, June 25, 2009

crack.pl released

I'm happy to release crack.pl which is a perl script designed for linux to crack md5 and sha1 pass words. Hopefully i'll add more stuff like ntlm and lm support but for now it's just md5 and sha1. You can download it from "http://kalgecin.110mb.com/index.php?id=codes".
It can be used with a dictionary or brute force where it will try from a to zzzzzzzz. bruteforce is a very slow process and take very long time for passwords longer than 5 characters.This script can also be used to generate a "rainbow table" which has a form of "hash : password". This tables take a lot of space and you will have to use "sort -u -o " to remove any duplicates.
For any feedback please leave a comment or email me at kalgecin@gmail.com
Hope you will enjoy this script.
Posted by at

3 comments:

  1. Daniel MillerJuly 29, 2009 at 7:23 AM

    A good first effort. Algorithmically, you could have converted the hash to binary:
    pack 'H*', $hash;
    and used the md5() and sha1() methods to compare directly. This makes for shorter compares, and more importantly, the ASCII-to-binary conversion only happens once for the original hash, not once for EVERY computed hash.
    Take some time to learn the Perl language better. You don't seem to understand lexical (my) variables, your for loops are C-style when they could just loop directly over an array, and you used a dangerous (2 argument vs 3) form of open without checking if it succeeded.
    Use http://perldoc.perl.org, http://perlmonks.org, and read the Perl Underground magazines on http://milw0rm.com/author/893 .

    ReplyDelete
  2. AnonymousAugust 8, 2009 at 12:15 AM

    I get you point thanks, but i did a bit of testing and this does not however bring a greater performance than the original code.
    I don't have masters in perl :), I've released v2 of the tool if you have any changes i'd like you to mail them to me.
    Thanks

    ReplyDelete
  3. Daniel MillerAugust 17, 2009 at 1:34 PM

    I appreciate your willingness to learn, but it doesn't take a masters in Perl to learn some basic best practices. I've been coding in Perl for less than 2 years.

    Here is a benchmark script to illustrate the difference. As you can see, binary compare is about 35% faster than string compare, since the hash doesn't have to be converted to hex, and it compares half as many bytes (worst case).

    #!/usr/bin/perl
    use strict;
    use warnings;
    use Benchmark qw(cmpthese);
    use Digest::MD5 qw(md5 md5_hex);

    my @md5s = map { md5_hex($_) }
    qw(password aardvark zero asdfqwer zxcvasdf poiuljh);

    open my $fh, '<', '/usr/share/dict/words' or die "Can't open words: $!";
    chomp(my @input = (<$fh>));
    close $fh;

    cmpthese(50,
    {
    packing => sub {
    my @hashs = map { pack 'H*', $_ } @md5s;
    grep { my $x=md5($_); grep {$x eq $_} @hashs } @input;
    },
    strcmping => sub {
    grep { my $x=md5_hex($_);grep {$x eq $_} @md5s } @input;
    },
    });

    __END__
    s/iter strcmping packing
    strcmping 1.05 -- -26%
    packing 0.782 35% --

    ReplyDelete

Subscribe to: Post Comments (Atom)