Two changes to improve the successrate of BozoCrack #10
Conversation
This commit adds two changes to improve the successrate of BozoCrack:
1. If the old method didn't find the hash, split the Google results
on non-alphanumeric characters. This will find the hashes on
pages which contain text such as:
md5(password) = 5f4dcc3b5aa765d61d8327deb882cf99
md5("password") = 5f4dcc3b5aa765d61d8327deb882cf99
password:5f4dcc3b5aa765d61d8327deb882cf99
2. If that still didn't find the hash, do another Google search for
the hash and the word md5. This helps for hashes that may by luck
appear in their hashed form frequently on the web. For instance,
compare:
http://www.google.com/search?q=0e97d6e7124d6cc9623650201236cd52
and
http://www.google.com/search?q=md5+0e97d6e7124d6cc9623650201236cd52
At the time of implementing this change, the first Google results did
not contain the plaintext for this hash.
|
At the time of me reading this change, both the first and second Google results contained this page. |
ggizmo123
left a comment
ggizmo123
left a comment
There was a problem hiding this comment.
#!/usr/bin/env ruby
require 'digest/md5'
require 'net/http'
class BozoCrack
def initialize(filename)
@Hashes = Array.new
@cache = Hash.new
File.new(filename).each_line do |line|
if m = line.chomp.match(/\b([a-fA-F0-9]{32})\b/)
@hashes << m[1]
end
end
@hashes.uniq!
puts "Loaded #{@hashes.count} unique hashes"
load_cache
end
def crack
@hashes.each do |hash|
if plaintext = @cache[hash]
puts "#{hash}:#{plaintext}"
next
end
if plaintext = crack_single_hash(hash)
puts "#{hash}:#{plaintext}"
append_to_cache(hash, plaintext)
end
sleep 1
end
end
private
def crack_single_hash(hash)
response = Net::HTTP.get URI("http://www.google.com/search?q=#{hash}")
wordlist = response.split(/\s+/)
if plaintext = dictionary_attack(hash, wordlist)
return plaintext
end
nil
end
def dictionary_attack(hash, wordlist)
wordlist.each do |word|
if Digest::MD5.hexdigest(word) == hash.downcase
return word
end
end
nil
end
def load_cache(filename = "cache")
if File.file? filename
File.new(filename).each_line do |line|
if m = line.chomp.match(/^([a-fA-F0-9]{32}):(.*)$/)
@cache[m[1]] = m[2]
end
end
end
end
def append_to_cache(hash, plaintext, filename = "cache")
File.open(filename, "a") do |file|
file.write "#{hash}:#{plaintext}\n"
end
end
end
if ARGV.size == 1
BozoCrack.new(ARGV[0]).crack
else
puts "Usage example: ruby bozocrack.rb file_with_md5_hashes.txt"
end
3 participants
This commit adds two changes to improve the successrate of BozoCrack:
http://www.google.com/search?q=0e97d6e7124d6cc9623650201236cd52
and
http://www.google.com/search?q=md5+0e97d6e7124d6cc9623650201236cd52
At the time of implementing this change, the first Google results did
not contain the plaintext for this hash.