sQuo Posted October 13, 2012 Share Posted October 13, 2012 gcrack1.5 password cracking with the help of google's search Inspired by BozoCrack that cracks MD5 hashes by googling for hashes and using the resultant query as a wordlist, wrote this little script to do a similar thing, but with a few improvements: usage: This is the hidden content, please Sign In or Sign Up 1) Googles for hash, uses only plaintext data for possible wordlist candidates and hashing 2) Currently supports following hashes: md5, sha1, sha224, sha256, sha384, sha512,ntlm 3) Input file with hashes can be mixed with any type of above supported hashes 4) If the attack finds the hash, it will even ID the hash algorithm for you 5) Uses the first page of google search and first 3 results (the contents of the pages) as the worldlist for cracking, well it's slower then pure google or pure [insert_cracking_service here] but as far as i'm concerned, it will give you more cracked hashes. 6) Generates [file_with_hashes].run file that is a resume/report for all hashes that have been tested or found, if your session breaks, you encounter a captcha or error, simply rerun the script and it will resume cracking. Nice for churning that 3 million hashes dump you found on pastebin ;) 7) You can use [file_with_hashes].run file as a handy report. Hashes that have not been found will have ??????????\t\t[hash] format in the run file so you can grep with no problem. Works suprisingly well if you have a large base of hashed passwords and you quickly need a possible plaintext. The attack is a bit probabalistic because of googles results, so rerunning the script can yield more results. A optional dependancy is python-nltk (natural language toolkit), if you have it the cracking will be faster because only plaintext is used. If you don't, the cracking will be slower because all the html will be used as possible words for wordlist. Installing nltk is easy, just do "pip install nltk" or use your package manager. A MANDATORY dependancy is python-lxml for scraping links in HTML for google results. You can use the testhashes file to test the script: This is the hidden content, please Sign In or Sign Up [+] Hashes loaded, using google_attack to crack them md5(qwerty) d8578edf8458ce06fbc5bb76a58c5ca4 md5(password) 5f4dcc3b5aa765d61d8327deb882cf99 md5(alkali) f7f41ad5328d528a751c55fa2fcf7273 md5(password09) 8350513a8aff1d5bc1534dbd90747bb8 sha1(123456) 7c4a8d09ca3762af61e59520943dc26494f8941b sha1(security) 8eec7bc461808e0b8a28783d0bec1a3a22eb0821 md5(admin) 21232f297a57a5a743894a0e4a801fc3 sha1(crypto) 44a9713350e53858f058463d4bf7f1e542d9ca4b [+] Found 8 of 8 Download This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts