Jump to content
Wubi

GCrack: Identify and Crack Passwords via Google!

Recommended Posts

Posted

Just as the name suggests, GCrack is yet another hash cracker that leverages the Google search engine to crack multiple hashes. Another tool that works similarly is – findmyhash, though GCrack was originally inspired by BozoCrack. Infact, it improves upon BozoCrack that cracks MD5 hashes by googling for hashes and using the resultant query as a wordlist.

gcrack.png will automatically try and create [file_with_hashes].run for hashes that have been tried/cracked. It is a small, open source, Python script that works surprisingly well if you have a large base of hashed passwords and you quickly need a possible plain-text. Hashes that have not been found will have ??????????\t\t[hash] format in the run file so you can grep with no problem.

GCrack improvements over BozoCrack:

  • Google’s for hash, uses only plain-text data for possible word list candidates and hashing
  • Currently supports following hashes: md5, sha1, sha224, sha256, sha384, sha512, NTLM
  • Input file with hashes can be mixed with any type of above supported hashes
  • If the attack finds the hash, it will even ID the hash algorithm for you
  • Uses the first page of Google search and first 3 results (the contents of the pages) as the word-list for cracking, well it’s slower then pure Google or pure [insert_cracking_service here] but as far as the author is concerned, it will give you more cracked hashes.
  • Generates [file_with_hashes].run file that is a resume/report for all hashes that have been tested or found, if your session breaks, you encounter a CAPTCHA or error. Simply re-run the script and it will resume cracking. Nice for churning that 3 million hashes dump you found on Pastebin ;)
  • You can use [file_with_hashes].run file as a handy report.

The tool is a bit probabilistic because of Google’s results, so rerunning the script can yield more results. A optional dependency is python-nltk(natural language toolkit), that speeds up the cracking process by using plain-text while cracking. If you don’t have it, the cracking will be slower because all the HTML will be used as possible words for wordlist. A mandatory dependency is python-lxml for scraping links in HTML for Google results.

Download GCrack:

GCrack 1.5gcrack.py

Sursa: GCrack: Identify and Crack Passwords via Google! — PenTestIT

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...