From aldeid
Jump to navigation Jump to search


GCrack is a hash cracker (supports following hashes: MD5, SHA1, SHA224, SHA256, SHA384, SHA512, NTLM) based on Google results. It is inspired by BozoCrack that cracks MD5 hashes by googling for hashes and using the resultant query as a wordlist, but has a few improvements:

  • Googles for hash, uses only plaintext data for possible wordlist candidates and hashing
  • Currently supports following hashes: md5, sha1, sha224, sha256, sha384, sha512,ntlm
  • Input file with hashes can be mixed with any type of above supported hashes
  • If the attack finds the hash, it will even ID the hash algorithm for you
  • Uses the first page of google search and first 3 results (the contents of the pages) as the worldlist for cracking, well it's slower then pure google or pure [insert_cracking_service here] but as far as i'm concerned, it will give you more cracked hashes.
  • Generates [file_with_hashes].run file that is a resume/report for all hashes that have been tested or found, if your session breaks, you encounter a captcha or error, simply rerun the script and it will resume cracking. Nice for churning that 3 million hashes dump you found on pastebin ;)
  • You can use [file_with_hashes].run file as a handy report.

Hashes that have not been found will have ??????????\t\t[hash] format in the run file so you can grep with no problem.

Works suprisingly well if you have a large base of hashed passwords and you quickly need a possible plaintext. The attack is a bit probabalistic because of googles results, so rerunning the script can yield more results.



lxml (mandatory)

Install the lxml mandatory dependency;

$ sudo apt-get install python-lxml

nltk (optional)

Though optional, the installation of python-nltk (natural language toolkit) is highly recommended because it speeds up the cracking process by using plain-text while cracking. Without NLTK, the cracking will be slower because all the HTML will be used as possible words for wordlist.

$ sudo apt-get install python-setuptools
$ sudo easy_install pip
$ sudo pip install -U numpy
$ sudo pip install -U pyyaml nltk

Installation of GCrack

$ cd ~/src/
$ wget https://nodeload.github.com/tkisason/gcrack/tarball/master -O gcrack.tar
$ tar xf gcrack.tar
$ cd tkisason-gcrack*/
$ ./gcrack.py


./gcrack.py [file_with_hashes]


$ ./gcrack.py testhashes
[+] Hashes loaded, using google_attack to crack them
md5(qwerty)		d8578edf8458ce06fbc5bb76a58c5ca4
md5(password)		5f4dcc3b5aa765d61d8327deb882cf99
md5(alkali)		f7f41ad5328d528a751c55fa2fcf7273
md5(password09)		8350513a8aff1d5bc1534dbd90747bb8
sha1(123456)		7c4a8d09ca3762af61e59520943dc26494f8941b
sha1(security)		8eec7bc461808e0b8a28783d0bec1a3a22eb0821
md5(admin)		21232f297a57a5a743894a0e4a801fc3
sha1(crypto)		44a9713350e53858f058463d4bf7f1e542d9ca4b

[+] Found  8  of  8