GCrack is a hash cracker (supports following hashes: MD5, SHA1, SHA224, SHA256, SHA384, SHA512, NTLM) based on Google results. It is inspired by BozoCrack that cracks MD5 hashes by googling for hashes and using the resultant query as a wordlist, but has a few improvements:
- Googles for hash, uses only plaintext data for possible wordlist candidates and hashing
- Currently supports following hashes: md5, sha1, sha224, sha256, sha384, sha512,ntlm
- Input file with hashes can be mixed with any type of above supported hashes
- If the attack finds the hash, it will even ID the hash algorithm for you
- Uses the first page of google search and first 3 results (the contents of the pages) as the worldlist for cracking, well it's slower then pure google or pure [insert_cracking_service here] but as far as i'm concerned, it will give you more cracked hashes.
- Generates [file_with_hashes].run file that is a resume/report for all hashes that have been tested or found, if your session breaks, you encounter a captcha or error, simply rerun the script and it will resume cracking. Nice for churning that 3 million hashes dump you found on pastebin ;)
- You can use [file_with_hashes].run file as a handy report.
Hashes that have not been found will have ??????????\t\t[hash] format in the run file so you can grep with no problem.
Works suprisingly well if you have a large base of hashed passwords and you quickly need a possible plaintext. The attack is a bit probabalistic because of googles results, so rerunning the script can yield more results.
Install the lxml mandatory dependency;
$ sudo apt-get install python-lxml
Though optional, the installation of python-nltk (natural language toolkit) is highly recommended because it speeds up the cracking process by using plain-text while cracking. Without NLTK, the cracking will be slower because all the HTML will be used as possible words for wordlist.
$ sudo apt-get install python-setuptools $ sudo easy_install pip $ sudo pip install -U numpy $ sudo pip install -U pyyaml nltk
Installation of GCrack
$ cd ~/src/ $ wget https://nodeload.github.com/tkisason/gcrack/tarball/master -O gcrack.tar $ tar xf gcrack.tar $ cd tkisason-gcrack*/ $ ./gcrack.py
$ ./gcrack.py testhashes [+] Hashes loaded, using google_attack to crack them md5(qwerty) d8578edf8458ce06fbc5bb76a58c5ca4 md5(password) 5f4dcc3b5aa765d61d8327deb882cf99 md5(alkali) f7f41ad5328d528a751c55fa2fcf7273 md5(password09) 8350513a8aff1d5bc1534dbd90747bb8 sha1(123456) 7c4a8d09ca3762af61e59520943dc26494f8941b sha1(security) 8eec7bc461808e0b8a28783d0bec1a3a22eb0821 md5(admin) 21232f297a57a5a743894a0e4a801fc3 sha1(crypto) 44a9713350e53858f058463d4bf7f1e542d9ca4b [+] Found 8 of 8