Interesting how I return plenty of sane MD4/NTLM hits in MD5 lists...
I think I'll run all hashes through all the brute forcers. And mock people hard via the web interface when they get results that are of the wrong hash type.
Ugh. People are idiots (NTLM/MD4/etc in "MD5" lists)
7 posts
• Page 1 of 1
-
- Ads
Ugh. People are idiots (NTLM/MD4/etc in "MD5" lists)
by Bitweasil » Sat May 23, 2009 1:39 am
- Bitweasil
- Site Admin
- Posts: 912
- Joined: Tue Jan 20, 2009 4:26 pm
Re: Ugh. People are idiots (NTLM/MD4/etc in "MD5" lists)
by the_drag0n » Sat May 23, 2009 8:03 am
what did you expect ? 
you should also remove hashes such as
00000000000000000000000000000000
since they're prolly just test stuff
you should also remove hashes such as
00000000000000000000000000000000
since they're prolly just test stuff
- the_drag0n
- Posts: 27
- Joined: Tue Jan 20, 2009 4:41 pm
Re: Ugh. People are idiots (NTLM/MD4/etc in "MD5" lists)
by neinbrucke » Sat May 23, 2009 10:49 am
the_drag0n wrote:you should also remove hashes such as
00000000000000000000000000000000
since they're prolly just test stuff
i'd love to know the plaintext of that
- neinbrucke
- Posts: 18
- Joined: Mon Feb 16, 2009 8:09 pm
Re: Ugh. People are idiots (NTLM/MD4/etc in "MD5" lists)
by mastercracker » Wed Jul 29, 2009 6:33 pm
Hi. I just cracked (and upload password) > 56000 hashes from your MD5 list. Here's a couple of constructive comments for your hash database (some might be already implemented...):
1) Make sure it accepts only exactly 32 chars input without spaces or symbols. Maybe a function that trims spaces that could be present by mistake at start or the end of each line of input would be good too.
2) Put all the input in lowercase before checking/adding to the database. I have found about 8000 duplicates.
3) Some kind of algorithm cross-check would be good too (e.a. checking MD5 list as it was NTLM hash and vice versa). I will post several hash of different algorithm in the MD5 list.
4) Since your MD5 hashlist has grown so big, it would be a good idea to make a zipped .txt file that would be automatically updated every hour or so. Users could then more easily download the file rather than waiting for the whole list to show up on the screen.
P.S.: I would really appreciate LM algorithm for your CUDA multiforcer...
1) Make sure it accepts only exactly 32 chars input without spaces or symbols. Maybe a function that trims spaces that could be present by mistake at start or the end of each line of input would be good too.
2) Put all the input in lowercase before checking/adding to the database. I have found about 8000 duplicates.
3) Some kind of algorithm cross-check would be good too (e.a. checking MD5 list as it was NTLM hash and vice versa). I will post several hash of different algorithm in the MD5 list.
4) Since your MD5 hashlist has grown so big, it would be a good idea to make a zipped .txt file that would be automatically updated every hour or so. Users could then more easily download the file rather than waiting for the whole list to show up on the screen.
P.S.: I would really appreciate LM algorithm for your CUDA multiforcer...
- mastercracker
- Posts: 5
- Joined: Wed Jul 29, 2009 5:06 pm
Re: Ugh. People are idiots (NTLM/MD4/etc in "MD5" lists)
by Bitweasil » Wed Jul 29, 2009 7:28 pm
Thanks for all those...
I'll see what I can do with checking for those better.
I'll see what I can do with checking for those better.
- Bitweasil
- Site Admin
- Posts: 912
- Joined: Tue Jan 20, 2009 4:26 pm
Re: Ugh. People are idiots (NTLM/MD4/etc in "MD5" lists)
by B0ff » Mon Aug 10, 2009 1:01 pm
Hi, is there a problem with the 'All Cracked MD5' Export Lists function? It takes forever to download (I know there are a lot of entries but it used to be much quicker) and the output appears to be corrupt, see attachment.
- Attachments
-
- Corrupt hash list extract
- crypto list.PNG (25.26 KiB) Viewed 4709 times
- B0ff
- Posts: 1
- Joined: Mon Aug 10, 2009 12:57 pm
Re: Ugh. People are idiots (NTLM/MD4/etc in "MD5" lists)
by Reelix » Sat Oct 31, 2009 7:12 pm
Text: hello
MD2: a9046c73e00331af68917d3804f70655
MD4: 866437cb7a794bce2b727acc0362ee27
MD5: 5d41402abc4b2a76b9719d911017c592
All are 32 characters long.
It's possible that someone submitted the MD5 hash 866437cb7a794bce2b727acc0362ee27! Who KNOWS what the MD5 plain-text for that is? Maybe there WAS a plain-text that got MD5 hashed to that, and you're criticizing them since it's got a simple MD4 result?
What if one of the most dastardly 72 character plaintext strings, MD4 hash'd, turns out to be "lol" in MD5?
Will the criticism then be the other way around?
MD2: a9046c73e00331af68917d3804f70655
MD4: 866437cb7a794bce2b727acc0362ee27
MD5: 5d41402abc4b2a76b9719d911017c592
All are 32 characters long.
It's possible that someone submitted the MD5 hash 866437cb7a794bce2b727acc0362ee27! Who KNOWS what the MD5 plain-text for that is? Maybe there WAS a plain-text that got MD5 hashed to that, and you're criticizing them since it's got a simple MD4 result?
What if one of the most dastardly 72 character plaintext strings, MD4 hash'd, turns out to be "lol" in MD5?
Will the criticism then be the other way around?
- Reelix
- Posts: 17
- Joined: Thu Mar 26, 2009 10:51 pm
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest