Skip to main content

How to crack hasher algorithms like MD5, SHA1 using findmyhash in Kali Linux




Have you ever find an interesting hash on Internet or in some old database that used to be not so secure ? Now, with awesome and broad web services that you can find on the internet, you may be able to know what that hash used to look before it were hashed by some hasher algorithm like MD5, SHA1 or GOST.
In Kali Linux, you may boost the process of searching on internet for the original string of your hash using the findmyhash tool that will do the job for you. findmyhash is an useful python script used to crack a lot of hashes using web services.

How does findmyhash works ?

findmyhash is an awesome command line utility that cracks hashes through different online services. As you may know, functions like MD5 aren't plainly encryption tools (though it may be used as part of some encryption algorithms) but a one way hash function, that means that you can't reverse it with certainty.
Basically what it does is to send the hash that you provide to different web services and in case that some database of any of the available services contains the string that generates the hash that you provide, then you'll get the original string (which using the specified hasher function would generate the hashed string) as result.
findmyhash is included on Kali Linux and can be used quickly from the command line.

Using findmyhash

The usage of findmyhash is pretty simple, it has 1 required argument (the name of the hasher function e.g MD5, SHA1 etc) and 3 options:
  • -h <hash_value>: If you only want to crack one hash, specify its value with this option.
  • -f <file>: If you have several hashes, you can specify a file with one hash per line. All of the hashes have to be the same type.
  • -g : If your hash cannot be cracked, search it in Google and show all the results. This option ONLY works with -h (one hash input) option.
The following hash functions are supported by findmyhash:
  • MD4                - RFC 1320
  • MD5                - RFC 1321
  • SHA1              - RFC 3174 (FIPS 180-3)
  • SHA224          - RFC 3874 (FIPS 180-3)
  • SHA256          - FIPS 180-3
  • SHA384          - FIPS 180-3
  • SHA512          - FIPS 180-3
  • RMD160         - RFC 2857
  • GOST             - RFC 5831
  • WHIRLPOOL - ISO/IEC 10118-3:2004
  • LM                  - Microsoft Windows hash
  • NTLM             - Microsoft Windows hash
  • MYSQL           - MySQL 3, 4, 5 hash
  • CISCO7          - Cisco IOS type 7 encrypted passwords
  • JUNIPER        - Juniper Networks $9$ encrypted passwords
  • LDAP_MD5     - MD5 Base64 encoded
  • LDAP_SHA1  - SHA1 Base64 encoded
The most basic example, has the following structure:


findmyhash [Hasher function name] -h [The hash to crack]
 
 
So for example, if you want to find the text of the MD5 hash


5eb63bbbe01eeed093cb22bb8f5acdc3 (whose original text was "hello world"), then you
would execute the following command on a new terminal:
 
findmyhash MD5 -h 5eb63bbbe01eeed093cb22bb8f5acdc3

Whose output will be:
 
Analyzing with md5decryption (http://md5decryption.com)...

***** HASH CRACKED!! ***** 
The original string is: hello world 
 
 
 
 
The following hashes were cracked:
----------------------------------

5eb63bbbe01eeed093cb22bb8f5acdc3 -> hello world





The only disadvantage you have, is the way in you identify the type of hash that you want to crack. MD5 is a 32 character alphanumeric representation and SHA-1 usually comes as a 40 character alphanumeric string (as does SHA-0) MD5 and SHA-1 account for the vast majority of hashes that you can find.