Comments on: Google as a password cracker

By: Kristina

Kristina — Thu, 03 Jan 2008 09:18:04 +0000

Could you please move my surname? :)

By: Kristina Horvat

Kristina Horvat — Thu, 03 Jan 2008 08:24:08 +0000

Hello. I am woman. Could you help me, that I find out password of Admin of one forum? I am from Croatia and in one Forum, they behave very very unfair to me. So, now I want to log myself as Admin, and do one little funny revenge to them. Could you tell me what is the way for doing that? Thank you. Some Trojan program, or something similar?

By: Billy

Billy — Sun, 16 Dec 2007 05:55:35 +0000

Funny, when I $ `echo anthony | md5sum`, I get "e4ea5477492b160a8d7aeac1fb16d107 -"

By: infin8

infin8 — Tue, 04 Dec 2007 04:14:45 +0000

Uhmm.. what is an md5 hash?

By: dubayou

dubayou — Sat, 01 Dec 2007 08:55:13 +0000

I wrote this site http://www.md5crack.com to do this with relative ease. check it out

By: xoomthemodder

xoomthemodder — Fri, 30 Nov 2007 10:13:28 +0000

hmm lets hash a password

http://www.zappersoftware.com/Help/md5.php

take hash pop it into Google and trys it....

op my password looks good, not in Google.

I would think this only works for a dictionary of common words. Trick is add #'s to your passwords people. Lets be smart.

By: Angus

Angus — Thu, 29 Nov 2007 07:17:03 +0000

While using Google to crack MD5 passwords is interesting and useful, I don’t think it’s really worth posting about. I thought this use of Google was obvious; I’ve done it myself a few times.

By: Asi

Asi — Thu, 29 Nov 2007 03:40:56 +0000

hi,I dont know much about hashes and i got a question: i got this hash “JR:1003:aad3b435b51404eeaad3b435b51404ee:37c088d8d1e18c245c25483c5fd5314d/empty/:
How can i know if is ntlm or md5? and if is ntlm there is a way to convert it in md5? thanks for the help

By: beatnik

beatnik — Wed, 28 Nov 2007 22:07:15 +0000

I think this is something people tend to be interested in check out try a MD5 here
http://us.md5.crysm.net/

By: samodelkin

samodelkin — Tue, 27 Nov 2007 19:33:07 +0000

So if I googlefight MD5 hashes, I could check which passwords are used more often? I understand it wouldn’t be very accurate because people salt their hashes and stuff, but with googlefight, how convenient is that!

By: NNM

NNM — Tue, 27 Nov 2007 12:53:42 +0000

That’s why you have to add some “custom” encryption and not rely on built in functions…
Simply reading/translating a sha1 or md5 takes 0.0002 seconds and about 5 lines of code…

By: TJhooker

TJhooker — Tue, 27 Nov 2007 08:03:56 +0000

If this works on production site or database then the people there must be morons.

It's the equivalent of having your password guessed by a human..literally. Hash tables work on the same model. They don't actually attack the algorithm just the lack of creativity by a user base.

By: cde

cde — Tue, 27 Nov 2007 07:57:30 +0000

Even better. You can take a password, hash it, then search google for the hash to find out if other admins have used it as a password :D

By: Jordan

Jordan — Tue, 27 Nov 2007 05:26:42 +0000

ya… This just goes to show that you should definetly salt your hashes, but some people are just too stupid / lazy to do so.

By: FRODUS

FRODUS — Tue, 27 Nov 2007 03:59:49 +0000

http://en.wikipedia.org/wiki/MD5#_note-5

http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/