Hash cracking tools generally use brute forcing or hash tables and rainbow tables. But these methods are resource hungry. There are some websites like crackstation.net and hashkiller.co.uk which have huge database of hashes and you can check if your target hashes exists in their database or not. Well you should really try to crack your hashes there because doing so is easy and fast.
FindMyHash is a python script which takes your target hashes and checks 40 different hash cracking website for results. So all you have to do is to submit your hash and sit back instead of checking these sites one by one.
If you are using Linux, run the following command in terminal
apt-get install findmyhash
You can also download findmyhash.py from github
I hope now you are all set to run it.
“Cracking” Hashes With FindMyHash
findmyhash <algorithm> -h <hash>
Where algorithm represents the hash algorithm like MD5, SHA-2, Tiger etc. and hash represents the hash you want to crack.
So like I want to crack this MD5 hash —> 827ccb0eea8a706c4c34a16891f84e7b
I will simply enter
findmyhash MD5 -h 827ccb0eea8a706c4c34a16891f84e7b
and it will start looking into databases of different website.
And here we go, here is the cracked hash
Pretty simple right?
You can also use the following command
findmyhash MD5 -h 827ccb0eea8a706c4c34a16891f84e7b -g
You see that -g option at the end? It represents Google. So if these 40 website fail to crack the hash, FindMyHash does the last attempt by searching the hash on Google and tells you if it finds any useful result.
FindMyHash supports the following hash algorithms:
MD4 – RFC 1320
MD5 – RFC 1321
SHA1 – RFC 3174 (FIPS 180-3)
SHA224 – RFC 3874 (FIPS 180-3)
SHA256 – FIPS 180-3
SHA384 – FIPS 180-3
SHA512 – FIPS 180-3
RMD160 – RFC 2857
GOST – RFC 5831
WHIRLPOOL – ISO/IEC 10118-3:2004
LM – Microsoft Windows hash
NTLM – Microsoft Windows hash
MYSQL – MySQL 3, 4, 5 hash
CISCO7 – Cisco IOS type 7 encrypted passwords
JUNIPER – Juniper Networks $9$ encrypted passwords
LDAP_MD5 – MD5 Base64 encoded
LDAP_SHA1 – SHA1 Base64 encoded
For more usages examples you can enter findmyhash -h in terminal.
So can you trust FindMyHash for all your hash cracking needs? No.
Is it worth trying before trying to crack it with a program like HashCat? Yes.
Note: FindMyhash only uses the websites which permit to do so. So you should give sites like hashkiller or crackstation a try too as they are not included in FindMyHash.
That’s all for now. Happy Cracking!
Also Read: How To Become A Hacker?