Introduction:
Through different online services, findmyhash is a command line utility which cracks a specified hash. Reversing a one way hash can be challenging, but this tool comes in handy to help with this problem.
It sends the specified hash to web services and matches against the database of those services for the string which generates the provided hash. The original string will be returned as a result
It can be used quickly from the commandline
Usage example:
- -h <hash value> : Specifies how many hashes to be cracked
- -f <file> : if several hashes are present, a file can be specified with one hash per line. All of the hashes has to be of the same type.
- -g: Hashes that cannot be cracked will be searched in google, showing all the results. It only works with only 1 hash option.
Hash functions supported:
- MD4 – RFC 1320
- MD5 – RFC 1321
- SHA1 – RFC 3174 (FIPS 180-3)
- SHA224 – RFC 3874 (FIPS 180-3)
- SHA256 – FIPS 180-3
- SHA384 – FIPS 180-3
- SHA512 – FIPS 180-3
- RMD160 – RFC 2857
- GOST – RFC 583
- LM – Microsoft Windows hash NTLM – Microsoft Windows hash
- MYSQL – MySQL 3, 4, 5 hash
- CISCO7 – Cisco IOS type 7 encrypted passwords
- JUNIPER – Juniper Networks $9$ encrypted passwords
- LDAP_MD5 – MD5 Base64 encoded
- LDAP_SHA1 – SHA1 Base64 encoded
Conclusion:
By comparing a hash or multiple hashes against online databases, this simple command line is used as a helping tool to crack hashes. The obtained password can then be used to gain access to a targeted system, continued by the next step towards penetration testing.